it-security

A cloud computing company was hit with a record-breaking hack — and that’s bad news for your home

Last week, French cloud computing company OVH was hit with a DDoS attacks that exceeded one terabit per second. It’s being reported as the “largest DDoS attack ever.” While it might not seem all that important to people outside OVH, a DDoS attack on such a cloud computing company could render objects in your home utterly useless.

Follow @the-future-now

Hillary Clinton didn’t complete required State Department security training

External image
According to new documents obtained through a Freedom of Information Act request, Hillary Clinton failed to complete required security training for handling State Department classified intel:

The Daily Caller received a collection of documents, showing Clinton’s chief of staff Cheryl Mills and deputy chief Huma Abedin completed their “Special Compartmented Information” (SCI) training. The two signed these forms in January 2009, but there is no such form confirming that Clinton completed the course.

Classified SCI documents usually deal with highly-sensitive State Department information, not the least of which are satellite intelligence and communications with America’s spies abroad. It is possible that information of this kind existed within the emails of Clinton’s private server.

Retired Col. Jim Waurishuk, who oversaw security protocols as  U.S. Central Command deputy director for intelligence, told the Daily Caller:

“The standard process is you will get all your security indoctrination done immediately upon taking office,” Waurishuk said. “Technically, if you don’t do (the training) for people at my level, they can pull your clearance. There’s a level of responsibility, trustworthiness, and your integrity that comes into play here.”

Maybe this is why Clinton didn’t know “C” stood for “classified”?

Essay time!

This is a submission for my ITsec Law class…not sure if I can post this yet without getting in trouble…I really don’t care.

Backdoors to Encryption Programs – Where and why they fail

With the ever-changing information landscape, it is not uncommon for governments to seek ways they can control communication in the interests of both law enforcement and national security. One piece of legislation here in the US that originally appeared in 2001, and again in 2010, proposes a requirement for vendors of encryption software to create back doors in their methodology, and to disclose that back door to the government. This has several flaws, from the inherent security risks of leaving easily exploitable holes, to hindering business’ protection from competitive spying. This also leaves our communications wide open for adversarial countries, such as China, to eavesdrop.

Keep reading

Ποιές πόλεις είναι ευάλωτες σε διαδικτυακά εγκλήματα το 2012;

External image
Μια νέα έρευνα της εταιρείας Norton αναφέρει ποιες είναι οι 10 πιο ευάλωτες πόλεις σε επιθέσεις hacking. Κάθε πόλη κατατάχθηκε ανάλογα με τον αριθμό υπολογιστών και smartphones που χρησιμοποιούνται σε αυτή καθώς και τα Wi-Fi hotspots. Το Μάντσεστερ φαίνεται πως είναι η πιο επικίνδυνη πόλη αναφορικά με έκθεση σε διαδικτυακά εγκλήματα ενώ το Βανκούβερ βρίσκεται […]

Διαβάστε περισσότερα »»» http://dlvr.it/1FTrs8

Security Tips

     First let me introduce myself.  I am Josh Roseberry of Greensburg, Indiana.  I have lived in this small town my entire life.  I made the so wise decision to attend online courses at Phoenix University.  Yes I realize Phoenix is not exactly a well respect school.  I also realize online courses don’t gain a lot of respect either.  I spend a good portion of my time studying Information Technology concepts.  I am pursuing my Bachelors of Science in Information Technology with a focus on Networking and Telecommunications.

     I currently live in a one bedroom apartment complex.  This makes wireless security a bit of a concern for me as all my devices are currently wireless.  I currently have a Cisco® Lynksys WRT320N Dual Band wireless-n gigabit router.  I do use WPA2 security mode yet with a recent firmware upgrade I no longer have the choice to select encryption and authentication protocols.  This is a shame because I do prefer TKIP over AES.

     I can provide some tips.  If you live in a crowded area and are concerned about other people getting into your network through a wireless router do some of these steps.  Make sure you use a strong pass phrase.  It should be between 8 and 10 characters long and include both upper and lower case letters as well as numbers.  To take the security higher through in some special characters as well.  Some special characters that are commonly used are $%#@^&.

     The next step is to use mac filtering and reservation.  On my home network only mac addresses I enter into the wireless mac filter will be allowed wireless access.  Adding a DHCP mac reservation for those mac addresses will give you an idea of what is connected to which IP.  This takes a bit more setup but is perfect for smaller networks.

     While these tips should be common sense to IT experts, not all consumers are aware.  I will be back later with some more tips.

computerworld.com
Facebook's Timeline will be boon for hackers - Computerworld

Because people often use personal information to craft passwords or the security questions that some sites and services demand answered before passwords are changed, the more someone adds to Timeline, the more they put themselves at risk, said Wisniewski.

As always, our mish-mash approach to IT security leaves us vulnerable to social engineering.  In this case, one of the greatest weaknesses is the “secret question” formula where we’re asked to give up our mother’s maiden name or our high school mascot in case we are unable to remember our password.  These are questions with finite, guessable, or easily researched answers, and they serve as a kind of “password lite” into our accounts.  But we can’t make up bogus answers without facing the possibility of being locked out of those accounts forever.  The answer, the REAL answer, is to stop using fucking passwords and use an assured identity token.  Kinda like, you know, your debit card (don’t use those for this, though).  

Planning your career path

If you have just completed your studies, it is time to sit down and think of jobs and a long-term career strategy, we have some tips to help.

1. Your first career plan-of-action is to identify jobs where locals are preferred. Such jobs usually combine some technical expertise (known in HR jargon as “domain knowledge”) and lots of leadership and people-relationship skill.

An example is IT Project Management, such as upgrading all the computers in institutions or building a Web portal for a shopping mall. For that matter, any project management career is highly desirable.

Other areas where it would be much preferable to hire locals include:

  • Managing IT security, Web and social media and computer-based creative tasks
  • Working in the creative and media industries – publishing, Web content design writing and production, mass media communication, and of course good old fashion journalism
  • Training and teaching, counselling, human resource development and social work.

2. Next, identify your own skills and inclinations, which would include those outside of your current school studies. Think of all the things you would dearly love to do even if you have no idea how to do them.

3. Do research on those skill sets that you don’t have, but like to, and find out where you can acquire them. Set out a timeline on how and when you intend to accomplish it.

Note that your timeline is not cast in concrete. It is an evolving plan, and it will have to be amended continually after you’ve graduated and started on your first job.

There are many more tasks and challenges ahead in your career strategy planning. The one key message you must remember is to avoid setting out on a career path where the available jobs are often outsourced to foreign talents who may be asking only a fraction of what you expect.