Monday, April 13, 2020

What I'm Reading 4/13/2020

HelpNet Security - You have to consider cybersecurity at all points of a cloud migration -
The research found threats and security weaknesses in several key areas of cloud-based computing, which can put credentials and company secrets at risk. Criminals capitalizing on misconfigurations have targeted companies with ransomware, cryptomining, e-skimming and data exfiltration.
Belmont Club -  Planning the Great Escape from House Arrest—and From Communist China -
As the northern hemisphere begins to emerge from the worst of the pandemic, political punditry is focusing on two issues: how to reopen the economy and how to decouple from China. The two subjects are related because a large part of the Western economy is joined at the hip with Beijing. To a substantial degree, China produces what America consumes. Each country's holdings in the other are enormous. They are bound by innumerable contracts, deals, projects and cross-posted personnel that are not easily severed.
This system of cross-dependency was consciously pursued to vaccinate the world against a repetition of the two world wars. However, globalization also significantly eroded the independence and freedom of action of individual nations, though not each to the same degree. It permitted asymmetries to arise between the more aggressive and secretive regimes at the expense of  those which, perhaps naively, adhered more closely to the posted rules.
 Computer World - Amid the pandemic, MFA's shortcomings are clearer than ever -
That brings us to MFA. Multifactor authentication is supposed to be just that, but it's typically deployed in the least secure manner — sending straight numeric texts to a mobile device, a tactic that is well-known to be susceptible to man-in-the-middle attacks. So, are there better ways to deploy MFA, something that can be easily executed under today's far-less-than-ideal conditions? 
 Security Boulevard - STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules -
Interestingly, leadership for this push came from federal regulators in, of all places, the Middle East.  In May 2017, the Saudi Arabian Monetary Authority (SAMA) implemented its Cyber Security Framework mandating prescriptive measures, including a requirement to containerize data in all computing formats. A few months later the United Arab Emirates stood up its National Electronic Security Authority (NESA) which proceeded to do much the same thing.
Earlier this year, US regulators essentially followed the Middle East’s lead by rolling out sweeping new rules — referred to as Cybersecurity Maturity Model Certification (CMMC)  — which require use of data containerization along much the same lines as Saudi Arabia and the UAE mandated some three years ago. The implementation of CMMC represents a big change from past U.S. federal data handling rules for contractors, for which compliance was by-and-large voluntary.
CNN -  China's PLA Navy is controlling coronavirus and aircraft carrier's deployment proves it, report says -
A Chinese naval flotilla headed into the Pacific over the weekend, evidence that the People's Liberation Army Navy has done a much better job controlling coronavirus than the US Navy, according to a story posted on the PLA's English-language website.
The aircraft carrier Liaoning led the group, which included two guided-missile destroyers, two guided-missile frigates and an auxiliary ship, according to the report from state-run tabloid Global Times. It cited Japanese and Taiwanese reports and noted the PLA had not confirmed the operation.
 TechCrunch - Want To Know Why U.S. Broadband Is A Bad Joke? Take a Close Look at Frontier Communications -
In telecom policy circles, there's an army of "experts" who twist themselves into pretzels trying to pretend U.S. telecom is a healthy, normal, vibrant market. Blinded by partisan loyalties, sector financial links, or ideologies embedded decades ago, they're incapable of even acknowledging that Americans pay too much money for spotty, substandard service with historically terrible customer support. They're even less likely to acknowledge the corruption, regulatory capture, and lack of competition that made this dysfunction possible. If it is acknowledged, it's downplayed to a comical degree. 

No comments: