Dog Brothers Public Forum
Return To Homepage
Welcome, Guest. Please login or register.
April 16, 2014, 11:43:13 AM

Login with username, password and session length
Search:     Advanced search
Welcome to the Dog Brothers Public Forum.
79068 Posts in 2226 Topics by 1036 Members
Latest Member: Evgeny Vasilyev
* Home Help Search Login Register
  Show Posts
Pages: 1 2 [3] 4 5 ... 11
101  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Five Concerns Surrounding Pinterest on: May 10, 2012, 06:35:40 PM
Source: http://www.infosecisland.com/blogview/21268-Five-Concerns-Surrounding-Pinterest.html

Thursday, May 10, 2012
Contributed By:
Allan Pratt, MBA


By now, everyone has heard the news that Pinterest has surpassed all other social media sites and has earned the coveted spot of “number three” in terms of users behind Facebook and Twitter.

While LinkedIn and YouTube fell in the standings, Pinterest has adopted a loyal following – and especially amazing – while still in beta phase by invitation only.

According to a comScore study, the number of Pinterest users that visit the site daily has increased by 145% since the beginning of 2012.

But, before you join the Pinterest party, there are some things to keep in mind.

First, here is Pinterest’s mission in the company’s own words: “Our goal is to connect everyone in the world through the things they find interesting. We think that a favorite book, toy, or recipe can reveal a common link between two people.

With millions of new pins added every week, Pinterest is connecting people all over the world based on shared tastes and interests.”

NO PRIVACY SETTINGS

While Pinterest’s appeal is its visual-oriented content comprised of photos, images, illustrations, videos – some with links and some without – don’t get so caught up with creating categories, or in Pinterest speak, boards, that you upload personal photos with family members, personal cars, and your house or apartment with identifying details like numbers and street signs.

At the current time, there are no privacy settings similar to Facebook or Google Plus, and boards cannot be made private, similar to customized Facebook lists or customized Google Plus circles. The bottom line is that anyone with Internet access can view your boards.

COPYRIGHT INFRINGEMENT

Since the site is in beta phase, copyright and trademark police are not swimming around the site, therefore, all users must be on their best behavior about using images. Give credit if an image or link is not yours – be a respectable member of the Pinterest world.

ABOUT YOU

There is a bio section at the top of each page next to your profile photo. Don’t leave this section blank in your haste to set up your account, but don’t be overly-wordy either.

While users will learn about you from your boards and pins, everyone wants to read a quick sentence or two about you. Also, you can share your website URL, your Facebook URL, and/or your Twitter URL.

SHARING CONTENT WITH FACEBOOK AND TWITTER

Currently, you can log in to Pinterest with your Facebook or Twitter passwords. While this allows for shared content on both major sites, you can add details about your pins (in Pinterest speak, an image added on Pinterest) to Facebook and Twitter, this sharing of passwords may not be the best idea.

Consider a safer alternative – although not a quicker option – use a unique password for Pinterest, and if you want to share content on the other sites, enter the details by logging into either Facebook or Twitter separately.

COMMENTS

You can make comments about any pin. You have more than 140 characters (reference to Twitter), and everyone will be able to read your comments. Remember, similar to texts or emails, the comment could be misinterpreted, and your sense of humor may not be understood by all. So be polite, courteous, and friendly. And if you like a pin, you can always click the “like” button.

If you keep these concerns in mind, you can and will have limitless fun with Pinterest. I have become a fan and invite you to check out my Pinterest page at http://pinterest.com/tips4tech. If you'd like an invitation, comment below, and I’ll send you one.

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter and on Facebook.

Cross-Posted from Tips4Tech
102  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: DHS: National Preparedness Report and Cybersecurity on: May 10, 2012, 06:32:22 PM
No comment on "DHS: National Preparedness Report and Cybersecurity" yet but that book "China Has Hacked Our Electric Power Grid: Read About It In Screwed!" seems interesting I can tell you that just through job searching the DoE has been ramping up.



103  Politics, Religion, Science, Culture and Humanities / Politics & Religion / DHS: National Preparedness Report and Cybersecurity on: May 08, 2012, 09:43:24 PM
Tuesday, May 08, 2012
Presidential Policy Directive 8: National Preparedness (PPD-8) describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States.

The Directive requires a National Preparedness Report (NPR), an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal.

Cybersecurity Key Finding: Cyber attacks have increased significantly in number and sophistication in recent years, resulting in the Federal Government and private sector partners expanding their cybersecurity efforts.

The U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, from 5,503 in FY 2006, to 41,776 in FY 2010.

Almost two-thirds of U.S. firms report that they have been the victim of cybersecurity incidents or information breaches. Moreover, this serious problem may be subject to underreporting: only 50 percent of owners and operators at high-priority facilities participating in the ECIP security survey said that they report cyber incidents to external parties.

DHS’s Strategic National Risk Assessment notes that cyber attacks can have catastrophic consequences and trigger cascading effects across critical infrastructure sectors.

To counter these and related threats, federal and private sector partners have accelerated initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents. In fact, most infrastructure protection stakeholders now identify cybersecurity as a priority issue for their programs.

At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues. In FY 2011, facility owners and operators from all 18 critical infrastructure sectors conducted assessments using the DHS Cyber Security Evaluation Tool.

This free software helps users assess their systems and networks through a series of guided questions. In addition, DHS and DOD are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.

The purpose of this pilot program is to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.

By the end of FY 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), exceeding the proposed target of 28 percent. DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.

DHS operates the National Cybersecurity and Communications Integration Center, a 24-hour center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.

DHS has also established the Cybersecurity Information Sharing and Collaboration Program (CISCP), a systematic approach to cyber information sharing and cooperation with critical infrastructure owners and operators. The program incorporates government participants, Information Sharing and Analysis Centers (ISACs), and other critical infrastructure owners and operators, and facilitates the fusion of data through collaboration among CISCP entities to develop and share cross-sector information products through a secure portal.

In addition, the National Cyber Investigative Joint Task Force (NCIJTF) facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinetinformation related to cyber-threat investigations. The FBI oversees the NCIJTF, which includes representation from 18 partner agencies from the intelligence and law enforcement communities.

The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets. At the state, local, tribal, and territorial levels, the Multi-State Information Sharing and Analysis Center is a cybersecurity focal point, including a cybersecurity operations center that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.

The Secret Service has successfully dismantled some of the largest known cybercriminal organizations by working through the agency’s established network of 31 Electronic Crimes Task Forces (ECTFs). With the recent addition of two international ECTFs in Rome, Italy, and London, England, local law enforcement can leverage ECTF participation in Europe, a hub of cybercriminal activity.

Despite progress achieved through these efforts, the SPR survey shows that cyber capabilities are lagging at the state level. Results indicated that Cybersecurity was the single core capability where states had made the least amount of overall progress, with an average capability level of 42 percent. In addition, DHS’s 2011 Nationwide Cybersecurity Review highlighted gaps in cyber-related preparedness among 162 state and local entities.

For example, though 81 percent of respondents had adopted cybersecurity control frameworks and/or methodologies, 45 percent stated they had not implemented a formal risk management program. Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors.

The full National Preparedness Report can be downloaded here:

http://www.infosecisland.com/download/index/id/85.html
104  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Legislation Would Stick Business with Cyberwar Costs on: May 08, 2012, 09:38:09 PM
Source:  http://keranews.org/post/bill-would-have-businesses-foot-cost-cyber-war

Tuesday, May 08, 2012
Contributed By:
Headlines


Cybersecurity legislation supported by the likes of Senators Joe Lieberman of Connecticut and Susan Collins of Maine would create a regulatory environment that essentially would require businesses to pick up the majority of the cost for defending against ever increasing threats.

A great deal of cyber espionage is directed at private companies who have a wealth of sensitive information and intellectual property worth tens of billions to foreign governments and represents a national security issue both militarily and economically.

"Let's fast forward to the 21st century. We're an information-based society now. Information is everything. That makes you, as company executives, the front line — not the support mechanism, the front line," said U.S. counterintelligence official Frank Montoya.

The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?

While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible.

Clinton and other experts were interviewed on National Public Radio’s “Morning Edition” on Tuesday, May 8th.

"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat. You have an entirely different calculus that you have to put into effect," Clinton explained.

Clinton argues that mandating companies to pick up the bill for defending what is really a national security threat puts an unsustainable burden on businesses.

"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it," Clinton said.

Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to Congress, the White House, and numerous Federal Agencies on policy and legislative efforts.

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.

The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries.

Clinton believes the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events, as well as creating a regulatory and bureaucratic nightmare.

"The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security," says Larry Clinton.

Clinton maintains that the best approach for both the public and private sectors is to devise a cyber defense strategy that does not unfairly burdon companies with unsustainable costs through regulatory mandates.

"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans. Simply telling them, 'You have to ignore your business plan,' is not a sustainable model. We have to find a way to make it economic," Clinton continued.
105  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Busy.... on: May 02, 2012, 03:22:40 PM
Whew.. havent been on the forums, been busy at work due to this event https://www.ida.org/upload/research%20notes/05-redteaming.pdf and at home but the adventure continues...  Ill have more time to find more interesting articles once this week is finished.  I think.
106  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Which half are you? on: April 24, 2012, 07:27:45 PM
Quote
Thomas Sowell, black conservative, on a roll again about race and the Zimmerman Trayvon story. (Could also go under Media Issues) Two excerpts:

"the repeated references to Zimmerman as a "white Hispanic." Zimmerman is half-white. So is Barack Obama. But does anyone refer to Obama as a "white African"?

All these verbal games grow out of the notion that complexion tells you who is to be blamed and who is not. It is a dangerous game because race is no game."


On a personal note I guess I can relate to this half and half thing or whatever.  Being of mixed race or mixed nationalities (1/2 German & 1/2 Samoan) really confused people where I grew up (Belleville, IL) to break it down simply, due to my features and light skin some Caucasian people saw me as something other than white because of my features & they would ask if Im Indian, Eskimo or something else. Even though my features were different but my skin was "white" some African Americans just saw me as "white."  Believe me I got crap from both sides. I also decided to tell people I was Hawaiian because I got tired of saying Im German / Samoan or just Samoan because no one knew where Samoa was.

LOL, my bad!  Thank you Guro Crafty!
107  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: April 24, 2012, 05:12:38 PM
Replying to something in the "Race, religion, ethnic origin, LGBT, & "discrimination" made me think of this song...

108  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Which half are you? on: April 24, 2012, 05:09:28 PM
Quote
Thomas Sowell, black conservative, on a roll again about race and the Zimmerman Trayvon story. (Could also go under Media Issues) Two excerpts:

"the repeated references to Zimmerman as a "white Hispanic." Zimmerman is half-white. So is Barack Obama. But does anyone refer to Obama as a "white African"?

All these verbal games grow out of the notion that complexion tells you who is to be blamed and who is not. It is a dangerous game because race is no game."


On a personal note I guess I can relate to this half and half thing or whatever.  Being of mixed race or mixed nationalities (1/2 German & 1/2 Samoan) really confused people where I grew up (Belleville, IL) to break it down simply, due to my features and light skin some Caucasian people saw me as something other than white because of my features & they would ask if Im Indian, Eskimo or something else. Even though my features were different but my skin was "white" some African Americans just saw me as "white."  Believe me I got crap from both sides. I also decided to tell people I was Hawaiian because I got tired of saying Im German / Samoan or just Samoan because no one knew where Samoa was.
109  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Wi-Fi–Hacking Neighbor From Hell Sentenced to 18 Years on: April 24, 2012, 04:47:49 PM
How do we define "regular" would this classify as regular?
http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/

I think anything large scale as in Viruses on Facebook, spearphishing is done by organized crime...

or wait

maybe I misinterpret Crafty suggestion.. should we put regular crime such as the above article in this thread?  I kind of like how this thread is separate where we can read about the cyber war outside of our personal space, I think guarding your "personal cyberspace" at home and on your personal devices  may be worthy of separate thread for personal awareness.  There are times I post general awareness information such as Mistakes People Make that Lead to Security Breaches http://www.sans.org/security-resources/mistakes.php?ref=3816 in the "Security, Surveillance issues" in the Martial Arts topics.
110  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Mumford & Son's - Sigh No More on: April 24, 2012, 07:21:37 AM
I dunno, I just like the song...

111  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Anatomy of an Attack on: April 23, 2012, 04:02:27 PM
http://www.mandiant.com/threat-landscape/anatomy-of-an-attack/

Follow the link and it gives a high level view of a spear phishing.
Sometimes the term high level is misleading and refers to a "simplistic" overview & low level would actually get into the "nitty gritty details"

I can move this into the Internet thread if you like but this could also provide some insight to one of the many ways how penetration is achieved.
112  Politics, Religion, Science, Culture and Humanities / Politics & Religion / JPL computers hacked repeatedly in 2010 and 2011, NASA report says on: April 23, 2012, 02:20:49 AM
http://latimesblogs.latimes.com/lanow/2012/03/jpl-computers-hacked-repeatedly-in-2010-and-2011-nasa-report-says.html

Hacker attacks have repeatedly penetrated NASA computers in the past, stealing user information from dozens of employees and gaining control over key networks at the Jet Propulsion Laboratory in La Cañada Flintridge, according to a federal report.

In written comments submitted to Congress this week, NASA Inspector General Paul K. Martin noted that between 2010 and 2011 the agency reported 5,408 computer security breaches, resulting in the spread of destructive software or unauthorized access to computer systems.

The inspector general also noted that NASA was victimized 47 times in 2011 by particularly stealthy and sophisticated attacks from well-funded sources hoping to steal or modify computers without detection. One such attack involved hackers from Chinese Internet addresses gaining access to networks at JPL.

Martin noted that intruders “gained full access to key JPL systems and sensitive user accounts,” allowing them to alter files, user accounts from mission critical JPL systems and upload tools to steal user credentials. “In other words, the attackers had full functional control over these networks," Martin wrote.
In a 2009 attack, an Italian hacker appears to have gained access to a pair of computer systems supporting NASA's Deep Space Network, a series of powerful antennae operated by JPL and based partly in the Mojave Desert. NASA officials assured Martin that critical space operations weren’t at risk.

Martin said the agency was plagued by hackers with a variety of backgrounds: individuals trying to boost their skills by attempting to break into NASA computers; criminal groups mining information for profit; and possibly state-sponsored attacks from foreign countries. Suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

Martin testified before Congress on Wednesday, using the report to back his statements. He urged increased NASA vigilance regarding cyber-attacks, warned of the agency’s slow pace of encryption for laptops and mobile device, and highlighted shortcomings in continuous security monitoring at NASA.

NASA spends more than $1.5 billion a year on information technology, including about $58 million for security, according to the report, which cautioned that those figures may not represent the full cost of expenditures because of the way the agency bundles funding.
113  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Some thoughts on Romney's Mormonism/life experiences on: April 23, 2012, 12:11:26 AM
Quote
"From what I have heard lately, I wouldn't expect Romney to do ANYTHING on gun control if elected to the Presidency. Why? Mormons are the original Disaster Preparedness people in this country, and most Mormon families in the west (UT, ID, NV, AZ, WY, CO) have at least 3 or 4 firearms in the house. Plenty of word from members of the church has already been whispered his way to STFU on gun control, and the answer back has been 'Wilco'. I'm not talking about Church leadership, I'm talking about rank and file members picking up a pen and writing to him. I did."

Not trying to sidetrack the thread but as a Mormon I just learned this from a Non-Mormon last night, LOL

John M. Browning was Mormon too.  John M. Browning was responsible for the invention of many firearms too according to this Wikipedia reference:
http://en.wikipedia.org/wiki/John_Browning#John_M._Browning_and_Winchester_Repeating_Arms_Company

I just thought it was interesting.
114  DBMA Martial Arts Forum / Martial Arts Topics / Older Warrior: 52-year-old tries out for US Olympic Greco-Roman Team on: April 22, 2012, 08:46:10 PM
http://msn.foxsports.com/olympics/wrestling/story/andre-metzger-52-us-olympic-trials-greco-roman-wrestling-john-e-du-pont-dies-in-prison-shot-at-dream-042012

There’s a long list of too-old athletes attempting an ill-fated comeback after retirement.


LONDON CALLING
Are you ready for the 2012 Summer Games? FOXSports.com covers the Olympics like never before. GET FULL COVERAGE HERE
Michael Jordan, who decided he could amaze again on the basketball court at age 38, saw his Washington Wizards miss the playoffs two years in a row. Jim Palmer, who finished his Hall of Fame career with the Baltimore Orioles in 1984, tried to come back seven years later at 45 and made it through two innings of a spring-training game before calling it quits. Brett Favre’s retire-then-unretire pathology finally ended at 41, after he ignominiously finished his career with a 5-8 record and a sexting scandal.

The story is often the same: a world-class talent trying to put off the inevitability of life after sport.

The story of Andre Metzger is very different.

When the 52-year-old from Michigan tries to make the US Olympic Greco-Roman wrestling team at this weekend’s trials in Iowa City, he’ll be chasing no small achievement. The oldest US wrestler to medal at an Olympics? Chris Campbell, who took bronze in 1992 at age 37 — 15 years younger than Metzger is today.

But what makes Metzger stand out even more than his age is the event that sparked his comeback: the death of a 72-year-old multimillionaire in a western Pennsylvania prison in 2010.

Anyone who follows wrestling knows the story of John E. du Pont. Not long ago he was the savior of USA Wrestling, the heir to the du Pont chemical fortune who made amateur sports, specifically wrestling, one of his main philanthropies. But in 1996, du Pont, who was schizophrenic, shot and killed Dave Schultz, a champion freestyle wrestler who had won gold in the 1984 Olympics and was one of du Pont’s closest friends. Du Pont was found guilty but mentally ill the following year and died in prison in December 2010.




And what, exactly, does du Pont’s death have to do with this 52-year-old trying to beat wrestlers half his age and make the Olympic team?

It’s because Metzger’s chance at Olympic glory was cut short in the 1980s and 1990s through a series of bizarre events involving du Pont.

Metzger had won medals in three senior world championships between 1979 and 1987, including silver in 1986. The man to whom he lost in that championship match, Arsen Fadzayev of the Soviet Union, went on to win Olympic gold in 1988 and 1992. Metzger seemed destined to get his opportunity at gold.

But Metzger didn’t have a chance to go to Seoul or Barcelona. He was a recipient of du Pont’s wrestling largesse; du Pont was helping out a financially struggling sport, so there was a feeling of being beholden to him, even as he tried to assert maniacal control over the wrestlers. Each time Metzger won nationals, du Pont gave him a $10,000 bonus. Du Pont also hired Metzger to be a wrestling coach at Villanova University, one of the biggest recipients of du Pont’s philanthropies, paying Metzger $75,000 a year plus a free house.

“It was a pretty sweet deal, too sweet to turn down,” Metzger told FOXSports.com. “But I didn’t know about him.”

 
NEED TO KNOW
Want a refresher course on the sports in the Summer Olympics? We’ve got you covered. OLYMPICS 101
Accepting du Pont's money meant Metzger was also subjected to his erratic behavior, which Metzger said included sexual harassment (Metzger sued and they settled out of court), threats on Metzger’s life and one attempt to kill him.

When Metzger mounted a comeback attempt for the 1992 Olympics, du Pont threatened to kill his children, Metzger said.

“The bottom line is he was an evil guy, and he had a lot of money,” Metzger told FOXSports.com. “I just wasn’t going to risk my family’s life. There was no reason to stay in the sport. So I stepped away.”

“And once he died, I had an opportunity.”

So here Metzger is, after three knee surgeries and a hyperextended knee, trying to be America’s hope in the 74-kilo weight class in Greco-Roman wrestling. His body fat is about 5 percent. He does anywhere from two to seven workouts a day: swimming, lifting, sauna workouts, hot yoga, wrestling.




“I said, ‘OK, this guy is crazy,’ ” US national Greco-Roman coach Steve Fraser told the Detroit Free Press. “I hadn’t heard from Andre in years. He was the real deal, a great competitor. The guy has been a real pleasure to have in our training room. He’s training early in the morning and late at night; he’s definitely a breath of fresh air.”

Think he doesn’t have a chance? Logic says of course not. But Metzger says he’s learning the new rules, he’s honed a strategy to beat the youngsters, and he’s beating the top US wrestlers in practice.

“I’ve got potential to do this,” Metzger said. “I wish I’d never been forced to retire early. But there was nothing I could do about that. Now I’m just (trying) to see if I can get it done.”

The chance of him getting it done this weekend in Iowa City is remote. But if he does, you’ll be hearing the name Andre Metzger a lot in the months leading to the Olympics — this time as a story of inspiration.

You can follow Reid Forgrave on Twitter @reidforgrave, become a fan on Facebook or email him at reidforgrave@gmail.com.
115  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Cracking Bin Laden's Hard Drives on: April 18, 2012, 12:48:00 AM
http://www.informationweek.com/news/security/encryption/229402923#

Security experts detail how the government will attempt to unlock the "trove of information" on devices recovered during the raid on Osama bin Laden's residence.

By Mathew J. Schwartz    InformationWeek
May 05, 2011 06:38 PM
The weekend raid on Osama bin Laden's compound carried out by Navy Seals and CIA paramilitary operatives reportedly recovered numerous data storage devices.
According to the New York Times, "the team found a trove of information and had the time to remove much of it: about 100 thumb drives, DVDs and computer disks, along with 10 computer hard drives and five computers. There were also piles of paper documents in the house."

An unnamed U.S. official told Politico that the Navy Seals had recovered "the mother lode of intelligence," and that hundreds of people were already at work analyzing it at a secret base in Afghanistan.

"They're very likely to get a lot of really good, actionable intel off of these devices," since Osama bin Laden apparently had no direct connection to the Internet, said Greg Hoglund, CEO of security software and consulting firm HBGary, Inc., in a telephone interview. "So all of his work was done with outside couriers … and information that's coming and going is probably on thumb drives and DVDs, media like that," meaning that they likely stored important operational information.

According to Hoglund, the effort to recover Osama bin Laden's data likely started with--and was part of--the raid, in a process that's known as battlefield exploitation, which seeks to extract as much data as possible while in the field. That's because it's much easier to extract information from a computer that's still running. Even if a hard drive employs encryption, if the drive is still mounted, then it's vulnerable. Furthermore, if the team can take physical memory RAM snapshots of a live device, this can help crack any encryption.

Here's how the process works, said Rob Lee, a director at information security company Mandiant and a fellow at The SANS Institute, in a telephone interview: A military team will secure a location but not touch the computers. Next, computer experts--typically, contractors--traveling with the team come in and do a "clean takedown" of any machines. Little if any "deep dive" data analysis will be performed in the field, except perhaps some quick analysis in search of "low-hanging fruit," for example to note on a captured cell phone any phone numbers that the target recently called, or any recently sent emails. But the true payoff comes when intelligence analysts compare the captured data with "the hundreds of terabytes of data that they've already gathered over many years," for example to see how names, email addresses, and phone numbers match up.

The goal isn't just to recover data, but to rapidly understand its intelligence context. "Instead of standard forensics, the terminology is called media exploitation, and in the intel community, that word has a high value to it," said Lee. He said the practice dates from the start of the Iraq War.
Interestingly, both the data on the recovered devices as well as the devices themselves may provide valuable clues. That's because every USB storage device has its own serial number, which can be retrieved from any computer to which it's been connected. "You're able to track that USB device in every system it's touched," said Lee. That may help analysts better understand how the courier network operated, especially if the storage devices match up with previous PCs that they've encountered.
The raid on Osama bin Laden's compound reportedly lasted 38 minutes, and recent accounts suggest that the facility may have been secured relatively quickly. That would have left time for computer specialists to go to work.

"To process a computer that's in a running state, you're probably talking about 15 to 30 minutes," said HBGary's Hoglund. "A guy has a toolkit--a hardened briefcase, he sits down, plugs it in," and it provides him with a full view of what's on the RAM chips, and also allows him to image the hard drive. In addition, a subset of the information can be transmitted via VSAT--a very small, two-way satellite communications system--to intelligence analysts in for immediate study.
What happens, however, if computers are powered off, as well as encrypted?

"If you're doing encryption on the drive properly, meaning you've done your research, looked at the solutions, you follow best practices, have a strong key, and don't have a weak passphrase, then it will probably never be decrypted. Because drive encryption done properly is extremely difficult, it ends up being a brute-force problem," said Hoglund.
To try and recover data in such situations, he said one standard practice is to remove the drives to an analysis facility that has crackers built using large arrays of field-programmable gate array chips. If a strong passphrase can be broken, that approach will do it within a week, or not at all. "It's like the event horizon--it's the threshold of tolerance," he said.

But given Osama bin Laden's use of couriers--who might not be computer-savvy, and who may have needed to operate from places like Internet cafes--"I wouldn't be surprised to find out that they weren't using any type of encryption," said Hoglund.
116  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 17, 2012, 02:47:54 AM
5 page article:

Richard Clarke on Who Was Behind the Stuxnet Attack
America's longtime counterterrorism czar warns that the cyberwars have already begun—and that we might be losing
By Ron Rosenbaum
Smithsonian magazine, April 2012,


Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWO229K


1st page below
-------------------------------


The story Richard Clarke spins has all the suspense of a postmodern geopolitical thriller. The tale involves a ghostly cyberworm created to attack the nuclear centrifuges of a rogue nation—which then escapes from the target country, replicating itself in thousands of computers throughout the world. It may be lurking in yours right now. Harmlessly inactive...or awaiting further orders.

A great story, right? In fact, the world-changing “weaponized malware” computer worm called Stuxnet is very real. It seems to have been launched in mid-2009, done terrific damage to Iran’s nuclear program in 2010 and then spread to computers all over the world. Stuxnet may have averted a nuclear conflagration by diminishing Israel’s perception of a need for an imminent attack on Iran. And yet it might end up starting one someday soon, if its replications are manipulated maliciously. And at the heart of the story is a mystery: Who made and launched Stuxnet in the first place?

Richard Clarke tells me he knows the answer.

Clarke, who served three presidents as counterterrorism czar, now operates a cybersecurity consultancy called Good Harbor, located in one of those anonymous office towers in Arlington, Virginia, that triangulate the Pentagon and the Capitol in more ways than one. I had come to talk to him about what’s been done since the urgent alarm he’d sounded in his recent book, Cyber War. The book’s central argument is that, while the United States has developed the capability to conduct an offensive cyberwar, we have virtually no defense against the cyberattacks that he says are targeting us now, and will be in the future.

Richard Clarke’s warnings may sound overly dramatic until you remember that he was the man, in September of 2001, who tried to get the White House to act on his warnings that Al Qaeda was preparing a spectacular attack on American soil.

Clarke later delivered a famous apology to the American people in his testimony to the 9/11 Commission: “Your government failed you.”

Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation’s entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system.

“Are we as a nation living in denial about the danger we’re in?” I asked Clarke as we sat across a conference table in his office suite.

“I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it. If that’s denial, then that’s denial.”

As Clarke stood next to a window inserting coffee capsules into a Nespresso machine, I was reminded of the opening of one of the great espionage films of all time, Funeral in Berlin, in which Michael Caine silently, precisely, grinds and brews his morning coffee. High-tech java seems to go with the job.

But saying Clarke was a spy doesn’t do him justice. He was a meta-spy, a master counterespionage, counter­terrorism savant, the central node where all the most secret, stolen, security-encrypted bits of information gathered by our trillion-dollar human, electronic and satellite intelligence network eventually converged. Clarke has probably been privy to as much “above top secret”- grade espionage intelligence as anyone at Langley, NSA or the White House. So I was intrigued when he chose to talk to me about the mysteries of Stuxnet.

“The picture you paint in your book,” I said to Clarke, “is of a U.S. totally vulnerable to cyberattack. But there is no defense, really, is there?” There are billions of portals, trapdoors, “exploits,” as the cybersecurity guys call them, ready to be hacked.

“There isn’t today,” he agrees. Worse, he continues, catastrophic consequences may result from using our cyber­offense without having a cyberdefense: blowback, revenge beyond our imaginings.

“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that.”



Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWZNaV8
117  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 17, 2012, 02:39:23 AM
I'm not quite sure if this belongs in this thread or the Internet thread:

http://net-security.org/malware_news.php?id=1922


Services for fraudsters utilizing malware are not new – AV checkers, malware encryption and malware infection services have existed in the criminal underground market for several years.

However, recent research has indicated changes in service scope and price due to service convergence and demanding buyers.



What's new?

One-stop-shop - Trusteer Research came across a new group that besides offering infection services (for prices between 0.5 and 4.5 cents for each upload, depending on geography) also provides polymorphic encryption and AV checkers. This new one-stop-shop approach for malicious services is a natural evolution of the market – if the customers need to infect, then they also need to evade AV. Why not sell the whole package?

For Polymorphic encryption of malware instances they charge from $25 to $50 and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.

It’s a buyer market. Researchers also came across advertisements published by prospective buyers of infection services. The ad basically presets the buying price, how it is charged and the scope of the service:
The advertiser pays only for unique uploads
The calculations will be conducted according to the advertiser's own Black Hole (exploit kit) stats module
The advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 "fresh" forum messages. Otherwise, the sellers will get paid afterwards
The domains are checked via a malware scan service website (scan4you) during the day. If the domain is recognized as blacklisted on anti-virus databases, the advertiser will automatically replace it with another.
The final paid price depends on percentage of infections:
$4.5 for 1,000 of traffic with 3% of infections
$6 for 1,000 of traffic with 4% of infections
$30 for 1,000 of traffic with more than 20% of infections.
In an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for 20$ per file, and offered a money back guarantee if it fails an AV checker.
118  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cridex on: April 15, 2012, 08:11:10 PM
Just an FYI: "we" have been seeing alot of fake emails here at work, luckily they are blocked and deleted but normal home users don't have the same protections in place.

Cridex Trojan breaks CAPTCHA, targets Facebook, Twitter users
http://www.linkedin.com/news?viewArticle=&articleID=5570732773137715208&gid=2305411&type=member&item=92660407&articleURL=http%3A%2F%2Fbitcyber%2Ewordpress%2Ecom%2F2012%2F02%2F02%2Fcridex-trojan-breaks-captcha-targets-facebook-twitter-users%2F&urlhash=9JPw&goback=%2Egde_2305411_member_92660407



The Cridex Trojan Targets 137 Financial Organizations in One Go
http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/

119  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 13, 2012, 02:41:48 PM
Thanks GM, interesting / scary stuff out there!
120  Politics, Religion, Science, Culture and Humanities / Politics & Religion / An Evaluation of Nation-State Cyber Attack Mitigation Strategies (w speaker) on: April 13, 2012, 04:20:47 AM
An Evaluation of Nation-State Cyber Attack Mitigation Strategies (w speaker)


Speaker: Kenneth Geers Naval Criminal Investigative Service (NCIS), Cooperative Cyber Defence Centre of Excellence (CCD CoE)

This presentation argues that computer security has evolved from a technical discipline to a strategic concept. The world's growing dependence on a powerful but vulnerable Internet — combined with the disruptive capabilities of cyber attackers — now threatens national and international security.

Strategic challenges require strategic solutions. The author examines four nation-state approaches to cyber attack mitigation.

•Internet Protocol version 6
•Sun Tzu's Art of War
•Cyber attack deterrence
•Cyber arms control

The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations; arms control is a political/technical approach.

The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demonstrates that IPv6 is currently the most likely of the four examined strategies to improve a nation's cyber defense posture.

There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today — anonymity.

For more information visit: http://bit.ly/defcon19_information
To download the video visit: http://bit.ly/defcon19_videos
Playlist Defcon 19: http://bit.ly/defcon19_playlist
121  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Internet and related technology on: April 13, 2012, 04:14:09 AM
http://www.infosecisland.com/blogview/20779-Social-Media-Security-Basics-An-Infographic.html

Social networking has quickly become a major medium for communications for both individuals and organizations, but the platforms that allow the development of online personae are not without their own inherent risks.

The team over at security provider Veracode has produced an interesting and informative infographic examining the social media security basics everyone who has ventured into the online world of networking should embrace.

Follow the link above to view the complete article.
122  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Has the ‘Cyber Pearl Harbor’ already happened? on: April 12, 2012, 07:02:40 AM
http://www.dodbuzz.com/2012/03/26/has-the-cyber-pearl-harbor-already-happened/

Has the ‘Cyber Pearl Harbor’ already happened?

By Philip Ewing Monday, March 26th, 2012 10:54 am
Posted in Cyber Security

The Russians are picking our pockets, the Chinese are stealing our most vital secrets, and there’s nothing we can do about it – and it’s all going to get worse.

That was the basic conclusion after Friday’s Air Force Association cyber-conference, where speaker after speaker drove home the utter futility and helplessness of today’s cyber climate, all the while warning that the problem will only grow.

Richard Bejtlich, chief security officer for the info-security firm Mandiant, said 100 percent of the high-profile intrusions his company tracks were done with “valid credentials” – meaning the cyber bad-guys had been able to steal a real user’s login and password, obviating the need for more complex attacks.


The typical time between an intrusion and its discovery is 416 days, he said – down from two or three years – and the way most companies find out about them is when they get a visit from the FBI.

The publicly available malware in the so-called “cyber underground” is now so good that you can do a lot of damage without a dedicated team of code-writers coming up with their own stuff, speakers said. In fact, the much-discussed cyber attack against Georgia was carried out mostly with publicly known tools – “there was nothing sacred here,” said National Defense University iCollege chancellor Robert Childs.

Cyber-intrusions and compromise are so endemic, Bejtlich said, that many attackers don’t even bother with the wholesale vacuuming of information that used to characterize cyber-snooping. Now hackers go after very specific pieces of information, often data that is useless on its own, he said.

He described how a company had approached Mandiant befuddled that someone would want to steal a certain proprietary device, because it only worked in combination with a specific chemical formula owned by another company. Naturally, it wasn’t long before the second company discovered it was compromised, and also befuddled because its chemical formula would only be useful to someone who had information about the device manufactured by the first.

Online miscreants are also becoming more sophisticated at a strategic level, Bejtlich said: He described how they might target small companies that were merging with larger ones, to avoid trying to attack the bigger firm’s online security. Instead, by compromising a small company’s computer networks, the bad guys can then get into the new common network after a merger.

This can have profound financial as well as security implications, Bejtlich said – if you’re an aerospace giant and you want to acquire a small firm because its widget is worth $10 million, but then you discover it’s been cyber-stolen and no longer proprietary, the technology might only be worth $10,000, and that could put your shareholders and Wall Street in a bad mood.

And you can’t do anything about any of this. Government officials won’t talk about offensive cyber-attacks, so we can’t go there. Private sector clients in crisis with Mandiant often ask, how can we get back at these guys, or at least, can we destroy the data they’ve stolen, Bejtlich said.

“I’ve never seen somebody execute this, because of legal concerns,” he said. “The CEO says, ‘I wanna get these guys,’ but if there’s a lawyer in the room, what does he say? ‘Absolutely not.’”

Going after data that has been stolen from your network is like following a thief who has stolen your television and then breaking into his house to steal it back, Bejtlich said – “not authorized by our legal code.”

And the law can’t catch up with cyber, as we’ve seen so many times. And by the time the feds knock on your door to tell you about your compromise, it’s too late. And even though officials have been warning about cyber-dangers for more than a decade, the cyber-world has basically just been treading water this whole time, another speaker argued.

“I’ve been at this conference for 15 years,” said Jason Healey, an analyst with the Atlantic Council. He showed government reports warning of “computers at risk” from 1991 and before, and said although the technology involved has gotten much more advanced since then, the cyber doctrine, for lack of a better term, has not.

Healey argued that the U.S. can’t afford to keep being coy with China. It must build a coalition of cyber-victims and formally call out Beijing on the world stage, citing specific examples of Chinese hacking. Healey said Washington has never laid out its cyber-grievances in this way, and suggested that threatening to embarrass China might be one first step.

He also said the cyber-world must dispense with its worries over “attribution” – tracing the origins of attacks. Healey repeated the factoid that 178 countries were “involved” in the 2007 cyber-attack on Estonia: “Who cares?” he said. “That is completely meaningless.” In those situations, if the U.S. is affected, “the president needs to pick up the phone and call the Kremlin.”

(For what it’s worth, Bejtlich said the lines between Russian government and organized-crime cyber-mischief were so blurred as to be nonexistent. As for China, he said that if you want to know if you’ll be a cyber-target, see where your company falls on Beijing’s regular 5-year “industrial priorities” plans – it tracks very closely with hacking victims.)

An audience member’s question Friday crystallized all the speakers’ points at the cyber-conference: The much-feared “Cyber Pearl Harbor” has already happened, he said. Global cyber crime is more profitable than the drug trade.  America’s onetime technological advantage is gone; much of its intellectual property secrets have been stolen.

“People just haven’t realized it yet,” the questioner said.

It’s a depressing thesis, but from all the public statements about cyber-losses, it sounds plausible. Unless a true “Cyber Pearl Harbor” — in which bad guys knock out the power grid or the financial system or our telecommunications — happens tomorrow. Even if it doesn’t, Healey proposed a new set of parallels: A “Cyber-Vietnam,” i.e. a prolonged campaign, rather than a single sneak attack; or a “Cyber Battle of Britain,” in which the government appeals to — or impresses — private citizens for help in responding to a major crisis.

Can anything be done? Healey called for “cyber-mindedness,” for users to be that much more careful when they use the network, and for military cyber-units to study their forebears as airmen study MiG Alley or Operation Linebacker.

Maj. Gen. Suzanne Vautrinot, commander of the 24th Air Force, said military networks must be “proactive in defense,” able to monitor intrusions and irregularities and turn them against attackers. She showed the infamous clip of New York Giants bruiser Lawrence Taylor tackling Washington Redskins great Joe Theismann – crushing his leg and ending his career. That’s what cyber-defense has to be, she said.

Bejtlich left attendees with perhaps the most hopeful metaphor: The best organizations turn cyber-security “into a manageable situation,” he said – “they go from being a volunteer fire department to a continuous business process.”

In other words, governments and businesses must treat cyber-security like a chronic disease, a condition that will always be there, but can be managed and even suppressed. Bejtlich said if he could, he’d mandate that everyone did an inspection every 30 days to see where their networks were compromised, then act appropriately once discovering the details.

Turning to the inevitable cyber-football analogy, Bejtlich said defenders have to stop permitting attackers to complete touchdown passes every time. Instead they’ve got to pressure the quarterback and defend downfield, forcing attackers to try for field goals instead.

“The bad guys are going to complete passes, they’re going to compromise your systems, get to your data, try to aggregate it, encrypt it, exfiltrate it, and you want to prevent them from getting to the point of the extrusion,” he said. “If you have fast identification, fast containment, if you can get to them before they complete their mission, it may not matter as much that they’re in your system.”

That, it appears, is the best diagnosis we can hope for. Congress can’t act – which means it can’t pass its own laws or ratify a theoretical international cyber-treaty. If the military and government are getting better at cyber-defense, the private sector remains more or less on its own. Here’s how Twitter user @hal_999999999 put it in a response to @DoDBuzz on Friday:

“It’s the old west, the Roaring Twenties, and the Cold War all rolled into one, w/some wires and CPUs… We’re gonna have to earn it.”
123  Politics, Religion, Science, Culture and Humanities / Politics & Religion / “Good for Liberty, Bad for Security? Global Civil Society and the Securitization on: April 12, 2012, 06:54:18 AM
Deibert, R. & Rohozinski, R. (2008). “Good for Liberty, Bad for Security? Global Civil Society and the Securitization of the Internet.” In Access Denied: The Practice and Policy of Global Internet Filtering, ed. Deibert R., Palfrey, J., Rohozinski, R., Zittrain, J. MIT Press.

The spectacular rise and spread of NGOs and other civil society actors over the past two decades is attributable in part to the emergence and rapid spread of the Internet, which has made networking among like-minded individuals and groups possible on a global scale.

But the technological explosion of global civil society has not emerged without unintended and even negative consequences. Just as progressive and social justice groups have made use of the Internet to advance global norms, so too have a wide variety of resistance networks, militant groups, extremists, criminal organizations, and terrorists. Whereas once the promotion of new information communications technologies (ICTs) was widely considered benign public policy, today states of all stripes have been pressed to find ways to limit and control them as a way to check their unintended and perceived negative public policy and national security consequences.

Full Report:
http://opennet.net/sites/opennet.net/files/Deibert_07_Ch06_123-150.pdf
124  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Cyber Warfare: The next Cold War on: April 12, 2012, 02:32:15 AM
http://www.scmagazine.com/cyber-warfare-the-next-cold-war/article/232568/


Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.
History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.

Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.
While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.

North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.

In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved.
“Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”

It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.
Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.


Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.
In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.

In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.

However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.

Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.

This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.

Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually  install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.
Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.

Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production.
Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.

Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.

Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.

When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.


And now, mobile and cloud
Mandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.

Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.

Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.

Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.
“Typically,” she says, “security comes at the price of convenience.”

Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.

Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.
Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.

If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.

Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.

Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit.
125  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cyber Warfare: The next Cold War on: April 11, 2012, 12:37:00 AM
http://www.scmagazine.com/cyber-warfare-the-next-cold-war/article/232568/


Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.
History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.

Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.
While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.

North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.

In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved.
“Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”

It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.
Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.


Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.
In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.

In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.

However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.

Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.

This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.

Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually  install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.
Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.

Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production.
Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.

Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.

Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.

When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.


And now, mobile and cloud
Mandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.

Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.

Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.

Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.
“Typically,” she says, “security comes at the price of convenience.”

Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.

Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.
Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.

If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.

Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.

Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit. 
126  DBMA Martial Arts Forum / Martial Arts Topics / Re: Security, Surveillance issues on: April 10, 2012, 03:07:19 AM
Mistakes People Make that Lead to Security Breaches

The Five Worst Security Mistakes End Users Make

Failing to install anti-virus, keep its signatures up to date, and apply it to all files.

Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources.

Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, Firefox, and Netscape.

Not making and testing backups.


Being connected to more than one network such as wireless and a physical Ethernet or using a modem while connected through a local area network.

http://www.sans.org/security-resources/mistakes.php?ref=3816
127  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Mistakes People Make that Lead to Security Breaches on: April 10, 2012, 02:48:08 AM
The Five Worst Security Mistakes End Users Make

Failing to install anti-virus, keep its signatures up to date, and apply it to all files.

Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources.

Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, Firefox, and Netscape.

Not making and testing backups.

Being connected to more than one network such as wireless and a physical Ethernet or using a modem while connected through a local area network.

http://www.sans.org/security-resources/mistakes.php?ref=3816
128  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Anonymous to attack internet this weekend? on: April 02, 2012, 07:58:36 PM

http://isc.sans.edu/diary.html?storyid=12868

In the comments section someone stated:

The original threat to take down the Internet DNS-system was posted here:

http://pastebin.com/NKbnh8q8

In the above pastebin-post, the following is stated:

Quote
"download link in #opGlobalBlackout"

If you entered the Anonymous IRC-network at the time this was posted, the topic of channel opGlobalBlackout was: Official Press Release: http://pastebin.com/yK79Tsgq

As you can see, the "Press Release" tells potential Anonymous-members to stop waging war, that peace is the way to go, to stop DDoS-attacks. This is another words an "anti-op" designed to get potential anonymous-recruits to think about what they are doing.

There never was an operation. There was only an anti-operation, designed to get people to think.
posted by Rogers, Sun Apr 01 2012, 13:23
129  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Internet and related technology on: March 26, 2012, 11:25:57 PM
Information Security and the OODA Loop

The Information Security OODA Loop - The Introduction
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-The-Introduction/ba-p/5589775

The Information Security OODA Loop - Observe
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-Observe/ba-p/5590935

The Information Security OODA Loop - Orient
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-Orient/ba-p/5592749
130  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: December 06, 2011, 08:28:20 PM
Not sure what to say, very nice piece of music. 
131  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cybercommand opposes UN role on: October 21, 2011, 03:54:39 PM
http://www.washingtontimes.com/news/2011/oct/20/cybercommand-chief-opposes-un-net-control/

Cybercommand chief opposes U.N. net control
‘Government survivability’ issue

BALTIMORE — The commander of the U.S. Cyber Command said Thursday that he does not favor giving the United Nations the power to regulate the Internet.

Some regulations are needed to protect critical networks that control electrical power, banking, transportation and other key elements of society, Army Gen. Keith Alexander, who is also director of the National Security Agency, said after a speech to a security conference.

But asked whether the U.N. should have a regulation role, Gen. Alexander said: “No. I’m not for regulating, per se. I’m concerned about it, and this is a tough question. I would say, generally speaking, I’m not into that portion of regulating as you would espouse.”

Last month, Russia, China, Uzbekistan and Tajikistan submitted a resolution to the U.N. General Assembly calling for giving individual states the right to control the Internet. The resolution, submitted Sept. 14, calls for “an international code of conduct for information security.”

It requests “international deliberations within the United Nations framework on such an international code, with the aim of achieving the earliest possible consensus on international norms and rules guiding the behavior of states in the information space.”

China tightly controls the Internet through a cybersecurity police force estimated to be more than 10,000 people who monitor Internet users and websites.

Russia’s authoritarian government has taken steps in recent years to curb Internet freedoms. Uzbekistan and Tajikistan also are authoritarian regimes that seek to control Internet use.

Gen. Alexander said that, rather than seeking U.N. regulation, individual countries “first need to step up and say, ‘Look, how do we do this without regulating it?’ “

The four-star general suggested bolstering Internet security by using “cloud” technology, which uses remote computer servers for applications and data storage. Other new technologies that permit greater visibility of cyberthreats on networks also can be used to improve security, he said.

“I do think that there may be some things for critical infrastructure and government networks that we’re going to have to direct out to the government,” Gen. Alexander said. “These are things that you must do to secure your networks for government survivability.”

Additionally, security cooperation between nations can be improved, he said.

“But for my grandchildren and my daughters out there, they have a great time on the network,” he said. “I would not want somebody to say you cannot let your 2-year-old grab the iPad and launch [an application].”

As for future considerations, Gen. Alexander said U.S. policymakers are discussing whether U.S. firms should be required to divulge information about cyber-attacks.

Additionally, he said: “I think down the road we have to figure out how do we ensure that your platforms do not create a public hazard, but I’m not sure I would put that in regulation.”

In a speech to the Information Systems Security Association conference, Gen. Alexander said U.S. development of the Internet brought tremendous benefits and “tremendous vulnerabilities” that can be exploited by hackers, criminals and nation states.

U.S. corporations were victims of cyber-attacks, including Google, Lockheed Martin and Booz Allen Hamilton, and some have lost valuable intellectual property through cybertheft and espionage.

The threat is increasing as the use of mobile devices such as smartphones and tablet computers increases.

“Here’s what concerns me: What we’re seeing is destructive [digital] payloads coming out, payloads that can make a blue screen of death, that can stop your operating system, your router or peripheral devices,” Gen. Alexander said.

Mobile devices increase the problem by “orders of magnitude” because of the lack of security built up over the past decade for desktop devices, he said.

Both are connected to networks, “and the issues we are going to see are huge,” Gen. Alexander said.

Shawn Henry, FBI executive assistant director for cyber-issues and a conference speaker, said a better network architecture is needed to identify cybercriminals who can operate anonymously.

Mr. Henry also called for better “assurance” for Internet communications to prevent someone from breaking into links that control key infrastructure. For example, computer communications between a technician remotely directing an electrical facility need better security, he said.

“The Internet was developed with protocols allowing for anonymity and there are legitimate reasons for wanting it that way,” Mr. Henry said. “But for those critical uses of the Internet where intrusion is entirely unacceptable and we must be able to identify the users, market-driven factors may prompt the private sector to explore solutions and alternate architectures to meet those needs.”

“We need a more secure architecture that allows for absolute attribution,” he said. “Threats are continuing to increase and we cannot constantly play defense.”
132  DBMA Martial Arts Forum / Martial Arts Topics / Re: Emergency Tips and Emergency Medicine on: September 02, 2011, 10:52:46 PM
Done Guro!
133  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Survivalist issues on: September 02, 2011, 10:51:58 PM
Got this from http://offgridsurvival.com/shtfsurvivalmanual/   - I like this idea.

Electronic storage is great, for years I have recommended things like survival laptops and tablets. With a good solar charger these devices can last for years in an off the grid environment.
If your anything like most of the survival minded people that come to this site, you probably bookmark and save a ton of good survival articles. While I love electronic devices, when the SHTF you need to have backups of all your valuable survival information.
You need your own SHTF Proof Survival Manual.
Lately I have been saving a ton of how to articles to my NOOK but I don’t stop there. The nook is great for storing survival books and articles but I also started laminating the most important articles and putting them into my own personal survival manual.
For under $40 bucks you can make yourself a good SHTF proof survival binder.
First, you need to buy a good laminator and a pack of lamination sheets.
You can get a Good Laminator on Amazon and a pack of 50 lamination sheets for around $40. This will allow you to put about 400 articles in your personal survival manual.
Second, I condense the articles down so I can fit at least 4 to a page (8 double sided) this gives you roughly 400 articles with only 50 pieces of paper. Remember the lamination adds some weight so you don’t want to go crazy here. Print only those articles that you think you will really need post SHTF.
I usually condense articles down in Microsoft word, or I shrink down specific pages from books so I can fit them into my 4up format. I then 3 ring punch the laminated pages and put them in a good zippered binder to protect them from the elements.
What kinds of articles do I add to my personal survival manual?
My NOOK can pretty much hold everything I need so I fill that up with as much information as I can get. For my Binder I take only the things that I think I will need in a post SHTF world.
Maps, Evacuation Routes and Bug Out Locations
Medical information and first aid instructions
How To articles
Pictures of edible plants
Communication frequency charts, notes and antenna diagrams / formulas
Primitive Skills & instructional materials
Trapping Diagrams
And anything that you may have a hard time remembering
134  DBMA Martial Arts Forum / Martial Arts Topics / Re: Emergency Tips and Emergency Medicine on: September 02, 2011, 08:24:29 PM
I like this idea:

http://offgridsurvival.com/shtfsurvivalmanual/

Electronic storage is great, for years I have recommended things like survival laptops and tablets. With a good solar charger these devices can last for years in an off the grid environment.
If your anything like most of the survival minded people that come to this site, you probably bookmark and save a ton of good survival articles. While I love electronic devices, when the SHTF you need to have backups of all your valuable survival information.
You need your own SHTF Proof Survival Manual.
Lately I have been saving a ton of how to articles to my NOOK but I don’t stop there. The nook is great for storing survival books and articles but I also started laminating the most important articles and putting them into my own personal survival manual.
For under $40 bucks you can make yourself a good SHTF proof survival binder.
First, you need to buy a good laminator and a pack of lamination sheets.
You can get a Good Laminator on Amazon and a pack of 50 lamination sheets for around $40. This will allow you to put about 400 articles in your personal survival manual.
Second, I condense the articles down so I can fit at least 4 to a page (8 double sided) this gives you roughly 400 articles with only 50 pieces of paper. Remember the lamination adds some weight so you don’t want to go crazy here. Print only those articles that you think you will really need post SHTF.
I usually condense articles down in Microsoft word, or I shrink down specific pages from books so I can fit them into my 4up format. I then 3 ring punch the laminated pages and put them in a good zippered binder to protect them from the elements.
What kinds of articles do I add to my personal survival manual?
My NOOK can pretty much hold everything I need so I fill that up with as much information as I can get. For my Binder I take only the things that I think I will need in a post SHTF world.
Maps, Evacuation Routes and Bug Out Locations
Medical information and first aid instructions
How To articles
Pictures of edible plants
Communication frequency charts, notes and antenna diagrams / formulas
Primitive Skills & instructional materials
Trapping Diagrams
And anything that you may have a hard time remembering
135  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: December 17, 2010, 09:36:35 AM
Surprised this hasn't been posted yet, I know there has been some cool stuff pulled off by Gints at the Gatherings but this is pretty darn cool too.

136  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: November 02, 2010, 11:20:00 PM
I know the sound of this band isn't anything new but its kind of refreshing.



Yeah I could go back and listen to the music that inspires these guys but I'm really diggin this album.

137  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: April 16, 2010, 03:36:51 AM
Been some time I visited this thread.  That is some really interesting stuff, I believe I asked Guro Crafty a question about Music and Martial Arts. I dont even remember exactly what I asked but  I think it would start an interesting thread. I don't quite understand all that you wrote about Ill have to look into it further but it sure is interesting!  Definitely adding those two songs to my playlist!
138  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: March 26, 2010, 11:55:38 PM
Funny clip about a guy acting like an ass to some bouncers - no violence but strong language.

http://www.youtube.com/watch?v=yWfetF1jCO4&feature=player_embedded
139  DBMA Martial Arts Forum / Martial Arts Topics / Re: Seminar with Guro Maija Soderholm on: March 18, 2010, 01:05:54 AM
Dang, I dont think I have any friends that live in that area anymore but I will share the word on Facebook.  Im actually from the Belleville \ St. Louis area.
140  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: December 25, 2009, 02:20:25 AM
My nieces Cheesy

141  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: December 19, 2009, 04:49:46 AM
not sure how to describe it, cool stuff. been listening to it over and over for some time now...




142  DBMA Martial Arts Forum / Martial Arts Topics / Re: DB in the media on: December 09, 2009, 12:06:20 PM
Google has a translator, you can enter the URL of websites and it will translate for you.


Google Translator
http://translate.google.com/#

Japanese Website
http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.fnlweb.com/blog/2009/10/fightlife1023.php&sl=ja&tl=en

The article is  " Stock - anything with a weapon what is a DOG BROTHERS & Toudo Cali?"
143  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: December 08, 2009, 11:11:25 PM
This cracks me up..

Meet me here to fight!
http://media.mtvnservices.com/mgid:cms:mvideo:cmt.com:40319
144  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: November 25, 2009, 02:18:07 PM
Ahhhh the sensitive side... forgot about that, lol.





145  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: November 23, 2009, 04:49:27 PM
@Freki 

Live performance clip:



146  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: November 12, 2009, 02:50:50 AM
Query: What's your favorite music to...

1) Workout to?

2) Fight to?

For working out and "fighting" I prefer energetic, rhythmic

Stuff like:







I like metal but sometimes it doesnt give me boost \ vibe i need while working out, unless im on a stationary bike or need an energetic boost before working out.
147  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: October 25, 2009, 05:58:46 AM
Ive been on a Retro Hard rock \ Metal kick.  Im sure these guys will conjure up some old sounds of rock.

Wolfmother - Woman


Wolfmother - Dimension
148  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: October 22, 2009, 06:54:50 PM
Steven Seagal reality show..

149  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: October 18, 2009, 12:38:04 AM
An old news clip I just put up, its a news clip on Derobio Eskrima.  A friend gave me a copy of a celebration from a couple of years ago and I finally got around to putting it up on youtube.

P1



P2



P3
150  DBMA Martial Arts Forum / Martial Arts Topics / Re: home made equipment on: September 25, 2009, 12:53:11 AM
Home made mace with Quickcrete

http://maxwellsc.blogspot.com/2008/10/gitchy-gitchy-gada-ya-ya.html

and

homemade club bells

Pages: 1 2 [3] 4 5 ... 11
Powered by MySQL Powered by PHP Powered by SMF 1.1.17 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!