• DHS cybersecurity chief resigns

    Just days after the White House unveiled its comprehensive plan for securing government networks from cyber attacks, one of the government’s top cyber security officials announced that he was resigning; Phil Reitinger, the deputy undersecretary of DHS’s National Protection and Programs Directorate (NPPD), was careful to note that the timing of his resignation was not meant as a reflection or a statement on the recently released government-wide cyber plan; at NPPD, Reitinger was DHS’s senior interagency policymaker and top cyber and computer crimes official.

  • DARPA building stronger cloud cyber defenses

    Pentagon researchers are seeking to develop cloud-based computing networks that can remain operational even while under cyber attack; the Defense Advanced Research Projects Agency (DARPA), the Department of Defense’s advanced research department, is working on a project called Mission oriented Resilient Clouds (MRC) which aims to build resiliency into existing cloud networks to preserve “mission effectiveness” during a cyberattack; the project is still in its early phases of development

  • U.S. intelligence sets up cyber defense office in Estonia

    Since gaining its independence in 1991, Estonia has become one of the most cyber-focused nations in the world; it also has its own experience with cyberwar: in 2007 Russian government-inspired hackers launched a massive cyber attack on Estonia after the Estonian government decided to move a statue commemorating the Red Army from the center of the capital to a more modest location; now the U.S. intelligence community has decided to open an office in the Estonian capital Tallinn to help bolster the fight against cyber-crime

  • Is Google's Chromebook impervious to viruses?

    In a potential blow to the antivirus industry, Google recently announced the release of a series of laptops which the company claims to be so secure that there is no need to buy antivirus software; Chromebooks are designed to run nothing but a browser, which means nothing can be installed on the computer itself; with no executable files to be installed that also means antivirus and the malicious code it protects against have no room on the laptop; but, not all analysts are convinced that Google’s Chromebook is as secure as they claim; this move to a cloud based computer could signal a broader shift that could hamper the antivirus industry’s future prospects

  • Government launches cybersecurity plan

    Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks; under the proposed plan, DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security” ; DHS would also be empowered to set policies and activities for government systems; the plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval; DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate”

  • Memphis flood fear eases, Louisiana and Mississippi brace for worst

    Residents living near the Mississippi River have been battling a record surge of water that is slowly making its way south sending a deluge of water beyond the river’s banks and into nearby communities; on Tuesday, the river’s crest made its way through Memphis hitting near record levels of 47.8 feet; so far the levees along the river have been holding up; residents of Louisiana and Mississippi are bracing for similar record water levels as the crest winds southward; to help ease the pressure on the levee system, the Army Corps of Engineers opened up several spillways on Monday including parts of the Bonnet Carre spillway; the region has received 600 percent more rain than usual for this time of year

  • 25 million more users hit in second cyber attack on Sony

    Japanese electronics giant Sony recently announced that hackers successfully broke into its networks and stole sensitive data from more than twenty-five million online gaming subscribers; the announcement comes days after Sony’s admission that seventy-seven million users had their personal information stolen; in the most recent attack, hackers infiltrated Sony’s Online Entertainment network and stole names, addresses, emails, birth dates, and even phone numbers from online gamers; some analysts estimate that the attacks could cost Sony and credit card companies as much as $1 to $2 billion

  • Hackers crack Nikon's image verification system

    A cyber security firm recently announced that it had successfully hacked Nikon’s image verification system that protects digital photos; ElcomSoft, a cyber security firm, says that its hackers have successfully replicated the electronic signature code from Nikon images allowing it to manipulate photos that still pass authentication tests; Nikon’s Image Authentication System is aimed at verifying digital images to ensure that they have not been tampered with especially when used in forensics, accident reports, or construction documentation; ElcomSoft says that its goal was to raise awareness about the security vulnerability and the company has alerted Nikon to the weaknesses of its system

  • DOJ report finds FBI agents lacks critical cyber security skills

    A recent government report found that the FBI’s cybersecurity experts are incompetent and overly focused on investigating child pornography; the study, conducted by the Department of Justice (DOJ), said that many of the FBI agents trained in cyber security lacked the ability to investigate national security related intrusions and threats; out of the thirty-six agents interviewed, only 64 percent said they had the expertise to handle national security related cyber investigations; the remaining 36 percent “lacked the networking and counterintelligence expertise to investigate national security intrusion cases” ; five agents even admitted that they “did not think they were able or qualified to investigate national security intrusions effectively”

  • Preparing your organization for Stuxnet-like attack

    A cybersecurity expert describes Stuxnet as “this epochal change”; he says that although Stuxnet was of such complexity and required such significant resources to develop that few attackers will be in a position to produce a similar threat in the near future, we now know that the dangers of Stuxnet-like threats are no longer theoretical

  • Strikeout! Yankees release ticket holders' personal data

    Apple and Google, Sony and Microsoft have all made news with security failures in the last weeks; the venerable New York Yankees baseball franchise now joins that list with the release of personal information of half of their season-ticket holders; this is but the latest example of cyber vulnerability owing to human fallibility

  • U.S. reducing number of data centers, moving to the cloud

    The U.S. government operates 2,100 data centers; these centers, together, occupy more than 350,000 square feet; to cut cost and increase security, the government plans to close 137 of the centers by the end of the year, part of a broader plan to close 800 data center within the next five years; in addition, 100 e-mail systems serving about one million government employees will be moved to the cloud

  • Sony's gaming network hacked, Microsoft's follows suit

    Gamers are in a frenzy over Sony’s announcement that its PlayStation network security had been breached, resulting in the exposure of a large amount of each user’s personal and financial information; the first of an expected flood of lawsuits, as well as class action is filed in U.S. District Court; Microsoft announces an exploited vulnerability in one of their game titles leading to phishing attempts, and acknowledged that previously banned “modded” consoles were attaching to the network again

  • Ceelox unveils fingerprint authentication for cloud networks

    Ceelox, Inc. recently announced the release of Ceelox ID Online which is a biometric solution designed specifically for cloud computing applications; users can now use their fingerprints to securely authenticate their credentials, minimizing the threat of having their user name and password stolen or compromised; stolen passwords and online identity theft has risen dramatically in recent years; from mid-2005 to mid-2006 alone, roughly fifteen million Americans were the victims of fraud related to identity theft; with Ceelox ID, users also have the flexibility to use one password for all their accounts to increase flexibility and convenience, while maintaining security

  • Google joins Apple in privacy furor

    iPhones transmit locations back to Apple, and Apple is not alone in this activity; Google has disclosed that its Android cell phones have been transmitting location data for some time; members of the Congress and Senate have begun to demand answers and explanations