Category Archives: General InfoSec

US & People’s Republic of China FINALLY Make Cyber Security a Strategic Issue…

Posted on by
4

Good Day Folks;

US & People’s Republic of China FINALLY Make Cyber Security a Strategic Issue…FBI are you paying attention?
Many differing reporting styles from around the World regarding the US & the People’s Republic of China discussing cyber security as a strategic national/international matter…NOT one for Law Enforcement…Only now all the Chinese pay attention the US regarding the loosely attributable claims of hacking by the “Chinese” against the US…I wonder why it took so long for the “China Experts” in DC to figure this one out…!?

Enjoy the news folks – and note to the FBI – the People’s Republic of China perhaps isn’t the boogeyman we want them to be…interesting…no!?

People’s Republic of China, US hold talks on cyber security – Xinhua | English.news.cn
http://news.xinhuanet.com/english/china/2013-07/10/c_132527602.htm
Commentary: Don’t let cyber security overshadow key China-U.S. dialogue – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-07/09/c_132525189.htm
Cyber, trade, relationship building among top issues at China-U.S. S&ED talks – Xinhua | English.news.cn
http://news.xinhuanet.com/english/indepth/2013-07/09/c_132525193.htm
VLADIVOSTOK…CPC official urges global cooperation against cyber crimes, faster steps on norms – Xinhua |
http://news.xinhuanet.com/english/china/2013-07/04/c_132512368.htm
People’s Republic of China and US talks on cyber security ‘make progress’

http://www.computing.co.uk/ctg/news/2280515/china-and-us-talks-on-cyber-security-make-progress
People’s Republic of China, US hold talks on cyber security – China.org.cn
http://www.china.org.cn/world/2013-07/10/content_29377680.htm
People’s Republic of China, US hold cyberissues talks
http://usa.chinadaily.com.cn/us/2013-07/10/content_16754690.htm
People’s Republic of China, US talks on cyber security work…IRAN English Radio

http://english.irib.ir/news/political4/item/113895-china,-us-talks-on-cyber-security-work
People’s Republic of China, U.S. talks on cyber security go well: REUTERS

http://www.reuters.com/article/2013/07/10/us-china-usa-cyber-idUSBRE96904820130710
U.S., China begin formal cybersecurity talks Cybersecurity |

http://www.homelandsecuritynewswire.com/dr20130710-u-s-china-begin-formal-cybersecurity-talks
US, People’s Republic of China to take up hacking, business rows

http://au.news.yahoo.com/a/-/business/17942478/us-china-to-take-up-hacking-business-rows/
U.S.-People’s Republic of China cybersecurity talks inching along –

http://www.politico.com/story/2013/07/us-china-cybersecurity-93909.html
US and People’s Republic of China cyber-security talks ‘go well’ despite Snowden factor |

http://www.itproportal.com/2013/07/10/us-and-china-cyber-security-talks-go-well-despite-snowden-factor/
Facts about the China-US Strategic and Economic Dialogue
http://usa.chinadaily.com.cn/epaper/2013-07/10/content_16756028.htm
People’s Republic of China has ‘mountains of data’ about cyber attacks coming from US

http://www.computing.co.uk/ctg/news/2272851/china-has-mountains-of-data-about-cyber-attacks-coming-from-us
Japan highlights China as ‘security threat’
http://usa.chinadaily.com.cn/world/2013-07/10/content_16754254_3.htm
China’s ministry of national defence slams US for cyber security

http://www.computing.co.uk/ctg/news/2278206/chinas-ministry-of-national-defence-slams-us-for-cyber-security-hypocrisy
Pentagon accuses People’s Republic of China of hacking US government computer systems

http://www.computing.co.uk/ctg/news/2266378/pentagon-accuses-china-of-hacking-us-government-computer-systems
US Government, Industry Fed up with Chinese Cyber Theft; What’s Being Done? | PBS NewsHour |

http://www.pbs.org/newshour/bb/military/july-dec13/cybercrime_07-08.html
People’s Republic of China and US in cyber security talks
http://www.bbc.co.uk/news/world-asia-china-23177538
U.S. Downplays Spying Accusations in China Hacking Talks

http://www.bloomberg.com/news/2013-07-08/spying-accusations-shadow-u-s-china-cybersecurity-talks.html
No wonder the People’s Republic of China is worried about Android—the NSA helped write its source code

http://qz.com/102346/no-wonder-china-is-worried-about-android-the-nsa-helped-write-its-source-code/
Data Wiping Attacks in South Korea Were Culmination of Multi-Year Espionage Campaign

http://www.securityweek.com/data-wiping-attacks-south-korea-were-culmination-multi-year-espionage-campaign?
South Korea Plans a Big Boost to Cybersecurity Staffing

http://blogs.wsj.com/korearealtime/2013/07/04/south-korea-plans-a-big-boost-to-cybersecurity-staffing/
Cyber Security: Pakistan To Promote And Legislate Cyber Security

http://buitems.net/2013/07/cyber-security-pakistan-to-promote-and-legislate-cyber-security/?
Federal Cybersecurity Initiatives Demand Vigilance of Communication and Energy Infrastructure Owners and Operators
http://www.privsecblog.com/2013/06/articles/main-topics/data-breach-security/federal-cybersecurity-initiatives-demand-vigilance-of-communication-and-energy-infrastructure-owners-and-operators/
20 critical controls do improve cybersecurity, but are you using them?
h
ttp://gcn.com/articles/2013/07/08/20-critical-security-controls-implementation-lags.aspx
NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure
http://www.nist.gov/itl/csd/cybersecurity-070213.cfm
Iran will begin assigning state-issued email addresses to all citizens, a move officials are contending will maintain citizens’ privacy and facilitate communication between the state and the people.

http://www.fastcompany.com/3014054/fast-feed/iran-to-issue-national-email-addresses-to-all-citizens

Enjoy –

Semper Fi…

謝謝
紅龍

Average Knowledge Worker & Infosec

Posted on by
5

Last week, I had the chance to interview someone I would consider to be an average knowledge worker. They work in the area of being a virtual personal assistant, often using the Internet and their computer to serve the needs of their clients. They were chosen at random from a pool of VPAs. Here’s the short interview I did with them:

Q. What types of information security threats concern you most as a person who is dependent on their computer to earn a living?

A: I am most concerned about the potential for my getting “hacked” to impact clients or colleagues. I would hate to be the “weakest link” in the chain of information, and therefore take information security very seriously.

Q. What types of security tools do you use to protect the systems that belong to your family (firewalls, anti-virus, anti-malware, etc.)

A. I have my home network secured and encrypted, installed McAfee’s anti-virus app on all computers in the household network, and have taught my oldest son, who uses it via his laptop, to ALWAYS ask if he’s in doubt about clicking a link or approving an update. I’d rather he pester me every time Windows wants to update itself than potentially put our network at risk!

Q. How much does information security impact your life on the Internet? (Do you bank, shop, vote, trade, etc. online?)

A.  I bank and shop online, and honestly I mostly just try not to think about it. I take every reasonable precaution and don’t want to let fear influence my decision-making beyond that. 

My takeaways from the interview were actually good news. The basics of having a network firewall, doing some basic wireless security and installing some basic AV on machines has clearly entered the mainstream of the computing culture. That’s the good news. Sadly though, it would seem, I would guess that the controls stop there. I was glad to see that knowledge workers are training their children in the basics as well. I remember when just those steps were quite a leap. 

I was also kind of sad that the person said they try not thing think about the security risks. I wish they had said something along the lines of “I try and make rational security decisions to still enjoy modern online conveniences while allowing a modicum of safety.” or something like that. Sigh, I guess we still have some work to do. 🙂

As always, thanks for reading!

 

Cyber Threat Situational Awareness for 09JUL2013

Posted on by
3

Good Day Folks;

Below is a short list of some of the latest stories you need to be aware of to maintain & improve your Cyber Threat Situational Awareness for today,09JUL2013…

矽對海洋和平,帕拉戰爭 or in Latin…Si vis pacem, para bellum…

Talking Cyberthreat With the People’s Republic of China

http://www.nytimes.com/2013/07/10/opinion/global/talking-cyberthreat-with-china.html?_r=0
Traitor Snowden revelations imperil cyber hacking talks with People’s Republic of China |

http://www.intellasia.net/snowden-revelations-imperil-cyber-hacking-talks-with-china-292273
Patriot hacker ‘The Jester’ attacks nations offering Snowden help

http://www.theregister.co.uk/2013/07/04/patriot_hacker_takes_aim_snowden_asylum_candidates/
South Korea Attackers ‘Pierced Military Networks’
Same crew that hit TV stations and banks managed to get malware onto military networks

http://www.techweekeurope.co.uk/news/mcafee-south-korea-attackers-military-hacks-121219?
Dissecting operation Troy: Cyberespionage in South Korea
http://www.net-security.org/article.php?id=1861
How Cybercriminals Operate — Dark Reading
A look at cybercriminal motives, resources, and processes — and how they may affect enterprise defense

http://www.darkreading.com/perimeter/how-cybercriminals-operate/240157738
Iran Planning Cyber Drills
http://english.farsnews.com/newstext.aspx?nn=13920415000930
US agency baffled by modern technology, destroys mice to get rid of viruses
The US Economic Development Administration (EDA) is an agency in the Department of Commerce takes a cyber threat property destruction lesson from the German Government 🙂 “…$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.”

http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/
Across Europe, Nations Mold Cyber Defenses

http://www.defensenews.com/article/20130709/DEFREG01/307090008/Across-Europe-Nations-Mold-Cyber-Defenses

Enjoy!

Semper Fi…

謝謝紅龍

Sign up for updates from MSI: http://eepurl.com/dk1PE

Audio Blog Post: Derbycon 3.0 & Sexism at Cons

Posted on by
3

Check out this audio blog post between Brent Huston and Victoria Loewengart as they discuss this year’s Derbycon. There is a special segment towards the end of the conversation where they discuss females attending Derbycon, what to expect and attempt to counter some of the bad news about sexism at conferences going around these days. 

Download the m4a here.

International Cyber Intelligence & Situational Awareness (SA)…Operation Middle Kingdom

Posted on by
1

Good day Folks;

Here is an extensive list of the recent International Cyber Intelligence & Situational Awareness (SA) you should be cognizant of…something cyber for everyone including the People’s Republic of H@cking, HUAWEI, Pakistan ~ People’s Republic of China relations and much, much more cybernia related…and coming soon to a computer and networked system near you OP Middle Kingdom…

Innovation and Disruption, & Why the People’s Republic of China Needs the Latter

http://www.techinasia.com/difference-innovation-disruption-important/
A Breakdown of the People’s Republic of China’s New Visa Rules
http://www.haohaoreport.com/l/43604
A New Anti-American Axis? People’s Republic of China & Russia…

http://www.nytimes.com/2013/07/07/opinion/sunday/a-new-anti-american-axis.html?
People’s Republic of China’s Huawei Zambia to invest $500,000 in brand promotion | Times of Zambia
http://www.times.co.zm/?p=22996
People’s Republic of China, Pakistan Build Communication, Transportation Links

http://www.ibtimes.com/china-pakistan-agree-communications-transport-links-huawei-board-fiber-optic-project-1335227?ft=w18y0
PM urges People’s Republic of China’s Huawei to set up research centre in Pakistan

http://www.pakistantoday.com.pk/2013/07/07/news/profit/pm-urges-huawei-to-set-up-research-centre-in-pakistan/
People’s Republic of China’s Huawei-Imperial plan renews Chinese cyber-security fears

http://theconversation.com/huawei-imperial-plan-renews-chinese-cyber-security-fears-15788
People’s Republic of China’s Huawei deploys high speed 4G on Mount Everest

http://www.theinquirer.net/inquirer/news/2279724/huawei-deploys-high-speed-4g-on-mount-everest
People’s Republic of China’s Huawei to build China-Pakistan link

http://www.defence.pk/forums/economy-development/262482-huawei-build-china-pakistan-link.html
People’s Republic of China’s Huawei Ready to Outspend Ericsson in R&D Race to Woo Clients

http://www.bloomberg.com/news/2013-07-02/huawei-woos-carriers-with-research-boost-beyond-me-too-networks.html
People’s Republic of China’s Huawei supports Asia Pacific hospitals

http://www.itwire.com/it-industry-news/market/60579-huawei-supports-asia-pacific-hospitals
People’s Republic of China’s Huawei boosts spending on research

http://www.scmp.com/business/companies/article/1275572/huawei-boosts-spending-research
People’s Republic of China, Switzerland sign free trade agreement
Switerland is latest OP MIddle Kingom acquistion by the People’s Republic of China…

http://www.reuters.com/article/2013/07/06/us-china-trade-idUSBRE96503E20130706
Studies: Cyberspying Targeted SKorea, US Military

http://abcnews.go.com/International/wireStory/studies-cyberspying-targeted-skorea-us-military-19602444
Turkish Agent Hacked US Air Force Culture & Language Center Website | Cyberwarzone
Didn’t the USAF tell the US Senate they were lead DoD on Cyber & were going to protect US Critical INfrastructure againsts hackers?
Hell, they cannot even protect themselves….
USAF CYBER ….MASSIVE FAIL….

http://cyberwarzone.com/turkish-agent-hacked-us-air-force-culture-language-center-website
Taiwanese Military to stage computer-aided war game later this month: MND
“tested the armed forces ability to fend off a simulated invasion by Chinese forces.”

http://www.chinapost.com.tw/taiwan/national/national-news/2013/07/03/382727/Military-to.htm
EU and People’s Republic of China close in on solar panel deal

http://www.reuters.com/article/2013/07/05/us-china-solar-idUSBRE9640L720130705
Pakistan, China set sights on Arabian Sea link |

http://www.ksl.com/?nid=235&sid=25866836&title=pakistan-china-set-sights-on-arabian-sea-link
Is People’s Republic of China’s Huawei Becoming Less Chinese?

http://blogs.wsj.com/digits/2013/07/04/is-huawei-becoming-less-chinese/?
People’s Republic of China’s Huawei to overtake Ericsson in R&D spending

http://www.intomobile.com/2013/07/05/huawei-overtake-ericsson-rd-spending/?
Papua New Guinea’s fixed line incumbent Telikom recruits People’s Republic of China’s Huawei for NBN project

http://www.telegeography.com/products/commsupdate/articles/2013/07/05/telikom-recruits-huawei-for-nbn-project/?
FCC approves deals between Japan’s Softbank, Sprint, Clearwire
Softbank signs huge deal with Huawei….backdoor to United States critical infrastructure now wide open for Huawei courtesy of Japan…

http://www.washingtonpost.com/business/technology/fcc-approves-deals-between-softbank-sprint-clearwire/2013/07/05/f48c88d8-e5ad-11e2-a11e-c2ea876a8f30_story.html
People’s Republic of China’s Huawei, Imperial College, London announce big data joint venture |

http://www.zdnet.com/huawei-imperial-college-announce-big-data-joint-venture-7000017582/
Chinese Web giant Tencent faces obstacles in its goal to expand in global IM market

http://www.washingtonpost.com/business/economy/chinese-web-giant-tencent-faces-obstacles-in-its-goal-for-a-global-im-market/2013/07/05/6ee4016c-cff4-11e2-8845-d970ccb04497_story.html?
People’s Republic of China Says Private Banks Possible

http://www.npr.org/templates/story/story.php?storyId=198990603
Emerging market giants quick to grab Australian foothold
Chinese banks, among the world’s largest, are busy in Australia

http://www.brisbanetimes.com.au/business/emerging-market-giants-quick-to-grab-australian-foothold-20130705-2phh7.html
NJRAT ESPIONAGE MALWARE TARGETS MIDDLE EASTERN GOVERNMENTS, TELECOMS AND ENERGY

http://threatpost.com/njrat-espionage-malware-targets-middle-eastern-governments-telecoms-and-energy/
Current cybercrime market is all about Cybercrime-as-a-Service |
http://www.net-security.org/secworld.php?id=15173
TARGETED ESPIONAGE ATTACK BORROWING FROM CYBERCRIMINALS

http://threatpost.com/targeted-espionage-attack-borrowing-from-cybercriminals/
Traitorous Snowden Says the NSA and Israel Wrote Stuxnet Malware Together

http://news.softpedia.com/news/Snowden-Says-the-NSA-and-Israel-Wrote-Stuxnet-Malware-Together-366371.shtml?
EU adopts stricter penalties for cyber criminals
http://www.net-security.org/secworld.php?id=15183
EU Parliament to launch inquiry into US surveillance programs
http://www.net-security.org/secworld.php?id=15181
Piratin Nocun über den Überwachungsskandal…Cyberwar governments against their citizens

http://www.sueddeutsche.de/digital/ueberwachungsskandal-cyberwar-der-regierungen-gegen-ihre-buerger-1.1713200
Iran to hold nationwide cyber maneuver

http://www.presstv.ir/detail/2013/07/06/312582/iran-to-hold-nationwide-cyber-maneuver/
United Kingdom Cyber War ‘At Its Gunpowder Moment’

http://www.huffingtonpost.co.uk/2013/07/05/cyber-war-gunpowder-moment_n_3549048.html
Beware the Internet and the danger of cyberattacks

http://www.dallasnews.com/opinion/sunday-commentary/20130705-robert-j.-samuelson-beware-the-internet-and-the-danger-of-cyberattacks.ece
U.S. military realm extends to cyberspace

http://www.upi.com/Science_News/Technology/2013/07/02/US-military-realm-extends-to-cyberspace/UPI-85321372770741/
The cyber-intelligence complex and its useful idiots
“Those who tell us to trust the US’s secret, privatised surveillance schemes should recall the criminality of J Edgar Hoover’s FBI”
http://www.guardian.co.uk/commentisfree/2013/jul/01/cyber-intelligence-complex-useful-idiots
Cyberwar: Angriffe auf Industrieanlagen wachsen…Cyberwar: Attacks on industrial plants grow

http://business.chip.de/news/Cyberwar-Angriffe-auf-Industrieanlagen-wachsen_62848164.html
Blind Fear Of Cyberwar Drives Columnist To Call For Elimination Of The Internet |

https://www.techdirt.com/articles/20130701/10561323680/blind-fear-cyberwar-drives-columnist-to-call-elimination-internet.shtml
Cyberwar ist kein Kalter Krieg
http://www.dradio.de/dkultur/sendungen/interview/2162803/
Brazil was target of U.S. signals spying, Globo newspaper says
http://www.reuters.com/article/2013/07/07/brazil-espionage-snowden-idUSL1N0FD05120130707

Enjoy –

Semper Fi –

謝謝紅龍

Ask The Security Experts: Holiday Coverage

Posted on by
3

This time around on Ask The Security Experts, we have a question about holiday coverage for the security team:

Q: “With the upcoming summer holidays and heavy vacation schedules, what are some things I need to pay attention to in order to make sure attackers don’t catch us off guard while we are short on staff?”

Jim Klun weighed in with:

1. Make sure all staff have been reminded of the reality of phishing attacks and what they need to watch out for.
   Use real-world examples like this one: http://labs.ft.com/2013/05/a-sobering-day/ ( courtesy of Adam Hostetler )
   Its important that staff understand the potential severity of a successful phishing attack.
   Such attacks are more likely over holiday periods when attackers can rely on short-staffing.

2. Make sure all systems( both network/OS/application ) are logging and that you are reviewing those logs for anomalies
   Make it a particular point to review those logs after the holidays.
   Log review can be automated but should not be reduced to a formality.  Staff with familiarity with what is normal should be reviewing daily log reports and periodically
   examining the raw logs themselves.

3. Consider internal alerting systems such as Microsolved’s “Honeypoint” solution.  They can act as tripwires in your network, alerting you to the presence of an intruder.
   See: http://www.microsolved.com/honeypoint

Bill Hagestad added:

To prevent surprise cyber attacks the number one focus should be proactive cyber threat intelligence specifically related to your company based upon the following Essential Elements of Information (EEI):

– What are your priorities for intelligence?
– Competitor’s needs/focuses?
– External vendors interests on behalf of competitor?
– Foreign economic interests
– Commercial cyber espionage
– Foreign cyber espionage?
– Potential insider threats?

Once you have prioritized what you consider the information security threats are to your organization MicroSolved can help develop a information a security/assurance strategy.
First step determine a quick list of cyber intelligence targeting baed upon the EEI above;
Second – from the priorities determine your internal High Value Targets that the prioritized list of adversaries might focus on;
Third – install or fine tune your HoneyPoint Security Server to capture attacker and threat vector information; and,
Fourth – focus holiday staffing levels and efforts to mitigate list of potential cyber threats based upon both the EEI and steps 1 -3 above.

John Davis stated:

One of the things to pay particular attention to during vacation season is the security of returning portable devices. Employees will probably be traveling all over the place on their vacations, include foreign countries. And while traveling, people like to let their hair down and take it easy. They also like to keep abreast of their emails or surf the Internet looking for restaurants and places of interest.
Hotel networks and public hot spots are usually open networks and liable to sniffing by enterprising cyber criminals. Because of this, it is relatively easy for these attackers to implant Malware on laptops or other portable devices used by traveling employees. And, as we know, lots of enterprises these days have bring your own device policies in place or tolerate the casual use of company laptops for non-business purposes. To protect the network from this scenario, run anti-virus and other Malware detecting software on these devices, and/or boot them up in a stand alone test environment and look for problems before allowing them onto the production network.

There’s a LOT of good advice here. Hopefully, some of it helps you. Until next time, thanks for reading and have a safe holiday!

People’s Republic of China’s Foreign Ministry sets up cyber security office – as Australian Defence Mag Day Three Cyber Security Summit concludes…Canberra…Red Dragon Rising & the People’s Republic of Hacking…err, China..

Posted on by
5

Good Day from the Front Line of Cyber – Here are today’s top Chinese Cyber Threat Stories from an international perspective….your daily dose of Cyber Threat Situational Awareness (SA)….

Codan network hacked by Chinese

http://www.electronicsnews.com.au/news/codan-network-hacked-by-chinese
Report: Australia spy plans hacked by Chinese

http://www.aljazeera.com/news/asia-pacific/2013/05/20135284536511454.html
Cybersecurity and the Limits of Leader Summits

http://thediplomat.com/the-editor/2013/06/28/cybersecurity-and-the-limits-of-leader-summits/
Trial flight photos of China’s J-31 stealth fighter – Xinhua | English.news.cn

http://news.xinhuanet.com/english/photo/2013-07/02/c_132502418_4.htm
InterDigital loses first round of U.S. case against People’s Republic of China’s Huawei

http://www.reuters.com/article/2013/07/01/us-interdigital-huawei-patent-idUSBRE96019420130701
Former Nokia head of sales takes his expertise to Huawei (updated)

http://www.engadget.com/2013/07/02/colin-giles-huawei/?
Nokia doubles up in networks to fight People’s Republic of China

http://blogs.ft.com/businessblog/2013/07/nokia-doubles-up-in-networks-to-fight-china/?
GCHQ claims British networks hit by 70 cyber attacks a month |

http://www.itpro.co.uk/security/20106/gchq-claims-british-networks-hit-70-cyber-attacks-month
NSA hacking and spying on EU officials

http://www.net-security.org/secworld.php?id=15169
U.S. intelligence community is out of control |

http://www.cnn.com/2013/07/01/opinion/rothkopf-surveillance-revelations/index.html?
Why the Story on Snowden and the NSA Doesn’t Add Up |

http://www.motherjones.com/kevin-drum/2013/07/nyt-snowden-was-hacker-nsa
The danger of what Edward Snowden has not revealed

http://www.washingtonpost.com/opinions/marc-thiessen-the-danger-of-what-edward-snowden-has-not-revealed/2013/07/01/67f95a18-e251-11e2-aef3-339619eab080_story.html?
HACKED!

http://www.abc.net.au/4corners/stories/2013/05/27/3766576.htm
People’s Republic of China: US should ‘explain hacking activity’ – People’s Daily Online
Uh oh – NSA has compromised US National Security as the People’s Republic of China demands to know why it is being hacked by the Top US Spy Agency….

http://english.peopledaily.com.cn/90883/8284267.html
People’s Republic of China’s Foreign Ministry sets up cyber security office – People’s Daily Online

http://english.peopledaily.com.cn/90883/8285401.html
提醒大家新的APT高峰期即將出現, 新 PDF Exploit CVE-2013-2729 已經用在 APT Email 攻擊中

http://blog.xecure-lab.com/2013/06/apt-pdf-exploit-cve-2013-2729-apt-email.html
Will People’s Republic of China Offer Snowden Freedom in exchange for Information?

http://www.slate.com/blogs/the_slatest/2013/06/14/edward_snowden_reveals_details_of_hong_kong_and_china_nsa_hacking.html
Booz Allen’s Snowden Smuggled Documents From NSA on a Thumb Drive |

http://www.wired.com/threatlevel/2013/06/snowden-thumb-drive/
“Snowden is a ‘card’ that People’s Republic of China never expected… But China is neither adept at nor used to playing it.”

http://althouse.blogspot.com.au/2013/06/snowden-is-card-that-china-never.html
Who’d You Rather Be Watched By: People’s Republic of China, or the U.S.?

http://www.theatlantic.com/china/archive/2013/06/whod-you-rather-be-watched-by-china-or-the-us/276898/
Chinese Telecoms ‘A Security Risk’ To Britain

http://news.sky.com/story/1100187/chinese-telecoms-a-security-risk-to-britain

People’s Republic of China’s Huawei faces UK heat over cyber-attack fears

http://www.theaustralian.com.au/news/world/huawei-faces-uk-heat-over-cyber-attack-fears/story-fnb64oi6-1226658100939
OP Middle Kingdom: People’s Republic of China Becoming The Most Important Factor In Global Gold Markets

http://seekingalpha.com/article/1502512-china-becoming-the-most-important-factor-in-global-gold-markets?
Operation Middle Kingdom ~ Canada…Ottawa delaying Wind Mobile deals on national security concerns

http://www.theglobeandmail.com/report-on-business/security-concerns-delay-wind-deal/article12538800/
PRISM Whistle-Blower: US Has Been Hacking the People’s Republic of China For Years

http://www.techweekeurope.co.uk/news/prism-america-hacking-china-119004?
People’s Republic of China newspaper: Booz Allen’s Snowden could be useful to China

http://www.kimt.com/2013/06/14/china-newspaper-snowden-could-be-useful-to-china/
U.K. Warns on People’s Republic of China’s Huawei Cyber Security Risk

http://online.wsj.com/article/SB10001424127887323844804578529141741985244.html
UK defends China telecom firm deals

http://www.bbc.co.uk/news/uk-politics-22795226
Can N.S.A. Surveillance Be Likened to Chinese Spying?

http://rendezvous.blogs.nytimes.com/2013/06/13/can-n-s-a-surveillance-be-likened-to-chinese-spying/?
People’s Republic of China: U.S. in “Awkward Position” After Latest Hacking Claims

http://chinadigitaltimes.net/2013/06/netizens-on-us-hacking-what-a-hypocrite/?

Booz Allen Whistleblower Edward Snowden claims US targets Chinese computers for cyber attacks

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10117690/Whistleblower-Edward-Snowden-claims-US-targets-Chinese-computers-for-cyber-attacks.html
Pressure builds on US over Hong Kong civilian hacking allegations

http://www.guardian.co.uk/world/2013/jun/13/hong-kong-demands-us-answer-hacking-allegations
Booz Allen’s Edward Snowden claims US hacks Chinese Military & Political targets
http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10117478/Edward-Snowden-claims-US-hacks-Chinese-targets.html
Chinese State Media Suggest That N.S.A. Disclosures Will Hurt U.S. Ties

http://www.nytimes.com/2013/06/14/world/asia/chinese-media-suggest-nsa-disclosure-will-hurt-us-ties.html?
Australia gets ‘deluge’ of US secret data, prompting a new data facility…Recall Aussie Company Codan was haced by the People’s Republic of China….

http://www.theage.com.au/it-pro/security-it/australia-gets-deluge-of-us-secret-data-prompting-a-new-data-facility-20130612-2o4kf.html
Calls Grow in People’s Republic of China to Press Claim for Okinawa…Now that US Marines are gone to Austraia…we know the PLA will overrun the USAF Base @ Kadena…

http://www.nytimes.com/2013/06/14/world/asia/sentiment-builds-in-china-to-press-claim-for-okinawa.html?&pagewanted=all

Taking the West’s Technology, Leaving its Freedoms – China Digital Times

http://chinadigitaltimes.net/2013/06/taking-the-wests-technology-leaving-its-freedoms/?
How China Got There First: Beijing’s Unique Path to ASBM Development and Deployment

http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=40994&cHash=4be1b6f4d1da712a29057d94f181c32c#.UbpnRPaG1JE

Thousands of Iranian Gmail Users Targeted in Attempted Hacks Before Election

http://www.wired.com/threatlevel/2013/06/iran-hack-election/

OWASP Top 10 for 2013 has been released! “Injection” tops the chart again. Download your copy here:
https://www.owasp.org/index.php/Top10

Enjoy –

Semper Fi,

謝謝
紅龍

International Cyber Situational Awareness for the Beginning of July 2013

Posted on by
2

Good day Folks;

My apologies for the late entry – international travel will do that to a person once in a awhile –

Nonetheless, here is a lengthy compilation of some of the latest International Cyber Situational Awareness for the Beginning of July 2013 –

Remember to search for “OP Middle Kingdom”

Enjoy!

U.S. to press People’s Republic of China on cyber theft: Lew

http://www.reuters.com/article/2013/07/01/us-treasury-china-idUSBRE96009X20130701

People’s Republic of China Accuses U.S. of Hypocrisy on Cyberattacks |

http://world.time.com/2013/07/01/china-accuses-u-s-of-hypocrisy-on-cyberattacks/?

People’s Republic of China’s Huawei’s Best-Kept Secret: An Army of Engineers

http://blogs.wsj.com/digits/2013/07/01/huaweis-best-kept-secret-an-army-of-engineers/?

U.S. Is a ‘Hacker Empire,’ Says Chinese Military Analyst

http://rendezvous.blogs.nytimes.com/2013/06/26/u-s-is-a-hacker-empire-says-chinese-military-analyst/?

U.S. Prism, Meet People’s Republic of China’s Golden Shield

http://rendezvous.blogs.nytimes.com/2013/06/28/u-s-prism-meet-chinas-golden-shield/?

LAP Green & the People’s Republic of China’s Huawei ink settlement agreement

http://www.telegeography.com/products/commsupdate/articles/2013/07/01/lap-green-huawei-ink-settlement-agreement/?

The Willie Suttons of the Cyberage – Can we stop bad guys from getting into U.S. networks? |

http://www.foreignpolicy.com/articles/2013/06/26/the_willie_suttons_of_the_cyberage_cybercrime?page=full

JFQ-70: Unpacking Cyberwar: The Sufficiency of the Law of Armed Conflict in the Cyber Domain
http://www.ndu.edu/press/unpacking-cyberwar.html

Awaiting Cyber 9/11

http://www.ndu.edu/press/awaiting-cyber-9-11.html

Snowden spy row grows as US is accused of hacking People’s Republic of China

http://www.guardian.co.uk/world/2013/jun/22/edward-snowden-us-china

EXCLUSIVE: NSA targeted People’s Republic of China’s Tsinghua University in extensive hacking attacks
“…Tsinghua University, widely regarded as the mainland’s top education and research institute, was the target of extensive hacking by US spies this year.”
http://www.scmp.com/news/china/article/1266892/exclusive-nsa-targeted-chinas-tsinghua-university-extensive-hacking

EXCLUSIVE: US hacked Pacnet, Asia Pacific fibre-optic network operator, in 2009

http://www.scmp.com/news/hong-kong/article/1266875/exclusive-us-hacked-pacnet-asia-pacific-fibre-optic-network-operator

EXCLUSIVE: Ex-Booz Hamilton NSA Contractor safe in Hong Kong, more US cyberspying details revealed

http://www.scmp.com/news/hong-kong/article/1266777/exclusive-snowden-safe-hong-kong-more-us-cyberspying-details-revealed

US hacks Chinese mobile phones: Booz Hamilton Contractor: US National Security FAIL

http://www.theaustralian.com.au/news/breaking-news/us-hacks-chinese-mobile-phones-snowden/story-fn3dxix6-1226668185301

Civic Party demands the US respond to hacking claims

http://www.scmp.com/news/hong-kong/article/1266716/civic-party-demands-us-respond-hacking-claims

Edward Snowden alleges US hacking People’s Republic of China phone firms

http://www.adelaidenow.com.au/news/world/edward-snowden-alleges-us-hacking-china-phone-firms/story-fnd11ay0-1226668186230

People’s Republic of China completes internet monitoring scheme in Tibet

http://www.guardian.co.uk/world/2013/jun/19/china-internet-monitoring-tibet

Xi Jinping’s Decade And The Future Of Sino-American Relations – Analysis

http://www.eurasiareview.com/22062013-xi-jinpings-decade-and-the-future-of-sino-american-relations-analysis/?

People’s Republic of China’s Xi harks back to Mao in party ‘cleanup’

http://wanderingchina.org/2013/06/20/chinas-xi-harks-back-to-mao-in-party-cleanup-ap-risingchina-corruption/

What to Make of Xi Jinping’s Maoist Turn

http://wanderingchina.org/2013/06/22/what-to-make-of-xi-jinpings-maoist-turn-wsj-risingchina-newleadership/

Hagel Vows to Prioritize Cyber, Nuclear Capabilities…Si vis pacem, para bellum
US DoD Defense.gov News Article…矽對海洋和平,帕拉戰爭

http://www.defense.gov/news/newsarticle.aspx?id=120339

People’s Republic of China: U.S. should not hold multiple standards in cyber world – People’s Daily Online

http://english.peopledaily.com.cn/90786/8290745.html

People’s Republic of China ~ Snowden spying claims rejected – People’s Daily Online

http://english.peopledaily.com.cn/90883/8287831.html

U.S. charges Snowden with espionage

http://www.washingtonpost.com/world/national-security/us-charges-snowden-with-espionage/2013/06/21/507497d8-dab1-11e2-a016-92547bf094cc_story.html

Edward Snowden: US government has been hacking Hong Kong and People’s Republic of China for years

http://www.scmp.com/news/hong-kong/article/1259508/edward-snowden-us-government-has-been-hacking-hong-kong-and-china

Snowden’s Leaks on People’s Republic of China Could Affect Its Role in His Fate |

http://www.nytimes.com/2013/06/15/world/asia/ex-nsa-contractors-disclosures-could-complicate-his-fate.html?

Chinese Ministry of Foreign Affairs sets up cyberdiplomacy office

http://www.scmp.com/news/china/article/1261181/chinese-ministry-foreign-affairs-sets-cyberdiplomacy-office

People’s Republic of China asks U.S. to explain Internet surveillance

http://www.reuters.com/article/2013/06/17/us-usa-security-china-idUSBRE95G06R20130617

People’s Republic of China’s Huawei, ZTE see vindication amid US cyber-spying scandal

http://www.scmp.com/business/companies/article/1263200/huawei-zte-see-vindication-amid-us-cyber-spying-scandal

People’s Republic of Acquisition: Nokia stock rises on rumors of Huawei acquisition
Operation Middle Kingdom – Finalnd technology now acquistion target of People’s Republic of China’s HUAWEI

http://www.washingtonpost.com/business/technology/nokia-stock-rises-on-rumors-of-huawei-acquisition/2013/06/18/3aca3fba-d83a-11e2-a016-92547bf094cc_story.html?

People’s Republic of China completes Internet, phone monitoring scheme for Tibet

http://www.reuters.com/article/2013/06/19/china-tibet-idUSL3N0EV1W920130619

People’s Republic of China’s Huawei says has no plans to buy Nokia

http://www.crn.com.au/News/347193,huawei-says-has-no-plans-to-buy-nokia.aspx

Soft Power: A U.S.-China Battleground?

http://thediplomat.com/china-power/soft-power-a-u-s-china-battleground/?

People’s Republic of China’s tyranny of uniqueness

http://cmp.hku.hk/2013/06/14/33486/

Reforming the People’s Republic of China’s State-Owned Enterprises

http://thediplomat.com/2013/06/19/reforming-chinas-state-owned-enterprises/?

People’s Republic of China lands three astronauts on Tiangong-1 space station

http://www.guardian.co.uk/world/2013/jun/13/china-astronauts-tiangong-1-space-station

Home Office Throws £4m At Educating Britain On Cyber Security
Awareness push from government celebrated by industry

http://www.techweekeurope.co.uk/news/home-office-4m-cyber-security-awareness-119696?

Report: UK spies hacked foreign diplomats

http://www.news.com.au/technology/report-uk-spies-hacked-foreign-diplomats/story-e6frfro0-1226665303140

GCHQ taps fibre-optic cables for secret access to world’s communications

http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa?CMP=twt_gu

People’s Republic of China diversifies UK interests as Dalian Wanda invests £1bn in luxury brands

http://www.guardian.co.uk/business/2013/jun/19/china-uk-interests-dalian-wanda-luxury-brands

Use Tor, Get Targeted By the NSA –

http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa?u

What the NSA Does With the Data It Isn’t Allowed to Keep

http://www.nextgov.com/cloud-computing/2013/06/what-nsa-does-data-it-isnt-allowed-keep/65324/

Schneier on Security: US Offensive Cyberwar Policy

http://www.schneier.com/blog/archives/2013/06/us_offensive_cy.html?

The keyboard: The weapon of choice in new type of warfare

http://www.irishexaminer.com/lifestyle/features/the-keyboard-the-weapon-of-choice-in-new-type-of-warfare-234768.html

Iran oil ministry denies cyber attack

http://en.trend.az/regions/iran/2164035.html

Semper Fi,

謝謝紅龍

Network Device Reviews, A Less Common Assessment

Posted on by
3

One of the less common assessments that MicroSolved performs for our clients is a Network Device Review (NDR). These assessments are aimed at helping clients assess the current state of specific devices or system configurations and improving them. 

Common devices assessed via this service include:

  • Firewalls
  • Routers and switches
  • IDS/IPS deployments and configurations
  • Load balancers
  • Workstation and server install and image baselines
  • ICS & SCADA devices from back end to customer premise

This type of assessment is performed using a combination of automated tools and manual time with our security engineers. The methodology leveraged to perform the assessment is very similar to our other assessments, with the engineers doing detailed analysis of attack surfaces and evaluation of relevant controls. Reports follow a more technical path for these services, with a technically focused report set and a small management level summary, keeping the cost of these services significantly less expensive than our deeper pen-testing and fuzzing assessments.

Customers often use these services to perform spot validation or as a part of an overall hardening project to improve their security posture organically. To learn more about the NDR service, get in touch with your account executive or contact us via info (at) micro solved (dot) com for a free conversation about how the NDR can help your organization.

As always, thanks for reading and stay safe out there!