Active Cyber Defense: A Framework for Policymakers | Center for a New American Security. Weekend reading material. Enjoy RSA Conference!
Archive | February, 2013
Schneier on Security: More on Chinese Cyberattacks. Schneier disagrees with active defense. From the post: Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind […]
Security Manager’s Journal: Did DLP tool prevent an assault? – Computerworld. The article discusses how a company practically uses DLP solutions to reduce the risk associated with traditional computer crimes. The interesting item here is the statement that likens the company’s limitation on privacy to the plain view doctrine in law enforcement.
Woman: This call is now being recorded. Brandon Dunlap: Good morning, Mr. Wilcox. Spencer Wilcox: Hey, how are you, Brandon? Brandon: I’m just about halfway through my first cup of coffee so forgive me if I’m a little slow with you this morning. Spencer: That’s all right. Brandon: Well, do you still have time […]
http://www.wired.com/threatlevel/2013/02/legal-basis-killing-americans/ From the article: The paper’s basic contention is that the government has the authority to carry out the extrajudicial killing of an American citizen if ‘an informed, high-level official’ deems him to present a ‘continuing’ threat to the country. This sweeping authority is said to exist even if the threat presented isn’t imminent in […]
Emphasis added “New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.” via Broad Powers Seen for Obama […]
An interesting use of force, compromising the attacker’s machine, but for the purposes of tracking instead of outright disruption/destruction. “In 2007, the IT team of a Chennai-based drug maker detected heavy traffic on servers connected to its research lab. The company was developing an anti-asthma molecule, and it suspected that a hacker was stealing the […]