Tuesday, December 29, 2015

Dark Web Drug Lords Beware - The Tax Man cometh - What I am reading 12/29/2015

Dark Reading - 15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't -
11. Manage Privileged Users Better.
Study, after study, after study this year revealed that privileged accounts need to be better managed. It isn't just that the credentials themselves are too weak but sometimes they're poorly monitored, too widely shared, and they're not efficiently revoked when employees leave an organization.
And more like that, basically a recap of the years stories. 

Boing Boing - TPP is a giftwrapped wealth-transfer to China -
Interestingly, this critique comes from a "Hayekian," right-wing proponent of free market capitalism, who says that by going far beyond trade, this "trade agreement" will cripple the economies of all who sign it.
I am a proponent of trade, but these agreements have now moved far beyond that.  This agreement needs to be killed and renegotiated as a straight up trade agreement.  

NY Times - The Tax Sleuth Who Took Down a Drug Lord -
The work had given Mr. Alford what he believed was the answer to a mystery that had confounded investigators for nearly two years: the identity of the mastermind behind the online drug bazaar known as Silk Road — a criminal known only by his screen name, Dread Pirate Roberts.
When Mr. Alford showed up for work that Monday, he had a real name and a location. He assumed the news would be greeted with excitement. Instead, he says, he got the brushoff.
This seems to be a recurring theme from Internet Drug Lords to Mass Shooters to the 9/11 Hijackers.  Someone pops up on the screen for about 15 milliseconds, the cops look at them dismiss them and X number of months later some horrendous crime is committed.   I have ideas on how some of this could be avoided but it would not be popular.

The Daily Dot - The trials and tribulations of America's chief Internet defender -

Long article, but a fairly interesting read.  Pushes a little bit for the adoption of CISA and pimps EINSTEIN, the governments evil electronic overlord, but overall the director of US-CERT comes off as reasonable and not at all the horrible internet eating monster that we all know she is.  (OK that may be a bit of an exaggeration, but as I wander forums that isn't too far off from what I see a lot of times)

TechDirt - Facebook's Zuckerberg: If You Oppose Our International Power Grab, You're An Enemy Of The Poor -
Except a walled garden is exactly what Facebook is building. And pretending the entire country's poor will somehow be left behind if one doesn't support Facebook's vision of the future isn't just misleading, it's obnoxious. Facebook's zero rated ambitions don't operate in a vacuum; countless citizens, companies and organizations have spent years working to bring real Internet access to India's poor every day. Projects like the open source Freedombox, which manages to encourage connection to the actual Internet while simultaneously supporting concepts like encryption:
OK, I am not a Zuckerberg fan but this criticism is completely off base, at least from what I read of freedombox.  As I look at the wiki entry my first though is how in the name of fuck are people supposed to run a "personal server running a free software operating system, with free applications designed to create and preserve personal privacy." when something like 60% of India doesn't have reliable electric power?  The article criticizes the use of existing telecom infrastructure.  What are they supposed to do?  Shit fiber optic cable and piss gigabit switches?  I agree locking people into Facebook's ecosystem is bad, but the solution proposed in the article is laughable at best.

And the US Power Grid is Vulnerable twofer

Milton Security - U.S. Power Grid vulnerable to attack -
Brian Wallace, a security researcher, was recently tracking a group of hackers who had stolen housing information from an unnamed California university, when he made a far more sinister discovery.  Her found that hackers, possible from Iran, had found a way to infiltrate the U.S. power grid, and had stolen information ranging from passwords to engineering plans.  Wallace believes that the information could easily be used to cut the power on U.S neighborhoods.
SANS - Intruders Gains Access to Dam's Industrial Control System, US Power Grid (December 21, 2015)  -
According to the Wall Street Journal, cyber intruders based in Iran managed to gain access to an industrial control system of a flood control dam near New York City. They found an opening through a cellular modem. While the intruders did not take control of the dam, they did look around inside the system. In a related story, intruders also gained access to networks that operate the US power grid and stole passwords and power plant schematics.
-http://hosted.ap.org/dynamic/stories/U/US_INFRASTRUCTURE_POWER_GRID_CYBERATTACKS_ABRIDGED?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2015-12-21-03-
26-40

-http://www.theregister.co.uk/2015/12/21/iranian_hackers_target_new_york_dam/-http://www.bbc.com/news/technology-35151492-http://www.scmagazine.com/american-infrastructures-cybervulnerabilities-again-in
-the-spotlight/article/461043/
The thing I love about these articles is how easy everyone assumes it is to just fix it.  It's not.  The grid is something that grew over a long period of time and some of the equipment has been in place for decades.  It isn't just a rip it out and replace it type of thing either.  This is a problem, one that people are aware of and one that people work on everyday but believe me there is no magic solution.








Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...