This is related to the 20 security controls I previously posted. While you don’t need to read this to go through the 20 controls, this will be more then useful for general understanding.
While you are on NIST it’s worth looking at the other publications, I will see if I can post a few of my favorites next month.
I have wanted to share this for a while;
SANS does an excellent job of listing quick points to each control to help enable you to sell this and start to implement. This information is great for any organization small or large, you can pull great information from this to make your life better. Also a bit more fun with Control 17
The largest issue I am sure you will have is finding the time to go through the entire document. It might also be worth to distill this a little further and get down to a few key wins in things you know you are lacking right now.
Hackers have targeted the lower house of parliament and Mitsubishi Heavy Industries (Japans largest def contractor). It appears that they had access to the lower parliament for an extended period of time.
These kind of attacks makes me thing we need a different approach to network security for sensitive locations. Do we need an internet 3, for just trusted hosts? Or maybe be more selective on what machines need to be connected to the wide world and what does not. In reality you can’t hack what you can’t get to. If they had a small email system with maybe some sort of BlackBerry system, that could only send out mail to internal users?
Just a rough thought.
It appears the pastbin posting have been removed but I did have this source.
Anon has posted personal police officer information including passwords, names, addresses, phone numbers and SSN. Unlike the attacks against the hosts of CP, I am not thrilled about this. While the hacker has made the point, depending on what kind of information was released this could put people in serious danger. Posting the names and addresses of police officers is a good way to get someone hurt. I am not specifically talking about the the officers, these people have families and kids, it does not take a genius to figure out what someone with a problem with specific police officer will do. I also don’t except the argument they had it coming, not everyone is an asshole and NO kid should be put at that kind of risk.
It does not look like the source documents have been released yet, but a group of researchers have created a complete topography of the TOR network.
Here is the posting from the HNN.
Using this method they are also able to inspect traffic. The full set of information is going to be released on Oct 29-30 2011 in Sao Paulo.
Nice tie into the last article on how people try to hide on the darknet.
You may have seen a story about Anonymous setting their sites on CP sites on Darknet. (I can’t overstate how happen this makes me)
Here is the release from them with the details.
So what is Darknet?
Here is what I know of it, darknet is a collection of sites / DB’s and information that is only accessible on the TOR network. To call some of this shady is an understatement. This information is not indexed by any search engine, and is only available to you if you have a direct link. There is a couple wiki sites that I have seen that collected these links, categorize them and post them. This is exactly what Anon went after, this is an excellent place for people to go that want to share bad things like CP.
You can access if you know what you are looking for, but I am not comfortable in posting this information. Once you see something it can’t be unseen.
I have seen this with radio equipment, but this is just awesome.
I have not been able to locate the original paper yet, I would like some more details on how differentiates the different keys.
Bitdefender now has a removal tool for DuQu that I previously mentioned.
As far as I know there is still not complete detection for this threat, so you should keep that in mind.
I found it.
This is also something that will happen soon, and I am not sure it if will be the US on the sending or receiving end. Critical systems should be on air gap networks, completely cut off no USB keys, laptops, no no no. Updating may be necessary but that risk needs to be tightly managed.
Great white paper from Symantec.
It’s definitely only matter of time before we see Stuxnet 2.0, I would bet in the next 12 to 18 months something will come up again. I wish I had the source article but I read that the US was looking at launching a wire attack on Libya before the plans came in to disable air defense.