Security Innovation and University of Central Florida Launch Secure Software Development (SSD) Certificate Program
–(Business Wire)– Security Innovation and the University of Central Florida (UCF) today announced the Secure Software Development (SSD) Certificate Program as part of the university’s Continuing Education curriculum. This computer-based certification and training program offered by UCF is the first of its kind offered by a US higher education institution, and is targeted at professionals and students looking to improve their application securityskills with a recognizable certification from an accredited university.
The SSD Certificate Program is comprised of 15 courses from Security Innovation’s computer-based training curriculum product TeamProfessor, the most comprehensive application security training program in the industry. This partnership provides students with a practical set of courses that will provide the foremost expertise in the application security discipline, complete with technical support for all users. UCF has constructed the program to feature three levels of certification: Foundation, Advanced and Expert.
More on this article here:
The NSA‘s new spy center will see everything
Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.
This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.
More on this interesting story here: http://www.neowin.net/news/the-nsas-new-spy-center-will-see-everything
- Everybody’s a Target: NSA Building Largest Spy Center Ever (musicians4freedom.com)
- The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) (wired.com)
- National Security Agency To Build Spy Center That Will Track All Electronic Communication (inquisitr.com)
- RT News – NSA Utah ‘Data Center’: Biggest-ever domestic spying lab? – RT (2012indyinfo.com)
US e-voting system cracked in less than 48 hours
Researchers at the University of Michigan have reported that it took them only a short time to break through the security functions of a pilot project for online voting in Washington, D.C. “Within 48 hours of the system going live, we had gained near complete control of the election server”, the researchers wrote in a paper that has now been released. “We successfully changed every vote and revealed almost every secret ballot.” The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose.
In 2010, the developers of the municipal e-voting system that enables voters living abroad to vote via a web site, invited security experts to conduct tests. The university researchers say that the project was developed in cooperation with the Open Source Digital Voting Foundation (OSDV) and that other US states have also worked on services similar to Washington’s “Digital Vote-by-Mail Service”. They also praise the system’s transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques.
The security experts investigated common vulnerable points such as login fields, the virtual ballots’ content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability. They were also able to use the PDFs generated by the system to trick the encryption mechanism, while unsecured surveillance cameras provided additional insights into the infrastructure. While the open source nature of the code made their work somewhat easier, they believe that attackers would have been able to make quick headway even if the system had been proprietary.
- Election hacked, drunken robot elected to school board – The Register (tribuneofthepeople.com)
- Hacked DC School Board E-Voting Elects Bender President [Security] (gizmodo.com)
- In Theory And Practice, Why Internet-Based Voting Is a Bad Idea (politics.slashdot.org)
- Hackers Elect Futurama’s Bender to the Washington DC School Board (pcworld.com)
This past year’s wave of high-profile, extremely sophisticated cyberattacks are a watershed moment for the security field, according to RSA chief Arthur Coviello.
SAN FRANCISCO (CNNMoney) — This past year’s wave of high-profile, extremely sophisticated cyberattacks are a watershed moment for the security field, according to RSA chief Arthur Coviello.
“People in our line of work have been going through hell in the past 12 months,” Coviello said during his kickoff keynote for RSA’s 2012 conference, one of the largest annual gatherings of U.S. cybersecurity professionals. “Our networks will be penetrated. We should no longer be surprised by this.”
- The next breed of security analyst needs to be from the military (venturebeat.com)
- Symantec: Cyber Attacks May Be Costing Your Business Big $ (netsecurityit.wordpress.com)
- RSA 2012: Security Engineers Seek Prophecy in Mick Jagger, Aretha Franklin (readwriteweb.com)
- RSA Conference 2012 and Ponemon Institute Join Forces for 2012 Research (365.rsaconference.com)
- Deception and the art of cyber security (scmagazine.com)
U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities
The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.
Gen. Alexander’s warning signals a growing federal …
More on this story here:
While this week wasn’t quite as action packed as last, there’s plenty of security stories to cover in this episode by — Corey Nachreiner, CISSP (@SecAdept). They have been summarize in the brisk video below (runtime: 6:03 minutes).
If you prefer text to moving pictures, you can also find a quick descriptions of these stories, as well as reference links, underneath the video.
Buy Hotspot Shield Elite 1 yr. Click Here
- Anonymous continues their online riot, taking down more recording industry sites, and defacing a US government internet security site:
- TSA claims Pacific Northwest railways fell victim to a cyberattack:
- HD Moorediscloses security risk with videoconferencing systems:
- Cameras open boardroom to hackers – New York Times
- Microsoft accuses ex-antivirus employee of creating Kelihos botnet:
- Botnet maker worked for security companies – Computer World
- Symantec warns customers to stop using PC Anywheredue to vulnerability:
- Google Releases a Chrome security update:
- EXTRA: Attackers are exploiting recent Windows Media vulnerability (MS12-004). This late breaking story didn’t make the video, but I felt I should include it here:
- Hackers pounce on Media Flaw – ZDNet
their contractors and other third party partners comply with the state’s data breach law. The law took effect on March 1, 2010, but the portions of compliance requirements were phased in. The last part, third-party
compliance, is what is taking effect just over a month from now. There
will need to be language in the contracts with third parties requiring
them to take reasonable steps to protect the information. Companies will
not be required to audit third-party partners for compliance, but it is
recommended that their contracts specify they reserve the right to
conduct an audit if they choose. The contract language also needs to
specify that the third-party will notify the companies immediately in
the event of a breach and destroy or return data when the contract is
terminated. The law applies to all companies that store data of
Massachusetts residents, whether or not that company is based in the
state. The law was scheduled to take effect in January 2009, but the
deadline has been extended twice.
Read More: http://tinyurl.com/DataProtectionLaw-MA
- Final Phase of Mass. Data Protection Law Kicks in March 1 (oracleidentity.wordpress.com)
- One in Three Massachusetts Residents’ Records Breached (homesecuritysource.com)
- Data Protection & Breach Readiness Guide (brianpennington.co.uk)
- Massachusetts data privacy law, outwards and upwards (atrilife.wordpress.com)
- Kelly seeks information about consumer impact of data breach at Zappos.com (gloucestercitynews.net)