Infosecurity News Reel

Loading...

Help Net Security - News

IEEE Spectrum Computing Channel

Aug 1, 2015

US-CERT: Best Practices to Protect You, Your Network, and Your Information

The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions.
During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices.
Cybersecurity is a risk management issue. Our experience demonstrates that individuals and organizations may reduce risk when they implement cybersecurity best practices. The following are examples of best practices you should consider implementing today as part of your cybersecurity strategy:
  1. Implement Two-Factor Authentication: Two-factor authentication works to significantly reduce or eliminate unauthorized access to your networks and information.
  2. Block Malicious Code: Activate application directory whitelisting to prevent non-approved applications from being installed on your network.
  3. Limit Number of Privileged Users: System administrators have privileged access that gives them the “keys to your kingdom.” Limit system administrator privileges only to those who have a legitimate need as defined by your management directives.
  4. Segment Your Network: Don’t put all your eggs in one basket by having a “flat network”. Use segmentation techniques so that if one part of your network is breached that the integrity of the rest of the network is protected.
  5. Lock Your Backdoors: Third parties that share network trust relationships with you may prove to be an Achilles heel by serving as an attack vector into your network. Take action to ensure that all network trust relationships are well-protected using best practices. Have a means to audit the effectiveness of these defenses. Consider terminating or suspending these relationships until sufficient controls are in place to protect your backdoors.

Quantum Geopolitics

"Quantum Geopolitics is republished with permission of Stratfor."
 
Forecasting the shape the world will take in several years or decades is an audacious undertaking. There are no images to observe or precise data points to anchor us. We can only create a picture, and a fuzzy one at best. This is, after all, our basic human empirical instinct: to draw effortlessly from the vivid imagery of our present world and past experiences while we squint and hesitate before faint, blobby images of the future.
In the world of intelligence and military planning, it is far less taxing to base speculations on the familiar — to simulate a war game that pivots on an Iranian nuclear threat, a seemingly unstoppable jihadist force like the Islamic State and the military adventurism of Russia in Eastern Europe — than it is to imagine a world in which Russia is weak and internally fragmented, the jihadist menace is contained by its own fractiousness and Iran is allied with the United States against a rising Sunni threat. In the business world, it is much simpler to base trades and strategies on a familiar environment of low oil prices and high interest rates. Strategists in many domains are guilty of taking excessive comfort in the present and extrapolating present-day assumptions to describe the future, only to find themselves unequipped when the next big crisis hits. As a U.S. four-star general once told me in frustration, "We always have the wrong maps and the wrong languages when we go to war."
So how do we break out of this mental trap and develop the confidence to sketch out plausible sets and sequences of unknowns? The four-dimensional world of quantum mechanics may offer some guidance or, at the very least, a philosophical approach to strategic forecasting. Brilliant physicists such as Albert Einstein, Louis de Broglie and Erwin Schrodinger have obsessed over the complex relationship between space and time. The debate persists among scientists over how atomic and subatomic particles behave in different dimensions, but there are certain underlying principles in the collection of quantum theories that should resonate with anyone endowed with the responsibility of forecasting world events.

Quantum Principles and Political Entities

Einstein described space-time as a smooth fabric distorted by objects in the universe. For him, the separation between past, present and future was merely a "stubbornly persistent illusion." Building on Einstein's ideas, celebrated U.S. physicist and Nobel Laureate Richard Feynman, some of whose best ideas came from drawings he scribbled on cocktail napkins in bars and strip clubs, focused on how a particle can travel in waves from point A to point B along a number of potential paths, each with a certain probability amplitude. In other words, a particle will not travel in linear fashion; it will go up, down and around in space, skirting other particle paths and colliding into others, sometimes reinforcing or canceling out another completely. According to Feynman's theory, the sum of all the amplitudes of the different paths would give you the "sum over histories" — the path that the particle actually follows in the end.
The behavior of communities, proto-states and nation-states (at least on our humble and familiar planet Earth) arguably follows a similar path. We have seen statelets, countries and empires rise and fall in waves along varied frequencies. The crest of one amplitude could intersect with the trough of another, resulting in the latter's destruction. One particle path can reinforce another, creating vast trading empires. Latin America, where geopolitical shifts can develop at a tortoise's pace in the modern era, tends to emit long radio-like waves compared to the gamma-like waves of what we know today as a highly volatile Middle East.

Applied Quantum Theories: Turkey

If we apply the nation-state as an organizing principle for the modern era (recognizing the prevalence of artificial boundaries and the existence of both nations without states and states without nations), the possibilities of a state's path are seemingly endless. However, a probability of a state's path can be constructed to sketch out a picture of the future. 
The first step is to identify certain constants that have shaped a country's behavior over time, regardless of personality or ideology (an imperative to gain sea access, a mountainous landscape that requires a large amount of capital to transport goods from point A to point B, a fertile landscape that attracts as much competition as it provides wealth). The country's history serves as a laboratory for testing how the state has pursued those imperatives and what circumstances have charted its path. What conditions were in place for the state to fail, to prosper, to avoid getting entangled in the collisions of bigger states, to live in relative peace? We take the known and perceived facts of the past, we enrich them with anecdotes from literature, poetry and song, and we paint a colorful image of the present textured by its past. Then comes the hard part: having the guts to stare into the future with enough discipline to see the constraints and enough imagination to see the possibilities. In this practice, extrapolation is deadly, and an unhealthy obsession with current intelligence can be blinding.
Take Turkey, for example. For years, we have heard political elites in the United States, Eastern Europe and the Middle East lament a Turkey obsessed with Islamism and unwilling or incapable of matching words with action in dealing with regional competitors like Iran and Russia. Turkey was in many ways overlooked as a regional player, too consumed by its domestic troubles and too ideologically predisposed toward Islamist groups to be considered useful to the West. But Turkey's resurgence would not follow a linear path. There have been ripples and turns along the way, distorting the perception of a country whose regional role is, in the end, profoundly shaped by its position as a land bridge between Europe and Asia and the gatekeeper between the Black and Mediterranean seas.
How, then, can we explain a week's worth of events in which Turkey launched airstrikes at Islamic State forces and Kurdish rebels while preparing to extend a buffer zone into northern Syria — actions that mark a sharp departure from the timid Turkey to which the world had grown accustomed? We must look at the distant past, when Alexander the Great passed through the Cilician Gates to claim a natural harbor on the eastern Mediterranean (the eponymous city of Alexandretta, contemporarily known as Iskenderun) and the ancient city of Antioch (Antakya) as an opening into the fertile Orontes River Valley and onward to Mesopotamia. We move from the point when Seljuk Turks conquered Aleppo in the 11th century all the way up to the crumbling of the Ottoman Empire in the wake of World War I, when a fledgling Turkish republic used all the diplomatic might it could muster to retake the strategic territories of Antioch and Alexandretta, which today constitute Hatay province outlining the Syrian-Turkish border.
We must simultaneously look at the present. A contemporary map of the Syria-Turkey border looks quite odd, with the nub of Hatay province anchored to the Gulf of Iskenderun but looking as though it should extend eastward toward Aleppo, the historical trading hub of the northern Levant, and onward through Kurdish lands to northern Iraq, where the oil riches of Kirkuk lie in what was formerly theOttoman province of Mosul.
We then take a long look out into the future. Turkey's interest in northern Syria and northern Iraq is not an abstraction triggered by a group of religious fanatics calling themselves the Islamic State; it is the bypass, intersection and reinforcement of multiple geopolitical wavelengths creating an invisible force behind Ankara to re-extend Turkey's formal and informal boundaries beyond Anatolia. To understand just how far Turkey extends and at what point it inevitably contracts again, we must examine the intersecting wavelengths emanating from Baghdad, Damascus, Moscow, Washington, Arbil and Riyadh. As long as Syria is engulfed in civil war, its wavelength will be too weak to interfere with Turkey's ambitions for northern Syria, but a rehabilitated Iran could interfere through Kurdistan and block Turkey farther to the east. The United States, intent on reducing its burdens in the Middle East and balancing against Russia, will reinforce the Turkish wavelength up to a point, while higher frequencies from other Sunni players such as Saudi Arabia will run interference against Turkey in Mesopotamia and the Levant. While Russia still has the capacity to project military power outward, Turkey's moves in Europe and the Caucasus will skirt around Russia for some time, but that dynamic will shift once Russia becomes consumed with its own domestic fissures and Turkey has more room to extend through the Black Sea region.

Read more . .  Quantum Geopolitics


Jul 20, 2015

US-CERT: Vulnerability Summary for the Week of July 13, 2015

Bulletin (SB15-201)

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology(NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit theNVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

Read more . .
https://www.us-cert.gov/ncas/bulletins/SB15-201

Computer History Museum Videos

Slashdot: Your Rights Online

Public Key Cryptography: Diffie-Hellman Key Exchange

European Public Policy Blog