Home » Posts tagged 'security'
Tag Archives: security
List of articles about FBI vs Apple
Lots of News and Essays about the FBI vs. Apple, by Bruce Schneier, Crypto-Gram (March 15, 2016).
Bruce says, “This isn’t the most comprehensive list of links, but it’s a good one. They’re more or less in chronological order.” Indeed, it is a very good list for catching up on this important issue, or filling in the gaps, or understanding the issues. While browsing the list, see also Bruce’s article in the same issue of Crypto-Gram: The FBI vs Apple: Decrypting an iPhone
What the FBI wants to do would make us less secure, even though it’s in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order.
Either everyone gets security or no one does. Either everyone gets access or no one does. The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court’s demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.
Only 15% of Congressional Websites Are Ready for HTTPS
A Sunlight Foundation analysis found only 15 percent of congressional websites are ready for HTTPS.
- Sunlight analysis reveals only 15 percent of congressional websites are HTTPS ready by Tim Ball, Sunlight Foundation (May 26, 2015).
In this article we will describe the methodology of the survey and present the survey results. We will also offer a brief analysis of what can be done to address the situation. It is important to note that this evaluation should not and is not a reflection on individual members of Congress or their websites, but is reflective of the entities that host those websites. We know this because across the 652 websites surveyed they were only served from 24 IP addresses.
Sunlight is interested in seeing Congress take sound steps to properly secure its — and the American people’s — information. This author, in particular, hopes that lawmakers will read this analysis and ponder some of the questions that have been raised, potentially making changes to improve their security practices. To that end, we’ll run these tests again periodically to identify any changes that they may or may not make. See you all very soon!
Watch out for fake government websites
Brian Krebs reports: “The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers.”
- FBI Warns of Fake Govt Sites, ISIS Defacements By Brian Krebs, Krebs on Security (April 7, 2015).
- ISIL Defacements Exploiting WordPress Vulnerabilities FBI Public Service Announcement (April 07, 2015) Alert Number I-040715a-PSA.
- Criminals Host Fake Government Services Web Sites to Acquire Personally Identifiable Information and to Collect Fraudulent Fees FBI Public Service Announcement (April 07, 2015), Alert Number I-040715b-PSA.
Lunchtime Listen: Future Crimes
Lunchtime Listen: Book Discussion on Future Crimes, C-SPAN, Book-TV (February 25, 2015).
Marc Goodman talks about his book, Future crimes: Everything is connected, everyone is vulnerable, and what we can do about it (New York : Doubleday, 2015), about how criminals, corporations, and governments use technology to disrupt the lives of people around the world.
Although Goodman does not address the preservation of government information, his book provides a useful context to the challenges of successfully protecting any large store of data. His analysis of the state of cyber security should make government information professionals question the wisdom of relying solely on individual government agencies to secure long-term access to essential government information.
A good alternative is to build digital FDLP collections in FDLP libraries. The LOCKSS Digital Federal Depository Library Program is one, partial, model for this because it provides duplicate copies of GPO’s FDSys distributed in more than three dozen libraries using the proven technology of the LOCKSS system.
An additional and even better model would be for more FDLP libraries to build their own digital collections of federal government documents. By building separate collections catered to the needs of their own (geographically unlimited) communities, such collections would have the added security benefit of being separately funded, separately administered and managed, and separately secured using different technologies.
Security and Privacy Controls for Federal Information Systems
“More than a year in the making, the National Institute of Standards and Technology issued Feb. 28 an initial public draft updating one of its premier special publications, Security and Privacy Controls for the Federal Information Systems and Organizations, which incorporates expanded privacy controls and addresses new threats that were unheard of when NIST issued revision 3 in 2009.” (NIST Updating Catalog of Controls, By Eric Chabrow, Bank Info Security, February 29, 2012.)
- Security and Privacy Controls for the Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 4 (Initial Public Draft). NIST Joint Task Force Transformation Initiative, Gaithersburg, MD (February 2012).
The purpose of this publication is to provide guidelines for selecting and specifying security controls for organizations and information systems supporting the executive agencies of the federal government to meet the requirements of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems.
Latest Comments