Looks like Congress has declared war on the internet
Mathew Ingram

"… the Stop Online Piracy Act, introduced in the House this week, would give governments and private corporations unprecedented powers to remove websites from the internet on the flimsiest of grounds, and would force internet service providers to play the role of copyright police."


How secure is HTTPS today? How often is it attacked?
Peter Eckersley

"HTTPS is a lot more secure than HTTP! If a site uses accounts, or publishes material that people might prefer to read in private, the site should be protected with HTTPS. Unfortunately, is still feasible for some attackers to break HTTPS."


Janet Napolitano: Hackers have 'come close' to major cyberattack
Ed O'Keefe

"Hackers have "come close"several times to shutting down elements of the nation's infrastructure, she said, noting that Wall Street firms and transportation systems are frequent cyberattack targets."


Infrastructure at Risk From Feds' Failure to Share Info, Security Researchers Charge
Kim Zetter

"If the government really wants to protect the nation's electrical grid and critical infrastructure from hackers and other attackers, it's got to change the way it communicates with the people in charge of securing those systems."


Cybersecurity–More than a good headline

"A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy."


Ghosts from the machines: ten years of carelessly discarded data

"The research found 30 percent of drives currently making their way onto the second-hand market had data on them and that over the last ten years four out of every time drives contained data. And according to the CSRI's figures, over the last five years some 95.6m Gigabytes of data have been discarded on UK hard drives alone."


Hackers Interfered With Two U.S. Satellites, Draft Report Says
Tony Capaccio and Jeff Bliss

"Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to the final draft of a report by a congressional commission."


Swedish password hacking scandal widens
Jan Libbenga

"Sweden suffered its worst internet security breach in history, with over 210,000 login details across least 60 websites made public, including personal identity numbers of journalists, MPs and celebrities."


National Security Agency helps banks battle hackers
Andrea Shalal-Esa and Jim Finkle


"The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks, according to interviews with U.S. officials, security experts and defense industry executives."


Does Cybercrime Pay?
Mathew J. Schwartz

"How many millionaire or even billionaire spam and malware kings are at large? Estimates of the annual cybercrime tab vary widely, from $560 million to $1 trillion per year."


Blunkett: France tapped UK government emails
Stuart Sumner

"Former Labour minister David Blunkett revealed today that French president Nicolas Sarkozy had admitted that France was tapping UK government emails while he was Home Secretary."


Grid Cyber Security: Removing the Reality Distortion Field
Eric Knapp

"… others might claim that the Smart Grid is something grander and more elusive. The problem is that it's part fantasy and part reality, and each area is being developed and deployed differently depending on who you talk to."


Cyberattacks hit Japanese embassies, consulates in 9 countries


"Computers at several of Japan's overseas diplomatic missions have been hit by cyberattacks, a report said Wednesday, just a day after it was revealed the Diet had been targeted. Computers at embassies and consulates in nine countries were infected with viruses in the summer…"


A Cybersecurity Nightmare
Scott Borg

"Shadowy figures plant malicious software, or "malware," in our computers. They slip it into e-mails. They transmit it over the Internet. They infect us with it through corrupted Web sites. They plant it in other programs."


Cybersecurity and the missing sense of urgency
Melissa Steffan

"Daily cybersecurity intrusions are threatening America's ability to remain the world leader in innovation, yet few are paying attention…"


Cyber attack, the new battle line

"Today, most Government departments and citizen services delivery agencies are hooked to the Internet. An innocent click on an unknown email attachment can download a hidden malware onto the computer and allow attackers to gain real-time control of the system, steal passwords or hack sensitive information."


Anonymous Hackers Take Down Child Porn Websites, Leak Users' Names
Matt Liebowitz

"The Anonymous campaign began Oct. 14, when members of the hacktivist group found a cache of child-pornography websites while browsing a secret website called the Hidden Wiki, a guidebook to hundreds of underground websites invisible to search engines and regular Internet users."


Scandinavia wants cyberwar weapons

"Finland has joined Sweden in plans to build an offensive capability as part of its national online defence arsenal. The nation's Ministry of Defence aims to create malware and exploits to launch online counter-attacks to threats."


Nation-State Cyberwar Targets US Industry
Pamela Tsai

"Cyberwarfare being conducted by a nation-state against private sector industries and government agencies in the United States and abroad is gaining recognition as a serious threat to both national security and the US economy."


Researchers Release Attack Tool That Cripples Secure Websites
Kim Zetter

"Researchers have released an attack tool that makes it trivial for anyone to take down websites that allow users to connect via secure connections."


Anonymous has tools to take down critical infrastructure, says Sourcefire

"Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web-based applications and windows systems) by employing tactics such as denial of service."

Building a Cyber Intelligence Team
Jeffrey Roman

"…in cyber intelligence, you need analytical kinds of folks, you need people who understand the network environment who have an operational background. ... The beauty is, it's a lot of the skill sets we have, but it's really more about the approach of how do you integrate those skill sets into an end-to-end process."


China proposes 'traffic rules' to secure cyberspace

"In September, China, together with Russia, Tajikistan and Uzbekistan, submitted to the 66th session of the UN General Assembly an "International Code of Conduct for Information Security," with a view to launching an open and transparent process for developing, within the framework of the United Nations, international norms and rules for information and cyberspace security."


Philippines now haven for transnational cyber-crime groups—police
Dona Z. Pazzibugan

"A top Philippine National Police official said the country has become a "haven" for transnational organized crime syndicates involved in cyber pornography, cyber sex dens, illegal online gambling, credit card fraud and identity theft due to weak laws against cyber crimes and the poor technical know-how of law enforcers."


Balancing act: Cybersecurity vs. cuts
Jennifer Martinez

"The Defense Department is trying to beef up protection of the nation's computer networks and, at the same time, embrace cyberwarfare as part of the nation's potential offensive arsenal — but in an era of tighter budgets."


Energy Department Discloses Cyber Attacks

"The U.S. Department of Energy has been hit by recent successful cyber attacks and needs to do more to protect its computer systems, the department's internal watchdog said…"


ISO ratifies ISO/IEC 27035:2011 security standard

"According to the business standards organization, the principles embodied in 27035:2011 will help organizations reduce the impact of IT security threats if they adopt the security incident management approach seen in the new standard."


Fridge magnet poses security threat to iPad 2
Rosa Golijan

"…it turns out that anyone with an Apple Smart Cover or other magnetic accessory — including something like a simple fridge magnet — can gain partial access to a passcode-protected iPad 2."


Beli: Kes tipu melalui Internet meningkat

"Sebanyak 1,241 kertas siasatan berhubung kes penipuan pembelian barangan melalui Internet telah dibuka oleh Polis Diraja Malaysia (PDRM) sepanjang sembilan bulan pertama tahun ini, membabitkan kerugian hampir RM3 juta."


Investigation reveals widespread insider hacking at immigration agency
Aliya Sternstein

"A yearlong probe into computer fraud at an immigration application processing center uncovered multiple incidents of internal hacking where staff accessed management-level emails and other confidential files…"


Government vs. Commerce: The Cyber Security Industry and You 
Richard de Silva

"As the recent Chatham House report on the UK's reliance on – and failings of – the private sector to safeguard our national infrastructure made clear, it is now more pertinent than ever to assess the data security industry and its progressive capabilities."


Stuxnet Malware Analysis Paper

"Stuxnet is not only a new virus or worm but it's a new era of malware. This virus changed the meaning of malware and their goals. You hear about a virus annoying people or stealing banks or credit cards, but that's the first time you hear about virus damages buildings, destroys machines or kills people and that's Stuxnet."


A Friday Rant on Cybercrime Legislation
Nick Selby

"The problem with cyber-legislation, therefore, is that it is not being driven by demands by judges and juries and prosecutors and cops and city officials and stakeholders for better clarity into the issues and better tools with which to do the job, but rather by chest-pounding lawmakers seeking to "do something"…"

Confessions Of A Tunisian Hacktivist
Mouna El Mokhtari

"K3vin Mitchnik, whose pseudonym is a tribute to the great American hacker turned computer consultant, Kevin Mitnick, is a 25 year old Tunisian cyber activist who has played a crucial role in the recent Jasmine Revolution in his country, which helped overthrow the previous regime and sparked the Arab Spring across the Middle East."


US Cyber Attack on Pakistan?

"After a reportedly successful US-Israeli stux-net cyber attack on Iranian nuclear installations last year, there is now a report in the New York Times that the Obama administration has considered deploying cyber warfare against Pakistan as well."


Cyber war issue is a great opportunity for UK tech industry

"Internet engineering entrepreneur believes UK tech industry must seize the opportunity to lead the charge against the very real threat of cyber warfare."


Tech Insight: The Smart Way To Gather Security Intelligence

"…one of the things we must do is extract meaningful information from logs while reducing the false positives and redundant information."


US official rules out chance of 'cyber war' with China
Cheng Guangjin

"Claims that China launched cyber attacks against the US flared up earlier this year, centering on intrusions into the websites of US military contractors and the Google e-mail accounts of US officials. Beijing has denied any government involvement."


Cybersecurity drills useful but risky
Ellyne Phneah

"More organizations worldwide are engaging in cybersecurity drills, which are more hands-on and practical in preparing employees for real incidents of cyberattacks, according to security experts. Such tests, however, can be problematic especially in large organizations and carry risks, they cautioned."


Advancing the National Strategy for Trusted Identities in Cyberspace: Government as Early Adopter
Howard A. Schmidt

"National Strategy for Trusted Identities in Cyberspace (NSTIC) to address two challenges that can affect economic growth online: (1) the insecurity and inconvenience of static passwords and (2) the cost of transactional risks that arise from the inability of individuals to prove their true identity online. The solution proposed by NSTIC is a user-centric "Identity Ecosystem" built on the foundation of private-sector identity providers."

Establishing a National CSIRT in Africa - Kenyan Case Study
Mwende Njiraini

"The paper proposes the publishing of a national Cybersecurity strategy to support the provisions of the Kenya Information and Communications Act, 2009 which proscribes cybercrime acts including unauthorized access to computer data and interception of computer service, publishing obscene information, electronic fraud among others. To facilitate the enforcement of these provisions and improve cybersecurity in Kenya this paper recommends a process for the institutionalisation of a national Computer Security Incident Response Team (CSIRT) based on a public private partnership (PPP) model."


NSA whistleblower details intelligence cock-ups :'Government and companies routinely abuse data privacy'
Iain Thomson

"Web 2.0 Summit Thomas Drake, the whistleblower who exposed the NSA's failings on digital surveillance, has said that the US is behind the curve on internet monitoring and has been playing fast and loose with privacy rules."

Cloud Computing - Maze in the Haze



"The cloud traverses international borders, taking our data with it and leaves us with a trail of concerns about data access, security and availability. After all these years, the question remains "Are we ready to move our data to the clouds?"…"


The CyberProtect Simulation

"Cyber Protect is a flash-based network security simulation game in which you take the seat of a cyber security architect and you have to work within a budget to purchase components to defend your network against evil hackers."


W32.Duqu: The Precursor to the Next Stuxnet

"Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."


U.S. Debated Cyberwarfare in Attack Plan on Libya
Eric Schmitt and Thom Shanker

"…Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Qaddafi government's air-defense system, which threatened allied warplanes."


Britain Would Strike First in Cyberwar, Government Says

"Britain is prepared to strike first to defend itself against a cyber attack from an enemy state, Foreign Secretary William Hague said Tuesday. His warning was the first clear signal that the UK has developed new weapons for the online battlefield."


Pakistan to open cyber warfare school

"The army has teamed up with NUST School of Electrical Engineering and Computer Science to open in 2012 the new cyber-defence school, which will admit 30 students a year for a four-year course."


SEC wants companies to disclose their data breaches

"The Securities and Exchange Commission (SEC) has formally asked corporations to report data breaches and cyber crimes. The new guidelines issued by the SEC state that publicly traded companies must report cybertheft or attack and any risks associated with data."


US Defense Department hit with £3.1bn data breach lawsuit
Jaikumar Vijayan

"The US Department of Defense has been hit with a $4.9 billion (£3.1 billion) lawsuit over a recently disclosed data breach involving TRICARE , a healthcare system for active and retired military personnel and their families."


Software Pirate Cracks Cybercriminal Wares

"Xylitol spent several years devising and releasing "cracks," software patches that allow people to use popular commercial software titles without paying for a license. Cracks are frequently bundled with backdoors, Trojans and other nasties, but Xylitol claims his group never tainted its releases"


Securities and Exchange Commission tells companies to disclose cyber attacks
Jim Finkle and Sarah N. Lynch

"U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes. The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses."


Akamai: Cyber spies are hiding behind Anonymous
Tom Espiner

"Nations are launching distributed denial of service (DDoS), and data-stealing attacks against other states for espionage purposes, and claiming to be Anonymous or LulzSec…"

Welcome to the World of Cyber-Terror Vulnerability
Judith Miller

"The mysterious, world-wide virus that crippled BlackBerrys this week and spread like the plague – more on that threat later – across crossing oceans and five continents may spell financial catastrophe for the struggling Research In Motion aka RIM, whose stock shares have lost 60 percent of their value since the start of the year."

Cybercrime becomes bigger threat to energy industry than terrorists
Tom Fowler

"In years past, discussions about security in the energy industry usually focused on protecting refineries from terrorist attacks and overseas workers from kidnapping. Today, the greater threat is the digital theft of competitive information or technical data by outside hackers or unscrupulous employees…"


The Quest For Cyber Peace
Dr Hamadoun I. Touré

"Vulnerabilities within operating systems, software, and security settings enable exploits that threaten basic services to civilian populations, facilitate economic espionage, and impact government operations. Viruses, worms, distributed denial of service (DDoS) attacks, theft of proprietary data, spam, and fraud all undermine the reliability of ICTs and the ability of societies and economies to function."


James Fallows

"As a reminder: in cloud-based systems, users turn the management and protection of crucial data and services over to third parties, and then call up information as necessary via the Internet. For individuals, the appeal is that e-mail held "in the cloud" by Google, Yahoo, Microsoft, et cetera, is available wherever there is an Internet connection, rather than being lodged on any one machine."

Terrorists yet to turn to cyberattacks
Austin B. Smith & Laurenne Wallman

"Despite their prevalent, tech-savvy online presence, terrorist groups may not have demonstrated the ability -- or even interest in attaining the ability -- to launch cyberattacks, experts said."

London Olympics IT team prepares for cyber and physical attacks
Rosalie Marshall

"As part of securing the system, the TOC will hold "technology rehearsals" where different scenarios will be simulated that may cause problems with the IT systems. Some of these scenarios would be cyber security related while others would be physical attacks, Pennell said."

Cybersecurity Legislation Tracker

"Congress is actively drafting legislation to address the mounting cybersecurity concerns of the federal government and private sector. We are tracking some of the more significant efforts and developments on the Hill, including proposed bills, hearings, and task forces. Updates are posted chronologically."


Freedom and security in cyberspace

"Inevitably, given the pervasiveness of information technology, cyberspace is also becoming a question of security. After land, sea, air and space, cyberspace is now the fifth dimension of warfare."


Government system against cyber-attacks insufficient / Information security council must eliminate conflict between ministries, gain private sector support

"The government on Friday held an emergency meeting of the Information Security Policy Council, chaired by Chief Cabinet Secretary Osamu Fujimura, to launch full-scale efforts throughout the government. However, there will be numerous obstacles unless the government can eliminate conflicts among concerned ministries and agencies, and gain cooperation from the private sector."


German hackers say government Skype spying tool is full of holes
Jeremy Kirk

"An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club."


Possible Governmental Backdoor Found ("Case R2D2")

"Chaos Computer Club from Germany has tonight announced that they have located a backdoor trojan used by the German Government."


Cyber attack tests for Olympic Games computer systems

"Simulated cyber attacks will be carried out on the computer systems running London's 2012 Olympic Games. A series of worst-case scenarios are to be played out in March and May, just months ahead of the Games' opening. They include a massive denial of service attack on the official website, and a virus getting onto organizers' computers."


Citigroup Sued by Cardholders Over May Security Breach
Patricia Hurtado

"Citigroup Inc., the third-largest U.S. bank, was sued by cardholders over a May computer security breach that affected more than 360,000 accounts."


House GOP Cyber Task Force Touts Industry Leadership
Jessica Herrera-Flanigan

"The House Republican Cybersecurity Task Force released its long-awaited recommendations today explaining why "the House should devote time and energy to an issue that is not at the top of the public's expressed priorities." The report notes that cybersecurity should be a priority because cyber is a major national security issue, the threat is real and immediate, and cyber is connected to our economy and job creation."


Computer Virus Hits U.S. Drone Fleet
Noah Shachtman

"A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones."


RAF Drones At Risk As Virus Hits US Planes
Pete Norman

"Britain's fleet of Predator drones are at risk of contracting a recurring computer virus after it infected the US fleet operating from the same military base."


Biggest identity theft bust of its type in U.S. history
Aman Ali

"Police said on Friday they eavesdropped on thieves speaking Russian, Mandarin and Arabic to make the biggest identity theft bust of its kind in U.S. history against a $13 million crime ring specializing mainly in selling Apple electronics overseas."


Brazil's cybercrime evolution - it doesn't look pretty
Carole Theriault

"Brazil is a country with a reputed 73 million computers connected to the internet. More than half of these are used for online banking. Purely focusing on Brazilian victims can mean rich pickings for cybercriminals, who managed to steal a whopping $900 million in 2010."


SMS-Based Security Measures Implemented by Banks Are Not Foolproof
Eduard Kovacs

"Researchers recently discovered that by using a combination of the infamous SpyEye Trojan and social engineering techniques, hackers can easily take over someone's bank account without their knowledge, proving that OOBA systems which were once believed to be foolproof are actually not too difficult to bypass."


The Cyber Proliferation Threat
Eddie Walsh

"The United States might not be quite as far ahead of other nations in terms of cyber capabilities as many people think – including potential rivals in the Asia-Pacific, analysts say. It should be a sobering thought for US policymakers at a time when national security analysts around the world have grown increasingly vocal over the proliferation of offensive cyber capabilities by state and non-state actors."


UAE ups its battle against cybercrime
Bindu Suresh Rai

"Cybercrime in the UAE has tightened its noose around end users in recent years, with last year alone seeing $600 million spent in the country to combat this very threat."

The National Technical Research Organisation's
 ethical hackers to conquer China
Rakesh K Singh

"The National Technical Research Organisation (NTRO), premier technical intelligence agency, has hired a team of ethical hackers to counter the ever-increasing threat of Red Army — a state-funded group of Chinese hackers — to sensitive Government websites, critical infrastructure and secure the space-based assets from cyber attacks."

UK Anti-Cybercrime Measures Pay Off
Eduard Kovacs

"It seems as results are already showing as after 6 months the first reports revealed that the economy is £140 million ($218 million or €161 million) richer because of the actions of the unit."


Analysis: Dim Prospects for Cybersecurity Law in 2011
Melissa E. Hathaway

"…I tallied up all of the pending cybersecurity bills. The number is 32, excluding the intelligence and defense authorization bills. The wide range of topics contained in these bills includes: proposed changes to organizational responsibilities; instituting compliance and accountability mechanisms; implementing data accountability standards and reporting requirements for personal data privacy…"


Betfair Kept Chips About Cyber Attack…Oops!
Neha A

"…they did not inform customers of a major cyber attack which took place just 18 months ago. According to the news reports, millions of credit cards details were stolen. Together with over 3.1 million account names, including encrypted security questions, plus 2.9 million usernames, and almost 90,000 bank account details with account usernames."

U.S. government simulates cyber attack for training
Tabassum Zakaria

"The cyber attack exercise was part of a weeklong training program that the Department of Homeland Security offers to industries to help them learn how to deal with intrusions into their computer networks"

"DHS is concerned about growing cyber threats to industries and conducts the training exercise about once a month. The sessions, aimed at raising awareness about how to deal with a real cyber attack, have been attended by representatives of the energy, oil and gas, and transportation sectors, among others."

US: Cyber attacks on utilities, industries rise

"U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government's first media tour of secretive defense labs intended to protect the nation's power grid, water systems and other vulnerable infrastructure."

8 Reasons for Denial-of-Service (DoS) Attacks
Lenny Zeltser

"Denial of Service attacks (DoS) affect numerous organizations connected to the Internet. They disrupt normal business operations, are practically impossible to prevent and are costly and time-consuming to handle. It pays to spend some time understanding the way a DoS incident might affect your organization and how you might handle the situation."

PwC Debuts Cyber Security Video Series on Fraud Forum

"PwC's Fraud Forum has launched a Cyber Security Video series featuring overviews and insight on the cybercrime landscape and in-depth discussions of what organizations can do to protect themselves from compromise. The three videos: "Are you prepared for today's cyber threats?," "Cyber attacks: where will they strike next?" and "Cyber crisis management" are the first in the series of video panels of law, cyber forensics and crisis communication professionals providing their perspective on key issues in the cyber security community."