http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/ From the article: Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber operations. Many intelligence agencies have […]
http://p.washingtontimes.com/news/2013/oct/3/cyber-mass-shooter-poses-future-threat-computer-se/ What a great article. Of course General Hayden’s comments beg the question, how do you stop a criminal, if you can’t defend yourself? This really goes directly to the need to be able to respond to an immediate threat with a proportional use of force in self-defense. Of course, some will argue that it […]
According to Ellyne Phneah‘s piece at ZDNet, Rob Rachwald, senior director of research at FireEye observed that the security industry today is keen on attributing malware to a specific region or group in an effort to assign blame. [H]e pointed out attribution to malware was not key in combating cybercrime because it did little to […]
…then only outlaws will have guns. Or so goes the old saying. The Senate Armed Services Committee wants to get control of those pesky cyber weapons that are available for purchase by just about anyone by establishing an arms control regime along the lines of what’s done for missiles, tanks, and fighter jets. via The […]
hp’s Rafal Los, the WhiteRabbit on why hackback is a bad idea. No argument. Its probably a bad idea to hackback, unless you are reasonably certain that: a) you are the toughest kid on the playground; or B) you have nothing left to lose, because it is a matter of life or death. Much like […]
Spat between two Dutch companies sparks record-breaking 300Gbps DDoS attack – Yahoo! News. So, Spamhaus blacklists a hosting company, then Spamhaus gets hit by 300 GBPS of DDOS action. Looks like for Cyberbunker, there was immediacy, and there was a proportional response in the Disrupt spectrum, at least if Cyberbunker is doing it. Why proportional? […]
Active Cyber Defense: A Framework for Policymakers | Center for a New American Security. Weekend reading material. Enjoy RSA Conference!
Schneier on Security: More on Chinese Cyberattacks. Schneier disagrees with active defense. From the post: Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind […]
Security Manager’s Journal: Did DLP tool prevent an assault? – Computerworld. The article discusses how a company practically uses DLP solutions to reduce the risk associated with traditional computer crimes. The interesting item here is the statement that likens the company’s limitation on privacy to the plain view doctrine in law enforcement.
Woman: This call is now being recorded. Brandon Dunlap: Good morning, Mr. Wilcox. Spencer Wilcox: Hey, how are you, Brandon? Brandon: I’m just about halfway through my first cup of coffee so forgive me if I’m a little slow with you this morning. Spencer: That’s all right. Brandon: Well, do you still have time […]
Follow @orlandodoctrine on Twitter