Friday Squid Blogging: "How the Squid Lost Its Shell"

https://www.schneier.com/blog/archives/2017/10/friday_squid_bl_597.html

Interesting essay by Danna Staaf, the author of Squid Empire. (I mentioned the book two weeks ago.)

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted in Solutions | Comments Off on Friday Squid Blogging: "How the Squid Lost Its Shell"

Glory Of The Conquered, The by GLASPELL, Susan

http://librivox.org/the-glory-of-the-conquered-by-susan-glaspell/

“The Glory Of The Conquered, The Story Of A Great Love” is Susan Glaspell’s first novel. It tells the story of Karl, who was blinded after being injured by a lab experiment and his wife, Ernestine, who nursed him”. – Summary by Stav Nisser.

Posted in Solutions | Comments Off on Glory Of The Conquered, The by GLASPELL, Susan

House Approves the NIST Small Business Cybersecurity Act

https://www.securitymagazine.com/articles/88404-house-approves-the-nist-small-business-cybersecurity-act

The US House of Representatives passed a bill that would provide cybersecurity guidance to the nation’s small businesses.

Posted in Solutions | Comments Off on House Approves the NIST Small Business Cybersecurity Act

Updated Investor Bulletin: The ABCs of Credit Ratings

https://www.sec.gov/oiea/investor-alerts-and-bulletins/ib_creditratings

The SEC’s Office of Investor Education and Advocacy and Office of Credit Ratings are issuing this Investor Bulletin to educate investors about credit ratings.

Posted in Solutions | Comments Off on Updated Investor Bulletin: The ABCs of Credit Ratings

Week in Photos: Oct. 14-20

Week in Photos is a collection of the best images published on Defense.gov during a seven-day period.

Soldiers, shown in silhouette, stand in a vehicle.

Soldiers prepare for a convoy to a tactical operation center during Swift Response 17 in Hohenfels, Germany, Oct. 11, 2017. Swift Response is an annual, U.S. Army Europe-led exercise focused on allied airborne forces’ ability to respond to crisis situations as a multinational team. Army photo by Spc. Randy Wren

Marine recruits crawl through mud.

Marine Corps recruit Jorge Pelaez crawls through mud during the final challenge of recruit training, known as the Crucible, at Marine Corps Recruit Depot Parris Island, S.C., Oct. 13, 2017. Marine Corps photo by Lance Cpl. Devon Burton

An airman, shown in silhouette, sits atop a vehicle and mans a machine gun.

Air Force Airman 1st Class Trevin Wharton guards his post during Exercise Beverly Pack 18-1 at Kunsan Air Base, South Korea, Oct. 11, 2017. Wharton is a heavy gunner assigned to the 8th Security Forces Squadron. Air Force photo by Staff Sgt. Victoria H. Taylor

Soldiers line up and fire large weapons.

Soldiers render honors during a change-of-command ceremony at Wheeler Army Airfield in Wahiawa, Hawaii, Oct. 15, 2017. The soldiers are assigned to the Hawaii Army National Guard. Army National Guard photo by Sgt. Amanda H. Gerlach

Sailors train to fight fires on a ship.

Sailors combat a live fire during a shipboard firefighting training on the USS Ashland in Yokosuka, Japan, Oct. 16, 2017. The Ashland is in Yokosuka for training and to undergo readiness certifications in critical mission areas. Navy photo by Petty Officer 3rd Class Jonathan Clay

A rocket takes off from a launchpad at night.

Airmen support a United Launch Alliance Atlas V rocket carrying the NROL-52 mission as it lifts off from Cape Canaveral Air Force Station, Fla., Oct. 15, 2017. The airmen are assigned to the 45th Space Wing. United Launch Alliance courtesy photo

A woman holding a baby is surrounded by people with their heads lowered.

Sailors aboard the Military Sealift Command hospital ship USNS Comfort say a prayer for Sara Victoria Llull Rodriguiz in the Caribbean Sea, Oct. 17, 2017. Rodriguiz is the first child born aboard Comfort in more than seven years. Navy Photo by Petty Officer 1st Class Ernest R. Scott

A Marine looks in a compact mirror while putting on camouflage paint in wooded surroundings.

Marine Corps Lance Cpl. Jordan Schaffer applies camouflage paint while helping evaluate a tropical uniform prototype at the Kahuku Training Area in Hawaii, Oct. 4, 2017. Marines were testing the uniform for durability, fit and function. Marine Corps photo by Cpl. Molly Hampton

A soldier gives a IV to a commander during training in a hospital.

Army Pfc. Kamara Anderson gives Lt. Gen. Jeffrey S. Buchanan, U.S. Army North commander, an IV at during a training opportunity in Humacao, Puerto Rico, Oct. 16, 2017. Anderson is assigned to the 14th Combat Support Hospital, Fort Benning, Ga. Personnel from that hospital are augmenting Puerto Rico hospitals affected b …More

A diver jumps from a hovering helicopter into water.

A service member jumps from a Navy MH-53E Sea Dragon helicopter during a mine warfare training event that U.S. and South Korean navy explosive ordnance disposal divers are conducting in Busan, South Korea, Oct. 19, 2017. Navy photo by Seaman William Carlisle

A Marine commands his military working dog to release his bite gear.

Marine Corps Lance Cpl. Daniel Fenstermacher commands his military working dog, Ortis, to release the bite gear on his arm in San Diego, Oct. 13, 2017, during San Diego Fleet Week. Fenstermacher is assigned to 1st Law Enforcement Battalion, 1st Marine Expeditionary Force. The show demonstrated the capabilities of canin …More

Two cadets each hold up a falcon on their arms.

U.S. Air Force Academy Cadets 3rd Class Shawn Weathersby, left, and James Barney, both falconers with the academy’s falconry program, prepare to release their raptors at the academy in Colorado Springs, Colo., Oct. 12, 2017. The team comprises nine cadets. Air Force photo by Senior Airman Clayton Cupit

Coast Guardsmen open a water container for a horse who is standing open-mouthed in front of them.

Coast Guard personnel give water to a horse they found tied up and left in the heat in Islote, Puerto Rico, Oct. 19, 2017, while supporting Hurricane Maria relief efforts. Coast Guard photo by Petty Officer 1st Class Jon-Paul Rios

Sailors talk with veterans sitting in an airport seating area decorated with balloons.

Service members welcome veterans at Seattle-Tacoma International Airport, Wash. Oct. 16, 2017, as they return home from an all-expenses-paid trip to tour memorials in Washington, D.C. Puget Sound Honor Flight, a nonprofit organization, sponsored the trip. Navy photo by Petty Officer 2nd Class Alex Van’tLeven

A group of soldiers salute and civilian place their hands over their hearts.

Georgia Army National Guardsmen and members of their families render honors as the national anthem is played during a change-of-command ceremony for the 177th Brigade Engineer Battalion in Macon, Ga., Oct. 14, 2017. Army National Guard photo by Capt. William Carraway

Posted in Solutions | Leave a comment

What You Should Know About the ‘KRACK’ WiFi Security Weakness

https://krebsonsecurity.com/2017/10/what-you-should-know-about-the-krack-wifi-security-weakness/

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it.

wifi

Short for Wi-Fi Protected Access II, WPA2 is the security protocol used by most wireless networks today. Researchers have discovered and published a flaw in WPA2 that allows anyone to break this security model and steal data flowing between your wireless device and the targeted Wi-Fi network, such as passwords, chat messages and photos.

“The attack works against all modern protected Wi-Fi networks,” the researchers wrote of their exploit dubbed “KRACK,” short for “Key Reinstallation AttaCK.”

“Depending on the network configuration, it is also possible to inject and manipulate data,” the researchers continued. “For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.”

What that means is the vulnerability potentially impacts a wide range of devices including those running operating systems from Android, Apple, Linux, OpenBSD and Windows.

As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point.

More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution or browsing email, are likely already protected end-to-end with Secure Sockets Layer (SSL) encryption that is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”.

Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.

“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” reads a statement published today by a Wi-Fi industry trade group. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”

Sounds great, but in practice a great many products on the CERT list are currently designated “unknown” as to whether they are vulnerable to this flaw. I would expect this list to be updated in the coming days and weeks as more information comes in.

Some readers have asked if MAC address filtering will protect against this attack. Every network-capable device has a hard-coded, unique “media access control” or MAC address, and most Wi-Fi routers have a feature that lets you only allow access to your network for specified MAC addresses.

However, because this attack compromises the WPA2 protocol that both your wireless devices and wireless access point use, MAC filtering is not a particularly effective deterrent against this attack. Also, MAC addresses can be spoofed fairly easily.

To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.

I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw. Those tools may emerge sooner rather than later, so if you’re super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).

From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.

If you discover from browsing the CERT advisory that there is an update available or your computer, wireless device or access point, take care to read and understand the instructions on updating those devices before you update. Failing to do so with a wireless access point, for example can quickly leave you with an expensive, oversized paperweight.

Finally, consider browsing the Web with an extension or browser add-on like HTTPS Everywhere, which forces any site that supports https:// connections to encrypt your communications with the Web site — regardless of whether this is the default for that site.

For those interested in a deeper dive on the technical details of this attack, check out the paper (PDF) released by the researchers who discovered the bug.

Posted in Solutions | Comments Off on What You Should Know About the ‘KRACK’ WiFi Security Weakness

Tokyo Tops List of the World's Safest Cities

https://www.securitymagazine.com/articles/88395-tokyo-tops-list-of-the-worlds-safest-cities

The Economist report has analyzed 60 cities across 49 indicators spanning digital, climate, infrastructural, health and personal security concerns, and found Tokyo to be the safest.

Posted in Solutions | Comments Off on Tokyo Tops List of the World's Safest Cities

Investor Alert: Be Vigilant for Possible Investment Scams Related to the California Wildfires

https://www.sec.gov/oiea/investor-alerts-and-bulletins/ia_wildfires

The SEC’s Office of Investor Education and Advocacy is issuing this Investor Alert to alert investors, including individuals who may receive lump sum payouts from insurance companies and others as a result of damage from the California wildfires, to investment scams that may take advantage of the disaster.

Posted in Solutions | Comments Off on Investor Alert: Be Vigilant for Possible Investment Scams Related to the California Wildfires

Heritage Foundation considers top White House aide, Cubs co-owner as next leader (Washington Post)

http://www.memeorandum.com/171017/p129#a171017p129


Washington Post:

Heritage Foundation considers top White House aide, Cubs co-owner as next leader  —  The Heritage Foundation has narrowed its search for a new president down to a shortlist of finalists, a group that includes Todd Ricketts, a co-owner of the Chicago Cubs, and Marc Short, a senior Trump White House official …

Posted in Solutions | Comments Off on Heritage Foundation considers top White House aide, Cubs co-owner as next leader (Washington Post)

October 16, 2017: Omak, Washington Nurse Sentenced to Federal Prison for Adulterating and Misbranding Pain Medications

October 16, 2017: Omak, Washington Nurse Sentenced to Federal Prison for Adulterating and Misbranding Pain Medications

Posted in Solutions | Leave a comment