U.S. DoD Battles Increasingly Hostile Cyberattacks

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via FCW.com.

[snip]

The Defense Department continues to battle increasingly sophisticated
attacks against its information systems and networks, including significant
and widespread attempts to penetrate systems with targeted, socially
engineered e-mail messages in a technique known as spear phishing.

According to internal documents and DOD officials, the department has
fought back with requirements that users log on to networks with a Common
Access Card (CAC) that electronically verifies their identities and
digitally signs e-mail messages with the key contained on that card.

It has also required the use of plain text e-mail messages and converts
HTML messages to plain text because HTML can contain programming code that
plants keystroke loggers, viruses and other malware on computers, according
to a Joint Task Force-Global Network Operations (JTF-GNO) presentation on
spear phishing awareness training that all DOD employees and contractors
must complete by Jan. 17.

[snip]

More:
http://www.fcw.com/article97281-01-08-07-Print

Background:
http://fergdawg.blogspot.com/2006/12/update-mystery-hacker-breaks-into.html
http://fergdawg.blogspot.com/2006/12/us-national-defense-university-takes.h
tml
http://fergdawg.blogspot.com/2006/12/us-dod-bans-use-of-html-e-mail-outlook
.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)

wj8DBQFForjuq1pz9mNUZTMRAtdGAKDUtQVakoxn0mnAhEBKm9H+rMPwcwCgoHs8
9jFFkIZzckV+i1Q7GtX6Cmo=
=fwPu
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.