Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Crypto Cracked but Two-Factor Authentication Remains Safe”, 2) “State Department Looking to Monitor Facebook & Twitter”, and 1) “Hacking Back for Fun & Profit – Not”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Hacking Back for Fun & Profit – Not: Some companies and organizations are using hack-backs against intruders of their networks. This activity could involve the victim company either tasking their employees to hack back or hiring an outside firm. Most agree that hacking back is not the right solution for a variety of reasons, including it being totally illegal in most jurisdictions and resulting in attacks escalating out of control. Do you agree? Let us know your thoughts. (continued here)
State Department Looking to Monitor Facebook & Twitter: We came across a fascinating article from New Scientist on how the State Department is looking to procure systems to cull through the mass of public data on social networking sites to understand public sentiment (e.g., political unrest in a country). The procurement notice specifically called out “deep analysis of topics, conversations, networks, and influencers of the global social web”. Do you think that the government should monitor social media, or is it an invasion of privacy? Let us know what you think. (continued here)
Table Comparision of Proposed Cybesecurity Legislation: Interested in cyber security legislation? Confused about all the different bills, who’s supporting what, and the consequences of each? Well, we love tables … and a few days ago we came across an article on GovInfoSecurity.com that provided a quick summary of what’s going on and then pointed to a recent report put together by the folks over at the Heritage Foundation. The document consists of a simple two page summary table (PDF) with all the core legislation details. What do you think about the proposed cybersecurity legislation? Let us know. (continued here)
How to Break Into Security – the Krebsonian-Ptacek Interpretation: It looks like Brian Krebs is starting a series of posts getting the perspectives of different infosec luminaries on the age old question – How do you break into security? His first article featured some opinions from Thomas Ptacek of Matasano Security. Although Thomas is looking through a computer science or software development lens, there are a number of great tips to consider. Plus he makes some good points on how app security plays a huge part in the development of the next generation of security tools, which personally sounds more fun than just deploying and monitoring them. What did you think about the interview? Post your comments and let us know. (continued here)
Crypto Cracked but Two-Factor Authentication Remains Safe: In case you haven’t heard … researchers have recently cracked several security tokens that support the older PKCS #1 v1.5 padding mechanism, including the RSA SecurID 800. Devices that support this standard include the capabilities to perform smartcard-type applications (see that big honking USB connector) as well as support other standards such as those commonly use for two-factor authentication. Of course many are making a kerfuffle out of this smartcard-based weakness but reports of this compromise seem to be bleeding over into the two-factor authentication capabilities. There still seems to be lots of confusion surrounding this attack. What’s your take on it? (continue here)
Hope everyone had a wonderful week. Have a great weekend!