Your Anonymous Posts to Secret Aren’t Anonymous After All

August 22nd, 2014
by Kevin Poulsen
White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. “Is that you?” he asks. It is, but nobody was supposed to know. He’s showing me one of my posts to Secret, the popular anonymous […]






Posted in Threat Level | Comments (0)

Infocon: green

August 22nd, 2014
by SANS Internet Storm Center, InfoCON: green
ISC StormCast for Friday, August 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=4117

Posted in Uncategorized | Comments (0)

ISC StormCast for Friday, August 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=4117, (Fri, Aug 22nd)

August 22nd, 2014
by SANS Internet Storm Center, InfoCON: green
...(more)...

Posted in Uncategorized | Comments (0)

Air Force Leaders Should Read This Book

August 22nd, 2014
by Richard Bejtlich
I just finished reading The Icarus Syndrome: The Role of Air Power Theory in the Evolution and Fate of the U.S. Air Force by Carl Builder. He published this book in 1994 and I wish I had read it 20 years ago as a new Air Force second lieutenant. Builder makes many interesting points in the book, but in this brief post I'd like to emphasize one of his concluding points: the importance of a mission statement.

Builder offers the following when critiquing the Air Force's mission statement, or lack thereof, around the time of his study:

[Previous] Air Force of Staff, General John P. McConnell, reportedly endorsed the now-familiar slogan

     The mission of the Air Force is to fly and fight. 

Sometime later, the next Chief, General John D. Ryan, took pains to put it more gruffly:

     The job of the Air Force is to fly and to fight, and don't you ever forget it. (p 266)

I remember hearing "Fly, Fight, Win" in the 1990s as well.

Builder correctly criticizes these mission statements on multiple grounds, none more compelling than this: how are non-flyers supposed to interpret this statement? It's simply a reminder and reinforcement of the second-class status of non-flyers in the Air Force. Furthermore, Builder more or less also notes that "fight" is often eclipsed but non-combat missions, such as airlift or humanitarian relief. Finally, Builder doesn't ask the question explicitly, but how does one define "winning"? Would wars in Iraq or Afghanistan be a "win"? That's a demoralizing way to think in my opinion.

Builder offers a wonkish, but conceptually more useful, mission statement on p 284:

The mission of the Air Force is the military control and exploitation of the aerospace continuum in support of the national interests.

The author immediately notes that one Air Force officer criticized Builder's mission statement as too "academic," but I think this particular policy wonk is on target.

Curious as to what the current Air Force mission statement says, I checked the Our Mission page and read at the top:

The mission of the United States Air Force is to fly, fight and win … in air, space and cyberspace.

Wow. That's even worse than before. Not only does it still insult non-flyers, but now the mission involves "flying" in "cyberspace."

I strongly suggest Air Force leaders read Builder's book. It's as relevant today as it was 20 years ago.

Posted in Air Force | Comments (0)

Now supporting OpenIOC via our API!, (Thu, Aug 21st)

August 22nd, 2014
by SANS Internet Storm Center, InfoCON: green
The SANS Internet Storm Center is proud to announce the release of our first OpenIOC format API ...(more)...

Posted in Uncategorized | Comments (0)

Passwordscon 2014 Videos

August 22nd, 2014
by Irongeek's Security Site
Link: http://www.irongeek.com/i.php?page=videos/passwordscon2014/mainlist
These are the videos from the Passwordscon 2014 conference. Thanks for having me out to help record and render the videos.

Track 1

How we deciphered millions of users’ encrypted passwords without the decryption keys. - Josh Dustin (Canceled)

Is Pavlovian Password Management The Answer? - Lance James

DoCatsLikeLemon? – Advanced phrase attacks and analysis - Marco Preuß

Tradeoff cryptanalysis of password hashing schemes - Dmitry Khovratovich, Alex Biryukov, Johann Großschädl

Using cryptanalysis to speed-up password cracking - Christian Rechberger

Password Security in the PCI DSS - Jarred White

Defense with 2FA - Steve Thomas

I have the #cat so I make the rules - Yiannis Chrysanthou

Penetrate your OWA - Nate Power

Surprise talk + advisory release - Dominique Bongard

All your SAP P@$$w0ЯdZ belong to us - Dmitry Chastuhin, Alex Polyakov

Target specific automated dictionary generation - Matt Marx

Bitslice DES with LOP3.LUT - Steve Thomas

Net hashes: a review of many network protocols - Robert Graham

Energy-efficient bcrypt cracking - Katja Malvoni

The problem with the real world - Michal Špaček

Password Topology Histogram Wear-Leveling, a.k.a. PathWell - Rick Redman

Beam Me Up Scotty! – Passwords in the Enterprise - Dimitri Fousekis

Track 2

Welcome & Announcements - Jeremi Gosney, Per Thorsheim

Opening Keynote - Julia Angwin

Secure your email – Secure your password - Per Thorsheim

Highlights of CMU’s Recent Work in Preventing Bad Passwords - Sean Segreti, Blase Ur

Password Hashing Competition: the Candidates - Jean-Philippe Aumasson

What Microsoft would like from the Password Hashing Competition - Marsh Ray, Greg Zaverucha

How Forced Password Expiration Affects Password Choice - Bruce K. Marshall

Security for the People: End-User Authentication Security on the Internet - Mark Stanislav

Authentication in the Cloud – Building Service - Dan Cvrcek

How EFF is Making STARTTLS Resistant to Active Attacks - Jacob Hoffman-Andrews, Yan Zhu

Proof of work as an additional factor of authentication - Phillippe Paquet, Jason Nehrboss

The future of mobile authentication is here - Sam Crowther

Password hashing delegation: how to get clients work for you - Thomas Pornin

Throw the User ID Down the Well - Daniel Reich

Password Generators & Extended Character Set Passwords - Stephen Lombardo, William Gray

Encryption and Authentication: Passwords for all reasons. - Jeffrey Goldberg

Enhancing Password Based Key Derivation Techniques - Stephen Lombardo, Nick Parker

Capturing Passwords into the Secure Desktop - Marcio Almeida de Macedo, Bruno Gonçalves de Oliveira

Posted in videos | Comments (0)

Black Hat Europe 2014: Briefings Lineup Announced

August 21st, 2014
by Black Hat Staff
All 46 Briefings for Black Hat Europe 2014 have been announced! Here are some highlights from the Black Hat Europe Briefings selected by our Review Board.

Posted in Uncategorized | Comments (0)

Hacker Or Military? Best Of Both In Cyber Security

August 21st, 2014
by John B. Dickson
How radically different approaches play out across the security industry.

Posted in Uncategorized | Comments (0)

51 UPS Stores’ Point-of-Sale Systems Breached

August 21st, 2014
by Sara Peters
Customers will not receive individual breach notifications.

Posted in Uncategorized | Comments (0)

Secunia Appoints Jack Wilson as Vice President and General Manager of North America

August 21st, 2014
by Latest Secunia Blog Entries

Posted in Uncategorized | Comments (0)