Air Force Draws Weekend Cyberwarriors From Microsoft, Cisco
Topic: Computer Security
2:49 am EDT, Aug 7, 2007
If the U.S. Air Force is ever ordered into a cyberwar with a foreign country or computer-savvy terrorist group, the 100-plus citizen cybersoldiers at the Air National Guard's 262nd Information Warfare Aggressor Squadron will boast an advantage other countries can't match: They built the very software and hardware they're attacking.
That's because the 262nd, based at McChord Air Force Base outside Tacoma, Washington, draws weekend warriors from Microsoft, Cisco Systems, Adobe Systems and other tech companies, in a recruitment model that senior military leadership is touting as vital to the Air Force's expanded mission to achieve "dominance in cyberspace."
Neal Krawetz... gave an interesting presentation today at the BlackHat security conference in Las Vegas about analyzing digital photographs and video images for alterations and enhancements.
Interesting were the examples Krawetz gave of al Qaeda images. Krawetz took an image from a 2006 al Qaeda video of Ayman al-Zawahiri (above right), a senior member of the terrorist organization... After conducting his error analysis Krawetz was able to determine that al-Zawahiri's image was superimposed in front of the background -- and was most likely videotaped in front of a black sheet.
Wish I hadn't missed that one. I wonder if he is re-presenting at defcon...
Q&A: Security top concern for new IETF chair - Network World
Topic: Computer Security
11:46 am EDT, Jul 28, 2007
Russ Housley is the first chair of the IETF with a particular expertise in network security. Housley, who runs consulting firm Vigil Security, has been active in the IETF for nearly 20 years and helped write early e-mail security and public key infrastructure standards. Three months into his job as chair of the leading Internet standards body, Housley talked with Network World National Correspondent Carolyn Duffy Marsan about his strategy for bolting better security onto the freewheeling Internet.
Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices.
"This is as bad as it gets."
In general I try to keep stuff I do in the office out of this blog, but I thought it worth coming back to clarify that this particular bug does not impact the wide array of platforms indicated in this press report. The only OS I've confirmed that this impacts is Linux. It specifically does not impact Windows. It may or may not impact other operating systems.
The fact that Java runs on lots of platforms does not immediately imply that bugs in Java impact all platforms. In this case as a POC was released it was really easy to verify that Windows was not impacted.
I've stuck my foot in my mouth in communications with the press about technical issues in the past, so nothing personal to the people interviewed here, but they are wrong in this case, and the real story, frankly, is EEYE's bug, which is, well, also easy to "verify."
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing * Tracking phone calls placed by the user * Manipulating the phone to place a call without the user accepting the confirmation dialog * Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone * Preventing the phone from dialing
Four teams of researchers from universities in the U.S., Canada, Poland and the United Kingdom begin competing today in Portland, Oregon, to win a prize for the best open-source voting system. The three-day University Voting System Competition, which ends July 18th, is sponsored by the National Science Foundation.