security spammers: [Fwd: New Coverage: Cyber Defense]

[Gadi Evron <ge () linuxbox org>]

"Safe Unsubscribe" makes me feel... cheated?





--
Gadi Evron,
ge () linuxbox org.

Blog: http://gevron.livejournal.com/
> --- Begin Message ---
>
>
> From: IT-Harvest <news () it-harvest com>
>
> Date: Mon, 20 Jul 2009 11:07:11 -0400 (EDT)
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Cyber Defense WeeklyUpdate on tools, technologies, and strategies for cyber defenseJuly 20, 2009
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --New Coverage: Cyber Defense
> --Gates creates Cyber-Defense Command
> --Norwich University is on front lines of cyber defense
> --Barret Lyon and Richard Stiennon discuss the US-KR attacks
> --The Israeli Foreign Ministry presents: Talkbackers in the service of the State
> --Richard Clarke addresses US intelligence issues
> --Cyber warfare and attribution
> --So-called cyber attack was overblown
> --Quick stats around the US-KR DDoS attacks
> --DHS cyber initiative announced RFI for DDoS defense
>
>
>
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> New Coverage: Cyber Defense
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Why cyber defense? How is this different than
> "security"? The difference is in motivation,
> purpose, and risks. In this post I hope to
> spell out the argument for creating a new
> category. I also provide a definition.
> First semantics. While much reviled by the
> security community outside the US government
> the use of the term "cyber" has recently
> gained both relevance and acceptance thanks
> to high level attention given to it by first
> the Bush administration and now the Obama
> presidency. The Bush era saw the inauguration
> of the Comprehensive Cyber Security
> Initiative which spelled out, albeit
> cryptically, twelve components of a
> government program that could entail over $7
> billion in new spending annually.
>
> Mellissa Hathaway firmly established the use
> of "cyber" in both her address to RSA 2009
> and her published Cyberspace Policy Review
> document. 
>
> So "cyber" is now used to
> refer to those parts of IT infrastructure and
> the threat environment that deal with
> countering attacks and "cyberspace" refers to
> the global network of computers, networks,
> and people who use them.
>
> Cyber
> defense defined:
> Cyber defense is
> that category of products, methodologies and
> strategies used to counter targeted attacks.
>
>
> How is this different from what
> has gone before? The primary difference is
> the motivation, purpose and methodologies of
> the attackers. Their concerted effort to
> infiltrate, steal, sabotage, and attack is a
> much more serious scenario than the random
> attacks that have been the norm since the
> birth of the security industry and the first
> firewalls and anti-virus products. The
> attackers now include cyber criminals looking
> for credit card databases, account access,
> and executing elaborate pump and dump schemes
> using compromised stock trading accounts.
> They include insiders stealing information
> for sale to those cyber criminals or seeking
> their own path to riches or revenge against
> their employers. And yes, cyber defense is
> the category that addresses the threat posed
> by nation states, terrorists, and fanatics as
> they engage in cyber espionage and targeted
> denial of service attacks.
>
> With the level of spending projected by the
> United States , the UK, India, Pakistan,
> Israel, and most modern nations, there will
> be new players entering the IT security
> sector. Military contractors such as
> Raytheon, Booz Allen, and Lockheed Martin
> have already announced plans for cyber
> initiatives in order to win a piece of that
> spending. In the meantime existing vendors of
> defense security measures are seeing a banner
> year thanks to that spending. Over time there
> will develop a class of tools and systems
> that will address an expressed need for
> offensive measures as well.
> IT-Harvest will cover the cyber defense
> category by writing about these cyber defense
> tools. They include many existing categories
> like:
> Perimeter security. Firewalls, IPS,
> Web Application Firewalls, and URL content
> filtering.
> Identity and access management
> as it pertains to preventing unauthorized
> access to critical information and
> assets.
> Secure Network Fabric. Using
> network security capabilities to prevent
> internal attacks.
> Managed Security Service
> Providers.
> DDoS defense, recently
> high-lighted by the Defense Department's
> announcement of a Request For Information ion
> DDoS defense capabilities.
> Security Event
> and Information Management, SEIM, as it
> pertains to identifying and tracking down
> intruders.
>
> Threatchaos
>  
> (http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBV9tsdIMLUOilqpvn2gEXxNtQm3zau25PszlFT7B46kTJcZfRPc5cF8E-Ks9EoKRKIRqTuOoFcOHW6yyL77xfUgtP5k09FIwuYRVc0yGCyVwQ==)will
>  continue to cover the global
> incidents that pertain to cyber defense:
> Iranian protesters' use of Twitter to
> promulgate DDoS, Israeli and Chinese use of
> paid bloggers and commentators for psyops,
> Chinese cyber espionage, Russian crowd
> sourced attacks against its neighbors, and
> the cyber defense buildup occurring within
> the military operations of most nations.
>
>
> We are also announcing the birth of Cyber
> Defense Weekly, a newsletter created to give
> participants in this new category a
> comprehensive summary of the week's news,
> product announcements, and escalations in
> cyber threats. Simply provide your email
> address here 
> (http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBX7hAkHNejbx1_VLITJDyzMQUNwln-ZBuPSdGeSYHq9ptuaebm228_RmnI-UoOs048ju4UEj6Moau9zTu8tU7MIapTWXZuIzyI60k1kXQi33T1ur9SHPAILoY4vmlfi7jlc0kxUUjzkPNEbCWFzoeUXRLGDEet9kRhzfcfxKvb1WXwSJi39jinE-yhZbwaIhRVcxpgipE1cig==)
> to become a subscriber.
>
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Gates creates Cyber-Defense Command
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Defense Secretary Robert M. Gates issued an
> order yesterday establishing a command that
> will defend military networks against
> computer attacks and develop offensive
> cyber-weapons, but he also directed that the
> structure be ready to help safeguard civilian
> systems.  In a memo to senior military
> leaders, Gates said he will recommend that
> President Obama designate that the new
> command be led by the director of the
> National Security Agency, the world's largest
> electronic intelligence-gathering agency. The
> current NSA director, Lt. Gen. Keith B.
> Alexander, is expected to be awarded a fourth
> star and to lead the cyber-command.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXhb0noULTNeCZgQGHBSCz8ZzzuqCyoKmhRjOSJT5tXwCm5waglRi4D-W6nA3wMjF91HHavigmOuuU5XMYcLpAicNrlyTrZ9LUeng9vyrfjj8LOp4uHXyqCYsef_O1DyMc4On4ep18w9Zgze8USZsmd6Vu78CtN2v8aP0RAk6s2ZRsvLEc8MNG_e4CnRUOUDMRHXH2vs4zSww==
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Norwich University is on front lines of cyber defense
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> A research arm of Norwich University is
> manning the frontlines of the nation's
> cyber-defense system.  U.S. Sen. Patrick
> Leahy on Friday announced two grants totaling
> $7.7 million for the Norwich University
> Applied Research Institutes. The money, he
> said, will fund the development of
> cyber-defense initiatives to ward off one of
> the country's most imposing national-security
> threats.  "(Computers) run our power grids,
> they run large dams which, if attacked could
> flood whole communities," Leahy said during
> an afternoon press conference at the
> university's Northfield campus. "All of these
> things, if they're attacked, could do far
> more damage than someone sitting there with a
> couple bombs somewhere in the United States."
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBWKTi-D22Kjjh6AszhPuPnUWPTdSuL8CGKiajErjCMu3sG6JB8RA0FcBRsQWsHKmslzPxGotJmVoW3HSGQjI4vGl3UVZXDgmmJhEFuJu1WeZNLJgd6cOr6MgmAuIbgFlnGRaop5DpM6qLIPCw12xr5FbzgRRQHfBcg=
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Barret Lyon and Richard Stiennon discuss the US-KR attacks
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This first ever live broadcast on Twit.tv was
> recorded and posted here.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBUvG8oIxJBJHuaN3BA7kKPpc5n9GMsM93Feo2YgO-peDspw6_nRODn_hTIOL2qXTqYS7a8O4oF7qgzkTLR7krttMRk7RMLF7nbh2mzxuDetsvJMoKBvcK45
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> The Israeli Foreign Ministry presents: Talkbackers in the service of the State
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> After they became an inseparable part of the
> service provided by public-relations
> companies and advertising agencies, paid
> Internet talkbackers are being mobilized in
> the service of the State. The Foreign
> Ministry is in the process of setting up a
> team of students and demobilized soldiers who
> will work around the clock writing
> pro-Israeli responses on Internet websites
> all over the world, and on services like
> Facebook, Twitter and Youtube.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBWukrr1tFZ_qIR1c9n9tEBW1tWK6Ib0eBVapxM-yki03kd0FXXw1uR5d4qUU8LKpnKW-XcvKcCYk1SReOq6p_51NRscaYbeox9eOTYXNRUKIgsbr8He1mw5AqiU0nCGKRIXm3KI5kyFkQ==
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Richard Clarke addresses US intelligence issues
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Not since 1975 when the Church Commission
> investigated Nixon-era abuses in intelligence
> agencies, have such unusual things occurred
> in the world of Washington intelligence
> agencies as in these past few weeks. The
> Democratic House of Representatives
> threatened to pass an intelligence
> authorization bill which the Democratic White
> House has promised to veto. The former
> Democratic congressman who now heads the
> Central Intelligence Agency has been having a
> public disagreement with leading House
> Democrats about whether the CIA lies to
> Congress. There is a controversy about a
> secret CIA program to do something most
> Americans presumably want the CIA to do, to
> kill al Qaeda terrorists.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXDE86Vvnxggi9fB0TKM--_gJ5aIs3B8owovDVFx01D9h0cdfVUCI0JZ2tPdG-817RNQjetii36QdfLqCR8rMRR2mawDwPRWyDX_9du5Z45Iu80boJ0UQJH8YqHZI64a8z5FoorLfwfMwnerugc8wukWZVqnoG0GcH5ke3IZaXCftjUcKE2eDee
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Cyber warfare and attribution
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Stories like the July 4th cyber attack are
> raising our awareness of the cyber
> battlefield.  Given the media focus on bots,
> rootkits, and malware, it is easy to overlook
> the core of these attacks - human conflict. 
> In the Art of War, Sun Tzu stressed the
> understanding of those who wield the weapons
> of war.  Security expert Richard Stiennon of
> IT-Harvest applauds this perspective.  Below
> are highlights from the SecureLexicon Art
> of War podcast with Mr. Stiennon.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBUE9V9qpmfsKF9Wp29WzVahR0sHX4WaQzqNCVDDekqo-OGeOm4kwtO7rbqE7Dr1eweQIfnuD-Fumn1bVis0nn5sN6fp2QC0RTCI2O2lG_l1ChgSytjY8JX7LlDfo746VBVxNXDSfJHplfl4Us1Knp5F
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> So-called cyber attack was overblown
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> To hear the media tell it, the United States
> suffered a major cyberattack last week.
> Stories were everywhere. "Cyber Blitz hits
> U.S., Korea" was the headline in Thursday's
> Wall Street Journal. North Korea was blamed.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXwHEHPIfP54FY0oZ6Nyta5EqPlpVAXkAD9wTYxB-o2wOCCOoyrVkbYiBp2GfGFjUW4n7ypYgnFA1JPFAlJgZyIJ-CfCXKLvd6Rl3s0Waxe30Mz3sum-V2Yz4Hj9_RrLlhScKHK22TWfdLvlC_lVKZBY3WHEEymrR3QJsC9qERP-g==
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Quick stats around the US-KR DDoS attacks
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> It's been a busy week here in the office,
> between investigating, helping customers and
> the operator community, investigating some
> more, and of course talking to the press.
> Here's some quick stats I have been running
> this afternoon on the attack using ATLAS
> data. This data comes from our monitors used
> in the backbone monitoring live traffic rates
> and actual DDoS attacks. We didn't see all of
> the attacks against all of the victims (some
> 47 unique victims counted by ShadowServer by
> analyzing all of the configuration files) but
> this, we think, may be representative of the
> attacks.
> The peak attack size we measured was about
> 182Mbps, or about 428Kpps. The average size
> of an attack was about 39Mbps. Earlier
> investigations a couple of days ago showed
> smaller attacks but I would still classify
> these as "garden variety"  in their intensity
> (most things below a couple hundred Mbps are
> pretty easily filtered).
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBVHX6aL3yBgjaV3yCc-jQJsgfI7jTBDeAjVR-jyuY2avQJEQy8HXHj-dN-gPWekpbbc2J6lYNXaaLwP4azLGo-zrhKi6ppSct3Y3yf6GtGKaLu_WiqUhCeVqYuuK0PXidRkNbTzHdcer2KDX7ykOi-OUkg4J1OsVjkZa9YzQIdjuZkePdtaOrlSfw0nHjuTPbs=
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> DHS cyber initiative announced RFI for DDoS defense
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> DHS holds an immediate requirement to issue
> an RFI (Request for information) to industry
> to gather interest for the DHS Cyber
> Initiative. Due to the expansive scope of the
> Cyber requirement, DHS wishes to involve as
> many sectors of industry as possible, to
> include small and "very small" solutions
> providers. In addition, due to the inherent
> security requirements, large and very large
> integrators will most likely play a prominent
> role in providing the necessary capabilities.
>
> Read on... - 
> http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBX9sFTEQ4lAgFMGfRN_WoNzn084tOZgTsOvuP4-T2eV9wsie2hyRoULUL8LeLGvNKkgvpprVxGCbuIE0VLn19oqm4ExKtBvet55OFuT1vHyO812MoUWVUVs
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Contact Information
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~email: news@it-harvest.comadvertising inquiries: karen@it-harvest.comweb: 
> http://www.it-harvest.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Forward email
> http://ui.constantcontact.com/sa/fwtf.jsp?m=1101340448250&ea=ge%40linuxbox.org&a=1102644497295
>
>
>
>
>
> This email was sent to ge () linuxbox org by news () it-harvest com.
>
> Update Profile/Email Address
> http://visitor.constantcontact.com/d.jsp?p=oo&v=001_D6q8SmIH1psVAwZuZmhL5XRw7fybUpzDhG1vfVAy1cmghzUiSlRlY-cFxjx-P0CtRrtE4y3ocQe58HiU7tS5w%3D%3D
>
> Instant removal with SafeUnsubscribe(TM)
> http://visitor.constantcontact.com/d.jsp?p=un&v=001_D6q8SmIH1psVAwZuZmhL5XRw7fybUpzDhG1vfVAy1cmghzUiSlRlY-cFxjx-P0CtRrtE4y3ocQe58HiU7tS5w%3D%3D
>
> Privacy Policy:
> http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp
>
>
>
>
> Email Marketing by
> Constant Contact(R)
> www.constantcontact.com
>
>
>
>
> IT-Harvest | 330 East Maple Rd | #406 | Birmingahm | MI | 48009
>
>
>
>
>
>
>
>
>
> --- End Message ---
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.