ISDPodcast Episode 229 for October 7, 2010. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, and Karthik Rangarajan.
Announcements:
Bsides Atlanta:
http://www.securitybsides.com/BSidesAtlanta
When: Friday, October 8, 2010
Where: Think Inc World HQ, 1375 Peachtree St. Suite 600, Atlanta, Ga (The Earthlink Bldg).
http://bsidesatlanta.eventbrite.com/
MyHardDriveDied.com Data Recovery Class:
http://www.myharddrivedied.com
Dallas, TX – October 11th – 15th
Washington, DC – December 6th – 10th
Use the Discount Code: isdpodcast for a $300 discount.
Phreaknic:
http://www.phreaknic.info
When: Oct 15-17 2010
Where: Nashville, TN
Hack3rCon:
http://www.hack3rcon.org
When: Oct 23-24 2010
Where: Charleston, WV
Stories of Interest:
[Keith: Sounds strangely familiar, along the lines of the private sector. Not much differs between the two based on the findings of this study. Both sides of the fence are willing to bend the rules to get the job done. The stickler is, while the private sector in many cases does not have the same level of required controls as the government,neither side is willing to fully comply where required when it will impede on someones ability to perform a job. To the point where the protection of sensitive information is overlooked when compared to ease of access and mobility of that information.
Interesting stats from the report:
73 percent indicate that cybersecurity restrictions create productivity-related challenges in their working environment.
52 percent report that they access information from home instead of the office in order to circumvent their agency’s cybersecurity measures.
36 percent experience project delays resulting from cybersecurity restrictions.
Other frequent concerns include impeded communication with agency and non-agency employees (30 percent and 25 percent, respectively)
65 percent implement at least one alternative method when denied access to information they need for their work.
42% of surveyed respondents indicate that the most common method of accessing information when restricted by cybersecurity measures is using a non-agency device
A majority of respondents cannot:
- access video sharing websites (65 percent)
- social networking websites (59 percent)
- messaging services (56 percent)
- cannot access webmail (49 percent).
One-third of respondents indicate they are not provided with a mobile device by their agency.
- Interesting in that if they do not provide a mobile device thereby promoting the use of personal devices to likely access information remotely via their personal device.
Officials from 28 federal agencies say cyber-security measures impact productivity by restricting access to information and delaying communications with others, according to a Government Business Council survey. Officials say they often bypass security controls on purpose to get things done.
Despite their bosses’ insistence on strong cyber-security in government, federal officials find those measures get in the way of doing their jobs, according to the results of a Government Business Council survey released Sept. 30.
Federal executives said cyber-security measures impacted “information access, computing functionality and mobility” and reduced their productivity, according to the Cybersecurity in the Federal Government survey in May.
“Surveyed federal executives believe that cyber-security policies and procedures should be modified to provide more emphasis on the importance of allowing federal managers to achieve their agency’s mission,” said Bryan Klopack, GBC’s director of research.
About 62 percent of the respondents said security restrictions prevented them from getting information from certain Websites or using applications related to their jobs. Blocked sites included video sites, messaging services and news sites, according to the survey. Slow computer performance and the inability to access information remotely were other obstacles cited.
Many commercial off-the-shelf (COTS) products do not meet the necessary security standards, Bernd Kowalski of the Federal Office for Information Security told the ISSE 2010 conference in Berlin.
“There is an increasing demand for security certified products, particularly in the US and Europe,” he said.
In response, the Common Criteria for Information Technology Security Evaluation standards committee has suspended development of general criteria to focus on emerging technologies, said Bernd.
Criteria for smart metering, cloud computing and other emerging technologies are being fast-tracked, he said, to ensure that security, informed by best practice and current legislation, is included by design.
Ideally, said Bernd, a combination of regulation, legislation and independent technology standards for IT security will become the driving force for securing technologies.
“Hopefully, in future, security will be governed by these standards and implemented in the design phase rather than being added in response to security incidents,” he said.
News: http://www.computerworld.com/s/article/9188982/Stuxnet_code_hints_at_possible_Israeli_origin_researchers_say
Security researchers today offered another tantalizing clue about the possible origins of the notorious Stuxnet worm, but cautioned against reading too much from the obscure tea leaves.
In a paper released today and presented at a Vancouver, British Columbia security conference, a trio of Symantec researchers noted that Stuxnet includes references in its code to the 1979 execution of a prominent Jewish Iranian businessman.
Buried in Stuxnet’s code is a marker with the digits “19790509″ that the researchers believe is a “do-not infect” indicator. If the marker equals that value, Stuxnet stops in its tracks, and does not infect the targeted PC.
The researchers — Nicolas Falliere, Liam O Murchu and Eric Chen — speculated that the marker represents a date: May 9, 1979.
“While on May 9, 1979, a variety of historical events occurred, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community,” the researchers wrote.
News: http://www.straitstimes.com/BreakingNews/World/Story/STIStory_585904.html
IRAN’S intelligence minister said on Saturday authorities had arrested several ‘nuclear spies’ who were working to derail Tehran’s nuclear programme through cyberspace.
Without saying how many people were arrested or when, Heydar Moslehi was quoted on state television’s website as saying Iran had ‘prevented the enemies’ destructive activity’.
His remarks came against the backdrop of reports that the Stuxnet worm is mutating and wreaking havoc on computerised industrial equipment in Iran and had already infected 30,000 IP addresses.
But Mr Moslehi said intelligence agents had discovered the ‘destructive activities of the arrogance (Western powers) in cyberspace, and different ways to confront them have been designed and implemented’.
News: http://www.theregister.co.uk/2010/09/30/cyber_command_delay/
The US military’s central Cyber Command will not become operational as had been planned, according to Pentagon spokesmen. Issues responsible for the delay include difficulties finding suitably qualified staff among America’s uniformed legions, and also the fact that it isn’t even clear what “operational” means for a cyberforce.
The delays are reported by Stars & Stripes. “I don’t know that the 1 October deadline is holding strong and fast,” military spokeswoman Lieutenant Colonel Rene White told the military paper, asked if Cyber Command would indeed be operational as US defence secretary Robert Gates had specified it should be.
Asked what “fully operational” would actually mean for the cyber command, the colonel replied: “That’s a good question.”
Cyber Command, which is bossed by the head of America’s feared National Security Agency (NSA) and has its headquarters at the same complex (Fort Meade in Maryland) was created to bring the nascent cyberwar forces of the separate American armed services together. These include the US 24th Air Force, Fleet Cyber Command, Army Forces Cyber Command and Marine Forces Cyber Command.