Friday, April 26, 2013

Stop Cyber Spying Week

Stop Cyber Spying Week – Join EFF in a Week of Action Opposing CISPA | Electronic Frontier Foundation https://www.eff.org/deeplinks/2012/04/stop-cyber-spying-week-join-eff-week-ac... You may have already heard about CISPA, the cybersecurity bill moving quickly through the House that would let companies like Google, Facebook, and AT&T snoop on our communications and hand sensitive user data to the government without a court order. Promoted under the guise of protecting America from cybersecurity attacks, the truth is that this legislation would carve out shockingly large exceptions to the bedrock privacy rights of Internet users. That’s why EFF is joining a coalition of other organizations in speaking out against this cyber spying bill – and we’re calling on the Internet community to join us.The goal of Stop Cyber Spying Week is simple: get Congress to back off of any cybersnooping legislation that sacrifices the civil liberties of Internet users. Here’s what you can do to help:1. Join the Twitter campaign – because Congress is vacuuming up Too Much Information. We’re engaging in a revolutionary kind of Twitter activism. Use our new Congressional Twitter handle detection tool to find your member of Congress on Twitter. Then write them tweets about the kind of things you do online that are none of the government business. Show your congressperson the many things you do online – the personal, the mundane, whatever – so they can see just how much personal, unnecessary data could be vacuumed up as a result of the legislation’s dangerously vague language. Use the hashtags #CongressTMI and #CISPA. Sample tweet:.@NancyPelosi Does the military really need to know I signed up for Google+ when it first came out, but haven’t posted since? #CongressTMI Stop #CISPA

https://eff.org/r.1X22.

Send an email to Congress. We need to make it clear to Congress that they can’t push legislation that undermines all existing privacy laws. Use EFF’s action center to email your Congressional representatives to tell them to oppose CISPA.3. Publish a statement opposing CISPA. Post an update to your blog or social networking site telling folks to join you in opposing any CyberSecurity legislation that sacrifices civil liberties. Sample statement:Congress is currently considering CISPA – the Cyber Intelligence Sharing & Protection Act – a bill that purports to protect the United States from “cyber threats” but would in fact create a gaping loophole in all existing privacy laws. If CISPA passes, companies could vacuum up huge swaths of data on everyday Internet users and share it with the government without a court order. I oppose CISPA, and I’m calling on Congress to reject any legislation that: * Uses dangerously vague language to define the breadth of data that can be shared with the government. *

Hands the reins of America’s CyberSecurity defenses to the NSA, an agency with no transparency and little accountability. * Allows data shared with the government to be used for purposes unrelated to CyberSecurity

.Join me in opposing this bill by posting this statement on your own page and using this online form to send a letter to Congress against CISPA:https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=84444. Make your opposition to CISPA heard. Write op-eds, blog articles, status updates or Tweets.

Tell the world why you are opposing CISPA and why Internet users need to be able to read and communicate in private. And keep an eye on the EFF Deeplinks blog –we’ll take a closer look at the grave civil liberties implications of this bill, from its lack of public accountability to why CyberSecurity and national security should be kept separate.What are you doing to oppose CISPA? Tell EFF!

Email action@eff.org with a description and any relevant links. Also check out our new FAQ about the bill.

Monday, April 22, 2013

Reviews of Powers That Beat

P2344

Powers That Beat by Elyssa Durant, Ed.M.
ASIN: B00BV7018

When Elyssa writes something, you should read it. She is one of the most intelligent and articulate people I have ever known. She is an amazing researcher and really digs deep for the important facts on any topic she focuses on. If you want to learn details about a topic and get some cutting edge viewpoints related to it, read anything Elyssa Durant writes.

Stuart Silverberg, Ed.D.
Columbia University

Ms. Durant has a talent for explaining complex legal issues in interesting, accessible format. Her level of expertise on the subject matter is impressive and comes through on every page.

Rick Silver, Esq.

Ms. Durant has drawn on her sterling academic background and extensive experience in health services policy development and actual service in the field to present a comprehensive analysis of the organ transplant situation in the United States. She thoroughly discusses all aspects of the situation - not only legal and medical, but also moral, social and ethical aspects and the dilemmas faced when this topic is addressed. Ms. Durant raises significant questions that must be addressed as organ transplants become more commonplace in today's times. A thought provoking book that should be read by everyone as this question touches every American. Highly recommended.

J. D. Yencharis
NASA Mission Planning & Mission Control

Ms. Durant has an amazing ability to discuss complex policy issues in easy to understand language. She has a tremendous grasp of her topic and of her audience. Easy to read and understand; Ms. Durant explains difficult concepts and evolving health care law and policy issues in a user friendly manner. A real eye opener!

Karen Baker, MSW

Personal Reference:

Tim Welsh, Executive Director AutismAid.org Traffic through the roof! AutismAid USA Goes the extra mile !! Go for Gold  WORLDWIDD

I just want all to know what a Hero for the Autism community Elyssa has been for us and how much we appreciate her advocacy and intelligent posts. AutismAid has been a dream of mine for ten years. my heart was just about broken when others took advantage of us. I know that in the end we meet people who we connect with and do the right thing. The 13 SErvice non profits under the AutismAid Umbrella and many others are in the fight for their life in this economy and environment. This Web and viral traffic is great. Thank you providing the support, documentation and logistics are needed to make the event happen.

TannersDad Tim Welsh

Mobile Attacks Top the List of 2013 Security Threats - Computerworld

Mobile Attacks Top the List of 2013 Security Threats

by Thor Olavsru, m.computerworld.com
January 9th 2013 9:25 AM

CIO - Last year, the tech world saw a large number of high-profile attacks and data breaches, and security experts say threats will evolve and escalate in the coming year. BYOD, cloud and advanced persistent threats (APTs) remain top of mind for many, and experts agree that those threats will continue to play a significant role in the threat landscape in 2013. But will this finally be the year that mobile malware leaves its mark? What other new threats lay on the horizon?

Mobile Threats

For years, security experts have predicted the rise of mobile malware, and this year is no exception. Many experts expect mobile threats to escalate in 2013.

"We will see the first major malware on a mobile platform," Seth Goldhammer, director of product management at LogRhythm, provider of a security information and event management (SIEM) IT platform. "There has already been malware that has made it into the Android Play Store and even Apple's App Store. Given that the large majority of mobile devices run without any type of malware detection, it is inevitable that we are prone for a major, disruptive malware possibly posing as an update for a popular application."

"The BYOD phenomenon--that tablets and smart phones outpace laptops in sales--means it is very likely these devices are participating on corporate networks even though IT may have put up safety guards to prevent their use," Goldhammer adds.

"For enterprises, this means that IT needs greater visibility into how these devices are interacting with the environment and the specific behavior of these devices to recognize when communications alter," Goldhammer says. "A significant deviation in communication patterns may reflect malware spread. If these devices are participating inside the corporate network, this could prove to be very disruptive, not only due to the increase in network activity but malware moving from mobile to standard operating systems."

The popular Android mobile operating system, with its open ecosystem, may prove an especially attractive target to cybercriminals. Trend Micro predicts that the number of malicious and high-risk Android apps will increase three-fold from about 350,000 in 2012 to more than 1 million in 2013, broadly in line with the predicted growth of the OS itself.

"In terms of market share, Android may be on its way to dominating the mobile space the same way that Windows dominated the desktop/laptop arena," Trend Micro notes in its Security Threats to Business, the Digital Lifestyle and the Cloud: Trend Micro Predictions for 2013 and Beyond report. "Malicious and high-risk Android apps are becoming more sophisticated. An "arms race" between Android attackers and security providers is likely to occur in the coming year, much as one occurred a decade or more ago over Microsoft Windows."

One particular area of concern is malware that buys apps from an app store without user permission. McAfee points to the Android/Marketpay.A Trojan, which already exists, and predicts we'll see criminals add it as a payload to a mobile worm in 2013.

"Buying apps developed by malware authors puts money in their pockets," McAfee Labs suggests in its 2013 Threats Predictions report. "A mobile worm that uses exploits to propagate over numerous vulnerable phones is the perfect platform for malware that buys such apps; attackers will no longer need victims to install a piece of malware. If user interaction isn't needed, there will be nothing to prevent a mobile worm from going on a shopping spree."

McAfee also has concerns about the near-field communications (NFC) capabilities that are appearing on an increasing number of mobile devices.

"As users are able to make "tap and pay" purchases in more locations, they'll carry their digital wallets everywhere," McAfee Labs says. "That flexibility will, unfortunately, also be a boon to thieves. Attackers will create mobile worms with NFC capabilities to propagate (via the "bump and infect" method) and to steal money. Malware writers will thrive in areas with dense populations (airports, malls, theme parks, etc.). An NFC-enabled worm could run rampant through a large crowd, infecting victims and potentially stealing from their wallet accounts."

McAfee also reports that malware that blocks mobile devices from receiving security updates is likely to appear in 2013.

Mobile Ransomware

Ransomware-in which criminals hijack a user's capability to access data, communicate or use the system at all and then forces the user to pay a ransom to regain access-spiked in 2012 and is likely to keep growing in 2013, says McAfee.

"Ransomware on Windows PCs has more than tripled during the past year," McAfee Labs reports. "Attackers have proven that this 'business model' works and are scaling up their attacks to increase profits."

McAfee Labs says it expects to see both Android and Apple's OS X as targets of ransomware in 2013 as ransomware kits, similar to the malware kits currently available in the underground market, proliferate.

"One limitation for many malware authors seeking profit from mobile devices is that more users transact business on desktop PCs than on tablets or phones," McAfee Labs says. "But this trend may not last; the convenience of portable browsers will likely lead more people to do their business on the go. Attackers have already developed ransomware for mobile devices. What if the ransom demand included threats to distribute recorded calls and pictures taken with the phone? We anticipate considerably more activity in this area during 2013."

AlienVault, provider of a unified security management solution, agrees, "We will see new ransomware tactics in 2013 as a result of the poor economy and the success of this type of attack (reportedly, cybercriminals raked in $5 million using ransomware tactics in 2012)."

Windows Still a Target

On the Windows front, Trend Micro reports that Windows 8 will offer consumers key security improvements-especially the Secure Boot and Early Launch Anti-Malware (ELAM) features—. However, enterprises are unlikely to see these benefits in the coming year. Analysts from research firm Gartner believe most enterprises won't begin to roll out Windows 8 in large numbers until 2014 at the earliest.

McAfee suggests that attackers targeting Windows of all varieties will expand their use of sophisticated and devastating below-the-kernel attacks.

"The evolution of computer security software and other defenses on client endpoints is driving threats into different areas of the operating system stack, especially for covert and persistent attackers," McAfee Labs says.

"The frequency of threats attacking Microsoft Windows below the kernel are increasing. Some of the critical assets targeted include the BIOS, master boot record (MBR), volume boot record (VBR), GUID Partition Table (GPT) and NTLoader," McAfee Labs says. "Although the volume of these threats is unlikely to approach that of simpler attacks on Windows and applications, the impact of these complex attacks can be far more devastating. We expect to see more threats in this area during 2013."

HTML5 Creates a Greater Attack Surface

This year will see continuing adoption of HTML5. McAfee notes that it provides language improvements, capabilities to remove the need for plug-ins, new layout rendering options and powerful APIs that support local data storage, device access, 2D/3D rendering, web-socket communication and more. While HTML5 offers a number of security improvements-McAfee believes there will be a reduction in exploits focused on plug-ins as browsers provide that functionality through their new media capabilities and APIs-it also suggests the additional functionality will create a larger attack surface.

"One of the primary separations between a native application and an HTML application has been the ability of the former to perform arbitrary network connections on the client," McAfee Labs says. "HTML5 increases the attack surface for every user, as its features do not require extensive policy or access controls. Thus they allow a page served from the Internet to exploit WebSocket functionality and poke around the user's local network."

"In the past," McAfee reports, "this opportunity for attackers was limited because any malicious use was thwarted by the same-origin policy, which has been a cornerstone of security in HTML-based products. With HTML5, however, Cross Origin Resource Sharing will let scripts from one domain make network requests, post data, and access data from the target domain, thereby allowing HTML pages to perform reconnaissance and limited operations on the user's network."

Destructive Attacks

Experts also expect a rise in destructive attacks in 2013 by hacktivists and state actors.

"In 2013, we will see further destructive attacks (cybersabotage and cyberweaponry) on utilities and critical infrastructure systems," says Harry Sverdlove, CTO of security firm Bit9. "We saw Shamoon wipe out the systems of a major oil company in the Middle East, and that company's cybersecurity was no more lax than comparable companies in the United States or Europe. We know the bad guys have the ability to disrupt these systems, all they need is motive."

LogRythm's Goldhammer agrees: "We should also expect to see an increase in nation state attacks and hacktivism. It might be hard for some people to believe that we'll see an increase in 2013 after so many well-documented and publicized attacks, but I expect we'll see hacktivists take much more aggressive measures."

While earlier attacks may have just embarrassed a country or company via website defacement or exposing their databases publicly, Goldhammer says he expects that to change: "I can see splinter cells of hackers take more aggressive means to cripple networks or corrupt data, or use ransom tactics, in order to financially punish or tactically weaken. In 2012, more and more evidence shows nation states using malware or using exploits to gain information or to attack infrastructure. In 2013, I expect to see headlines talking about a growing number of nation states building exploits against each other, both for data retrieval, data corruption and damage to infrastructure."

McAfee and Trend Micro both concur.

"Destructive payloads in malware have become rare because attackers prefer to take control of their victims' computers for financial gain or to steal intellectual property," McAfee Labs says. "Recently, however, we have seen several attacks-some apparently targeted, others implemented as worms-in which the only goal was to cause as much damage as possible. We expect this malicious behavior to grow in 2013."

"Whether this is hacktivism taken to a new level, as some claim, or just malicious intent is impossible to say, but the worrying fact is that companies appear to be rather vulnerable to such attacks," McAfee adds. "As with distributed denial of service (DDoS) attacks, the technical bar for the hackers to hurdle is rather low. If attackers can install destructive malware on a large number of machines, then the result can be devastating."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at tolavsrud@cio.com

Read more about security in CIO's Security Drilldown.

Original Page: http://pocket.co/sG3KX

Shared from Pocket

^ed