# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

# Bruce Schneier's blog

  • Friday Squid Blogging: Squid Boats Illuminate Bangkok from Space Fri, 22 Aug 2014 16:49:42 -0500
    Really: To attract the phytoplankton, fishermen suspend green lights from their boats to illuminate the sea. When the squid chase after their dinner, they're drawn closer to the surface, making it easier for fishermen to net them. Squid boats often carry up to 100 of these green lamps, which generate hundreds of kilowatts of electricity--making them visible, it appears, even...
  • Chapter 137 of My Surreal Life Fri, 22 Aug 2014 14:04:57 -0500
    Someone wrote Sherlock-Schneier fan fiction. Not slash, thank heavens. (And no, that's not an invitation.)...
  • The Onion on Passwords Fri, 22 Aug 2014 12:20:07 -0500
    Funny....
  • Disguising Exfiltrated Data Thu, 21 Aug 2014 06:08:00 -0500
    There's an interesting article on a data exfiltration technique. What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Hurricane Electric, based in Fremont, Calif. In both cases, the services were used as a kind of switching station to redirect traffic...
  • US Air Force is Focusing on Cyber Deception Wed, 20 Aug 2014 05:08:54 -0500
    The US Air Force is focusing on cyber deception next year: Background: Deception is a deliberate act to conceal activity on our networks, create uncertainty and confusion against the adversary's efforts to establish situational awareness and to influence and misdirect adversary perceptions and decision processes. Military deception is defined as "those actions executed to deliberately mislead adversary decision makers as...
  • The Security of al Qaeda Encryption Software Tue, 19 Aug 2014 06:11:06 -0500
    The web intelligence firm Recorded Future has posted two stories about how al Qaeda is using new encryption software in response to the Snowden disclosures. NPR picked up the story a week later. Former NSA Chief Council Stewart Baker uses this as evidence that Snowden has harmed America. Glenn Greenwald calls this "CIA talking points" and shows that al Qaeda...
  • QUANTUM Technology Sold by Cyberweapons Arms Manufacturers Mon, 18 Aug 2014 11:14:31 -0500
    Last October, I broke the story about the NSA's top secret program to inject packets into the Internet backbone: QUANTUM. Specifically, I wrote about how QUANTUMINSERT injects packets into existing Internet connections to redirect a user to an NSA web server codenamed FOXACID to infect the user's computer. Since then, we've learned a lot more about how QUANTUM works, and...
  • NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide Mon, 18 Aug 2014 05:45:40 -0500
    There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties. The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According...
  • Friday Squid Blogging: Te Papa Museum Gets a Second Colossal Squid Fri, 15 Aug 2014 16:33:36 -0500
    That's two more than I have. They're hoping it's a male. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Reverse-Engineering NSA Malware Fri, 15 Aug 2014 06:27:33 -0500
    Interesting articles reverse-engineering DEITYBOUNCE and BULLDOZER....

# WIRED Threat Level

  • Your Anonymous Posts to Secret Aren’t Anonymous After All Fri, 22 Aug 2014 10:30:45 GMT
    White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. “Is that you?” he asks. It is, but nobody was supposed to know. He’s showing me one of my posts to Secret, the popular anonymous […]






  • How Hackers Could Mess With 911 Systems and Put You at Risk Thu, 21 Aug 2014 10:30:30 GMT
    The female caller was frantic. Why, she asked 911 dispatchers, hadn’t paramedics arrived to her home? She’d already called once to say her husband was writhing on the floor in pain. “Hurry up!,” she’d pleaded, as she gave the operator her address. And then she hung up and waited for help to arrive, but it […]






  • Researchers Easily Slipped Weapons Past TSA’s X-Ray Body Scanners Wed, 20 Aug 2014 13:00:56 GMT
    Additionally, they found that they could infect the scanner with malware---most practically for an attacker by picking the lock on the scanner's cabinet and physically installing the malware on the PC inside.






  • This Android Shield Could Encrypt Apps So Invisibly You Forget It’s There Tue, 19 Aug 2014 10:30:52 GMT
    In the post-Snowden era, everyone wants to make encryption easier. Now, one group of researchers has created a tool intended to make it invisible. A team from Georgia Tech has designed software that acts as an overlay on Android smartphones’ communication apps—like Gmail or Whatsapp—and mimics the apps’ user interfaces. When users type, the text […]






  • How to Save the Net: A CDC for Cybercrime Tue, 19 Aug 2014 10:30:50 GMT
    Forming an agency whose core mission is cybersecurity research and information sharing would help change the nature of the game.
  • How to Save the Net: Keep It Open Tue, 19 Aug 2014 10:30:44 GMT
    We have a unique opportunity to redesign the Internet's governance by enshrining the openness principle and the concept that all stakeholders should participate in policy development.
  • How to Save the Net: Build a Backup Tue, 19 Aug 2014 10:30:43 GMT
    As more vital services are dependent on the Internet, we must make a back-up to avoid chaos.
  • How to Save the Net: Take Ownership Tue, 19 Aug 2014 10:30:24 GMT
    We need to do more to develop and empower digital citizens.
  • How to Save the Net: Break Up the NSA Tue, 19 Aug 2014 10:30:20 GMT
    The NSA has too many missions: a military mission dedicated to network attacks and political espionage, a law enforcement mission focused on individual bad actors across the globe, and a defensive mission devoted to protecting the nation's information infrastructure.
  • How to Save the Net: Don’t Give In to Big ISPs Tue, 19 Aug 2014 10:30:12 GMT
    The next Netflix won't stand a chance if the largest US Internet service providers are allowed to merge or demand extra fees from content companies trying to reach their subscribers.






# exploit-db.com

# Securiteam