Information Security all in one place!

Posts tagged “United States

University Accredited Certificate Program Launch; First of it’s Kind

Security Innovation and University of Central Florida Launch Secure Software Development (SSD) Certificate Program

Image representing Security Innovation as depi...

–(Business Wire)– Security Innovation and the University of Central Florida (UCF) today announced the Secure Software Development (SSD) Certificate Program as part of the university’s Continuing Education curriculum. This computer-based certification and training program offered by UCF is the first of its kind offered by a US higher education institution, and is targeted at professionals and students looking to improve their application securityskills with a recognizable certification from an accredited university.

University of Central Florida

University of Central Florida

The SSD Certificate Program is comprised of 15 courses from Security Innovation’s computer-based training curriculum product TeamProfessor, the most comprehensive application security training program in the industry. This partnership provides students with a practical set of courses that will provide the foremost expertise in the application security discipline, complete with technical support for all users. UCF has constructed the program to feature three levels of certification: Foundation, Advanced and Expert.

More on this article here:

More on the program can be found here:

NSA: Ultimate Internet Spy Center

The NSA‘s new spy center will see everything

Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.

This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.

More on this interesting story here:

US E-Voting system: 48 hours to Crack

US e-voting system cracked in less than 48 hours

English: Ballot Box showing preferential voting

Researchers at the University of Michigan have reported that it took them only a short time to break through the security functions of a pilot project for online voting in Washington, D.C. “Within 48 hours of the system going live, we had gained near complete control of the election server”, the researchers wrote in a paper that has now been released. “We successfully changed every vote and revealed almost every secret ballot.” The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose.

In 2010, the developers of the municipal e-voting system that enables voters living abroad to vote via a web site, invited security experts to conduct tests. The university researchers say that the project was developed in cooperation with the Open Source Digital Voting Foundation (OSDV) and that other US states have also worked on services similar to Washington’s “Digital Vote-by-Mail Service”. They also praise the system’s transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques.

The security experts investigated common vulnerable points such as login fields, the virtual ballots’ content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability. They were also able to use the PDFs generated by the system to trick the encryption mechanism, while unsecured surveillance cameras provided additional insights into the infrastructure. While the open source nature of the code made their work somewhat easier, they believe that attackers would have been able to make quick headway even if the system had been proprietary.

Read More Here:

CyberSecurity Reality Check: Attackers Winning?

This past year’s wave of high-profile, extremely sophisticated cyberattacks are a watershed moment for the security field, according to RSA chief Arthur Coviello.

SAN FRANCISCO (CNNMoney) — This past year’s wave of high-profile, extremely sophisticated cyberattacks are a watershed moment for the security field, according to RSA chief Arthur Coviello.

“People in our line of work have been going through hell in the past 12 months,” Coviello said during his kickoff keynote for RSA’s 2012 conference, one of the largest annual gatherings of U.S. cybersecurity professionals. “Our networks will be penetrated. We should no longer be surprised by this.”

Read more here:

Anonymous: “Power” in their hands

U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities

The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.

Español: Sello de la NSA English: The seal of ...

Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.

Gen. Alexander’s warning signals a growing federal …

More on this story here:

Wall Street Journal:

USA Today:

Railway Hacks, VideoConferencing Espionage, and Security Professionals Gone Bad

While this week wasn’t quite as action packed as last, there’s plenty of security stories to cover in this episode by — Corey Nachreiner, CISSP (@SecAdept). They have been summarize  in the  brisk video below (runtime: 6:03 minutes).

If you prefer text to moving pictures, you can also find a quick descriptions of these stories, as well as reference links, underneath the video.

Buy Hotspot Shield Elite 1 yr.  Click Here

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Massachusetts Data Protection Law to Include Third Parties as of March 1

As of March 1, 2012, all companies that retain and store data about
Massachusetts residents must be able to demonstrate that they and all

English: Seal of the Commonwealth of Massachusetts

their contractors and other third party partners comply with the state’s data breach law. The law took effect on March 1, 2010, but the portions of compliance requirements were phased in. The last part, third-party
compliance, is what is taking effect just over a month from now. There

will need to be language in the contracts with third parties requiring
them to take reasonable steps to protect the information. Companies will
not be required to audit third-party partners for compliance, but it is
recommended that their contracts specify they reserve the right to
conduct an audit if they choose. The contract language also needs to
specify that the third-party will notify the companies immediately in
the event of a breach and destroy or return data when the contract is
terminated. The law applies to all companies that store data of
Massachusetts residents, whether or not that company is based in the
state. The law was scheduled to take effect in January 2009, but the
deadline has been extended twice.


Read More: