Dog Brothers Public Forum
Return To Homepage
Welcome, Guest. Please login or register.
August 23, 2014, 08:38:57 AM

Login with username, password and session length
Search:     Advanced search
Welcome to the Dog Brothers Public Forum.
81836 Posts in 2244 Topics by 1047 Members
Latest Member: MikeT
* Home Help Search Login Register
  Show Posts
Pages: 1 2 [3] 4 5 ... 11
101  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / No, #Anonymous can't DDoS the root DNS servers on: May 31, 2012, 12:37:20 AM
http://erratasec.blogspot.com/2012/02/no-anonymous-cant-ddos-root-dns-servers.html

It's easier to read the article at the Blog then cut and paste.
102  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Bogus story: no Chinese backdoor in military chip & Cyberwar is fiction on: May 31, 2012, 12:31:31 AM
Two interesting blog posts:

Bogus story: no Chinese backdoor in military chip (2012)
http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html


Cyberwar is fiction (2010)  
http://erratasec.blogspot.com/2010/06/cyberwar-is-fiction.html
  
 
103  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Free Tools for Improving Online Security on: May 31, 2012, 12:20:28 AM
If you follow the link, you can read the article with the links embedded to the free products that are mentioned.

SRC: http://www.entrepreneur.com/article/223572

Many small-business owners fall below what some people call the “security poverty line." Bootstrapping entrepreneurs can be especially vulnerable to hackers because they don’t have the money or personnel to buy, install and maintain the fancy security products large companies take for granted.

On the hunt for easy pickings, hackers are attacking these security-poor businesses, typically with indiscriminate, automated assaults that could be stopped by basic security tools and computer hygiene. Seven in 10 of the cyber break-ins analyzed in Verizon’s 2012 Data Breach Investigations Report occurred at organizations with 100 employees or less.

The good news is that it can be surprisingly easy and inexpensive to mount a quality defense on a budget. We spoke with Grady Summers, a vice president at Mandiant Corp., an Alexandria, Va.-based information-security firm, and former chief information security officer at General Electric Co., to assemble a list of easy-to-use, free tools that any company -- including those without a technology staff -- can use to create a comprehensive security program to protect its network, computers and data.

While no security program is perfect, applying these free tools can defend against the most common attacks. “A small business with a part-time IT person could probably do this in a day," Summers says.


Defend your network.
Most of the threats to company networks come over the Web, Summers says. He recommends using filtering software to block dangerous websites, including “phishing” sites designed to trick unwitting employees into falling for a scam or infect their computers with malware.

San Francisco-based OpenDNS offers a free, cloud-based Web filtering product that can protect a single PC or mobile device, or an entire network, from known phishing sites. OpenDNS’s paid services offer more security features and the ability to block porn and other sites companies may not want people to access while in the office.

Related: How to Avoid One of the Biggest Email Hacking Threats

To find any weak spots on your network, run a scan. Lumension Security of Scottsdale, Ariz., offers a free vulnerability scanner for checking networks of 25 or fewer computers. It can identify software vulnerabilities and misconfigurations that could put you at risk.

Also, scan your website for security vulnerabilities. Hackers often break into customer databases by striking company websites or hack sites to plant malware that will infect visitors. Qualys, a Redwood Shores, Calif., security company, offers FreeScan, a free tool for detecting security vulnerabilities in Web applications and finding malware infections and threats in websites. Users are limited to five free scans.

If you have a capable in-house technology staff, you also may want to consider using Security Onion, a compilation of free tools for intrusion detection and network monitoring.

Related: 7 Tips for Upgrading IT Security

Secure your computers.
Protecting computers on your network starts with firewalls and antivirus software. Free basic firewalls now come with Windows and Mac computers, so make sure they’re turned on. Antivirus protection will require a download.

Among the most popular free antivirus programs is one from AVG. Another is Microsoft's free basic security product Microsoft Security Essentials. It's made for consumers and businesses with 10 PCs or fewer. And firewall giant Check Point Software of Redwood City, Calif., has a free security suite that includes antivirus and a ZoneAlarm firewall that monitors traffic leaving your computer, as well as standard inbound traffic. In addition, U.K.-based Sophos offers free antivirus software for Macs.

Eliminate security vulnerabilities by applying the free fixes software makers regularly issue. To make that easy, use automatic update features for Microsoft, Apple, Adobe and other products you use. Windows users can make sure all their programs are current by using the free tool FileHippo.

Related: Three Low-Cost Ways to Keep Data Safe When Traveling for Business

Protect your data.
Full disk encryption software can make company and customer data on your devices unreadable to unauthorized people. Free open-source software TrueCrypt is available for Windows, Mac and Linux machines and can be used to secure data on thumb drives and other storage devices. For Mac, Apple offers free full disk encryption dubbed FileVault2 to users with the Lion operating system.

If you have particularly sensitive information, Summers recommends creating a special encrypted area for that data with its own password. You can create this sort of encrypted “volume” with TrueCrypt and a similar Apple feature.

Also back up the data on your computers in case of loss, theft or damage. With Mozy, you can backup two gigs of data for free offsite and encrypted in Mozy’s data centers.
104  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Intelligence-Driven Computer Network Defense on: May 30, 2012, 12:11:15 AM
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
SRC: http://papers.rohanamin.com/wp-content/uploads/papers.rohanamin.com/2011/08/iciw2011.pdf


Tried to cut and paste again but its easier to read in PDF format.


105  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Iran 'finds fix' for sophisticated Flame malware on: May 29, 2012, 06:11:23 PM
SRC: http://www.bbc.com/news/technology-18253331

Iran says it has developed tools that can defend against the sophisticated cyber attack tool known as Flame.

The country is believed to have been hit hard by the malicious programme which infiltrates networks in order to steal sensitive data.

Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.

Iran says its home-grown defence could both spot when Flame is present and clean up infected PCs.

Hard work
Iran's National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished in early May and is now ready for distribution to organisations at risk of infection.

Flame was discovered after the UN's International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.

An investigation uncovered the sophisticated malicious programme which, until then, had largely evaded detection.

An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programmes were designed to catch.

Continue reading the main story

Start Quote

Flame is not a widespread threat”

Graham Cluley
Sophos
In addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus programme would not usually suspect of harbouring malicious code.

Graham Cluley, senior technology consultant at security firm Sophos, said the programme had also escaped detection because it was so tightly targeted.

"Flame isn't like a Conficker or a Code Red. It's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."

Mr Cluley said detecting the software was not difficult once it had been spotted.

"It's much much easier writing protection for a piece of malware than analysing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."

It is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.

Iran suffered by far the biggest number of Flame infections, suggest figures from Kaspersky Labs in a report about the malicious programme.

Kaspersky said 189 infections were reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudia Arabia and Egypt were also hit.

In April, Iran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.

In the same statement that announced its home-grown detection tool, Iran said Flame's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which it had also fallen victim.

Stuxnet is widely believed to have been written to target industrial equipment used in Iran's nuclear enrichment programme.
106  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Flame: Massive cyber-attack discovered on: May 29, 2012, 06:07:05 PM
Flame: Massive cyber-attack discovered, researchers say
By Dave Lee

SRC: http://www.bbc.com/news/technology-18238326

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as "one of the most complex threats ever discovered".

Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.

They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.

In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.

Others like Duqu have sought to infiltrate networks in order to steal data.

This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.

"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.

More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.

Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.

The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

Iran and Israel
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

Continue reading the main story
Analysis


Professor Alan Woodward
Department of Computing, University of Surrey
This is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.

It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.

Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.

This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.

Prof Alan Woodward on Twitter
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.

"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."

Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.

'Industrial vacuum cleaner'
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.

Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.

"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.

He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.

"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."

Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone
107  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Flame: Another Holiday, Another Super Virus on: May 29, 2012, 05:51:27 PM
SRC: http://www.infosecisland.com/blogview/21463-Flame-Another-Holiday-Another-Super-Virus.html

Another holiday here in upstate New York, another roll of the fire trucks while some were supposed to be kicking back and enjoying a barbeque.

It's times like this when I'm glad I'm not in the antivirus business anymore and doubly relieved that none of our machines run Windows. No flames here.

Computer security people however may have to reach for the extinguisher this morning as the latest conflagration in the news bounces across their desk, the discovery of yet another "super virus" called "FLAME" as reported by this BBC article.

Only problem is that according to Kaspersky, who made the discovery in coordination with the U.N.'s International Telecommunications Union (ITU), this one's been in the wild since at least December of 2010 and has only been detected now.

Here we go... again.

FLAME is described by Kaspersky as "one of the most complex threats ever discovered". And it's a huge mother. 20 modules and 20 megabytes worth.

Stranger yet is that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible when running, making this even more of a surprise.

The Maher Center and Iran's CERTCC published this report identifying the worm and its components. What I find amusing from a researcher's standpoint is Kaspersky's theory that this too is a "state-sponsored" worm, but when you look at the code snippets which Kaspersky published, in addition to the various use of the word "flame" in the code, there are also variables called "gator" and "frog" in there as well.

When I've examined "officially" produced malware, such names for variables published within the code just do not happen. Another thing that doesn't smell right is that Israel has also been a target of this worm in numbers only exceeded by Iran as shown in this article in Australia's Herald Sun newspaper.

Kaspersky shared their find on Monday with the other antivirus companies and so hopefully it will be detected by the other antiviruses out there soon. I'll be enjoying the rest of the lemonaide from yesterday myself, that stuff can't run on our own stuff here.

About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) in Albany, NY and has been in antimalware research and security product development since 1996.
108  Politics, Religion, Science, Culture and Humanities / Politics & Religion / M-Trends #1: Malware Only Tells Half the Story on: May 28, 2012, 11:34:52 PM
(Did I post this already?)

M-Trends Report:
http://fred.mandiant.com/M-Trends_2012.pdf?elq=009a0e662f4a4b81ac0f6fd2fb5d3ceb&elqCampaignId=

Written by Grady Summers

When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months.
I remember reading Mandiant’s first M-Trends report when it came out in 2010 and recall being surprised that Mandiant didn’t pull any punches.  They talked about the advanced persistent threat or APT (they had been using that term for several years…long before it was considered a cool marketing, buzz word), and they were open about the origin of the attacks. The report summarized what I’d been seeing in industry, and offered useful insights for detection and response. Needless to say, I enjoyed the opportunity to work on the latest version.
In this year’s report it details six trends we identified in 2011.  We developed the six trends for the report very organically. That is, I spent quite a few days and nights reading all of the reports from our outstanding incident response team and wrote about what we saw—we didn’t start with trends and then look for evidence to support them.
If you haven’t picked up a copy of the report yet, you can do so here.  I will be blogging on each of the six trends over the next two weeks; you can even view the videos we’ve developed for each trend as each blog post is published:

Malware Only Tells Half the Story.
Of the many systems compromised in each investigation, about half of them were never touched by attacker malware.
In so many cases, the intruders logged into systems and took data from them (or used them as a staging point for exfiltration), but didn’t install tools. It is ironic that the very systems that hold the data targeted by an attacker are probably the least likely to have malware installed on them. While finding the malware used in an intrusion is important, it is impossible to understand the full scope of an intrusion if this is the focal point of the investigation. We illustrate actual examples of this in the graphical spread on pages 6-7 of the report.
What does this mean for victim organizations?
You could start by looking for malware, but don’t end there! A smart incident response process will seek to fully understand the scope of compromise and find all impacted systems in the environment. This could mean finding the registry entries that identify lateral movement, traces of deleted .rar files in unallocated space, or use of a known compromised account. It turns out that Mandiant has a product that does all of this, but the footnote on page 5 is the only mention you’ll see in the entire report (and even that was an afterthought).

109  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Cyberwar fears after bug targets Tehran on: May 28, 2012, 06:40:52 PM
Quote
The discovery of a malicious computer program that appears to be collecting sensitive information from Iran and others indicates the global cyberwar has moved to a new level, warn security experts. Kaspersky Labs, the Russian internet security company that discovered the malware, codenamed Flame, said it was more complex and sophisticated than any of the cyberweapons it has seen to date. “The Flame malware looks to be another phase in this war,” said Eugene Kaspersky, co-founder of Kaspersky Lab.


High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/8a0fab7a-a8e1-11e1-b085-00144feabdc0.html#ixzz1wD82PDdN
110  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Investigating a Cyber Espionage Network on: May 28, 2012, 06:32:44 PM
After attempting to cut and paste the article I decided it was easier to just add the forward and direct people to the link because the article is easier to read in PDF format.


Article:
http://www.f-secure.com/weblog/archives/ghostnet.pdf

Wikipedia Reference:
http://en.wikipedia.org/wiki/GhostNet


Cyber espionage is an issue whose time has come. In this second report from the Information Warfare Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more.
The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The Tibetan computer systems we manually nvestigated, and from which our investigations began, were conclusively compromised by multiple infections that gave attackers unprecedented access to
potentially sensitive information. But the study clearly raises more questions than it answers. From the evidence at hand, it is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value. Some may conclude that what we lay out here points definitively to China as the culprit. Certainly Chinese cyber-espionage is a major global concern. Chinese authorities have made it clear that they consider cyberspace a strategic domain, one which helps redress the military imbalance between China and the rest of the world (particularly the United States). They have correctly identified cyberspace as the strategic fulcrum upon which U.S. military and economic dominance depends. But attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading. Numbers can tell a different story. China is presently the world’s largest Internet population. The sheer number of young digital natives online can more than account for the increase in Chinese malware. With more creative people using computers, it’s expected that China (and Chinese individuals) will account for a larger proportion of cybercrime. Likewise, the threshold for engaging in cyber espionage is falling. Cybercrime kits are now available online, and their use is clearly on the rise, in some cases by organized crime and other private actors. Socially engineered malware is the most common and potent; it introduces Trojans onto a system, and then exploits social contacts and files to propagate infections further. Furthermore, the Internet was never built with security in mind. As institutions ranging from governments through to businesses and individuals depend on 24-hour Internet connectivity, the opportunities for exploiting these systems increases.

JR02-2009 Tracking GhostNet - FOREWORD Ron Deibert, Director, the Citizen Lab, Munk Centre for International Studies, University of Toronto.
JR02-2009 Tracking GhostNet - FOREWORD Rafal Rohozinski, Principal and CEO, The SecDev Group, Ottawa, Canada.

This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet…These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly. These are major disruptive capabilities that the professional information security  community, as well as policymakers, need to come to terms with rapidly.
111  Politics, Religion, Science, Culture and Humanities / Politics & Religion / CyLab: Utilities Rank Worst in Governance and Security on: May 24, 2012, 05:11:26 AM
Source: http://www.infosecisland.com/blogview/21400-CyLab-Utilities-Rank-Worst-in-Governance-and-Security.html

Report: http://www.rsa.com/innovation/docs/CMU-GOVERNANCE-RPT-2012-FINAL.pdf

In a new report from Carnegie Mellon's CyLab, the energy and utilities sector rankis lowest in IT government and security in comparison to other industries.

The study, titled “The Governance of Enterprise Security: CyLab 2012 Report”, found that cyber security as a priority was lowest among those organizatons who administer aspects of the nation's critical infrastructure.

The report provides a side-by-side analysis of governance and security oversight across several industries including utiliities, the financial and industrial production sectors, and was co-sponsored by Forbes and security provider RSA.

“Of the critical infrastructure respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the energy/utilities sector ranked last for four of the practices and next to last for the other two,” wrote the study's author Jody Westby.

The findings reported by Forbes are as follows:

71 percent of their boards rarely or never review privacy and security budgets.
79 percent of their boards rarely or never review roles and responsibilities.
64 percent of their boards rarely or never review top-level policies.
57 percent of their boards rarely or never review security program assessments.
“What is disturbing about these findings is that the energy/utilities sector is one of the most regulated industry sectors and one of the most important to business continuity,” Westby said.

She also noted that Industrial Control Systems (ICS) and SCADA controls "were not designed for security and have no logging functions to enable forensic investigations of attacks."

Also of concern was the finding that the energy and utility sector “placed the least value on IT experience when recruiting board members,” Westby noted.

While the energy and utility sector rated poorly in the study, the other sectors surveyed did not fare much better, and the report further iterates the disconnect between the Board of Directors and organizational security.

In March, CyLab issued the third in a series of reports examining information security governance from the standpoint of corporate Boards.

The report, which utilized a data pool selected from the Forbes Global 2000 list, shows that little has changed in the way of a concerted focus on cyber security by those at the highest levels of leadership in some of the world's largest corporate entities.

"Boards and senior management still are not exercising appropriate governance over the privacy and security of their digital assets. Even though there are some improvements in key “regular” board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts," the report noted.

The findings showed that around half of the respondents indicated that the Boards of Directors rarely or never engage in policy reviews for IT security, assessments of the roles and responsibilities for senior level security managers, or actively exercise oversight of annual security budgets.

In addition, only about a third of respondents regularly or occasionally receive and review reports regarding the state of enterprise information security risk management.

The report also found that on average less than two-thirds of the corporations examined did not have senior level security and privacy personnel in place, such as a CSO or CISO, and only about thirteen percent had a Chief Privacy Officer in place.

Overall, the report did show slight improvements over the results from the 2008 and 2010 studies, but the long and short of it is that corporate Boards of Directors have still not embraced privacy and security matters adequately, even in the wake of well publicized and obviously damaging security events.

The lack of urgency in addressing enterprise security issues ultimately leaves companies and their stakeholders at risk of impact from a catastrophic data loss event.
112  Politics, Religion, Science, Culture and Humanities / Politics & Religion / With or without Romney, D.C. a surprising Mormon stronghold on: May 13, 2012, 08:50:55 PM
http://religion.blogs.cnn.com/2012/05/12/hfr-with-or-without-romney-d-c-a-surprising-mormon-stronghold/?hpt=hp_c2

By Dan Gilgoff, CNN.com Religion Editor

Alexandria, Virginia (CNN) – A few hundred Mormons filed into a chapel just outside the Washington Beltway one recent Sunday to hear a somewhat unusual presentation: an Obama administration official recounting his conversion to Mormonism.

“I have never in my life had a more powerful experience than that spiritual moment when the spirit of Christ testified to me that the Book of Mormon is true,” Larry Echo Hawk told the audience, which stretched back through the spacious sanctuary and into a gymnasium in the rear.

Echo Hawk’s tear-stained testimonial stands out for a couple of reasons: The White House normally doesn’t dispatch senior staff to bare their souls, and Mormons hew heavily Republican. It’s not every day a top Democrat speaks from a pulpit owned by the Church of Jesus Christ of Latter-day Saints.

And yet the presentation by Echo Hawk, then head of the U.S. Bureau of Indian Affairs, is also a perfect symbol of a phenomenon that could culminate in Mitt Romney’s arrival at 1600 Pennsylvania Avenue next year: The nation’s capital has become a Mormon stronghold, with Latter-day Saints playing a big and growing role in the Washington establishment.

The well-dressed crowd gathered for Echo Hawk’s speech was dotted with examples of inside-the-beltway Mormon power.

In one pew sits a Mormon stake president – a regional Mormon leader – who came to Washington to write speeches for Ronald Reagan and now runs a lobbying firm downtown.

Behind him in the elegant but plain sanctuary – Mormon chapels are designed with an eye toward functionality and economy – is a retired executive secretary of the U.S. Supreme Court.

A few pews further back, the special assistant to the U.S. Special Representative for Afghanistan and Pakistan sits next to a local Mormon bishop who came to Washington to work for Sen. Orrin Hatch of Utah and now leads a congressionally chartered foundation.


Mitt Romney, who would be the first Mormon president if elected, is the son of a cabinet secretary under Richard Nixon.
“In a Republican administration, there will be even more Mormons here,” whispers the bishop, Lewis Larsen, pointing out prominent Washingtonians around the chapel. “Every Republican administration just loads up with them.”

Regardless of which party controls the White House, Mormonism in Washington has been growing for decades.

When Larsen arrived in Washington in the early ’80s, there were a just handful of Mormon meetinghouses in northern Virginia, where he lives. Today, there are more than 25, each housing three separate congregations, or wards, as they’re known in the LDS Church.

“There’s been an absolute explosion in Mormon growth inside the beltway,” Larsen says before slipping out of the pew to crank the air conditioning for the swelling crowd.

The LDS Church says there are 13,000 active members within a 10-mile radius of Washington, though the area’s Mormon temple serves a much larger population – 148,000 Latter-day Saints, stretching from parts of South Carolina to New Jersey.

Signs of the local Mormon population boom transcend the walls of the temple and meetinghouses.

Crystal City, a Virginia neighborhood just across the Potomac River from Washington, has become so popular with young Mormons that it’s known as “Little Provo,” after the Utah city that’s home to church-owned Brigham Young University.

Congress now counts 15 Mormon members, including Senate Majority Leader Harry Reid, according to the Pew Forum on Religion and Public Life. That means the 2% of the country that’s Mormon is slightly overrepresented on Capitol Hill.


Senate Majority Leader Harry Reid, a Democrat, is the highest-placed elected Mormon in Washington.
Even many Latter-day Saints joke about Washington’s “Mormon mafia” – referring to the number of well-placed LDS Church members across town – though they cringe at the thought of being seen as part of some cabal. (Echo Hawk, for his part, left the Obama administration a few weeks after his chapel presentation for a job in the LDS Church hierarchy).

“No one talks about Washington being an Episcopalian stronghold or a Jewish stronghold,” says Richard Bushman, a Mormon scholar at Columbia University. Talk of “Mormon Washington,” he says, “represents a kind of surprise that people who were thought of as provincial have turned up in sophisticated power positions.”

Bushman and other experts note that, despite Mormons’ growing political power, the official church mostly steers clear of politics. It’s hard to point to federal legislation or a White House initiative that bears distinctly Mormon fingerprints, while it’s easy to do the same for other faiths.

For example, the White House’s recent “compromise” on a rule that would have required religious groups to fund contraception for employees was mostly a reaction to pressure from Roman Catholic bishops.

Nonetheless, Mormon success in Washington is a testament to distinctly Mormon values, shedding light into the heart of one of America’s fastest-growing religions.

And though the official church is mostly apolitical, most rank-and-file Mormons have linked arms with the GOP. Romney’s own political evolution mirrors that trend.

Such forces help explain why Mormons’ beltway power is poised to grow even stronger in coming years, whether or not Romney wins the White House.

‘A ton of Mormon contacts’

For many Washington Mormons, religion plays a key role in explaining why they’re here.

Larsen, who sports a brown comb-over and tortoise shell glasses, arrived in Washington in the early 1980s as an intern for Hatch, also a Mormon.

He landed the internship courtesy of Brigham Young University, his alma mater. The Mormon school owns a four-story dorm on Pennsylvania Avenue, not too far from the White House, which houses 120 student interns each year. It’s the school’s largest such program in the nation.

“Part of our church’s tradition is to be connected with civic life, to make our communities better,” says BYU’s Scott Dunaway, who helps place students on Capitol Hill, at the Smithsonian and other Washington institutions. “We don’t believe in being reclusive.”

It’s a perfect characterization of Larsen. He grew up in Provo, in the shadow of BYU, and wanted to prove he could make it outside of Utah.

“Kids growing up in the LDS Church have been told, ‘Go ye out in the world and preach the gospel of Christ - don’t be afraid to be an example,’ ” Larsen said, sitting in the glass-doored conference room of the foundation he runs on K Street.

“So we are on our missions, converting people to Christianity,” he continued. “And coming to Washington, for me and probably for a lot of people, came out of that interest. We see it as our career, but also we’re going out to preach the word of Christ.”

For Larsen, that usually means correcting misinformation about Mormonism or explaining Mormon beliefs and practices – you really don’t drink coffee, ever? – over lunch with co-workers or at business functions, rather than on-the-job proselytizing.

He learned about integrating work and faith from Hatch. He was initially shocked to discover that the senator prays in his office each morning. Larsen and Hatch developed what the bishop calls a “father-son” relationship, with the intern rising up through the ranks to become Hatch’s chief Washington fundraiser.

“We would go on trips, and I’d quiz him on the plane: Why did the church do this? Why didn’t the church do this?” Larsen said. “He was like a tutor to me.”

Now, as the head of a foundation that educates teachers about the U.S. Constitution, the bishop helps other young Mormons with job leads and introductions. Larsen was appointed to the role by Hatch and the late U.S. Sen. Ted Kennedy.

Much of Washington’s Mormon professional network is still anchored by BYU, which operates a handful of big, well-connected alumni groups with major Washington chapters. The most prominent is BYU’s Management Society, a global organization whose biggest chapter is in Washington.

At the chapter’s recent alumni dinner, former Secretary of State Condoleezza Rice was the guest of honor. She has strong ties to the Mormon community and has hired Mormons as top aides. Says Larsen: “Condi’s got a ton of Mormon contacts.”

Patrice Pederson also knows how to work a Rolodex. A lifelong political activist, she moved from Utah to Washington last year and soon tapped into BYU’s local network.

Pederson served as the U.S.-based campaign manager for Yeah Samake, a Mormon running for president in the West African nation of Mali.

Samake traveled frequently to the U.S. to raise money and build political support, so Pederson enlisted the help of BYU’s Management Society and other groups to host events for the candidate.

Both in Washington and across the U.S., many Mormons are watching his candidacy.

“Members of the church on Capital Hill were anxious to introduce the candidate to other members of Congress,” says Pederson, sipping an herbal tea (Mormons eschew black leaf teas) in a strip mall Starbucks near her apartment in Alexandria, Virginia.

“It’s cool to have a member of the church running for president in Africa.”

Beyond making connections, many Washington Mormons say the LDS Church provides an ideal proving ground for careers here.

Unlike most churches, it has no professional clergy; from the bishop to the organist, each role is filled by everyday Mormons, most of whom have other day jobs. As a result, Mormons take church leadership roles at an early age, speaking publicly at Sunday services almost as soon they learn to talk.

“My kids grew up in the church, and we get together for three hours on Sundays, and each member needs to get up and speak,” says U.S. Rep. Jason Chaffetz, R-Utah. “By the time they graduate, they have all these speaking assignments that other teenagers just don’t have.


U.S. Rep. Jason Chaffetz, a Utah Republican, says Mormonism provides ideal training for aspiring politicians.
“For those who grow up in the Mormon church, they are taught skills that allow them to be successful in a tough city like Washington,” says Chaffetz, who converted to Mormonism shortly after college.

Young Mormons also hone leadership skills by serving missions away from home. The missions last from one and half to two years and happen when Mormons are in their late teens and early 20s and often include intensive foreign language training.

“Young Mormons are more formidable in public settings and international settings than others,” says Terryl Givens, a Mormon scholar at the University of Richmond. “Normally you would have to acquire more age and work experience before you feel comfortable and useful at NGOs and think tanks.”

Chaffetz, whose son is serving a mission in Ghana, says the experience is the perfect preparation for political careers.

“They learn rejection early on,” he says. “If you’re going to be in politics, that’s a pretty good attribute.”

Christina Tomlinson served her mission in nonexotic Fresno, California. But working with the Laotian community there, she acquired the foreign language skills that landed her first internship at the U.S. State Department.

“I look back at that and it’s nothing but divine providence,” Tomlinson says one night at an office building-turned-chapel in Crystal City, after a weekly discussion about Mormon teachings. “I would have never made those choices.”

When she arrived at her foreign service orientation in the late 1990s, Tomlinson was surprised to find that a half-dozen of her State Department colleagues were also Mormon. The thriving LDS community at State even runs its own e-mail list server so Latter-day Saints can find each other wherever in the world they’re stationed.

Like former presidential candidate Jon Huntsman, who used the Mandarin language skills acquired through a Mormon mission to Taiwan to help secure his job as President Barack Obama’s previous ambassador to China, Tomlinson leveraged her mission to get ahead at State, where she now serves as special assistant to the U.S. Special Representative for Afghanistan and Pakistan.

“I’m basically the chief of staff for the president’s representative charged with implementing U.S. foreign policy towards Afghanistan and Pakistan,” she e-mailed on a recent plane ride back from the region.


Language skills acquired on a Mormon mission helped Christina Tomlinson get her start at the State Department.
At the point of a bayonet

Like many Mormons, Tomlinson says her professional life is driven by a faith-based patriotism that sounds old-fashioned to modern ears: “I just really wanted to serve my country.”

But that distinctly Mormon patriotism was hard-won. From their very beginning, Mormons had tried to forge a special relationship with Washington. And for decades, they failed.

Joseph Smith, who founded Mormonism in the 1830s, petitioned the U.S. government to protect his fledgling religious community from the violent persecution it was experiencing, even meeting repeatedly with President Martin Van Buren.

But Washington refused, provoking Smith – who Mormons consider their founding prophet – to run for president himself in 1844. He was assassinated by an anti-Mormon mob in Missouri well before Election Day.

In the face of such attacks, Mormons fled west, to the territory that’s now Utah. But they continued to seek ties with Washington, dispatching representatives to the capital to lobby for statehood.

Congress refused to grant it. Instead, Uncle Sam disincorporated the LDS Church and sent the U.S. Army to police Mormon territory.

In the eyes of Washington, Latter-day Saints were flouting federal law by practicing polygamy. The feds saw the LDS Church as an undemocratic rival government that threatened Washington’s power.


Joseph Smith, Mormonism’s founding prophet, ran for president in 1844 but was killed before Election Day.
Mormons would eventually ban polygamy, paving the way for Utah statehood in 1896. But Congress nonetheless refused to seat the new state’s Mormon senator, who also served as a top church official.

For four years, the U.S. Senate held hearings to grill U.S. Sen. Reed Smoot and other church leaders, alleging that Mormons continued to practice polygamy despite promises to the contrary.

“The political trial was as much a galvanizing cultural moment as was Watergate,” says Kathleen Flake, a scholar of Mormonism at Vanderbilt University in Tenneessee.

When Smoot was eventually seated – after the LDS Church took further steps to stamp out polygamy – he managed to become a Washington powerbroker. He would chair the Senate Finance Committee and act as a presidential adviser.

“He was Mr. Republican,” says Flake. “For a while there, he was the Republican Party.”

Smoot’s unflagging pursuit of legitimacy in Washington, despite the city’s bias against him and his faith, symbolizes what many call a uniquely Mormon appreciation for American civic life. It helps explain the Mormon fascination with Washington to this day.

It may seen counterintuitive, but Mormons’ early exposure to persecution at the hands of other Americans – aided, Mormons say, by the U.S. government – wound up strengthening their patriotic streak.

In the face of attacks, Mormons clung to the U.S. Constitution and its unprecedented guarantee of religious freedom. They distinguished between the document and those charged with implementing it.

Mormon scripture goes so far as to describe the U.S. Constitution as divinely inspired, establishing a unique environment in which Mormonism could emerge.

“Mormons are superpatriots,” says Columbia University’s Bushman. “Joseph Smith said that if the government was doing its job as laid out in the Constitution, it would protect Mormons from their enemies.”

Mormons began to shed their Utah-only siege mentality and fanned out in the early part of the 20th century. Their patriotic streak, which translated into military enlistments and applications for government jobs, led many to Washington.

That wave included J. Willard Marriott, the hotel chain founder, who launched his business career by opening an A&W root beer stand here. He would go on to forge the kind of deep political connections that would help make Willard “Mitt” Romney his namesake.

Washington’s Mormon community got another boost in the 1950s when President Dwight Eisenhower appointed a top church official, Ezra Taft Benson, as his agriculture secretary.

“Mormons took it as a sign of maybe, just maybe, we’re being accepted,” says Flake. “It signified a cultural acceptance of Mormonism. People thought Mormons believed weird things, but also that they were self-reliant, moral and good neighbors.”

As Mormons became more accepted, they became more upwardly mobile, landing in parts of the country that could sustain careers in commerce, academia and government - another reason Washington was a big draw.

By the time there were enough Mormons in the eastern U.S. to justify the construction of the first Mormon temple east of the Mississippi River, the church chose a site just outside Washington.

The temple opened in 1974, shortly after another high-profile Mormon – George Romney, Mitt’s father – left his post as Richard Nixon’s secretary of Housing and Urban Development.

“The Washington temple served as a symbol of the triumphant return of Mormonism to the east,” says Givens, the University of Richmond professor. “Mormons left from the point of a bayonet in the 1800s and the temple is this gigantic symbol that says ‘We’re back – and we’re back in the nation’s capital.’ ”


The Mormon temple outside Washington was the first such temple built east of the Mississippi River.
Unlike Mormon meetinghouses, where members meet for Sunday worship, temples are grander buildings reserved for certain rites, such as proxy baptisms for the dead.

To this day, the first monument many Washington visitors see isn’t a federal landmark. It’s the massive Mormon temple, its Georgian marble towers and gold-leafed spires looming above the trees on the Washington Beltway like an otherworldly castle.

The temple houses a J. Willard Marriott-financed mural of Jesus Christ’s second coming, which features a picture of the Washington temple itself in the background.

“Are you implying that the millennium will begin in Washington?” a temple visitor once asked Marriott, referring to Jesus’ return.

Replied Marriott: “What better place is there?”

Good at organizing

These days, the Mormon impulse toward Washington is often as much political as patriotic.

Patrice Pederson - the campaign manager for the Mormon running for president in Mali - made her first foray into politics at 15, hopping the bus from her home in the suburbs of Salt Lake City into town to intern with a Republican candidate for the U.S. House.

“I remember that when Bill Clinton was elected, I wore all black to school that day,” says Pederson, who was in junior high at the time. “I was mourning the death of liberty.”

When then-Vice President Al Gore visited Utah, Pederson protested his speech with a homemade poster that said “Blood, Guts & Gore – Healthcare’94.” (She can’t recall the poster’s exact meaning).

Pederson’s activism as a “total hardcore right-winger” continued into her 20s. She put off college at BYU to start a “pro-family” advocacy group aimed at lobbying foreign governments and the United Nations. The work brought her to Washington so frequently that she decided to relocate last year: “I had more friends here than in Utah.”

Pederson’s path to D.C. speaks to the growing Mormon/Republican alliance since the 1960s, driven largely by the emergence of social issues such as abortion and gay marriage and the rise of the Christian Right.

“In the 1950s and ’60s, Utah became Republican,” says Bushman. “It’s partly about being anti-communist, but it’s also a response to the 1960s and the decay of old-fashioned moral virtues. It’s an anti-1960s movement, and the Republicans seemed to be the party of old-fashioned virtues.”

Pederson’s roommate, Kodie Ruzicka, grew up squarely in that movement, with her mom heading the Utah chapter of Eagle Forum, a conservative Christian group founded by rightwing icon Phyllis Schlafly.

In the 1970s, when the Catholic Schlafly led a successful grassroots campaign against the Equal Rights Amendment, which would have made gender-based discrimination unconstitutional, she enlisted the help of Mormons.

To its opponents, including the LDS Church, the ERA was the work of radical feminists who wanted to upend traditional gender roles.

Much of Schlafly’s organizing was among evangelicals, and “given the sometimes hostile evangelical line on Mormons, [Schlafly’s] Mormon outreach was kind of revolutionary,” says Ruzicka, who now works at the Justice Department. “But we’re good at organizing, and we have a lot of useful structures for it, so that was useful to her.”

Today, Mormons head Eagle Forum chapters across the West, including California, Arizona and Nevada, as well as Utah.

Bridge-building between Mormons and the conservative movement helps explain the Reagan administration’s push to hire many Mormons into the White House - which further cemented the alliance. That bond continues to lure Mormons to D.C.

Ruzicka, for one, continued in the political footsteps of her mother, arriving in Washington in her mid-20s to lead a nonprofit that promotes safe haven laws, which allow young mothers to legally abandon young children at fire stations.

Beyond hot-button social issues, U.S. Rep. Chaffetz says the Mormon faith engenders support for limited government.

“The church is very adamant about personal responsibility, and for people to voluntarily participate in service,” the Utah Republican says. “There’s this feeling that service is not something that should be mandated by government.”

The LDS Church, for its part, insists it is politically neutral and that it avoids pressuring Mormon elected officials to tow a church line. “The church’s mission is to preach the gospel of Jesus Christ, not to elect politicians,” the church’s website says.

Mormon experts say the church’s support for a relatively strict separation of church and state is born of the U.S. government’s refusal to help Mormons in the face of early persecution.

And after being accused of setting up a rival government around the turn of the last century, the church is loath to be seen giving marching orders to LDS politicians.

The church did, however, play a leading role in passing Prop 8, California’s gay marriage ban, in 2008. Church officials called it a moral cause, not a political one.

Plenty of critics disagree. But neither Mormon bishops nor church officials are known to lead the kind of church-based legislative lobbying efforts that Catholic bishops or evangelical leaders do.

Mitt Romney himself embodies the reluctance of Mormon politicians to connect their religion and their public policy positions, in contrast to politicians of other faiths.

That reluctance also appears to be born of anxiety over Americans’ lingering questions and doubts about Mormonism. When Pew asked Americans last year what word they associated with the Mormon faith, the most common response was “cult.”

In recent weeks, Romney’s newfound position as the presumptive Republican presidential nominee has produced a mix of excitement and worry among Mormons. That’s especially true in Washington, where politically savvy Latter-day Saints send out frequent e-mail round-ups of Mormon media coverage to their LDS networks.

“A lot of us know it’s ultimately a good thing, but it’s hard to feel like it’s a good thing because so much of the publicity is about things you wouldn’t talk about in polite company, like my underwear,” says Pederson, referring to the enduring fascination with Mormon undergarments.

Like many conservatives, Pederson is suspicious of Romney.

“I don’t like his waffling, to put it gently, on life and family issues,” she says. “But if it comes down to Romney versus Obama, hand me the pom-poms. I’ll be president of the Romney-Is-the-Best-We-Can-Come-Up-With-for-President Club.”

For now, Pederson is working with the National Right to Life Committee’s political action committee to raise money for the Romney effort, even as she makes up her mind about how actively she wants to promote his candidacy.

Some of her calculus is about weighing political reality against her conservative idealism. And some of it is about her next professional move. It’s a very Washington place to be.

Dan Gilgoff - CNN Belief Blog Co-Editor

Filed under: 2012 Election • Barack Obama • Church of Jesus Christ of Latter-day Saints • DC • Jon Huntsman • Mitt Romney • Mormonism • Politics
113  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Pentagon CIO Discusses DoD's Cyber Defense Strategy on: May 11, 2012, 01:39:29 PM
WASHINGTON D.C. – Teresa M. Takai, Acting Assistant Secretary of Defense for Networks and Information Integration, the Department of Defense’s Chief Information Officer, said in an interview that cyber defense is a major part of the DOD’s technology agenda. But she declined to characterize the current climate of often state-sponsored cyber attacks as cyber war.
“The whole question of advanced persistent threats and the kinds of threat we face at the Department is something we’re very focused on,” Takai told MITechNews.Com Editor Mike Brennan. ”Cyber is a domain much like air, sea and space that we have to be prepared to defend.”
Takai, the former state CIO for Michigan and then California, was recruited 18 months ago to serve as the principal advisor to the Secretary of Defense for Information Management, Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provides strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions, including technology delivered to the battlefield for war fighters.
“I advise Defense Secretary Leon Panetta as well as senior staff on how we should be spending $37 billion a year on IT,” she said. “In the simplest form, those duties, if we compare and contrast, in Michigan on an annual basis we were spending $500 million on IT. The biggest difference on what we do at the state level and now at the DOD is the kinds of systems we use are not traditional business support systems. Instead, we’re responsible for oversight of the military version of a police radio system. We’re responsible for everything up to where the information is shared. We manage the Department’s use of the spectrum. We are responsible for technologies that read out to the battlefield and for those individuals dealing with technology in the theater. So my responsibilities are more operational.”
But in this digitally connected world where state and local governments reach out online to their respective constitutes, trying to reach back into their networks are hackers, organized crime, and state-driven cyber spies. These bad guys want to tap the treasure trove of rich intellectual data and financial information inside. Among her many former duties, Takai is the Past-President of the National Association of State Chief Information Officers so she knows first-hand the cyber threats state and local CIOs and CISOs deal with.
“I think the states are concerned around privacy protection,” she said. “At the DOD, we deal with all aspects of cyber security. How to defend all our information. We have a lot of R&D to protect. There are those who want to get in and maliciously disable or damage or change information. We’re so heavily dependent on our network for a national security role.”
As such, she works closely with Gen. Keith B. Alexander, who runs United States Cyber Command (USCyberCom), an armed forces sub-unified command subordinate to U.S. Strategic Command. Alexander also runs the National Security Agency, a crypto logic intelligence agency at the Pentagon. While CyberCom is developing cyber defense strategies, NSA collects and analyzes foreign – and some say domestic – communications. Both also try to protect their respective computer networks from cyber intrusion, an increasingly difficult problem.
Lately, Cyber Command has been in the headlines as the government tries to redefine its role and transform the roughly 1,400 person command into a cyber war fighting unit, on par with the armed services. This week, there were reports U.S. Cyber Command has been using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks. The briefings are part of a three year-old program dubbed the "Enduring Security Framework" that was designed to foster closer coordination between private sector executives and Washington, so they predate Takai’s arrival at the Defense Department.
“One way to describe cyber command is we have regional combatant commands, such as the Pacific Region, who understands the Pacific region,” Takai said. “When you compare that to CyberCom, they have the unique understanding of cyber space and they have the responsibility to take actions, and advise the Defense Secretary on all cyber activities. CyberCom protects the Department and is responsible for directing activities as they relate to cyber security.”
Takai also confirmed published reports that the Pentagon has carved out a new secret spy group that press reports called the Defense Covert Intelligence unit. She, however, clarified those reports by calling the new unit, a function, instead.
“One of the things we do is to look at the challenges and threats and organize to address them,” Takai said. “There wasn’t the establishment of a new agency or department at the Pentagon, but organizing around a new function they thought was important. It was the establishment of a specific group that focused on a problem we anticipate happening in the future. One example is looking at a specific time for draw-down in Afghanistan. It also performs future planning activities - how to do intelligence - and then restructures how to use these new resources. “
Other duties include interfacing with the North Atlantic Treaty Organization (NATO) on their cyber preparedness. She will fly to Brussels, Belgium, later this month for the semiannual NATO board meeting to talk directly with her NATO counterparts.
“I’m the U.S. rep to the NATO board that oversees all the technology that NATO develops,” she said. “If we think we move slowly at the Defense Department, try getting multiple nations together on technology. It is a challenging job.”
Another challenging job is making the Defense Department’s IT management more centralized, she said. Right now DOD is very decentralized. When she was CIO in Michigan, IT management was just the opposite, very centralized. While In California, she said, she had to deal with 130 CIOs all with different agendas.
“I think the challenge here is because the Department is so much bigger, that going to a completely centralized strategy does not make sense,” she said. “But we do want a level of centralization. War fighters want to operate across the Navy, Marines, Air Force and Army using the same technology base. The way we’re structured now is each service has the money to put out technology. We have to figure out a way to do it so when there is a joint operation. We have to figure out how to provide the right services so a war fighter has what he needs?”
Another big difference is at the state level, the interaction is with citizens. At the Defense Department, the bulk of the interaction is internal. But one things remains the same in both worlds: Information silos.
“It’s just different silos,” she said. “Each individual service has its own CIO. They don’t report to me, but they are required to follow the direction and policy I put out.”
Also at the federal level, politicians are much more involved in IT policy than in the states, she said. “Politicians here like to know how we are spending their money,” Takai said. “And sometimes they want to get into the middle of it, but usually just for doing good accountability. The military folks are skilled technologists. It’s a little different with staff people and political appointees, whose philosophy is more, ‘Just go make it run and call me if you need me.’ “
She declined to say much about the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow for the sharing of internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S Government investigate cyber threats and ensure the security of networks against cyber attack.
“We are supportive of the president’s agenda and do feel this legislative action is important going forward,” she said “Based on what we see at the Defense Department, there needs to be more action to protect our critical infrastructure. There are both military and civilians aspects to this.”
What has been her biggest surprise at the Pentagon?
“You can’t grasp the enormity of what the Department does until you get here,” Takai said. “It just has so many nuisances and cultures about it; I’m learning something new every day. “The most rewarding part of the job is when you see the areas you’re working in make a difference to the men and woman actually protecting this country,” she said. “It is the most phenomenal feeling to talk with people about what their needs are and work on things that will make a difference for those young men and woman who are away from their families’ months at a time. They do the work without complaining. And the level of dedication is just phenomenal. You can see the passion.”
What advice does she have for somebody graduating from college with a degree in computer science who wants to get into government cyber security?
“First of all, there are multiple jobs in cyber security,” Takai said. “It isn’t just about cryptologist, writing software, or monitoring networks. Second, it is good to have a technical background. Some engineering background would be preferable. Three, look around and see how many universities are developing cyber security curriculums. Some offer degree programs. Lastly, companies are looking for bright young people with engineering or computer science background to get into this field.”
What about experienced security professionals. How can they get involved helping the government?
“We all post our jobs on our government web sites,” she said. “Someone like Dan Lohrmann (Michigan CISO) has a lot of opportunities at the state level. If someone wants to come to Washington, there are jobs here, too. I would encourage people to go online and look at military base postings. We also are heavily dependent on our defense industrial base. General Electric has a large presence in Michigan. So there are any number of ways an individual can take a look at what opportunities exist within government or companies that do business with the government. “
Both the DOD and NSA also are actively recruiting cyber security and technology specialists, and educating the present work force on the dangers posed by the Internet today.
“We think we’ll have to grow in a couple ways at the Department of Defense,” she said. “We plan to train our entire workface to be cognoscente of the cyber threats and we need more specialists to monitor and defend our networks.”
This interview was conducted by MITechNews.Com Editor & Publisher Mike Brennan. To read more about Assistant Secretary Takai, click on CIO.Gov

Author: Mike Brennan
Source: Editor, MITechNews.Com
114  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Five Concerns Surrounding Pinterest on: May 10, 2012, 06:35:40 PM
Source: http://www.infosecisland.com/blogview/21268-Five-Concerns-Surrounding-Pinterest.html

Thursday, May 10, 2012
Contributed By:
Allan Pratt, MBA


By now, everyone has heard the news that Pinterest has surpassed all other social media sites and has earned the coveted spot of “number three” in terms of users behind Facebook and Twitter.

While LinkedIn and YouTube fell in the standings, Pinterest has adopted a loyal following – and especially amazing – while still in beta phase by invitation only.

According to a comScore study, the number of Pinterest users that visit the site daily has increased by 145% since the beginning of 2012.

But, before you join the Pinterest party, there are some things to keep in mind.

First, here is Pinterest’s mission in the company’s own words: “Our goal is to connect everyone in the world through the things they find interesting. We think that a favorite book, toy, or recipe can reveal a common link between two people.

With millions of new pins added every week, Pinterest is connecting people all over the world based on shared tastes and interests.”

NO PRIVACY SETTINGS

While Pinterest’s appeal is its visual-oriented content comprised of photos, images, illustrations, videos – some with links and some without – don’t get so caught up with creating categories, or in Pinterest speak, boards, that you upload personal photos with family members, personal cars, and your house or apartment with identifying details like numbers and street signs.

At the current time, there are no privacy settings similar to Facebook or Google Plus, and boards cannot be made private, similar to customized Facebook lists or customized Google Plus circles. The bottom line is that anyone with Internet access can view your boards.

COPYRIGHT INFRINGEMENT

Since the site is in beta phase, copyright and trademark police are not swimming around the site, therefore, all users must be on their best behavior about using images. Give credit if an image or link is not yours – be a respectable member of the Pinterest world.

ABOUT YOU

There is a bio section at the top of each page next to your profile photo. Don’t leave this section blank in your haste to set up your account, but don’t be overly-wordy either.

While users will learn about you from your boards and pins, everyone wants to read a quick sentence or two about you. Also, you can share your website URL, your Facebook URL, and/or your Twitter URL.

SHARING CONTENT WITH FACEBOOK AND TWITTER

Currently, you can log in to Pinterest with your Facebook or Twitter passwords. While this allows for shared content on both major sites, you can add details about your pins (in Pinterest speak, an image added on Pinterest) to Facebook and Twitter, this sharing of passwords may not be the best idea.

Consider a safer alternative – although not a quicker option – use a unique password for Pinterest, and if you want to share content on the other sites, enter the details by logging into either Facebook or Twitter separately.

COMMENTS

You can make comments about any pin. You have more than 140 characters (reference to Twitter), and everyone will be able to read your comments. Remember, similar to texts or emails, the comment could be misinterpreted, and your sense of humor may not be understood by all. So be polite, courteous, and friendly. And if you like a pin, you can always click the “like” button.

If you keep these concerns in mind, you can and will have limitless fun with Pinterest. I have become a fan and invite you to check out my Pinterest page at http://pinterest.com/tips4tech. If you'd like an invitation, comment below, and I’ll send you one.

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter and on Facebook.

Cross-Posted from Tips4Tech
115  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: DHS: National Preparedness Report and Cybersecurity on: May 10, 2012, 06:32:22 PM
No comment on "DHS: National Preparedness Report and Cybersecurity" yet but that book "China Has Hacked Our Electric Power Grid: Read About It In Screwed!" seems interesting I can tell you that just through job searching the DoE has been ramping up.



116  Politics, Religion, Science, Culture and Humanities / Politics & Religion / DHS: National Preparedness Report and Cybersecurity on: May 08, 2012, 09:43:24 PM
Tuesday, May 08, 2012
Presidential Policy Directive 8: National Preparedness (PPD-8) describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States.

The Directive requires a National Preparedness Report (NPR), an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal.

Cybersecurity Key Finding: Cyber attacks have increased significantly in number and sophistication in recent years, resulting in the Federal Government and private sector partners expanding their cybersecurity efforts.

The U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, from 5,503 in FY 2006, to 41,776 in FY 2010.

Almost two-thirds of U.S. firms report that they have been the victim of cybersecurity incidents or information breaches. Moreover, this serious problem may be subject to underreporting: only 50 percent of owners and operators at high-priority facilities participating in the ECIP security survey said that they report cyber incidents to external parties.

DHS’s Strategic National Risk Assessment notes that cyber attacks can have catastrophic consequences and trigger cascading effects across critical infrastructure sectors.

To counter these and related threats, federal and private sector partners have accelerated initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents. In fact, most infrastructure protection stakeholders now identify cybersecurity as a priority issue for their programs.

At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues. In FY 2011, facility owners and operators from all 18 critical infrastructure sectors conducted assessments using the DHS Cyber Security Evaluation Tool.

This free software helps users assess their systems and networks through a series of guided questions. In addition, DHS and DOD are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.

The purpose of this pilot program is to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.

By the end of FY 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), exceeding the proposed target of 28 percent. DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.

DHS operates the National Cybersecurity and Communications Integration Center, a 24-hour center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.

DHS has also established the Cybersecurity Information Sharing and Collaboration Program (CISCP), a systematic approach to cyber information sharing and cooperation with critical infrastructure owners and operators. The program incorporates government participants, Information Sharing and Analysis Centers (ISACs), and other critical infrastructure owners and operators, and facilitates the fusion of data through collaboration among CISCP entities to develop and share cross-sector information products through a secure portal.

In addition, the National Cyber Investigative Joint Task Force (NCIJTF) facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinetinformation related to cyber-threat investigations. The FBI oversees the NCIJTF, which includes representation from 18 partner agencies from the intelligence and law enforcement communities.

The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets. At the state, local, tribal, and territorial levels, the Multi-State Information Sharing and Analysis Center is a cybersecurity focal point, including a cybersecurity operations center that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.

The Secret Service has successfully dismantled some of the largest known cybercriminal organizations by working through the agency’s established network of 31 Electronic Crimes Task Forces (ECTFs). With the recent addition of two international ECTFs in Rome, Italy, and London, England, local law enforcement can leverage ECTF participation in Europe, a hub of cybercriminal activity.

Despite progress achieved through these efforts, the SPR survey shows that cyber capabilities are lagging at the state level. Results indicated that Cybersecurity was the single core capability where states had made the least amount of overall progress, with an average capability level of 42 percent. In addition, DHS’s 2011 Nationwide Cybersecurity Review highlighted gaps in cyber-related preparedness among 162 state and local entities.

For example, though 81 percent of respondents had adopted cybersecurity control frameworks and/or methodologies, 45 percent stated they had not implemented a formal risk management program. Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors.

The full National Preparedness Report can be downloaded here:

http://www.infosecisland.com/download/index/id/85.html
117  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Legislation Would Stick Business with Cyberwar Costs on: May 08, 2012, 09:38:09 PM
Source:  http://keranews.org/post/bill-would-have-businesses-foot-cost-cyber-war

Tuesday, May 08, 2012
Contributed By:
Headlines


Cybersecurity legislation supported by the likes of Senators Joe Lieberman of Connecticut and Susan Collins of Maine would create a regulatory environment that essentially would require businesses to pick up the majority of the cost for defending against ever increasing threats.

A great deal of cyber espionage is directed at private companies who have a wealth of sensitive information and intellectual property worth tens of billions to foreign governments and represents a national security issue both militarily and economically.

"Let's fast forward to the 21st century. We're an information-based society now. Information is everything. That makes you, as company executives, the front line — not the support mechanism, the front line," said U.S. counterintelligence official Frank Montoya.

The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?

While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible.

Clinton and other experts were interviewed on National Public Radio’s “Morning Edition” on Tuesday, May 8th.

"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat. You have an entirely different calculus that you have to put into effect," Clinton explained.

Clinton argues that mandating companies to pick up the bill for defending what is really a national security threat puts an unsustainable burden on businesses.

"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it," Clinton said.

Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to Congress, the White House, and numerous Federal Agencies on policy and legislative efforts.

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.

The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries.

Clinton believes the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events, as well as creating a regulatory and bureaucratic nightmare.

"The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security," says Larry Clinton.

Clinton maintains that the best approach for both the public and private sectors is to devise a cyber defense strategy that does not unfairly burdon companies with unsustainable costs through regulatory mandates.

"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans. Simply telling them, 'You have to ignore your business plan,' is not a sustainable model. We have to find a way to make it economic," Clinton continued.
118  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Busy.... on: May 02, 2012, 03:22:40 PM
Whew.. havent been on the forums, been busy at work due to this event https://www.ida.org/upload/research%20notes/05-redteaming.pdf and at home but the adventure continues...  Ill have more time to find more interesting articles once this week is finished.  I think.
119  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Which half are you? on: April 24, 2012, 07:27:45 PM
Quote
Thomas Sowell, black conservative, on a roll again about race and the Zimmerman Trayvon story. (Could also go under Media Issues) Two excerpts:

"the repeated references to Zimmerman as a "white Hispanic." Zimmerman is half-white. So is Barack Obama. But does anyone refer to Obama as a "white African"?

All these verbal games grow out of the notion that complexion tells you who is to be blamed and who is not. It is a dangerous game because race is no game."


On a personal note I guess I can relate to this half and half thing or whatever.  Being of mixed race or mixed nationalities (1/2 German & 1/2 Samoan) really confused people where I grew up (Belleville, IL) to break it down simply, due to my features and light skin some Caucasian people saw me as something other than white because of my features & they would ask if Im Indian, Eskimo or something else. Even though my features were different but my skin was "white" some African Americans just saw me as "white."  Believe me I got crap from both sides. I also decided to tell people I was Hawaiian because I got tired of saying Im German / Samoan or just Samoan because no one knew where Samoa was.

LOL, my bad!  Thank you Guro Crafty!
120  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: April 24, 2012, 05:12:38 PM
Replying to something in the "Race, religion, ethnic origin, LGBT, & "discrimination" made me think of this song...

121  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Which half are you? on: April 24, 2012, 05:09:28 PM
Quote
Thomas Sowell, black conservative, on a roll again about race and the Zimmerman Trayvon story. (Could also go under Media Issues) Two excerpts:

"the repeated references to Zimmerman as a "white Hispanic." Zimmerman is half-white. So is Barack Obama. But does anyone refer to Obama as a "white African"?

All these verbal games grow out of the notion that complexion tells you who is to be blamed and who is not. It is a dangerous game because race is no game."


On a personal note I guess I can relate to this half and half thing or whatever.  Being of mixed race or mixed nationalities (1/2 German & 1/2 Samoan) really confused people where I grew up (Belleville, IL) to break it down simply, due to my features and light skin some Caucasian people saw me as something other than white because of my features & they would ask if Im Indian, Eskimo or something else. Even though my features were different but my skin was "white" some African Americans just saw me as "white."  Believe me I got crap from both sides. I also decided to tell people I was Hawaiian because I got tired of saying Im German / Samoan or just Samoan because no one knew where Samoa was.
122  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Wi-Fi–Hacking Neighbor From Hell Sentenced to 18 Years on: April 24, 2012, 04:47:49 PM
How do we define "regular" would this classify as regular?
http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/

I think anything large scale as in Viruses on Facebook, spearphishing is done by organized crime...

or wait

maybe I misinterpret Crafty suggestion.. should we put regular crime such as the above article in this thread?  I kind of like how this thread is separate where we can read about the cyber war outside of our personal space, I think guarding your "personal cyberspace" at home and on your personal devices  may be worthy of separate thread for personal awareness.  There are times I post general awareness information such as Mistakes People Make that Lead to Security Breaches http://www.sans.org/security-resources/mistakes.php?ref=3816 in the "Security, Surveillance issues" in the Martial Arts topics.
123  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Mumford & Son's - Sigh No More on: April 24, 2012, 07:21:37 AM
I dunno, I just like the song...

124  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Anatomy of an Attack on: April 23, 2012, 04:02:27 PM
http://www.mandiant.com/threat-landscape/anatomy-of-an-attack/

Follow the link and it gives a high level view of a spear phishing.
Sometimes the term high level is misleading and refers to a "simplistic" overview & low level would actually get into the "nitty gritty details"

I can move this into the Internet thread if you like but this could also provide some insight to one of the many ways how penetration is achieved.
125  Politics, Religion, Science, Culture and Humanities / Politics & Religion / JPL computers hacked repeatedly in 2010 and 2011, NASA report says on: April 23, 2012, 02:20:49 AM
http://latimesblogs.latimes.com/lanow/2012/03/jpl-computers-hacked-repeatedly-in-2010-and-2011-nasa-report-says.html

Hacker attacks have repeatedly penetrated NASA computers in the past, stealing user information from dozens of employees and gaining control over key networks at the Jet Propulsion Laboratory in La Cañada Flintridge, according to a federal report.

In written comments submitted to Congress this week, NASA Inspector General Paul K. Martin noted that between 2010 and 2011 the agency reported 5,408 computer security breaches, resulting in the spread of destructive software or unauthorized access to computer systems.

The inspector general also noted that NASA was victimized 47 times in 2011 by particularly stealthy and sophisticated attacks from well-funded sources hoping to steal or modify computers without detection. One such attack involved hackers from Chinese Internet addresses gaining access to networks at JPL.

Martin noted that intruders “gained full access to key JPL systems and sensitive user accounts,” allowing them to alter files, user accounts from mission critical JPL systems and upload tools to steal user credentials. “In other words, the attackers had full functional control over these networks," Martin wrote.
In a 2009 attack, an Italian hacker appears to have gained access to a pair of computer systems supporting NASA's Deep Space Network, a series of powerful antennae operated by JPL and based partly in the Mojave Desert. NASA officials assured Martin that critical space operations weren’t at risk.

Martin said the agency was plagued by hackers with a variety of backgrounds: individuals trying to boost their skills by attempting to break into NASA computers; criminal groups mining information for profit; and possibly state-sponsored attacks from foreign countries. Suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

Martin testified before Congress on Wednesday, using the report to back his statements. He urged increased NASA vigilance regarding cyber-attacks, warned of the agency’s slow pace of encryption for laptops and mobile device, and highlighted shortcomings in continuous security monitoring at NASA.

NASA spends more than $1.5 billion a year on information technology, including about $58 million for security, according to the report, which cautioned that those figures may not represent the full cost of expenditures because of the way the agency bundles funding.
126  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Some thoughts on Romney's Mormonism/life experiences on: April 23, 2012, 12:11:26 AM
Quote
"From what I have heard lately, I wouldn't expect Romney to do ANYTHING on gun control if elected to the Presidency. Why? Mormons are the original Disaster Preparedness people in this country, and most Mormon families in the west (UT, ID, NV, AZ, WY, CO) have at least 3 or 4 firearms in the house. Plenty of word from members of the church has already been whispered his way to STFU on gun control, and the answer back has been 'Wilco'. I'm not talking about Church leadership, I'm talking about rank and file members picking up a pen and writing to him. I did."

Not trying to sidetrack the thread but as a Mormon I just learned this from a Non-Mormon last night, LOL

John M. Browning was Mormon too.  John M. Browning was responsible for the invention of many firearms too according to this Wikipedia reference:
http://en.wikipedia.org/wiki/John_Browning#John_M._Browning_and_Winchester_Repeating_Arms_Company

I just thought it was interesting.
127  DBMA Martial Arts Forum / Martial Arts Topics / Older Warrior: 52-year-old tries out for US Olympic Greco-Roman Team on: April 22, 2012, 08:46:10 PM
http://msn.foxsports.com/olympics/wrestling/story/andre-metzger-52-us-olympic-trials-greco-roman-wrestling-john-e-du-pont-dies-in-prison-shot-at-dream-042012

There’s a long list of too-old athletes attempting an ill-fated comeback after retirement.


LONDON CALLING
Are you ready for the 2012 Summer Games? FOXSports.com covers the Olympics like never before. GET FULL COVERAGE HERE
Michael Jordan, who decided he could amaze again on the basketball court at age 38, saw his Washington Wizards miss the playoffs two years in a row. Jim Palmer, who finished his Hall of Fame career with the Baltimore Orioles in 1984, tried to come back seven years later at 45 and made it through two innings of a spring-training game before calling it quits. Brett Favre’s retire-then-unretire pathology finally ended at 41, after he ignominiously finished his career with a 5-8 record and a sexting scandal.

The story is often the same: a world-class talent trying to put off the inevitability of life after sport.

The story of Andre Metzger is very different.

When the 52-year-old from Michigan tries to make the US Olympic Greco-Roman wrestling team at this weekend’s trials in Iowa City, he’ll be chasing no small achievement. The oldest US wrestler to medal at an Olympics? Chris Campbell, who took bronze in 1992 at age 37 — 15 years younger than Metzger is today.

But what makes Metzger stand out even more than his age is the event that sparked his comeback: the death of a 72-year-old multimillionaire in a western Pennsylvania prison in 2010.

Anyone who follows wrestling knows the story of John E. du Pont. Not long ago he was the savior of USA Wrestling, the heir to the du Pont chemical fortune who made amateur sports, specifically wrestling, one of his main philanthropies. But in 1996, du Pont, who was schizophrenic, shot and killed Dave Schultz, a champion freestyle wrestler who had won gold in the 1984 Olympics and was one of du Pont’s closest friends. Du Pont was found guilty but mentally ill the following year and died in prison in December 2010.




And what, exactly, does du Pont’s death have to do with this 52-year-old trying to beat wrestlers half his age and make the Olympic team?

It’s because Metzger’s chance at Olympic glory was cut short in the 1980s and 1990s through a series of bizarre events involving du Pont.

Metzger had won medals in three senior world championships between 1979 and 1987, including silver in 1986. The man to whom he lost in that championship match, Arsen Fadzayev of the Soviet Union, went on to win Olympic gold in 1988 and 1992. Metzger seemed destined to get his opportunity at gold.

But Metzger didn’t have a chance to go to Seoul or Barcelona. He was a recipient of du Pont’s wrestling largesse; du Pont was helping out a financially struggling sport, so there was a feeling of being beholden to him, even as he tried to assert maniacal control over the wrestlers. Each time Metzger won nationals, du Pont gave him a $10,000 bonus. Du Pont also hired Metzger to be a wrestling coach at Villanova University, one of the biggest recipients of du Pont’s philanthropies, paying Metzger $75,000 a year plus a free house.

“It was a pretty sweet deal, too sweet to turn down,” Metzger told FOXSports.com. “But I didn’t know about him.”

 
NEED TO KNOW
Want a refresher course on the sports in the Summer Olympics? We’ve got you covered. OLYMPICS 101
Accepting du Pont's money meant Metzger was also subjected to his erratic behavior, which Metzger said included sexual harassment (Metzger sued and they settled out of court), threats on Metzger’s life and one attempt to kill him.

When Metzger mounted a comeback attempt for the 1992 Olympics, du Pont threatened to kill his children, Metzger said.

“The bottom line is he was an evil guy, and he had a lot of money,” Metzger told FOXSports.com. “I just wasn’t going to risk my family’s life. There was no reason to stay in the sport. So I stepped away.”

“And once he died, I had an opportunity.”

So here Metzger is, after three knee surgeries and a hyperextended knee, trying to be America’s hope in the 74-kilo weight class in Greco-Roman wrestling. His body fat is about 5 percent. He does anywhere from two to seven workouts a day: swimming, lifting, sauna workouts, hot yoga, wrestling.




“I said, ‘OK, this guy is crazy,’ ” US national Greco-Roman coach Steve Fraser told the Detroit Free Press. “I hadn’t heard from Andre in years. He was the real deal, a great competitor. The guy has been a real pleasure to have in our training room. He’s training early in the morning and late at night; he’s definitely a breath of fresh air.”

Think he doesn’t have a chance? Logic says of course not. But Metzger says he’s learning the new rules, he’s honed a strategy to beat the youngsters, and he’s beating the top US wrestlers in practice.

“I’ve got potential to do this,” Metzger said. “I wish I’d never been forced to retire early. But there was nothing I could do about that. Now I’m just (trying) to see if I can get it done.”

The chance of him getting it done this weekend in Iowa City is remote. But if he does, you’ll be hearing the name Andre Metzger a lot in the months leading to the Olympics — this time as a story of inspiration.

You can follow Reid Forgrave on Twitter @reidforgrave, become a fan on Facebook or email him at reidforgrave@gmail.com.
128  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Cracking Bin Laden's Hard Drives on: April 18, 2012, 12:48:00 AM
http://www.informationweek.com/news/security/encryption/229402923#

Security experts detail how the government will attempt to unlock the "trove of information" on devices recovered during the raid on Osama bin Laden's residence.

By Mathew J. Schwartz    InformationWeek
May 05, 2011 06:38 PM
The weekend raid on Osama bin Laden's compound carried out by Navy Seals and CIA paramilitary operatives reportedly recovered numerous data storage devices.
According to the New York Times, "the team found a trove of information and had the time to remove much of it: about 100 thumb drives, DVDs and computer disks, along with 10 computer hard drives and five computers. There were also piles of paper documents in the house."

An unnamed U.S. official told Politico that the Navy Seals had recovered "the mother lode of intelligence," and that hundreds of people were already at work analyzing it at a secret base in Afghanistan.

"They're very likely to get a lot of really good, actionable intel off of these devices," since Osama bin Laden apparently had no direct connection to the Internet, said Greg Hoglund, CEO of security software and consulting firm HBGary, Inc., in a telephone interview. "So all of his work was done with outside couriers … and information that's coming and going is probably on thumb drives and DVDs, media like that," meaning that they likely stored important operational information.

According to Hoglund, the effort to recover Osama bin Laden's data likely started with--and was part of--the raid, in a process that's known as battlefield exploitation, which seeks to extract as much data as possible while in the field. That's because it's much easier to extract information from a computer that's still running. Even if a hard drive employs encryption, if the drive is still mounted, then it's vulnerable. Furthermore, if the team can take physical memory RAM snapshots of a live device, this can help crack any encryption.

Here's how the process works, said Rob Lee, a director at information security company Mandiant and a fellow at The SANS Institute, in a telephone interview: A military team will secure a location but not touch the computers. Next, computer experts--typically, contractors--traveling with the team come in and do a "clean takedown" of any machines. Little if any "deep dive" data analysis will be performed in the field, except perhaps some quick analysis in search of "low-hanging fruit," for example to note on a captured cell phone any phone numbers that the target recently called, or any recently sent emails. But the true payoff comes when intelligence analysts compare the captured data with "the hundreds of terabytes of data that they've already gathered over many years," for example to see how names, email addresses, and phone numbers match up.

The goal isn't just to recover data, but to rapidly understand its intelligence context. "Instead of standard forensics, the terminology is called media exploitation, and in the intel community, that word has a high value to it," said Lee. He said the practice dates from the start of the Iraq War.
Interestingly, both the data on the recovered devices as well as the devices themselves may provide valuable clues. That's because every USB storage device has its own serial number, which can be retrieved from any computer to which it's been connected. "You're able to track that USB device in every system it's touched," said Lee. That may help analysts better understand how the courier network operated, especially if the storage devices match up with previous PCs that they've encountered.
The raid on Osama bin Laden's compound reportedly lasted 38 minutes, and recent accounts suggest that the facility may have been secured relatively quickly. That would have left time for computer specialists to go to work.

"To process a computer that's in a running state, you're probably talking about 15 to 30 minutes," said HBGary's Hoglund. "A guy has a toolkit--a hardened briefcase, he sits down, plugs it in," and it provides him with a full view of what's on the RAM chips, and also allows him to image the hard drive. In addition, a subset of the information can be transmitted via VSAT--a very small, two-way satellite communications system--to intelligence analysts in for immediate study.
What happens, however, if computers are powered off, as well as encrypted?

"If you're doing encryption on the drive properly, meaning you've done your research, looked at the solutions, you follow best practices, have a strong key, and don't have a weak passphrase, then it will probably never be decrypted. Because drive encryption done properly is extremely difficult, it ends up being a brute-force problem," said Hoglund.
To try and recover data in such situations, he said one standard practice is to remove the drives to an analysis facility that has crackers built using large arrays of field-programmable gate array chips. If a strong passphrase can be broken, that approach will do it within a week, or not at all. "It's like the event horizon--it's the threshold of tolerance," he said.

But given Osama bin Laden's use of couriers--who might not be computer-savvy, and who may have needed to operate from places like Internet cafes--"I wouldn't be surprised to find out that they weren't using any type of encryption," said Hoglund.
129  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 17, 2012, 02:47:54 AM
5 page article:

Richard Clarke on Who Was Behind the Stuxnet Attack
America's longtime counterterrorism czar warns that the cyberwars have already begun—and that we might be losing
By Ron Rosenbaum
Smithsonian magazine, April 2012,


Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWO229K


1st page below
-------------------------------


The story Richard Clarke spins has all the suspense of a postmodern geopolitical thriller. The tale involves a ghostly cyberworm created to attack the nuclear centrifuges of a rogue nation—which then escapes from the target country, replicating itself in thousands of computers throughout the world. It may be lurking in yours right now. Harmlessly inactive...or awaiting further orders.

A great story, right? In fact, the world-changing “weaponized malware” computer worm called Stuxnet is very real. It seems to have been launched in mid-2009, done terrific damage to Iran’s nuclear program in 2010 and then spread to computers all over the world. Stuxnet may have averted a nuclear conflagration by diminishing Israel’s perception of a need for an imminent attack on Iran. And yet it might end up starting one someday soon, if its replications are manipulated maliciously. And at the heart of the story is a mystery: Who made and launched Stuxnet in the first place?

Richard Clarke tells me he knows the answer.

Clarke, who served three presidents as counterterrorism czar, now operates a cybersecurity consultancy called Good Harbor, located in one of those anonymous office towers in Arlington, Virginia, that triangulate the Pentagon and the Capitol in more ways than one. I had come to talk to him about what’s been done since the urgent alarm he’d sounded in his recent book, Cyber War. The book’s central argument is that, while the United States has developed the capability to conduct an offensive cyberwar, we have virtually no defense against the cyberattacks that he says are targeting us now, and will be in the future.

Richard Clarke’s warnings may sound overly dramatic until you remember that he was the man, in September of 2001, who tried to get the White House to act on his warnings that Al Qaeda was preparing a spectacular attack on American soil.

Clarke later delivered a famous apology to the American people in his testimony to the 9/11 Commission: “Your government failed you.”

Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation’s entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system.

“Are we as a nation living in denial about the danger we’re in?” I asked Clarke as we sat across a conference table in his office suite.

“I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it. If that’s denial, then that’s denial.”

As Clarke stood next to a window inserting coffee capsules into a Nespresso machine, I was reminded of the opening of one of the great espionage films of all time, Funeral in Berlin, in which Michael Caine silently, precisely, grinds and brews his morning coffee. High-tech java seems to go with the job.

But saying Clarke was a spy doesn’t do him justice. He was a meta-spy, a master counterespionage, counter­terrorism savant, the central node where all the most secret, stolen, security-encrypted bits of information gathered by our trillion-dollar human, electronic and satellite intelligence network eventually converged. Clarke has probably been privy to as much “above top secret”- grade espionage intelligence as anyone at Langley, NSA or the White House. So I was intrigued when he chose to talk to me about the mysteries of Stuxnet.

“The picture you paint in your book,” I said to Clarke, “is of a U.S. totally vulnerable to cyberattack. But there is no defense, really, is there?” There are billions of portals, trapdoors, “exploits,” as the cybersecurity guys call them, ready to be hacked.

“There isn’t today,” he agrees. Worse, he continues, catastrophic consequences may result from using our cyber­offense without having a cyberdefense: blowback, revenge beyond our imaginings.

“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that.”



Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWZNaV8
130  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 17, 2012, 02:39:23 AM
I'm not quite sure if this belongs in this thread or the Internet thread:

http://net-security.org/malware_news.php?id=1922


Services for fraudsters utilizing malware are not new – AV checkers, malware encryption and malware infection services have existed in the criminal underground market for several years.

However, recent research has indicated changes in service scope and price due to service convergence and demanding buyers.



What's new?

One-stop-shop - Trusteer Research came across a new group that besides offering infection services (for prices between 0.5 and 4.5 cents for each upload, depending on geography) also provides polymorphic encryption and AV checkers. This new one-stop-shop approach for malicious services is a natural evolution of the market – if the customers need to infect, then they also need to evade AV. Why not sell the whole package?

For Polymorphic encryption of malware instances they charge from $25 to $50 and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.

It’s a buyer market. Researchers also came across advertisements published by prospective buyers of infection services. The ad basically presets the buying price, how it is charged and the scope of the service:
The advertiser pays only for unique uploads
The calculations will be conducted according to the advertiser's own Black Hole (exploit kit) stats module
The advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 "fresh" forum messages. Otherwise, the sellers will get paid afterwards
The domains are checked via a malware scan service website (scan4you) during the day. If the domain is recognized as blacklisted on anti-virus databases, the advertiser will automatically replace it with another.
The final paid price depends on percentage of infections:
$4.5 for 1,000 of traffic with 3% of infections
$6 for 1,000 of traffic with 4% of infections
$30 for 1,000 of traffic with more than 20% of infections.
In an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for 20$ per file, and offered a money back guarantee if it fails an AV checker.
131  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cridex on: April 15, 2012, 08:11:10 PM
Just an FYI: "we" have been seeing alot of fake emails here at work, luckily they are blocked and deleted but normal home users don't have the same protections in place.

Cridex Trojan breaks CAPTCHA, targets Facebook, Twitter users
http://www.linkedin.com/news?viewArticle=&articleID=5570732773137715208&gid=2305411&type=member&item=92660407&articleURL=http%3A%2F%2Fbitcyber%2Ewordpress%2Ecom%2F2012%2F02%2F02%2Fcridex-trojan-breaks-captcha-targets-facebook-twitter-users%2F&urlhash=9JPw&goback=%2Egde_2305411_member_92660407



The Cridex Trojan Targets 137 Financial Organizations in One Go
http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/

132  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Re: Cyberwar and American Freedom on: April 13, 2012, 02:41:48 PM
Thanks GM, interesting / scary stuff out there!
133  Politics, Religion, Science, Culture and Humanities / Politics & Religion / An Evaluation of Nation-State Cyber Attack Mitigation Strategies (w speaker) on: April 13, 2012, 04:20:47 AM
An Evaluation of Nation-State Cyber Attack Mitigation Strategies (w speaker)


Speaker: Kenneth Geers Naval Criminal Investigative Service (NCIS), Cooperative Cyber Defence Centre of Excellence (CCD CoE)

This presentation argues that computer security has evolved from a technical discipline to a strategic concept. The world's growing dependence on a powerful but vulnerable Internet — combined with the disruptive capabilities of cyber attackers — now threatens national and international security.

Strategic challenges require strategic solutions. The author examines four nation-state approaches to cyber attack mitigation.

•Internet Protocol version 6
•Sun Tzu's Art of War
•Cyber attack deterrence
•Cyber arms control

The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations; arms control is a political/technical approach.

The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demonstrates that IPv6 is currently the most likely of the four examined strategies to improve a nation's cyber defense posture.

There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today — anonymity.

For more information visit: http://bit.ly/defcon19_information
To download the video visit: http://bit.ly/defcon19_videos
Playlist Defcon 19: http://bit.ly/defcon19_playlist
134  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Internet and related technology on: April 13, 2012, 04:14:09 AM
http://www.infosecisland.com/blogview/20779-Social-Media-Security-Basics-An-Infographic.html

Social networking has quickly become a major medium for communications for both individuals and organizations, but the platforms that allow the development of online personae are not without their own inherent risks.

The team over at security provider Veracode has produced an interesting and informative infographic examining the social media security basics everyone who has ventured into the online world of networking should embrace.

Follow the link above to view the complete article.
135  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Has the ‘Cyber Pearl Harbor’ already happened? on: April 12, 2012, 07:02:40 AM
http://www.dodbuzz.com/2012/03/26/has-the-cyber-pearl-harbor-already-happened/

Has the ‘Cyber Pearl Harbor’ already happened?

By Philip Ewing Monday, March 26th, 2012 10:54 am
Posted in Cyber Security

The Russians are picking our pockets, the Chinese are stealing our most vital secrets, and there’s nothing we can do about it – and it’s all going to get worse.

That was the basic conclusion after Friday’s Air Force Association cyber-conference, where speaker after speaker drove home the utter futility and helplessness of today’s cyber climate, all the while warning that the problem will only grow.

Richard Bejtlich, chief security officer for the info-security firm Mandiant, said 100 percent of the high-profile intrusions his company tracks were done with “valid credentials” – meaning the cyber bad-guys had been able to steal a real user’s login and password, obviating the need for more complex attacks.


The typical time between an intrusion and its discovery is 416 days, he said – down from two or three years – and the way most companies find out about them is when they get a visit from the FBI.

The publicly available malware in the so-called “cyber underground” is now so good that you can do a lot of damage without a dedicated team of code-writers coming up with their own stuff, speakers said. In fact, the much-discussed cyber attack against Georgia was carried out mostly with publicly known tools – “there was nothing sacred here,” said National Defense University iCollege chancellor Robert Childs.

Cyber-intrusions and compromise are so endemic, Bejtlich said, that many attackers don’t even bother with the wholesale vacuuming of information that used to characterize cyber-snooping. Now hackers go after very specific pieces of information, often data that is useless on its own, he said.

He described how a company had approached Mandiant befuddled that someone would want to steal a certain proprietary device, because it only worked in combination with a specific chemical formula owned by another company. Naturally, it wasn’t long before the second company discovered it was compromised, and also befuddled because its chemical formula would only be useful to someone who had information about the device manufactured by the first.

Online miscreants are also becoming more sophisticated at a strategic level, Bejtlich said: He described how they might target small companies that were merging with larger ones, to avoid trying to attack the bigger firm’s online security. Instead, by compromising a small company’s computer networks, the bad guys can then get into the new common network after a merger.

This can have profound financial as well as security implications, Bejtlich said – if you’re an aerospace giant and you want to acquire a small firm because its widget is worth $10 million, but then you discover it’s been cyber-stolen and no longer proprietary, the technology might only be worth $10,000, and that could put your shareholders and Wall Street in a bad mood.

And you can’t do anything about any of this. Government officials won’t talk about offensive cyber-attacks, so we can’t go there. Private sector clients in crisis with Mandiant often ask, how can we get back at these guys, or at least, can we destroy the data they’ve stolen, Bejtlich said.

“I’ve never seen somebody execute this, because of legal concerns,” he said. “The CEO says, ‘I wanna get these guys,’ but if there’s a lawyer in the room, what does he say? ‘Absolutely not.’”

Going after data that has been stolen from your network is like following a thief who has stolen your television and then breaking into his house to steal it back, Bejtlich said – “not authorized by our legal code.”

And the law can’t catch up with cyber, as we’ve seen so many times. And by the time the feds knock on your door to tell you about your compromise, it’s too late. And even though officials have been warning about cyber-dangers for more than a decade, the cyber-world has basically just been treading water this whole time, another speaker argued.

“I’ve been at this conference for 15 years,” said Jason Healey, an analyst with the Atlantic Council. He showed government reports warning of “computers at risk” from 1991 and before, and said although the technology involved has gotten much more advanced since then, the cyber doctrine, for lack of a better term, has not.

Healey argued that the U.S. can’t afford to keep being coy with China. It must build a coalition of cyber-victims and formally call out Beijing on the world stage, citing specific examples of Chinese hacking. Healey said Washington has never laid out its cyber-grievances in this way, and suggested that threatening to embarrass China might be one first step.

He also said the cyber-world must dispense with its worries over “attribution” – tracing the origins of attacks. Healey repeated the factoid that 178 countries were “involved” in the 2007 cyber-attack on Estonia: “Who cares?” he said. “That is completely meaningless.” In those situations, if the U.S. is affected, “the president needs to pick up the phone and call the Kremlin.”

(For what it’s worth, Bejtlich said the lines between Russian government and organized-crime cyber-mischief were so blurred as to be nonexistent. As for China, he said that if you want to know if you’ll be a cyber-target, see where your company falls on Beijing’s regular 5-year “industrial priorities” plans – it tracks very closely with hacking victims.)

An audience member’s question Friday crystallized all the speakers’ points at the cyber-conference: The much-feared “Cyber Pearl Harbor” has already happened, he said. Global cyber crime is more profitable than the drug trade.  America’s onetime technological advantage is gone; much of its intellectual property secrets have been stolen.

“People just haven’t realized it yet,” the questioner said.

It’s a depressing thesis, but from all the public statements about cyber-losses, it sounds plausible. Unless a true “Cyber Pearl Harbor” — in which bad guys knock out the power grid or the financial system or our telecommunications — happens tomorrow. Even if it doesn’t, Healey proposed a new set of parallels: A “Cyber-Vietnam,” i.e. a prolonged campaign, rather than a single sneak attack; or a “Cyber Battle of Britain,” in which the government appeals to — or impresses — private citizens for help in responding to a major crisis.

Can anything be done? Healey called for “cyber-mindedness,” for users to be that much more careful when they use the network, and for military cyber-units to study their forebears as airmen study MiG Alley or Operation Linebacker.

Maj. Gen. Suzanne Vautrinot, commander of the 24th Air Force, said military networks must be “proactive in defense,” able to monitor intrusions and irregularities and turn them against attackers. She showed the infamous clip of New York Giants bruiser Lawrence Taylor tackling Washington Redskins great Joe Theismann – crushing his leg and ending his career. That’s what cyber-defense has to be, she said.

Bejtlich left attendees with perhaps the most hopeful metaphor: The best organizations turn cyber-security “into a manageable situation,” he said – “they go from being a volunteer fire department to a continuous business process.”

In other words, governments and businesses must treat cyber-security like a chronic disease, a condition that will always be there, but can be managed and even suppressed. Bejtlich said if he could, he’d mandate that everyone did an inspection every 30 days to see where their networks were compromised, then act appropriately once discovering the details.

Turning to the inevitable cyber-football analogy, Bejtlich said defenders have to stop permitting attackers to complete touchdown passes every time. Instead they’ve got to pressure the quarterback and defend downfield, forcing attackers to try for field goals instead.

“The bad guys are going to complete passes, they’re going to compromise your systems, get to your data, try to aggregate it, encrypt it, exfiltrate it, and you want to prevent them from getting to the point of the extrusion,” he said. “If you have fast identification, fast containment, if you can get to them before they complete their mission, it may not matter as much that they’re in your system.”

That, it appears, is the best diagnosis we can hope for. Congress can’t act – which means it can’t pass its own laws or ratify a theoretical international cyber-treaty. If the military and government are getting better at cyber-defense, the private sector remains more or less on its own. Here’s how Twitter user @hal_999999999 put it in a response to @DoDBuzz on Friday:

“It’s the old west, the Roaring Twenties, and the Cold War all rolled into one, w/some wires and CPUs… We’re gonna have to earn it.”
136  Politics, Religion, Science, Culture and Humanities / Politics & Religion / “Good for Liberty, Bad for Security? Global Civil Society and the Securitization on: April 12, 2012, 06:54:18 AM
Deibert, R. & Rohozinski, R. (2008). “Good for Liberty, Bad for Security? Global Civil Society and the Securitization of the Internet.” In Access Denied: The Practice and Policy of Global Internet Filtering, ed. Deibert R., Palfrey, J., Rohozinski, R., Zittrain, J. MIT Press.

The spectacular rise and spread of NGOs and other civil society actors over the past two decades is attributable in part to the emergence and rapid spread of the Internet, which has made networking among like-minded individuals and groups possible on a global scale.

But the technological explosion of global civil society has not emerged without unintended and even negative consequences. Just as progressive and social justice groups have made use of the Internet to advance global norms, so too have a wide variety of resistance networks, militant groups, extremists, criminal organizations, and terrorists. Whereas once the promotion of new information communications technologies (ICTs) was widely considered benign public policy, today states of all stripes have been pressed to find ways to limit and control them as a way to check their unintended and perceived negative public policy and national security consequences.

Full Report:
http://opennet.net/sites/opennet.net/files/Deibert_07_Ch06_123-150.pdf
137  Politics, Religion, Science, Culture and Humanities / Politics & Religion / Cyber Warfare: The next Cold War on: April 12, 2012, 02:32:15 AM
http://www.scmagazine.com/cyber-warfare-the-next-cold-war/article/232568/


Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.
History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.

Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.
While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.

North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.

In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved.
“Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”

It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.
Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.


Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.
In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.

In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.

However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.

Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.

This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.

Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually  install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.
Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.

Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production.
Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.

Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.

Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.

When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.


And now, mobile and cloud
Mandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.

Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.

Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.

Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.
“Typically,” she says, “security comes at the price of convenience.”

Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.

Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.
Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.

If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.

Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.

Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit.
138  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cyber Warfare: The next Cold War on: April 11, 2012, 12:37:00 AM
http://www.scmagazine.com/cyber-warfare-the-next-cold-war/article/232568/


Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.
History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.

Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.
While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.

North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.

In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved.
“Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”

It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.
Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.


Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.
In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.

In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.

However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.

Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.

This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.

Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually  install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.
Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.

Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production.
Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.

Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.

Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.

When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.


And now, mobile and cloud
Mandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.

Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.

Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.

Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.
“Typically,” she says, “security comes at the price of convenience.”

Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.

Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.
Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.

If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.

Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.

Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit. 
139  DBMA Martial Arts Forum / Martial Arts Topics / Re: Security, Surveillance issues on: April 10, 2012, 03:07:19 AM
Mistakes People Make that Lead to Security Breaches

The Five Worst Security Mistakes End Users Make

Failing to install anti-virus, keep its signatures up to date, and apply it to all files.

Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources.

Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, Firefox, and Netscape.

Not making and testing backups.


Being connected to more than one network such as wireless and a physical Ethernet or using a modem while connected through a local area network.

http://www.sans.org/security-resources/mistakes.php?ref=3816
140  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Mistakes People Make that Lead to Security Breaches on: April 10, 2012, 02:48:08 AM
The Five Worst Security Mistakes End Users Make

Failing to install anti-virus, keep its signatures up to date, and apply it to all files.

Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources.

Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, Firefox, and Netscape.

Not making and testing backups.

Being connected to more than one network such as wireless and a physical Ethernet or using a modem while connected through a local area network.

http://www.sans.org/security-resources/mistakes.php?ref=3816
141  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Anonymous to attack internet this weekend? on: April 02, 2012, 07:58:36 PM

http://isc.sans.edu/diary.html?storyid=12868

In the comments section someone stated:

The original threat to take down the Internet DNS-system was posted here:

http://pastebin.com/NKbnh8q8

In the above pastebin-post, the following is stated:

Quote
"download link in #opGlobalBlackout"

If you entered the Anonymous IRC-network at the time this was posted, the topic of channel opGlobalBlackout was: Official Press Release: http://pastebin.com/yK79Tsgq

As you can see, the "Press Release" tells potential Anonymous-members to stop waging war, that peace is the way to go, to stop DDoS-attacks. This is another words an "anti-op" designed to get potential anonymous-recruits to think about what they are doing.

There never was an operation. There was only an anti-operation, designed to get people to think.
posted by Rogers, Sun Apr 01 2012, 13:23
142  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Internet and related technology on: March 26, 2012, 11:25:57 PM
Information Security and the OODA Loop

The Information Security OODA Loop - The Introduction
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-The-Introduction/ba-p/5589775

The Information Security OODA Loop - Observe
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-Observe/ba-p/5590935

The Information Security OODA Loop - Orient
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/The-Information-Security-OODA-Loop-Orient/ba-p/5592749
143  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: December 06, 2011, 08:28:20 PM
Not sure what to say, very nice piece of music. 
144  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Cybercommand opposes UN role on: October 21, 2011, 03:54:39 PM
http://www.washingtontimes.com/news/2011/oct/20/cybercommand-chief-opposes-un-net-control/

Cybercommand chief opposes U.N. net control
‘Government survivability’ issue

BALTIMORE — The commander of the U.S. Cyber Command said Thursday that he does not favor giving the United Nations the power to regulate the Internet.

Some regulations are needed to protect critical networks that control electrical power, banking, transportation and other key elements of society, Army Gen. Keith Alexander, who is also director of the National Security Agency, said after a speech to a security conference.

But asked whether the U.N. should have a regulation role, Gen. Alexander said: “No. I’m not for regulating, per se. I’m concerned about it, and this is a tough question. I would say, generally speaking, I’m not into that portion of regulating as you would espouse.”

Last month, Russia, China, Uzbekistan and Tajikistan submitted a resolution to the U.N. General Assembly calling for giving individual states the right to control the Internet. The resolution, submitted Sept. 14, calls for “an international code of conduct for information security.”

It requests “international deliberations within the United Nations framework on such an international code, with the aim of achieving the earliest possible consensus on international norms and rules guiding the behavior of states in the information space.”

China tightly controls the Internet through a cybersecurity police force estimated to be more than 10,000 people who monitor Internet users and websites.

Russia’s authoritarian government has taken steps in recent years to curb Internet freedoms. Uzbekistan and Tajikistan also are authoritarian regimes that seek to control Internet use.

Gen. Alexander said that, rather than seeking U.N. regulation, individual countries “first need to step up and say, ‘Look, how do we do this without regulating it?’ “

The four-star general suggested bolstering Internet security by using “cloud” technology, which uses remote computer servers for applications and data storage. Other new technologies that permit greater visibility of cyberthreats on networks also can be used to improve security, he said.

“I do think that there may be some things for critical infrastructure and government networks that we’re going to have to direct out to the government,” Gen. Alexander said. “These are things that you must do to secure your networks for government survivability.”

Additionally, security cooperation between nations can be improved, he said.

“But for my grandchildren and my daughters out there, they have a great time on the network,” he said. “I would not want somebody to say you cannot let your 2-year-old grab the iPad and launch [an application].”

As for future considerations, Gen. Alexander said U.S. policymakers are discussing whether U.S. firms should be required to divulge information about cyber-attacks.

Additionally, he said: “I think down the road we have to figure out how do we ensure that your platforms do not create a public hazard, but I’m not sure I would put that in regulation.”

In a speech to the Information Systems Security Association conference, Gen. Alexander said U.S. development of the Internet brought tremendous benefits and “tremendous vulnerabilities” that can be exploited by hackers, criminals and nation states.

U.S. corporations were victims of cyber-attacks, including Google, Lockheed Martin and Booz Allen Hamilton, and some have lost valuable intellectual property through cybertheft and espionage.

The threat is increasing as the use of mobile devices such as smartphones and tablet computers increases.

“Here’s what concerns me: What we’re seeing is destructive [digital] payloads coming out, payloads that can make a blue screen of death, that can stop your operating system, your router or peripheral devices,” Gen. Alexander said.

Mobile devices increase the problem by “orders of magnitude” because of the lack of security built up over the past decade for desktop devices, he said.

Both are connected to networks, “and the issues we are going to see are huge,” Gen. Alexander said.

Shawn Henry, FBI executive assistant director for cyber-issues and a conference speaker, said a better network architecture is needed to identify cybercriminals who can operate anonymously.

Mr. Henry also called for better “assurance” for Internet communications to prevent someone from breaking into links that control key infrastructure. For example, computer communications between a technician remotely directing an electrical facility need better security, he said.

“The Internet was developed with protocols allowing for anonymity and there are legitimate reasons for wanting it that way,” Mr. Henry said. “But for those critical uses of the Internet where intrusion is entirely unacceptable and we must be able to identify the users, market-driven factors may prompt the private sector to explore solutions and alternate architectures to meet those needs.”

“We need a more secure architecture that allows for absolute attribution,” he said. “Threats are continuing to increase and we cannot constantly play defense.”
145  DBMA Martial Arts Forum / Martial Arts Topics / Re: Emergency Tips and Emergency Medicine on: September 02, 2011, 10:52:46 PM
Done Guro!
146  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Survivalist issues on: September 02, 2011, 10:51:58 PM
Got this from http://offgridsurvival.com/shtfsurvivalmanual/   - I like this idea.

Electronic storage is great, for years I have recommended things like survival laptops and tablets. With a good solar charger these devices can last for years in an off the grid environment.
If your anything like most of the survival minded people that come to this site, you probably bookmark and save a ton of good survival articles. While I love electronic devices, when the SHTF you need to have backups of all your valuable survival information.
You need your own SHTF Proof Survival Manual.
Lately I have been saving a ton of how to articles to my NOOK but I don’t stop there. The nook is great for storing survival books and articles but I also started laminating the most important articles and putting them into my own personal survival manual.
For under $40 bucks you can make yourself a good SHTF proof survival binder.
First, you need to buy a good laminator and a pack of lamination sheets.
You can get a Good Laminator on Amazon and a pack of 50 lamination sheets for around $40. This will allow you to put about 400 articles in your personal survival manual.
Second, I condense the articles down so I can fit at least 4 to a page (8 double sided) this gives you roughly 400 articles with only 50 pieces of paper. Remember the lamination adds some weight so you don’t want to go crazy here. Print only those articles that you think you will really need post SHTF.
I usually condense articles down in Microsoft word, or I shrink down specific pages from books so I can fit them into my 4up format. I then 3 ring punch the laminated pages and put them in a good zippered binder to protect them from the elements.
What kinds of articles do I add to my personal survival manual?
My NOOK can pretty much hold everything I need so I fill that up with as much information as I can get. For my Binder I take only the things that I think I will need in a post SHTF world.
Maps, Evacuation Routes and Bug Out Locations
Medical information and first aid instructions
How To articles
Pictures of edible plants
Communication frequency charts, notes and antenna diagrams / formulas
Primitive Skills & instructional materials
Trapping Diagrams
And anything that you may have a hard time remembering
147  DBMA Martial Arts Forum / Martial Arts Topics / Re: Emergency Tips and Emergency Medicine on: September 02, 2011, 08:24:29 PM
I like this idea:

http://offgridsurvival.com/shtfsurvivalmanual/

Electronic storage is great, for years I have recommended things like survival laptops and tablets. With a good solar charger these devices can last for years in an off the grid environment.
If your anything like most of the survival minded people that come to this site, you probably bookmark and save a ton of good survival articles. While I love electronic devices, when the SHTF you need to have backups of all your valuable survival information.
You need your own SHTF Proof Survival Manual.
Lately I have been saving a ton of how to articles to my NOOK but I don’t stop there. The nook is great for storing survival books and articles but I also started laminating the most important articles and putting them into my own personal survival manual.
For under $40 bucks you can make yourself a good SHTF proof survival binder.
First, you need to buy a good laminator and a pack of lamination sheets.
You can get a Good Laminator on Amazon and a pack of 50 lamination sheets for around $40. This will allow you to put about 400 articles in your personal survival manual.
Second, I condense the articles down so I can fit at least 4 to a page (8 double sided) this gives you roughly 400 articles with only 50 pieces of paper. Remember the lamination adds some weight so you don’t want to go crazy here. Print only those articles that you think you will really need post SHTF.
I usually condense articles down in Microsoft word, or I shrink down specific pages from books so I can fit them into my 4up format. I then 3 ring punch the laminated pages and put them in a good zippered binder to protect them from the elements.
What kinds of articles do I add to my personal survival manual?
My NOOK can pretty much hold everything I need so I fill that up with as much information as I can get. For my Binder I take only the things that I think I will need in a post SHTF world.
Maps, Evacuation Routes and Bug Out Locations
Medical information and first aid instructions
How To articles
Pictures of edible plants
Communication frequency charts, notes and antenna diagrams / formulas
Primitive Skills & instructional materials
Trapping Diagrams
And anything that you may have a hard time remembering
148  DBMA Martial Arts Forum / Martial Arts Topics / Re: VIDEO CLIPS OF INTEREST on: December 17, 2010, 09:36:35 AM
Surprised this hasn't been posted yet, I know there has been some cool stuff pulled off by Gints at the Gatherings but this is pretty darn cool too.

149  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: November 02, 2010, 11:20:00 PM
I know the sound of this band isn't anything new but its kind of refreshing.



Yeah I could go back and listen to the music that inspires these guys but I'm really diggin this album.

150  Politics, Religion, Science, Culture and Humanities / Science, Culture, & Humanities / Re: Music on: April 16, 2010, 03:36:51 AM
Been some time I visited this thread.  That is some really interesting stuff, I believe I asked Guro Crafty a question about Music and Martial Arts. I dont even remember exactly what I asked but  I think it would start an interesting thread. I don't quite understand all that you wrote about Ill have to look into it further but it sure is interesting!  Definitely adding those two songs to my playlist!
Pages: 1 2 [3] 4 5 ... 11
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!