hp’s Rafal Los, the WhiteRabbit on why hackback is a bad idea. No argument. Its probably a bad idea to hackback, unless you are reasonably certain that: a) you are the toughest kid on the playground; or B) you have nothing left to lose, because it is a matter of life or death. Much like […]
Spat between two Dutch companies sparks record-breaking 300Gbps DDoS attack – Yahoo! News. So, Spamhaus blacklists a hosting company, then Spamhaus gets hit by 300 GBPS of DDOS action. Looks like for Cyberbunker, there was immediacy, and there was a proportional response in the Disrupt spectrum, at least if Cyberbunker is doing it. Why proportional? […]
Active Cyber Defense: A Framework for Policymakers | Center for a New American Security. Weekend reading material. Enjoy RSA Conference!
Schneier on Security: More on Chinese Cyberattacks. Schneier disagrees with active defense. From the post: Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind […]
Security Manager’s Journal: Did DLP tool prevent an assault? – Computerworld. The article discusses how a company practically uses DLP solutions to reduce the risk associated with traditional computer crimes. The interesting item here is the statement that likens the company’s limitation on privacy to the plain view doctrine in law enforcement.
Woman: This call is now being recorded. Brandon Dunlap: Good morning, Mr. Wilcox. Spencer Wilcox: Hey, how are you, Brandon? Brandon: I’m just about halfway through my first cup of coffee so forgive me if I’m a little slow with you this morning. Spencer: That’s all right. Brandon: Well, do you still have time […]
http://www.wired.com/threatlevel/2013/02/legal-basis-killing-americans/ From the article: The paper’s basic contention is that the government has the authority to carry out the extrajudicial killing of an American citizen if ‘an informed, high-level official’ deems him to present a ‘continuing’ threat to the country. This sweeping authority is said to exist even if the threat presented isn’t imminent in […]
Emphasis added “New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.” via Broad Powers Seen for Obama […]
An interesting use of force, compromising the attacker’s machine, but for the purposes of tracking instead of outright disruption/destruction. “In 2007, the IT team of a Chennai-based drug maker detected heavy traffic on servers connected to its research lab. The company was developing an anti-asthma molecule, and it suspected that a hacker was stealing the […]
Woman: This call is now being recorded. Brandon Dunlap: Did you get a notification? Spencer Wilcox: Yeah, that this call is now being recorded. I consent. Brandon: Perfect. Spencer: OK. Brandon: Wonderful. Well, you’d have to consent, because now there’s a log of you actually accepting the call after hearing that it is being recorded […]