Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “New iPhone Fingerprint Reader Increases Security But Misses Point”, 2) “DHS Continuous Monitoring Program Lacks Monitoring Capabilities”, and 1) “ShmooCon 2014 Dates, CFP & Sponsorships Announced”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Media as Critical Infrastructure?: With the recent rash of attacks on media, either through websites, DNS providers, or social media accounts, as well as the creation of a cyber security framework for critical infrastructure, GovInfoSecurity.com posted an interesting article contemplating media as critical infrastructure. The transport through which media content flows is surely considered critical infrastructure but the question of the content itself is up for grabs. So what do you think? Should media be considered critical infrastructure? Let us know in the comments below. (continued here)
NSA Designates Four New Cyber Operation Schools: Perhaps in an attempt to distract the public from all the Snowden leaks, the NSA recently announced the addition of four new schools to its highly selective list of National Center of Academic Excellence (CAE) in Cyber Operations (CAE-Cyber) colleges and universities. CAE-Cyber is one of three distinctions for institutions since the program’s inception several year ago with the other two in Information Assurance Education (CAE-IAE) and Research (CAE-R). (continued here)
DHS Continuous Monitoring Program Lacks Monitoring Capabilities: Interesting interview with the Department of Homeland Security’s (DHS) John Streufert over on GovInfosecurity.com. This story comes as the contract vehicle associated with his Continuous Diagnostic and Mitigation (CDM) program was awarded to several of the standard heavyweights around the beltway. Although the program has origins with 15 lofty goals, the initial batch of initiatives focus on basic compliance covering items like #1 hardware and #2 software asset management, #3 configuration setting management, and #4 vulnerability management for federal, state, and local government agencies. (continued here)
ShmooCon 2014 Dates, CFP, & Sponsorships Announced: Wow … can’t believe it’s that time already. As of this evening The Shmoo Group announced the conference dates as well as CFP and sponsorship information. Held a little earlier than last year, the January 17th through 19th dates are sure to increase the likelihood of another Snowmagedan. And with easier metro access and away from “interesting” clubs, the conference is back at the Washington Hilton. (continued here)
Inaugural MACH37™ Cyber Security Cohort Announced: We covered the NoVA-based MACH37™ Cyber Security Startup Accelerator before. Following in the footsteps of Y Combinator, TechStars, and 500 Startups, MACH37 supports two 90-day sessions per year for security startups. Well … they just announced their first class of companies. Here’s a snip-it for each company from their announcement. Know of any other local security startups? Let us know in the comments below. (continued here)
New iPhone Fingerprint Reader Increases Security but Misses Point: There’s been a lot of discussion of the new fingerprint reader, dubbed Touch ID, in the next iteration of the iPhone that Apple announced last week. Many have commended Apple for implementing biometric authentication right, including using a high-quality reader and only storing fingerprint data on the phone, while others have lamented its failings, such as depending only on this one factor for authentication and allowing its use in iTunes purchases. What do you think of the new iPhone Touch ID feature? Let us know in the comments below. (continued here)
Is Applied Cryptography Really Out of Date?: Back in the day I pretty much cut my teeth on the Bruce Schneier’s book “Applied Cryptography” that most of us are familiar with. Overall, I found the book focused less on the complex math involved and more towards the practical application of those algorithms in interesting ways to help make systems more secure. But through the years here and there I’d hear from someone or read an article mentioning that the book, although good for its time, wasn’t that “practical” in anymore, especially for those developing crypto systems. Even Schneier expressed this concern. But why? Is Applied Cryptography too outdated to use anymore? What are your thoughts on Cryptography Engineering? Let us know in the comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!