Archive
Two charged with data theft from June ’10s AT&T hack…
Reported today by infosecurity-us and others, the two men (Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, California) who had fleeting fame after publishing insecurities in the AT&T iPad website in June 2010 have been arrested and charged with one count of conspiracy to access a computer without authorization, and one count of fraud in connection with personal information. Each count carries a maximum penalty of five years in prison and a fine of $250,000.
You can find the formal press release on the Justice.gov site.
The original hack involved farming the subscriber details off AT&Ts site by presenting it with random ID codes. Unfortunately, while demonstrating a weakness in a site is often not prosecuted, the pair went on to retrieve 120,000 subscriber details and then passed them on Gawker, who published a redacted list amongst much fanfare. This distribution of personal data will probably get them into a lot of hot water. Read more…
Excellent Blog on Security and Privacy Matters..
I just wanted to post a short note on the excellent Hogan Lovells blog – It’s not gripping reading in the manner of Steven King or Grisham, but if your job or interests revolve around data protection, information security and privacy, the articles posted are well worth your time to read.
Decrypting messages 147 years late…
Over the holiday break an interesting story broke re a US Civil War message being finally decrypted after 147 years. The message was in a bottle that had been stored in a Virginia museum since 1896, but had never been investigated. Finally in 2010 a curious collections manager, Catherine Wright asked retired CIA codebreaker David Gaddy to crack it and see what it said.
The story of the message is interesting in itself, but what I wanted to share with you is how obscure the craft of codebreaking can be. Let’s start with a picture of the message so you know what we are dealing with here… Read more…
Airmen to stop using removable media in wake of wikiLeaks incident…
Last week Noah Shachtman of Wired reported that a new cyber-control order has been issued by Maj. Gen. Richard Webber to prevent the us of removable media under threat of Court-Martial. The order demands that airmen:
immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET
Further in the order adds:
Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media
Of course, blocking the use of removable media is not new – earlier this year a total ban of USB Stick use was in place following a massive worm infection introduced from a rogue usb stick. Operational Buckshot Yankee as it was termed then.
Noah closes with the comment that any remediation technology “Won’t be ready to deploy for years” – I hope he’s going to be surprised, because the technology is ready to deploy right now.
Speaking at the 29th Annual Government IT Symposium, St Paul MN.
Just a short note that tomorrow (8th December) I’ll be speaking at the RiverCenter in St Paul. The usual offer of a custom short mcaf.ee URL is available to readers of my blog who find me and tell me a good joke.
Speaking At McAfee Focus 2010 Paris…
This week for those in snowy-Europe, you can find myself along with co-conspirators such as Dave DeWalt, George Kurtz, and dozens of other speakers at the Focus Paris event.
With over 400 people predicted to turn out, and a full agenda of speakers including Philippe Trouchaud from PricewaterhouseCooper, Gérard LEVICKI from BT France, Vasco Gomes and Pete Colley of CSC, and Ricky Magalhaes of E2E, it promises to be a full, enlightening, and I hope fun day!
Feel free to look me up if you are attending, and if you have a good joke for me, I’ll be offering custom McAf.ee short urls in exchange.
De sécurité n’a pas à être insupportable, mais vous pouvez trouver mes tentatives de parler français une parodie.
Got (wiki)Leaks? Call a McAfee (DL)Plumber…
With the current news fracas regarding the latest WikiLeaks disclosures, which have reached a pretty interesting juncture with Congressman Peter King asking for WikiLeaks and it’s founder Julian Assange to be declared “Terrorists and spies”, I thought I’d add my fire to the flame and say quite bluntly –
McAfee can help you protect your information!
Yes, you would not believe it but monitoring for inappropriate disclosure of sensitive information is bread-and-butter stuff to us. Read more…
5 Steps To Data Protection Nirvana..
This week as many of you know I’ve been working out of our South African office in Johannesburg, and in particular presented 4 sessions at the McAfee Executive Summit here.
ITWeb, who co-sponsored the event were kind enough to give me a writeup on their site which you can enjoy at your leisure.
Thankyou though to all the customers and partners who came to see us and made the event such a success!
More than Spam – Baloney?
I hate spam – it wastes my day, wastes my bandwidth, and mostly it’s inanae rubbish.
BUT
Even more than spam, I hate those obviously mailing-list targeted emails that I recieve from small companies trying to reach a larger customer base, who obviously think that by sending messages to everyone in the list, they can attract a little more buisness.
I HATE the fact that they try to act personal, but obviously have no idea who I am and who my company is before sending their stupidity out. Take this message for example from John H. Ackermann from Klaras Group, LLC / Amerivest Group in Boca Raton who sent me this message: Read more…
McAf.ee Launched!
A pet project of mine for a couple of months now, McAfee’s secure-short URL service went through a viral launch last week and has taken flight!
Leveraging McAfee Global Threat Intelligence, McAf.ee lets you create short url’s which are checked against our databases of known spammy, dangerous, malware hosting, bot control etc sites prior to being show. A while ago there was a glut of dangerous short links circulating around Twitter, Facebook etc – this is something McAfee can proactively do to help offer a little more safety in our online lives.
You can create a short URL for any site, but when someone clicks on it, if the site is flagged as dangerous we throw up a warning page to give users a chance to back out before visiting.
This service was created by the McAfee Office of the CTO, which I am part of – the team is charged with looking into and creating innovative test projects, which, if successful can be rolled into the more traditional McAfee Business Units. It means we have a little more freedom to go out on a limb and try new ideas out.
You can find more information, and of course comment and add feature suggestions, or report issues on our forum http://mcaf.ee/about
I’d love to have your feedback, and, as of now I’m proud to say you can find my blog at http://mcaf.ee/simon (smile!).
Update – Larry Magid from CNET NEws called me to interview me about the service, he was very gracious and published a great writeup of the service. He also recorded the interview and made a podcast available. Boy, I hate hearing recordings of myself.
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments