Blogs.Forbes.com::Record Five Million Sites Were Likely Infected By Hacked Web Widget

   "Is Privacy Dead?" is becoming a frequently asked question 
    and I believe the answer is approaching "Yes."

On 6 August 2010, @nanofoo (i.e. Gerald Thurman) tweeted the following.

   No anonymity on future web says Google CEO 
   - http://bit.ly/aCM0L0 @THINQtech

Expanding the shortened URL in the last tweet...

Thinq.co.uk::No anonymity on future web says Google CEO: Privacy is so last century

   RT @TheOfficialACM Tech News: Cyberwarrior Shortage Threatens 
   U.S. Security http://n.pr/aICIr6 (via NPR) 

   New GAO Cybersecurity Report: From the U.S. Government 
   Accountability Office: "Cybersecurity: Key Challenges 
   Need ... http://bit.ly/dAeXZ6

   Embedded Code in U.S. Cyber Command Logo: This is excellent. 
   And it's been cracked already.... http://bit.ly/99iI24

And finally with respect to cyber-attacks on private networks...

   "[they are] comparatively easy to launch, cheap to launch, 
   the amount you can steal is enormous, and the chances of 
   getting caught are miniscule." -- Larry Clinton, president 
   of the Internet Security Alliance,

TheHill.com::White House meeting will stress economic side of cybersecurity

Simson Garfinkle has written about "a new approach does away with the need for long strings of letters and numbers."

TechologyReview::Passwords that are Simple--and Safe

[extra] I've hard-code a few passwords... Wired.com::SCADA System's Hard-Coded Password Circulated Online for Years

   "Cyberspace has become the fifth domain of warfare, 
    after land, sea, air and space."

Question: Will the U.S. have to engage in politically correct cyberwarfare? I hope the answer isn't "yes."

Economist.com::Cyberwar: It is time for countries to start talking about arms control on the internet

   "Moscow [Russia] based ElcomSoft, developer of the new password 
    recovery tool, 'Elcomsoft Internet Password Breaker,' says the 
    product is designed as tool to provide forensics, criminal 
    investigators, security officers and government authorities 
    with the ability to retrieve a variety of passwords stored 
    on a PC."

SecurityWeek.com::New Tool Reveals Internet Passwords

eSecurityPlanet.com::SSL Certificates In Use Today Aren't All Valid

   "The Russians have a dramatically different definition of 
    information security than we do; it's a broader notion, 
    and they really mean state security," says U.S. ICANN 
    representative George Sadowsky. -- CACM.ACM.org

CACM.ACM.org::At Internet Conference, Signs of Agreement Between U.S. and Russia

   "Network monitoring has shown that many iPad devices are 
    causing a problem on the campus network. These devices 
    are continuing to use an IP address they have been leased 
    well beyond the time they should. (In technical terms, 
    the device's DHCP client software stops renewing its lease, 
    but the device keeps using the IP address after the DHCP 
    lease expires.  This is not a WiFi issue.)  This behavior 
    causes a disruption on the campus network."

Princeton.edu::Apple iPad Network Connectivity Issues

In an unrelated matter: Not all Java-based programs are secure.

Java Deployment Toolkit Performs Insufficient Validation of Parameters

   "Carr argues that we need to distinguish between cyberwar 
    and cyberterror, as well as cyber-espionage and cybercrime
    --even while we unify our defense against each of those 
    looming problems."

Forbes.com::Why Cyber War Is No Cold War

I don't think so; therefore, it probably is.

   @nanofoo tweeted the following on 2010.01.30.

   Obama said nothing in his State of the Union address about 
   the state of the Union w/respect to cyberwarfare preparedness

According to PopSci.com... "we are not prepared."

PopSci.com::U.S. Wargamers Wrap Up Massive Cyberattack Drill: "We Are Not Prepared"

   "There are concerns that the United States is extremely 
    vulnerable to a full-scale cyberattack, and the U.S. 
    Cyber Command is not in a position to protect U.S. 
    civilian computer networks [...]"

The TechNews.ACM.org posting included the following.

   "Meanwhile, U.S. military networks are under constant 
    cyberattack because they are such an appealing target, 
    according to Deputy Defense Secretary William Lynn. 
    'And the frequency and sophistication of attacks are 
    increasing exponentially,' he notes.

I believe this is true because we're living in exponential times.

More from the TechNews.ACM.org posting titled "In Cyber War, Most of U.S. Must Defend Itself."

   "McAfee hints at the possibility that countries are 
    competing in a quiet cyber arms race, and communications 
    systems, banks, and power grids are just as likely to be 
    targets as military networks."

Note: McAfee is an "antivirus software and computer security company headquartered in Santa Clara, California."

[Extra] @nanofoo tweeted the following on 2010.02.07.

   China & Russia dominate 2010 ACM Intl. Collegiate 
   Programming Contest http://bit.ly/cVLdpz

@nanofoo tweeted the following on 2010.01.30.

Obama said nothing in his State of the Union address about 
the state of the Union w/respect to cyberwarfare preparedness.

   "The bill requires the Obama administration to conduct an 
    agency-by-agency assessment of cybersecurity workforce skills 
    and establishes a scholarship program for undergraduate and 
    graduate students who agree to work as cybersecurity specialists 
    for the government after graduation."  
    [source: NYTimes.com via Slashdot.org]

Yikes! politician Michael Arcuri said, "Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just image what a rogue state could do."

FYI to Arcuri: Kids not yet in high school can be crackers.

Science.House.gov::HR4061::Cybersecurity Enhancement Act of 2009

   "Data Privacy Day is an international celebration of the dignity 
    of the individual expressed through personal information."

Data Privacy Day... "digital lives in a networked world."

   "The objective of the Cyber Genome Program is to produce 
    revolutionary cyber defense and investigatory technologies 
    for the collection, identification, characterization, and 
    presentation of properties and relationships from collected 
    digital artifacts of software, data, and/or users to support 
    DoD law enforcement, counter intelligence, and cyber defense 
    teams. Digital artifacts may be collected from live systems 
    (traditional computers, personal digital assistants, and/or 
    distributed information systems such as 'cloud computers'), 
    from wired or wireless networks, or collected storage media. 
    The format may include electronic documents or software (to 
    include malicious software - malware). The Cyber Genome Program 
    will encompass several program phases and technical areas of 
    interest. Each of the technical areas will develop the cyber 
    equivalent of fingerprints or DNA to facilitate developing 
    the digital equivalent of genotype, as well as observed and 
    inferred phenotype in order to determine the identity, lineage, 
    and provenance of digital artifacts and users."
    [source: FBO.gov via Wired.com]

• Wired.com::Pentagon Searches for 'Digital DNA' to Identify Hackers
• FBO.gov::Cyber Genome Program Proposers' Day

The Wired.com headline should have read: "Pentagon Searches for 'Digital DNA' to Identify Hackers Crackers"

   "China's hackers subverted the access system Google 
    put in place to comply with U.S. intercept orders."

Dear Mr. Schneier... And I know this is a little thing, but please, please, please write cracking instead of hacking.

CNN.com::U.S. enables Chinese hacking of Google

   Is Google Going To Address The Fact That So Many Gmail 
   Accounts Are Getting Hacked?  http://bit.ly/76OW0I

And of course the accounts are being cracked (i.e. not hacked).

@nanofoo sent following tweet as a reply to @hblodget on 2010.01.18.

   About Google Gmail being cracked... Oxymoron? computer security

In a nutshell, Google's Gmail is popular; therefore, it is going to be a popular target for crackers and cyber-terrorists. The fact that Gmail gets cracked provides definitive proof that computer security is downright difficult and it is why computer security gurus make lots of money.

   "Chinese netizens pointed out that the hackers, who call 
    themselves 'Iranian Cyber Army', changed Baidu's DNS 
    records, redirecting traffic to another site."
    --English.People.com.cn

The "hackers" that took down Baidu were "crackers."

YRO.Slashdot.org::Twitter Hackers Take Down Baidu

   "Over the last few months, we've been researching the 
    security/latency tradeoff and decided that turning https 
    on for everyone was the right thing to do."

Gmailblog.Blogspot.com::Default https access for Gmail

Yet more evidence (like we needed more) that processing dates and times on a computer is non-trivial.

Secure.Grepular.com::SpamAssassin 2010 bug

Security Watchdog Archives: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000