Should hackers be tolerated to test public systems?

By | Security | No Comments

Original Article,, Tim Greene

FBI probe of whether Chris Roberts hacked an airliner in flight points to a gap between the good hackers do vs a false sense of safety

Tim Greene By Tim Greene Follow

Network World | May 19, 2015 10:04 AM PT


The purported veering of a jetliner caused by an onboard hacker points up a larger problem, experts say – airlines and other providers of services may be blind to the value such security researchers can offer in the name of public safety.

While it’s far from clear that security researcher Chris Roberts actually did commandeer the avionics system of an airplane and force it to steer to one side, the story is prompting other security experts to call for better cooperation between white-hat hackers and industries whose infrastructures they probe.

Airlines have to get used to the idea that this type of hacking can be useful and ought to make test environments that simulate aircraft systems available for researchers to hack against, says Jeremiah Grossman, the founder of White Hat Security.
ted talks logo
Six TED Talks that can change your career Read More

Protecting The Data Lifecycle From Network To Cloud

By | Data Networks | No Comments

Original Article: Information Week, Gerry Grealish

Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.

When thinking about protecting data in the cloud, there are three areas of use that security and privacy professionals need to consider: data in motion, data at rest and data in use. In a nutshell, the data leaves your environment and goes from to point A (your network) to B (the cloud); within point B it gets initially processed and stored within a database, and then is pulled out of that database for processing. Each of these phases carries risk:

  • The first area, data in motion, is the most well known and understood. The goal of protecting data in motion is to prevent a third party from eavesdropping on a conversation on the transmission wire.
  • The next key area, data at rest, is also relatively well understood. Data at rest is essentially the data that is stored persistently in some form, as a file, in a database, etc. The goal of protecting data at rest is to prevent a third party from reading the data, should they gain access to the data in its persistent form (for example, when an attacker gains access to the file system and opens or copies the files).
  • Data in use is, effectively, the data that has been loaded into a process and is in the memory of the program that is running. In general, this data is in the clear while being processed and is typically not protected by techniques such as the in-cloud based encryption provided by Cloud Service Providers (CSPs).

Read More

College of Engineering network disabled in response to sophisticated cyberattack

By | Security | No Comments

Original Article: Penn State College of Engineering May 15, 2015

Plans in place to allow teaching, research in the college to continue as University moves to recover.

UNIVERSITY PARK, Pa. – The Penn State College of Engineering has been the target of two sophisticated cyberattacks conducted by so-called “advanced persistent threat” actors, University officials announced today. The FireEye cybersecurity forensic unit Mandiant, which was hired by Penn State after the breach was discovered, has confirmed that at least one of the two attacks was carried out by a threat actor based in China, using advanced malware to attack systems in the college.

In a coordinated and deliberate response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems is underway. Contingency plans are in place to allow engineering faculty, staff and students to continue in as much of their work as possible while significant steps are taken to upgrade affected computer hardware and fortify the network against future attack. The outage is expected to last for several days, and the effects of the recovery will largely be limited to the College of Engineering.

To learn more about the incident, including information for affected faculty, staff and students, visit

Read More