By Bill Brenner
Senior Editor
CSO
May 06, 2010
I go to a lot of security conferences, almost always without my family in tow. The logistics and money involved with trekking them from one part of the country to the next is usually beyond my resources. But when a conference is local and there's something in it for the kids, I'm in
100 percent.
Last month's SOURCE Boston and Security B-Sides conferences coincided with school vacation, which put me in a bind. Fortunately, the security community is very kid-friendly, and nobody minded when I brought Sean and Duncan to B-Sides. In fact, I think the hackers enjoyed their antics.
At B-Sides one of the first speakers was a young security practitioner talking about the challenges of people his age breaking into the industry and finding the right combination of employment and respect.
While I was getting inspired to write "How young upstarts can get their big security break in 6 steps" during that talk, Cisco cloud security guru Chris Hoff was getting a blast of inspiration from his children's adventures at SOURCE a couple days before. The result is a concept any security practitioner-parent should embrace.
On the HacKid Conference website, Hoff explains the idea:
"The gist of the idea for HacKid (sounds like 'hacked,' get it) came about when I took my three daughters aged 6, 9 and 14 along with me to the Source Security conference in Boston. It was fantastic to have them engage with my friends, colleagues and audience members as well as ask all sorts of interesting questions regarding the conference. It was especially gratifying to have them in the audience when I spoke twice.
There were times the iPad I gave them was more interesting, however."
The idea is to provide an interactive, hands-on experience for kids and their parents which includes things like:
[...]
Friday, 7 May 2010
DOJ discloses U.S. convictions for sale of counterfeit networking hardware
By Grant Gross
IDG News Service
May 6, 2010
U.S. agencies targeting the sale of counterfeit networking hardware have gotten 30 felony convictions, including a man attempting to sell fake networking equipment to the U.S. Marine Corps, and seized $143 million worth of fake Cisco hardware, the U.S. Department of Justice said on Thursday.
The DOJ, U.S. Federal Bureau of Investigation, U.S. Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP) have conducted Operation Network Raider, which has made 700 separate seizures of networking equipment since 2005, the DOJ said.
In addition to the convictions and seizures, nine people are facing trial and another eight defendants are awaiting sentencing, the agencies said. There was a 75 percent decrease in seizures of counterfeit network hardware at U.S. borders from 2008 to 2009, CBP said.
Operation Network Raider seeks to protect computer networks and IT infrastructure in the U.S. from failures associated with counterfeit network hardware, including network routers, switches and network cards, the agencies said.
On Thursday, Ehab Ashoor, 49, a Saudi citizen residing in Sugarland, Texas, was sentenced in the U.S. District Court for the Southern District of Texas to just over four years in prison and ordered to pay
$119,400 in restitution to Cisco Systems. On Jan. 22, a jury found Ashoor guilty of charges related to trafficking in counterfeit Cisco products, the DOJ said.
[...]
IDG News Service
May 6, 2010
U.S. agencies targeting the sale of counterfeit networking hardware have gotten 30 felony convictions, including a man attempting to sell fake networking equipment to the U.S. Marine Corps, and seized $143 million worth of fake Cisco hardware, the U.S. Department of Justice said on Thursday.
The DOJ, U.S. Federal Bureau of Investigation, U.S. Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP) have conducted Operation Network Raider, which has made 700 separate seizures of networking equipment since 2005, the DOJ said.
In addition to the convictions and seizures, nine people are facing trial and another eight defendants are awaiting sentencing, the agencies said. There was a 75 percent decrease in seizures of counterfeit network hardware at U.S. borders from 2008 to 2009, CBP said.
Operation Network Raider seeks to protect computer networks and IT infrastructure in the U.S. from failures associated with counterfeit network hardware, including network routers, switches and network cards, the agencies said.
On Thursday, Ehab Ashoor, 49, a Saudi citizen residing in Sugarland, Texas, was sentenced in the U.S. District Court for the Southern District of Texas to just over four years in prison and ordered to pay
$119,400 in restitution to Cisco Systems. On Jan. 22, a jury found Ashoor guilty of charges related to trafficking in counterfeit Cisco products, the DOJ said.
[...]
Spammers ordered to pay tiny ISP whopping $2.6m
By Dan Goodin in San Francisco
The Register
6th May 2010
A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period.
Although it's questionable whether Asis Internet Services will ever see a penny of that windfall, the judgment is testament to the awesome power of CAN-SPAM, short for the Controlling the Assault of Non-Solicited Pornography and Marketing Act, which was passed by Congress in 2003. It allows judgments of as much as $100 for every unsolicited email, and damages can be tripled for a variety of reasons.
The judgment was awarded by Magistrate Judge Elizabeth D. Laporte of the US District Court in Northern California. It comes in a case filed against the principals of a business called Find a Quote. A four-employee ISP in Garberville, California, Asis said it receives about 200,000 junk messages per day and spends about $3,000 per month to process them.
Laporte calculated that the ISP was entitled to damages of $865,340, but went on to triple the amount, to 2.596m, because, she said, the Find a Quote spammers, including defendant Edward Heckerson, had employed automatic scripts to send their messages.
[...]
The Register
6th May 2010
A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period.
Although it's questionable whether Asis Internet Services will ever see a penny of that windfall, the judgment is testament to the awesome power of CAN-SPAM, short for the Controlling the Assault of Non-Solicited Pornography and Marketing Act, which was passed by Congress in 2003. It allows judgments of as much as $100 for every unsolicited email, and damages can be tripled for a variety of reasons.
The judgment was awarded by Magistrate Judge Elizabeth D. Laporte of the US District Court in Northern California. It comes in a case filed against the principals of a business called Find a Quote. A four-employee ISP in Garberville, California, Asis said it receives about 200,000 junk messages per day and spends about $3,000 per month to process them.
Laporte calculated that the ISP was entitled to damages of $865,340, but went on to triple the amount, to 2.596m, because, she said, the Find a Quote spammers, including defendant Edward Heckerson, had employed automatic scripts to send their messages.
[...]
Federal CSOs Split On Their Views Of Agency Security Posture
By Tim Wilson
DarkReading
May 06, 2010
The chief security officers at major federal agencies are worried about the threats currently faced by their organizations, and many of them don't think have the resources they need to defend against them, according to a study published today.
In a report compiled by Cisco and (ISC)2, only half of federal CSOs think they have a significant ability to affect the security posture of their agencies. Half of the CSOs say their postures have improved since 2009; 28 percent feel that things are worse, and approximately 20 percent feel that no change has occurred.
Twenty-seven percent of federal CSOs say software vulnerabilities are the most severe threat to their agencies; 24 percent cited insider threats. Only 21 percent cited threats from foreign nation-states as the most severe threat to their agencies.
Yet federal CSOs are feeling the pressure to do more on the political side than on the technical side, the study says. More than half (54
percent) say their jobs are becoming more political/policy-oriented, while 51 percent say their jobs are becoming more managerial in nature.
Only 26 percent said their duties are becoming more technical.
"The nature of their jobs is changing," says Lynn McNulty, (ISC)2's director of government affairs. "What they do is becoming much more policy-oriented, and their duties are becoming less technical and more managerial."
[...]
DarkReading
May 06, 2010
The chief security officers at major federal agencies are worried about the threats currently faced by their organizations, and many of them don't think have the resources they need to defend against them, according to a study published today.
In a report compiled by Cisco and (ISC)2, only half of federal CSOs think they have a significant ability to affect the security posture of their agencies. Half of the CSOs say their postures have improved since 2009; 28 percent feel that things are worse, and approximately 20 percent feel that no change has occurred.
Twenty-seven percent of federal CSOs say software vulnerabilities are the most severe threat to their agencies; 24 percent cited insider threats. Only 21 percent cited threats from foreign nation-states as the most severe threat to their agencies.
Yet federal CSOs are feeling the pressure to do more on the political side than on the technical side, the study says. More than half (54
percent) say their jobs are becoming more political/policy-oriented, while 51 percent say their jobs are becoming more managerial in nature.
Only 26 percent said their duties are becoming more technical.
"The nature of their jobs is changing," says Lynn McNulty, (ISC)2's director of government affairs. "What they do is becoming much more policy-oriented, and their duties are becoming less technical and more managerial."
[...]
Hacker develops multi-platform rootkit for ATMs
By Robert McMillan
IDG News Service
May 5, 2010
One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference.
He plans to give the talk, entitled "Jackpotting Automated Teller Machines," at the Black Hat Las Vegas conference, held July 28 and 29.
Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also reveal a "multi-platform ATM rootkit," and will discuss things that the ATM industry can do to protect itself from such attacks, he writes in his description of the talk, posted this week to the Black Hat Web site.
Jack was set to discuss ATM security problems at last year's conference, but his employer, Juniper Networks, made him pull the presentation after getting complaints from an ATM maker that was worried that the information he had discovered could be misused.
The security researcher found a straightforward way of getting around Juniper's objections, however. Last month, he took a new job as director of security research with IOActive.
[...]
IDG News Service
May 5, 2010
One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference.
He plans to give the talk, entitled "Jackpotting Automated Teller Machines," at the Black Hat Las Vegas conference, held July 28 and 29.
Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also reveal a "multi-platform ATM rootkit," and will discuss things that the ATM industry can do to protect itself from such attacks, he writes in his description of the talk, posted this week to the Black Hat Web site.
Jack was set to discuss ATM security problems at last year's conference, but his employer, Juniper Networks, made him pull the presentation after getting complaints from an ATM maker that was worried that the information he had discovered could be misused.
The security researcher found a straightforward way of getting around Juniper's objections, however. Last month, he took a new job as director of security research with IOActive.
[...]
Subscribe to:
Posts (Atom)