Category Archives: General InfoSec

HITCON 2013 Concludes…”No, these are not the Chinese Cyberspies You are looking for, move along, move along…”! Red Dragon Returns from Taiwan…

Posted on by
6

Good Monday Morning from Taipei, Taiwan, Republic of China…

Much in the news to share – take particular note of the growing distrust in the People’s Republic of China’s State Owned Enterprise (SOE) HUAWEI. The United Kingdom is starting to wonder why Huawei’s own employees are reviewing their own telecommunications and networking kit…”No, these are not he Chinese Cyberspies You are looking for, move along, move along…”!

Winning Without Fighting: The Chinese Psychological Warfare Challenge
http://www.heritage.org/research/reports/2013/07/winning-without-fighting-the-chinese-psychological-warfare-challenge

German anxieties over the People’s Republic of China’s rise | Germany | DW.DE | 20.07.2013
http://www.dw.de/german-anxieties-over-chinas-rise/a-16963665?

UK discovers People’s Republic of China’s Huawei UK staff auditing Huawei kit: Govt orders probe •
http://www.theregister.co.uk/2013/07/19/huawei_cybersecurity_centre/

Huawei’s Chinese connection continues to be source of suspicion
http://www.net-security.org/secworld.php?id=15254
People’s Republic of China’s Huawei Tells Accusers ‘Put Up, or Shut Up’ Following Fresh Spying Allegations
http://www.ibtimes.co.uk/articles/492427/20130719/huawei-lashes-out-spying-allegations-cia-uk.htm
Ex-CIA chief Hayden claims People’s Republic of China’s Huawei spies for Chinese state
http://www.scmp.com/news/china/article/1286054/it-goes-without-saying-huawei-spies-china-says-ex-cia-chief
Former CIA boss says aware of evidence Huawei spying for thePeople’s Republic of China
http://www.reuters.com/article/2013/07/19/us-huawei-security-idUSBRE96I06I20130719
Huawei accused of spying for the People’s Republic of China by former CIA boss
http://www.slashgear.com/huawei-accused-of-spying-for-china-by-former-cia-boss-18291022/?
Anatomy of another Android hole – Chinese researchers claim new code verification bypass
http://nakedsecurity.sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/?

People’s Republic of China’s Huawei denies spying for Chinese government
http://www.digitalspy.co.uk/tech/news/a499762/huawei-denies-spying-for-chinese-government.html?rss
People’s Republic of China’s Huawei says CIA chief’s spy claims were ‘politically inspired and racist corporate defamation’
http://www.computing.co.uk/ctg/news/2283637/huawei-says-cia-chief-s-spy-claims-were-politically-inspired-and-racist-corporate-defamation
People’s Republic of China’s Huawei fends off more spying claims and faces UK security review
http://www.fiercewireless.com/europe/story/huawei-fends-more-spying-claims-and-faces-uk-security-review/2013-07-19?

PRISM Causes China’s Public Campaign Against American Companies
Growing Chinese Animosity Following PRISM Revelations Could Threaten Tech Firms’ Prospects In World’s No. 2 Economy
http://www.ibtimes.com/growing-chinese-animosity-following-prism-revelations-could-threaten-tech-firms-prospects-worlds-no

Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace
http://www.osce.org/atu/103500

US Military to Deploy Units Devoted to Cyber Operations
http://www.acqmagazine.com/military-to-deploy-units-devoted-to-cyber-operations/

Enjoy!

Semper Fi,

謝謝
紅龍

Meeting the Number One Chinese Hacker…and Americans making progress in Taipei @ HITCON 2013

Posted on by
3

Good day Folks from HITCON 2013!

An interesting international INFOSEC day indeed! Alliteration aside – today was phenomenal @ HITCON 2013!

For yours truly today’s HITCON 2013 marked the pinnacle of success for the Red Dragon – meeting the Number 1 Hacker from the People’s Republic of China! The gentlemen was very forthright and reminded me in so many ways of the China I knew of in 1983 – earnest, open, honest and willing to share with foreigners – this my friends was the Red Dragon coming face to face with the ‘mysterious’ China Hacking boogeyman – quite frankly, there isn’t one!

What marked today’s events even more inedibly in mind was another group of Chinese Hackers who had purchased multiple copies of my book “21st Century Chinese Cyber Warfare” in order to study and reference the concept of Middle Kingdom Information Warfare Doctrine development in their home country!!!

Wow. If Chinese Hackers are buying a foreigners book, then the Red Dragon has accomplished his mission. Roger out.

The icing on the cake for today was when finished with the Keynote speech I called China’s number 1 Hacker up front on stage and presented him with an autographed copy of the Chinese Hackers new manual…sadly, this fellow wasn’t on the original distribution list with the initial purchase. Yet as he thumbed carefully through the copy in his hands, it was meant to be that he should have a copy of “21st Century Chinese Cyber Warfare” as a gift.

I wonder if all the military & political might focused so negatively on the Middle Kingdom could ever achieve such progress as we experienced today in Taipei @ HITCON 2013…

UK Government Security Adviser To Review People’s Republic of China’s Huawei Cell

http://www.techweekeurope.co.uk/news/government-security-huawei-cell-122238?

No firewall for Macao’s new campus, exempt from the Great Firewall of China – CHINA – Globaltimes.cn
http://www.globaltimes.cn/content/797007.shtml#.UehyNj6G1JE
PRC Officials encouraged to promote ‘mass line’ campaign – SPECIAL COVERAGE – Globaltimes.cn
http://www.globaltimes.cn/content/796861.shtml#.Uehy9T6G1JE

Semper Fidelis my new Chinese Friends!

謝謝

紅龍

Taiwan & Asia’s Premiere Hacking CON – HITCON 2013 – MicroSolved’s own Red Dragon Rising Keynotes

Posted on by
1

Good morning from Taiwan & Asia’s Premiere Hacking CON – HITCON 2013
MicroSolved’s own Red Dragon Rising Keynotes on the comparative cyber convict doctrine of the People’s Republic of China, Russia and Iran!
If you are in Taipei please stop by and say ‘hello’!

Today’s cyber threat situational awareness (SA) includes quite a few items about the People’s Republic of China’s Huawei and the companies efforts to support the Communist Regimes efforts to colonize the world via Operation Middle Kingdom (OP Middle Kingdom). You’ll note that the Brit’s are getting wise to Huawei’s investment initiatives as a possible threat to Her Royal Majesty’s National Security. On a similar track is Saudi Arabia’s investment in Huawei…and thus the high tech colonization of the Middle East has begun. India has already been colonized by Huawei as you’ll read about the significant volume of high tech patents Huawei has purchased in the former British colony.

Please enjoy these cyber threat SA items – more to come I’m certain from HITCON 2013 in 台北, 中華民國 ~ Taiepi, Republic of China.

How the U.S. Uses Information Gained From Spying on Foreign Companies

UK reviews People’s Republic of China’s Huawei security center deal (as you would during a low-level cyberwar)

http://gigaom.com/2013/07/18/uk-reviews-huawei-security-center-deal-as-you-would-during-a-low-level-cyberwar/
http://www.theatlanticwire.com/national/2013/07/how-us-uses-information-gained-spying-foreign-companies/67321/
Britain to review People’s republic of China’s Huawei cyber center to allay security fears

http://www.reuters.com/article/2013/07/18/us-security-britain-huawei-idUSBRE96H0GA20130718
People’s Republic of China’s Huawei under investigation from UK government over security foul play | ITProPortal.com

http://www.itproportal.com/2013/07/18/huawei-under-investigation-from-uk-government-over-security-foul-play/
Government to review People’s Republic of China’s Huawei’s UK cyber security centre

http://www.computing.co.uk/ctg/news/2283352/government-to-review-huaweis-uk-cyber-security-centre
Saudia Arabia’s ITC & People’s Republic of Huawei in partnership to upgrade core network
People’s Republic of China’s Operation Middle Kingdom knows no limits as it focuses colonizaton of Saudia Arabia…

http://www.telegeography.com/products/commsupdate/articles/2013/07/18/itc-and-huawei-in-partnership-to-upgrade-core-network/?
People’s Republic of China’s Huawei Invests in 5G Networks IOT begin High Tech colonizing of world

http://blogs.wsj.com/digits/2013/07/17/huawei-invests-in-5g-networks/?
People’s Republic of China’s Huawei also developing an app to clear Other Storage problem

http://wmpoweruser.com/huawei-also-developing-an-app-to-clear-other-storage-problem/?
HTC-Huawei Merger Should Be Considered, Says JP Morgan Analyst | Tech Biz | The Diplomat

http://thediplomat.com/tech-biz/2013/07/17/htc-huawei-merger-should-be-considered-says-jp-morgan-analyst/?
People’s Republic of China’s Huawei reduces focus on U.S. market

http://news.cnet.com/8301-1001_3-57593961-92/huawei-reduces-focus-on-u.s-market/?
People’s Republic of China’s Hong Kong Ranked Asia’s Most Innovative Market

http://thediplomat.com/pacific-money/2013/07/18/hong-kong-ranked-asias-most-innovative-market/?

People’s Republic of China’s Huawei applied for 56K patents, invested $4.8bn in R&D in 2012
OP Middle Kingom successful as the People’s Republic of China’s High Tech colonization of India is complete.

http://www.thehindubusinessline.com/industry-and-economy/info-tech/huawei-applied-for-56k-patents-invested-48bn-in-rd-in-2012/article4924068.ece

Japan paper’s social media accounts ‘blocked in China’

http://phys.org/news/2013-07-japan-paper-social-media-accounts.html

Is North Korea Poised to Launch a Cyber Attack?

http://www.internationalpolicydigest.org/2013/07/13/is-north-korea-poised-to-launch-a-cyber-attack/?
South Korea accuses North of cyber attacks

http://www.reuters.com/article/2013/07/16/net-us-korea-cyber-idUSBRE96F0A920130716

Semper Fi!

謝謝
紅龍

Red Dragon Rising…Closer to the Middle Kingdom…HITCON 2013 – TaiBei, Republic of China (ROC)

Posted on by
1

Good morning from Taipei, Republic of China (ROC)…

Many interesting cyber stories available today for your reading enjoyment and Cyber Threat SA – of particular note is the People’s Republic of China’s anti-corruption campaign focused on Brit firm GSK…
Another trend is the People’s Liberation Army’s cooperation with Russian military friends from a Naval Littoral power projection perspective…

Enjoy!

Xi urges development through scientific innovation – People’s Daily Online
http://english.peopledaily.com.cn/90785/8330757.html
People’s Republic of China’s US T-bill holdings hit record in May – People’s Daily Online
http://english.peopledaily.com.cn/90778/8330299.html
People’s Republic of China’s Anti-Corruption Campaign: Old Wine in an Old Bottle

http://blogs.cfr.org/asia/2013/07/17/chinas-anti-corruption-campaign-old-wine-in-an-old-bottle/
People’s Republic of China says probe of British GSK part of business climate clean-up – People’s Daily Online
http://english.peopledaily.com.cn/90778/8330200.html
Overseas joint exercise strengthens Chinese navy’s real-combat capabilities
http://eng.mod.gov.cn/DefenseNews/2013-07/12/content_4458425.htm
Chinese military lashes out at Japanese defense report
http://eng.mod.gov.cn/Press/2013-07/12/content_4458304.htm
People’s Republic of China in $5 billion drive to develop disputed East China Sea gas

http://www.reuters.com/article/2013/07/17/us-cnooc-eastchinasea-idUSBRE96G0BA20130717

Barrage of Cyberattacks Challenges Campus Culture
“..most of it thought to be from the People’s Republic of China, with millions of hacking attempts weekly.”

http://www.nytimes.com/2013/07/17/education/barrage-of-cyberattacks-challenges-campus-culture.html?
More foreign companies involved in People’s Republic of China IPR suits
“With fiercer global competition, as well as a tendency for trade protectionism in certain countries, we have seen a remarkable increase in cross-border IPR conflicts,” said Kong Xiangjun, president of the top court’s intellectual property tribunal.

http://www.chinapost.com.tw/china/china-business/2013/07/16/383812/More-foreign.htm
People’s Republic of China’s 50 Cent Party: Pro-China Online Commenters May Also Be Convicts

http://www.techinasia.com/chinas-50-cent-party-prochina-online-commenters-convicts/
Hacking accusations erroneous: Chinese defense spokesman
http://eng.mod.gov.cn/Press/2013-05/31/content_4453733.htm
Cisco stops hiring from People’s Republic of China’s Huawei in India –

http://timesofindia.indiatimes.com/business/india-business/Cisco-stops-hiring-from-Huawei-in-India/articleshow/21113317.cms

Targeted Attacks Hit Asian, European Government Agencies

http://blog.trendmicro.com/trendlabs-security-intelligence/targeted-attacks-hit-asian-european-government-agencies/

We need to develop cyber weapons fast – before our enemies turn them on us –

http://blogs.telegraph.co.uk/technology/micwright/100009376/we-need-to-develop-cyber-weapons-fast-before-our-enemies-turn-them-on-us/
German Military Knew About PRISM: Report

http://www.securityweek.com/german-military-knew-about-prism-report

N.S.A. Leaks Revive Push in Russia to Control Net

http://www.nytimes.com/2013/07/15/business/global/nsa-leaks-stir-plans-in-russia-to-control-net.html?pagewanted=all&_r=0

S. Korea confirms DPRK behind June 25 cyber attack

http://news.xinhuanet.com/english/world/2013-07/16/c_132546181.htm

Semper Fi –
謝謝

紅龍

Red Dragon Rising in the Republic of China (ROC)…Taiwan for HITCON 2013

Posted on by
Reply

Good morning from Taipei, Republic of China – (ROC) Taiwan –

MicroSolved will be presenting at HITCON 2013 here in Taipei this week, among visits to other ‘agencies’…if you are here in Asia and can attend HITCON 2013 this week – please do and drop by to say ‘hello’ as Red Dragon Rising presents entirely in Mandarin Chinese…

Of particular note for today’s Asian Cyber Threat Intelligence SA are stories about the US targeting Chinese Cyber spies…interesting mention in the WSJ about offensive uses of cyber weapons directed at the People’s Republic of China…is the US prepared for the 2nd & 3rd order effects of this type of cyber targeting?

U.S. government and Internet providers target Chinese cyberspies

http://online.wsj.com/article/SB10001424127887324694904578600041603746114.html
Google China Boss John Liu Quits, New Successor Named…it doesn’t seem like a good idea for Google to place a foreigner with no China experience to be taking the role in such a tough market…
http://www.techinasia.com/google-china-boss-john-liu-quits/
Illustrated Guide to the Slowing Economy in the People’s Republic of China

http://blogs.wsj.com/chinarealtime/2013/07/15/chinas-slowing-economy-an-illustrated-guide/?

Discovering Names Of Secret NSA Surveillance Programs Via LinkedIn | Techdirt

https://www.techdirt.com/articles/20130617/13482623512/discovering-names-secret-nsa-surveillance-programs-via-linkedin.shtml
EU Commissioner: We Don’t Want U.S. Reading Our Mail and Listening to Our Phone Calls
The growing National Security scandal is poised to spark even stronger data-protection laws in Europe…

http://allthingsd.com/20130715/eu-commissioner-we-dont-want-u-s-reading-our-mail-and-listening-to-our-phone-calls/
Twitter’s Surveillance Resistance while Google and others have built online systems to help the N.S.A.’s data gathering

http://takingnote.blogs.nytimes.com/2013/06/10/twitters-surveillance-resistance/
How much space would the filing cabinets of the Stasi and the NSA use up, if the NSA would print out their 5 Zettabytes?
Stasi versus NSA – How much space would the filing cabinets use up?
http://apps.opendatacity.de/stasi-vs-nsa/english.html
Travellers’ mobile phone data seized by UK police (Special Branch) @ border – Telegraph

http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html

Enjoy tomorrow’s Cyber SA today from Taipei!

Semper Fi,

謝謝

紅龍

Ask The Experts: Daily Tasks

Posted on by
3

This time around, we get a great question from a reader:

Q: “I’m a one man infosec team at a small financial company, and as such, I stay overtasked. Can you give me a few examples of some key tasks I should make sure I am doing daily/weekly/monthly to make sure I am hitting them all and to help me better structure my schedule?”

Bill Hagestad answered with:

Daily Tasks: 

– Keep self and staff educated about latest cyber threats to your business – read the MSI Blog @ State of Securityhttps://stateofsecurity.com/;
– Review what Federal Law Enforcement considers top cyber threats are base on current cases:
– Compromise of account holder credentials leading to legitimate account compromise;
-Via  phasing attack vectors; unauthorized ACH transfers; 
– Compromise of Third Party Payment Processors;
 
Source: FBI Threat To Financial Sector
 
-Insider attacks – perhaps the largest threat to any commercial enterprise – especially given the recent NSA dilemma via a US contractor
 
– Have staff follow all account verification standing operating procedures – covering all types of customer interaction, including but not limited to; phone, Internet, and in-person account interactions;
– Information Security/Assurance infrastructure configuration changes should be reviewed daily and approved/counter-approved internally to eliminate potential administrative abuses;
– Hold weekly Information Security/Assurance infrastructure team meetings – invite MicroSolved to participate as a credible resource for staff to ask questions of and make sound recommendations.
 
Weekly Tasks:
 
– Stay ahead of international financial sector threat intelligence – read the MSI Blog @ State of Securityhttps://stateofsecurity.com/;
– Ensure account access lists are secure and validated both for external customers (most importantly) and also internal employee need to access/right to access customer account information;
  
Monthly Tasks:
 
– Participate in professional cyber/information assurance mailing lists – if not sure who or what these are contact MSI Cyber Threat Intelligence;
– Be certain to review the US Government Hearing Notes: Cybersecurity: Threats to the Financial Sector downloadable @ http://www.gpo.gov/fdsys/pkg/CHRG-112hhrg72601/pdf/CHRG-112hhrg72601.pdf
– Review or create a cyber threat identification strategy involving key staff and MicroSolved – install HoneyPoint Security Server to capture knowledge about who truly is probing your network, eliminate the proverbial network noise and focus on specific threat actors – e.g.; Russian Cyber Crimianls, Chinese entities using government cyber espionage tools for crime purposes
 
Adam Hostetler added:
It’s hard to answer exactly what you should be doing on a timely basis
without reviewing your current requirements, tools, processes, and
infrastructure. However, If you go to www.microsolved.com and look at
our 80/20 white paper, you can use that as a guideline to give you some
ideas to help build out your security program.

Examples of some things you could/should be doing.

Daily:
Log reviews. Not necessary for all logs, but if you have
IDS/IPS/Honeypots etc, they should be reviewed and investigated if needed
Spend a bit of time following up on the latest security news/threats.
That includes things like new vulnerabilities or exploits, and then
following up if it would affect you.

Weekly:
Check and verify backups and processes

Monthly:
Update software/OS patches.

 
Finally, Jim Klun weighed in with: 
1. Make sure your subscribed to security news-feeds/alerting services that apply to your environment. Review those daily.

2. Make sure you are reviewing your logs daily.  You should know every day about successful and unsuccessful logins. You should also be paying attention to your firewall logs for inbound activity and outbound activity.

3 If you have a local help desk, talk to them at least monthly. They are often in a position to see things that are in fact security problems.

4. Automate your patching program if that is not true already, then review patch reports monthly.

5. If you have Internet exposures, check them monthly. Make absolutely sure at the end of each month you are absolutely sure of what services your organization offers to the Internet – and why.

As always, thanks for reading and if you have a question for the experts, either leave it in the comments, email us or drop us a line on Twitter at (@lbhuston). 

People’s Republic of China Cyber Situational Awareness for 11JUL2013…

Posted on by
2

Good Day Folks;

Much cyber news fem around the globe today – pay particular attention to a very good letter written by the People’s Republic of China’s Premier Li Keqiang regarding the notion of Chinese Intellectual Property theft…much more cyber situational awareness news available below for today, Thursday 11 JULY 2013…enjoy!

Full text of Chinese vice premier’s signed article published in U.S. newspaper – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/10/c_132526707.htm
Commentary: China-U.S. dialogue to transcend talks of cyber security – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/10/c_132528418.htm
People’s Republic of China concerned over U.S. restrictions on high-tech product exports: officials – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/11/c_132531823.htm
New China-U.S. relations start with Asia-Pacific: senior Chinese official – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/11/c_132532664.htm
Economic Impact of Cyber Espionage and IP Theft Hits U.S. Businesses Hard
http://www.cio.com/article/736132/Economic_Impact_of_Cyber_Espionage_and_IP_Theft_Hits_U.S._Businesses_Hard#ixzz2YfNU5alM
Why the People’s Republic of China will not buy the world –
http://www.ft.com/intl/cms/s/0/28d1a4a8-e7ba-11e2-babb-00144feabdc0.html
People’s Republic of China’s Evolving Overseas Interests and Its Diplomatic Strategy
http://en.siis.org.cn/index.php?m=content&c=index&a=show&catid=42&id=71
The Positive That Might Have Come Out the U.S.-China Cybersecurity Working Group
http://blogs.cfr.org/asia/2013/07/10/the-positive-that-might-have-come-out-the-u-s-china-cybersecurity-working-group/
Why isn’t LinkedIn Blocked in the People’s Republic of China?
http://www.techinasia.com/why-linkedin-not-blocked-china/
‘5 eyes’ spy network revealed
http://www.szdaily.com/content/2013-07/10/content_8282336.htm
New Snowden leak: Australia’s place in US spying web
http://rt.com/news/australia-nsa-snowden-surveillance-784/
People’s Republic of China, U.S. discuss cyber security
http://eng.mod.gov.cn/DefenseNews/2013-07/10/content_4458073.htm
People’s Republic of Hacking: Security in cyberspace ‘still major problem’- China.org.cn
http://www.china.org.cn/china/2013-07/10/content_29376741.htm
People’s Republic of Hackers…China’s freelance hackers: Proof that propaganda works
http://www.cbsnews.com/8301-202_162-57592999/chinas-freelance-hackers-for-love-of-country-and-proof-that-propaganda-works/
People’s Republic of China firmly supports cyber security: Chinese president – China.org.cn
http://www.china.org.cn/world/Off_the_Wire/2013-06/09/content_29080547.htm
Chinese Telecom Giant Huawei Pondering Pakistan Plant
http://www.techinasia.com/chinese-telecom-giant-huawei-pondering-pakistan-plant/?
Japan’s ‘white paper’ hypes up ‘China threat’
In his own words: Confessions of a cyber warrior
http://www.infoworld.com/print/222266
Time to redraw mental map of Sino-US issues
http://www.scmp.com/comment/insight-opinion/article/1279625/time-redraw-mental-map-sino-us-issues?login=1
People’s Republic of China’s security ministry says GSK executives confess to economic crimes
http://www.globalpost.com/dispatch/news/thomson-reuters/130711/china-security-ministry-says-gsk-execs-confess-crimes
People’s Republic of China To Loan Nigeria, Africa’s Largest Oil Exporter, $1.1B…OP Middle Kingdom continues…
http://www.ibtimes.com/nigeria-lands-11b-low-interest-loan-china-china-seeks-closer-ties-africas-largest-oil-exporter
IDC: People’s Repubic of China’s Lenovo Passes HP as World’s Top PC Maker
http://www.techinasia.com/idc-says-lenovo-passes-hp-worlds-top-pc-maker/
Recall Lenovo is under the leadership of China’s Chiese Academy of Science (CAS)…
http://www.techinasia.com/idc-says-lenovo-passes-hp-worlds-top-pc-maker/
Our computers are not going to kill us all: Cyber-war is military fiction
http://www.theglobeandmail.com/commentary/cyberspace-is-not-a-combat-zone/article13035562/
Luxembourg PM quits amid spying scandal –
http://www.telegraph.co.uk/news/worldnews/europe/luxembourg/10172654/Luxembourg-PM-quits-amid-spying-scandal.html
Iran Launches National Email Service For All Citizens
http://www.techweekeurope.co.uk/news/iran-national-email-service-121414?
MoD Data Compromised By Cyber Espionage Onslaught
http://www.techweekeurope.co.uk/news/mod-data-stolen-cyber-espionage-committee-report-121437?
Traitor Snowden case not the first embarrassment for Booz Allen, or D.C. contracting industry |
http://www.washingtonpost.com/politics/snowden-case-not-the-first-embarassment-for-booz-allen–or-washingtons-burgeoning-contracting-industry/2013/07/08/30440b0a-d9b3-11e2-a9f2-42ee3912ae0e_story.html
Commentary: Snowden and People’s Republic of China’s High-Tech Trade | The National Interest
http://nationalinterest.org/commentary/snowden-chinas-high-tech-trade-8712
Military Cyber-war wiped tens of thousands of PCs
http://www.myce.com/news/military-cyber-war-wipes-tens-of-thousands-of-pcs-67915/

Semper Fi,

謝謝
紅龍

US & People’s Republic of China FINALLY Make Cyber Security a Strategic Issue…

Posted on by
4

Good Day Folks;

US & People’s Republic of China FINALLY Make Cyber Security a Strategic Issue…FBI are you paying attention?
Many differing reporting styles from around the World regarding the US & the People’s Republic of China discussing cyber security as a strategic national/international matter…NOT one for Law Enforcement…Only now all the Chinese pay attention the US regarding the loosely attributable claims of hacking by the “Chinese” against the US…I wonder why it took so long for the “China Experts” in DC to figure this one out…!?

Enjoy the news folks – and note to the FBI – the People’s Republic of China perhaps isn’t the boogeyman we want them to be…interesting…no!?

People’s Republic of China, US hold talks on cyber security – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/10/c_132527602.htm
Commentary: Don’t let cyber security overshadow key China-U.S. dialogue – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-07/09/c_132525189.htm
Cyber, trade, relationship building among top issues at China-U.S. S&ED talks – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-07/09/c_132525193.htm
VLADIVOSTOK…CPC official urges global cooperation against cyber crimes, faster steps on norms – Xinhua |
http://news.xinhuanet.com/english/china/2013-07/04/c_132512368.htm
People’s Republic of China and US talks on cyber security ‘make progress’

http://www.computing.co.uk/ctg/news/2280515/china-and-us-talks-on-cyber-security-make-progress
People’s Republic of China, US hold talks on cyber security – China.org.cn
http://www.china.org.cn/world/2013-07/10/content_29377680.htm
People’s Republic of China, US hold cyberissues talks
http://usa.chinadaily.com.cn/us/2013-07/10/content_16754690.htm
People’s Republic of China, US talks on cyber security work…IRAN English Radio

http://english.irib.ir/news/political4/item/113895-china,-us-talks-on-cyber-security-work
People’s Republic of China, U.S. talks on cyber security go well: REUTERS

http://www.reuters.com/article/2013/07/10/us-china-usa-cyber-idUSBRE96904820130710
U.S., China begin formal cybersecurity talks Cybersecurity |

http://www.homelandsecuritynewswire.com/dr20130710-u-s-china-begin-formal-cybersecurity-talks
US, People’s Republic of China to take up hacking, business rows

http://au.news.yahoo.com/a/-/business/17942478/us-china-to-take-up-hacking-business-rows/
U.S.-People’s Republic of China cybersecurity talks inching along –

http://www.politico.com/story/2013/07/us-china-cybersecurity-93909.html
US and People’s Republic of China cyber-security talks ‘go well’ despite Snowden factor |

http://www.itproportal.com/2013/07/10/us-and-china-cyber-security-talks-go-well-despite-snowden-factor/
Facts about the China-US Strategic and Economic Dialogue
http://usa.chinadaily.com.cn/epaper/2013-07/10/content_16756028.htm
People’s Republic of China has ‘mountains of data’ about cyber attacks coming from US

http://www.computing.co.uk/ctg/news/2272851/china-has-mountains-of-data-about-cyber-attacks-coming-from-us
Japan highlights China as ‘security threat’
http://usa.chinadaily.com.cn/world/2013-07/10/content_16754254_3.htm
China’s ministry of national defence slams US for cyber security

http://www.computing.co.uk/ctg/news/2278206/chinas-ministry-of-national-defence-slams-us-for-cyber-security-hypocrisy
Pentagon accuses People’s Republic of China of hacking US government computer systems

http://www.computing.co.uk/ctg/news/2266378/pentagon-accuses-china-of-hacking-us-government-computer-systems
US Government, Industry Fed up with Chinese Cyber Theft; What’s Being Done? | PBS NewsHour |

http://www.pbs.org/newshour/bb/military/july-dec13/cybercrime_07-08.html
People’s Republic of China and US in cyber security talks
http://www.bbc.co.uk/news/world-asia-china-23177538
U.S. Downplays Spying Accusations in China Hacking Talks

http://www.bloomberg.com/news/2013-07-08/spying-accusations-shadow-u-s-china-cybersecurity-talks.html
No wonder the People’s Republic of China is worried about Android—the NSA helped write its source code

http://qz.com/102346/no-wonder-china-is-worried-about-android-the-nsa-helped-write-its-source-code/
Data Wiping Attacks in South Korea Were Culmination of Multi-Year Espionage Campaign

http://www.securityweek.com/data-wiping-attacks-south-korea-were-culmination-multi-year-espionage-campaign?
South Korea Plans a Big Boost to Cybersecurity Staffing

http://blogs.wsj.com/korearealtime/2013/07/04/south-korea-plans-a-big-boost-to-cybersecurity-staffing/
Cyber Security: Pakistan To Promote And Legislate Cyber Security

http://buitems.net/2013/07/cyber-security-pakistan-to-promote-and-legislate-cyber-security/?
Federal Cybersecurity Initiatives Demand Vigilance of Communication and Energy Infrastructure Owners and Operators
http://www.privsecblog.com/2013/06/articles/main-topics/data-breach-security/federal-cybersecurity-initiatives-demand-vigilance-of-communication-and-energy-infrastructure-owners-and-operators/
20 critical controls do improve cybersecurity, but are you using them?
h
ttp://gcn.com/articles/2013/07/08/20-critical-security-controls-implementation-lags.aspx
NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure
http://www.nist.gov/itl/csd/cybersecurity-070213.cfm
Iran will begin assigning state-issued email addresses to all citizens, a move officials are contending will maintain citizens’ privacy and facilitate communication between the state and the people.

http://www.fastcompany.com/3014054/fast-feed/iran-to-issue-national-email-addresses-to-all-citizens

Enjoy –

Semper Fi…

謝謝
紅龍

Average Knowledge Worker & Infosec

Posted on by
5

Last week, I had the chance to interview someone I would consider to be an average knowledge worker. They work in the area of being a virtual personal assistant, often using the Internet and their computer to serve the needs of their clients. They were chosen at random from a pool of VPAs. Here’s the short interview I did with them:

Q. What types of information security threats concern you most as a person who is dependent on their computer to earn a living?

A: I am most concerned about the potential for my getting “hacked” to impact clients or colleagues. I would hate to be the “weakest link” in the chain of information, and therefore take information security very seriously.

Q. What types of security tools do you use to protect the systems that belong to your family (firewalls, anti-virus, anti-malware, etc.)

A. I have my home network secured and encrypted, installed McAfee’s anti-virus app on all computers in the household network, and have taught my oldest son, who uses it via his laptop, to ALWAYS ask if he’s in doubt about clicking a link or approving an update. I’d rather he pester me every time Windows wants to update itself than potentially put our network at risk!

Q. How much does information security impact your life on the Internet? (Do you bank, shop, vote, trade, etc. online?)

A.  I bank and shop online, and honestly I mostly just try not to think about it. I take every reasonable precaution and don’t want to let fear influence my decision-making beyond that. 

My takeaways from the interview were actually good news. The basics of having a network firewall, doing some basic wireless security and installing some basic AV on machines has clearly entered the mainstream of the computing culture. That’s the good news. Sadly though, it would seem, I would guess that the controls stop there. I was glad to see that knowledge workers are training their children in the basics as well. I remember when just those steps were quite a leap. 

I was also kind of sad that the person said they try not thing think about the security risks. I wish they had said something along the lines of “I try and make rational security decisions to still enjoy modern online conveniences while allowing a modicum of safety.” or something like that. Sigh, I guess we still have some work to do. 🙂

As always, thanks for reading!

 

Cyber Threat Situational Awareness for 09JUL2013

Posted on by
3

Good Day Folks;

Below is a short list of some of the latest stories you need to be aware of to maintain & improve your Cyber Threat Situational Awareness for today,09JUL2013…

矽對海洋和平,帕拉戰爭 or in Latin…Si vis pacem, para bellum…

Talking Cyberthreat With the People’s Republic of China

http://www.nytimes.com/2013/07/10/opinion/global/talking-cyberthreat-with-china.html?_r=0
Traitor Snowden revelations imperil cyber hacking talks with People’s Republic of China |

http://www.intellasia.net/snowden-revelations-imperil-cyber-hacking-talks-with-china-292273
Patriot hacker ‘The Jester’ attacks nations offering Snowden help

http://www.theregister.co.uk/2013/07/04/patriot_hacker_takes_aim_snowden_asylum_candidates/
South Korea Attackers ‘Pierced Military Networks’
Same crew that hit TV stations and banks managed to get malware onto military networks

http://www.techweekeurope.co.uk/news/mcafee-south-korea-attackers-military-hacks-121219?
Dissecting operation Troy: Cyberespionage in South Korea
http://www.net-security.org/article.php?id=1861
How Cybercriminals Operate — Dark Reading
A look at cybercriminal motives, resources, and processes — and how they may affect enterprise defense

http://www.darkreading.com/perimeter/how-cybercriminals-operate/240157738
Iran Planning Cyber Drills
http://english.farsnews.com/newstext.aspx?nn=13920415000930
US agency baffled by modern technology, destroys mice to get rid of viruses
The US Economic Development Administration (EDA) is an agency in the Department of Commerce takes a cyber threat property destruction lesson from the German Government 🙂 “…$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.”

http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/
Across Europe, Nations Mold Cyber Defenses

http://www.defensenews.com/article/20130709/DEFREG01/307090008/Across-Europe-Nations-Mold-Cyber-Defenses

Enjoy!

Semper Fi…

謝謝紅龍

Sign up for updates from MSI: http://eepurl.com/dk1PE