The topic of offensive strategies against hackers comes up frequently and I am surprised and dismayed by the US strategies on combating cyber terror. The Americans are still thinking in a conventional warfare paradigm – in defending a new domain, William Lyn writes: It must also recognize that traditional Cold War deterrence models of assured …
Read more »The debate on whether or not the Israelis wrote the Stuxnet malware rages on – but it seems pretty clear from the research from ESET and Siemens own findings – here that the virus is apparently only activated in plants with a specific configuration. To be exact – the target is not the SCADA system …
Read more »With all the media noise about Stuxnet, cyber war and cyber terror, I proposed taking a closer look at how we relate to the players. Whether uber hackers or PLO terrorists; are we glorifying the attackers at the expense of prosecuting the victims? In data security I don’t subscribe to utilitarian ethics (which attempts to …
Read more »Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC. I’m not sure exactly if this project really qualifies as Open Source – since the license is not specified. As a methodology and not …
Read more »This evening I was added to a FB Group – apparently – you don’t have to agree to be joined in. FB Groups is a way to organize your contacts and get better control over your social networking. It looks pretty cool to me but the New York Times suggests that Facebook groups may engender even more …
Read more »In Bilski and software patents, Rob Tiller (vice president and assistant general counsel for Red Hat) attempts to make a case against software patents by claiming that they are abstract and therefore not patentable: In view of this serious problem, Red Hat submits that the Interim Guidance should be revised to recognize that software patents will ordinarily …
Read more »I had some input from colleagues on my Stuxnet posts – suggesting that I was downgrading the need to be vigilant against cyber-threats. Of course we must be vigilant, but let’s not forget a couple things: 1) We have to get the basics right – Note the Siemens guideline for implementing WinCC: ”system administrator password …
Read more »Who developed Stuxnet? Was Stuxnet developed by the Israeli Sigint unit 8200 or was it a group of Americans, Germans and Israelis working in collaboration? There has been a flurry of articles about Stuxnet in the Israeli papers, speculating on the source of the Stuxnet virus and discussing if this is the beginning of cyber …
Read more »How to protect your systems, your most sensitive data, avoid malware infections and never have a single minute of downtime due to malware. Run Ubuntu Get your services in the cloud Practice safe computing.
Read more »Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet. On one hand – the locals in Israel more or less know, or guess who worked on the project and on the …
Read more »