Morning Bell: Cybersecurity: Do You Trust the Government with Your Computer?

Posted on November 14, 2012 by John in News

“…Simply put, government regulations usually take 24–36 month to complete, but the power of computers doubles every 18–24 months. This means that any standards developed will be written for threats that are two or three computer generations old….”

via Morning Bell: Cybersecurity: Do You Trust the Government with Your Computer?.

Editor’s note: The government seems hopelessly incapable of helping with security. They have few tools in their belt besides legislative clubs, which so far are proving ineffective in the counterfeiting problem. I suspect that the rush to approve cyber security bills will not bode well for industry, but then again, industry needs to “own” the problem, come together, and fix the problem before government feels they have to. A new regulation or agency will never go away…

Fake tech gear has infiltrated the U.S. government

Posted on November 13, 2012 by John in News

A record number of tech products used by the U.S. military and dozens of other federal agencies are fake. That opens up a myriad of national security risks, from dud missiles to short-circuiting airplane parts to cyberespionage.

Despite laws designed to crack down on counterfeiters, suppliers labeled by the U.S. government as “high risk” are increasing their sales to federal agencies. Their presence in government’s supply chain soared 63% over the past decade, according to a new study released by IHS, a supply chain management consultancy.

NIST spells out baseline security requirements for next-gen mobile devices

Posted on November 13, 2012 by John in News

Necessary, but sufficient?

From Government Computer News: “The adoption of mobile devices in the workplace has outstripped the ability of smart phones and tablets to support basic security features needed in trusted enterprise tools.

As a result, government agencies are being forced to accept the security risks inherent in mobile devices because their workers expect to be able to use their own devices at work; also because agencies hope to improve productivity and save money, according to draft security guidelines from the National Institute of Standards and Technology. But these risks can be greater than those in traditional desktop and laptop computers.”

Twitter Password Security Breach

Posted on November 8, 2012 by John in News

Twitter sent out e-mails to some of its users earlier today prompting them to reset their passwords because of possible security issues with third-party applications.

“Twitter believes that your account may have been compromised by a website or service not associated with Twitter,” the e-mail says. “We’ve reset your password to prevent others from accessing your account.”

The e-mail includes a link that brings users to a password reset page, then prompts users to review their Applications and revoke access to any application that they don’t recognize.

TechCrunch reports that Twitter usually sends out these types of emails when a significant number of accounts are hacked. Many users have Tweeted about receiving the email or about having issues logging in to their accounts.

Twitter has not confirmed the size of the hack, but it told TechCrunch that users who have received the emails should reset their passwords from the link provided in the email or directly on Twitter.com.

Combating fake chips by controlling supply chain

Posted on October 30, 2012 by John in News

In December 2011, President Barack Obama signed the fiscal year 2012 US National Defense Authorization Act. The budget bill also encourages the implementation of procedures to mitigate the possibility of obtaining counterfeit components by making members of all tiers of the defense supply chain accountable. The meaning of the term counterfeit in this context includes fake, substandard, damaged, or mismarked components.

In the fall of 2011, for the first time in history, U.S. Federal Courts prosecuted an individual for trafficking in counterfeit integrated circuits, many of which were targeted for the U.S. military. Others were to be used in brake systems in high-speed trains and instruments used by firefighters to detect nuclear radiation. The administrator of the company that sold the components was sentenced to 38 months in prison and assessed fines of $166,141 for selling almost $16 million worth of semiconductors falsely marked as military, commercial or industrial grade.

Read more at EETimes: Combating fake chips by controlling supply chain.

Hey Congress, Smart Phones are Just the Start…

Posted on October 14, 2012 by John in News, Opinion

From “The Hill“…

“It is critical to understand that these two Chinese handset manufacturers are not the only companies that should remain under suspicion. There are many memory chips, currently being manufactured by Chinese companies, which are inaccessible. This means that these chips may contain code that we will never be able to access, function normally but could be used to steal information and intellectual property. Therefore, the issue of protecting intellectual property goes well beyond the scope of this report and investigation.”

Hmmm…. that’s what ChipSecurity.org has been saying for quite some time… The problem is that banning these companies won’t solve the long-term problem. The fact is that assembly and packaging is all migrating to Asia, namely China, and it is unlikely to return to the US for many reasons. Developing the tools to detect malicious circuitry, regardless of chip origin or point of assembly, needs to be a top priority. So far, the cry seems to be falling on deaf ears.