Government

The French government has accused the United States of using Flame malware to break into the computer networks inside France’s presidential palace, the Elysee.

A 27-year-old New York man known online as “Weev” was convicted Tuesday of “impersonating” an iPad in order to gain access to AT&T’s servers and swiping 114,000 email addresses, including some belonging to celebrities.

Andrew Auernheimer faces up to 10 years in prison after being found guilty of conspiracy to access a protected computer without authorization and fraud in connection with personal information.

BOSTON – While some industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cross-industry groups such as the Advanced Cyber Security Center (ACSC) facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable information.

The term cyberwar has become a catch-all used by politicians, talking heads and others to encompass just about any online threat, regardless of the attacker or the target. Among security professionals, however, the word has a specific connotation–an attack by one nation against another nation’s infrastructure. Aside from the semantic issues, one of the major challenges for government agencies and security teams dealing with his problem is attribution and recognizing what constitutes an actual act of cyberwar. Stuxnet, Flame and their cousins may qualify, but more discussion is needed to help define the terms of these new conflicts, experts say.

Dennis Fisher talks with Gary McGraw of Cigital about some of the holes in the current thinking about cyberwar, why traditional military analogies don’t hold up in cyberwar discussions and how better defense can make a difference. McGraw will be discussing his thoughts on cyberwar at King’s College London this week.

When Barack Obama was sworn in four years ago for his first term, there was genuine optimism that he would make meaningful improvements to the security of the nation’s critical infrastructure as well as the policies that govern security and privacy in the private sector. After the Bush administration relegated security to afterthought status for much of the 2000s as it concentrated on terrorism and fighting two wars, many in the security community were hopeful things would soon get better. Things certainly have changed, but whether they’ve improved is a difficult question. With Obama’s second term about to begin, there are still plenty of things he can do to effect real change.

Data breaches have become so common at this point that the mere fact that a government agency such as the South Carolina Department of Revenue loses several million Social Security numbers and credit card numbers isn’t really that noteworthy. It’s another day in the life of the Internet. But what is remarkable is that there are organizations out there that are not deploying encryption technologies to protect personally identifiable information because it’s complicated. Really?