Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Change Your Password…Charge Your Life”, 2) “Did the Chinese Hack OPM’s e-QIP?”, and 1) “NSA Taps 5 New Cyber Ops Schools”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
Did the Chinese Hack OPM’s e-QIP?: DHS recently reported an attack on OPMs systems that “appeared to target the files of tens of thousands of employees seeking top-secret security clearances” according to the New York Times. For anyone around the DC beltway you’re probably familiar OPM’s e-QIP application … that coincidentally holds information for people seeking government clearances. If we’re talking about the same thing here, this attack could be the mother of all web application intrusions given the scrutiny this application probably gets and the sensitivity of the data it holds. (continued here)
LastPass Sadly Downplays Pair of Year-Old Vulnerabilities: On Friday our favorite password manager LastPass published a nonchalant blog post about two vulnerabilities discovered by researcher Zhiwei Li last year. The first issue involved a flaw in their bookmarklet implementation that could allow malicious websites to download credentials for other sites. The second vulnerability could allow an attacker to download someone’s encrypted password vault through a flaw in their one-time-password function. Everything has since been fixed and their only recommendation is to change your master password if you are really concerned. So what do you think LastPass was thinking with how they handled these vulnerabilities? Let us know in the comments below. (continued here)
Change Your Password … Charge Your Life: Now here is a great way to come up with a long password and help improve your life. Just create one that reminds you of some self-improvement activity (e.g., go to bed early, drink more water, etc.). After typing in this new password umpteen times a day for a few months, hopefully you have made that change you’ve always been wanting. (continued here)
NSA Taps 5 New Cyber Ops Schools: Last week the NSA added five new schools to their list of certified Cyber Operations Centers of Academic Excellence. This brings the total to 13 holding this elite designation. And the good news is that there is finally a school local to the metro DC area – Towson University. Here is the current running list as well as a snip-it from the NSA’s press release. (continued here)
The Fixie Infosec Paradigm: I came across this article comparing federal IT spending to “fixie” bikes. The author suggests you can accomplish about 85% of what is really needed for around 10% of a project’s cost. Of course Pareto’s Principle comes to mind here where “roughly 80% of the effects come from 20% of the causes.” Relating to large bureaucratic organizations … how much time and resources do we waste on causes (i.e., our hard work) that have minimal effects? Probably 80% but the hard part is determining the right 20% of causes to focus on. In hindsight this is easy so it works well for similar or recurring projects like the fixie and federal IT projects in the fixie story. (continued here)
Hope everyone had a wonderful week! Have a great weekend!