blog trackingRealtime Web Statistics Creates Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Creates’

Danish Defense Intelligence Service creates training academy for hackers

Source: National Cyber Security – Produced By Gregory Evans

Denmark’s Defence Intelligence Service is the country’s official spy agency. They are working to develop a training academy to develop cyber-security experts. The country has fought off a number of high-profile cyber attacks in recent times. Their foreign ministry was targeted by a phishing attack which lasted for more than seven months. The Danish Parliament’s website was hit by so many cyber attacks it crashed in December 2015. Ads, designed by the country’s intelligence service, began to appear in newspapers in March of this year. The ads asked “Do you have what it takes to become a member of a secret elite force?” Requirements for the post includes well-developed programming abilities, math and logical intelligence, and a clean criminal record. The goal of the program is to educate hackers to boost local cyber security, fend off attacks, and possibly even hack into the systems of attackers. Academy recruits will work on defensive as well as offensive hacker techniques during the almost five month course at the academy. “We are looking for people who have the core competencies that we can develop further,” says Lars Findsen, the head of the intelligence service. “They don’t need formal education or qualifications. They can […]

The post Danish Defense Intelligence Service creates training academy for hackers appeared first on National Cyber Security.

View full post on National Cyber Security

Cyber security firm owner creates Hacker Academy

Source: National Cyber Security – Produced By Gregory Evans

Cyber security firm owner creates Hacker Academy

Steve Barone, the owner and CEO of CBI, got his start in business selling Atari and Commodore home computers in an East Detroit shop in the 1980s. The native Detroiter dropped out of Wayne State University, but found a job he enjoyed and paid the bills. He also sold PCs for ITT Courier, and later, decided to started his own firm, Creative Breakthroughs Inc., which now specializes in information technology and goes by the initials CBI. This year, the company moved its headquarters from Ferndale to Detroit. “Computer security is a very real issue today,” Barone, 51, said. “I got a text this morning from a third party that made it sound like my bank account had been actioned from somewhere. I isolated the link, put it on a separate laptop, opened it up in a protected browser, and found out it was a hacking attempt.” CBI — which has about 100 employees and expects sales of $52 million this year — also offers workers and companies opportunities to learn new information technology skills and test their security in what Barone has playfully named the Cyber Range and the Hacking Academy. In the next few years, he said, he aims to take the company public. Barone — whose name is pronounced with the long e at the […]

For more information go to, http://www., or

The post Cyber security firm owner creates Hacker Academy appeared first on National Cyber Security.

View full post on National Cyber Security

School for Spies: UK Creates ‘University Degrees’ In cyber Security

GCHQ, Britain’s intelligence agency for information assurance, will approve UK postgraduate courses in cyber security – effectively endorsing a Masters in spying, recent reports claim. This might come in useful for the agency’s own employees.

GCHQ, the UK government surveillance agency, is to give its stamp of approval to postgraduate courses in cyber security, essentially certified degrees for spies.

The 39-page document from GCHQ, seen by the Independent, says that the increasing number of courses in security related subjects at institutions across the UK means that it is becoming more and more difficult to “assess the quality of the degrees on offer.”

In order to gain certification a master’s degree must offer a “general, broad foundation in cyber security” and must also include a detailed knowledge of threats to online activity including “common attacks”, “malicious code” and “adversarial thinking.”

The new GCHQ certificates will be valid for five years before having to be renewed, and it is hoped the new system will create more clarity in what’s on offer.

The Cheltenham based surveillance agency has sent out a brief to all universities in the UK offering an MSc in cyber security to apply for certification before June 20.

Chris Ensor, the deputy director for the National Technical Authority for Information Assurance, which acts as the information-security arm of GCHQ, said that while they had sent some employees into schools to encourage pupils to be interested in maths, they could do more to recruit the right people.

“We’re a highly technical organization with a highly technical workforce, so we depend on the young talent coming through all the way from schools to apprenticeships and degrees,” he said.

The GCHQ certificates are part of the UK government’s broader cyber-security strategy, which aims “for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace.”

View full post on Who Got Hacked – Latest Hacking News and Security Updates

eAgency Mobile Security creates “Kid Safe” campaign for school safety

Ashley Bennett Top Priority Sector:  cyber_security eAgency Mobile Security has partnered with law enforcement to create a national “Kid Safe” campaign designed to target cyber bullying and harassment, sexting, and sextortion in K-12 public schools. Read More….

View full post on The Cyber Wars

Credence ID creates new tri-biometric mobile enrollment and verification device

Top Priority Sector:  access_control_identification Credence ID, a San Francisco-based company that creates biometric devices, has created an Android-based handheld tri-biometric device called the Trident. Read More….

View full post on The Cyber Wars

Obama creates new homeland security partnership council, to be led by John Brennan

Jacob Goodwin Top Priority Sector:  federal_agencies_legislative Image Caption:  John Brennan to leadnew Partnership Council In an effort to foster closer relationships between the field offices of various U.S. Government departments and the state and local governments in those geographic areas across the country, President Obama signed an executive order on Oct. 26 which establishes a […]

View full post on The Cyber Wars

Federal energy regulator creates Cyber/EMP security office

Mark Rockwell Top Priority Sector:  infrastructure_protection In the face of mounting electronic assaults on critical U.S. infrastructure targets, the Federal Energy Regulatory Commission (FERC) unveiled a new office on Sept. 20 it hopes will help combat potential Cyber and physical attacks on the U.S. electric grid. Homepage position:  10 read more View full post on […]

View full post on The Cyber Wars

National Security Agency creates security design based on Android

America’s intelligence agency, the National Security Agency (NSA), today disclosed how it’s going to handle mobile security.

The NSA has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn’t want to be wedded to any particular smartphone operating system. But its current “Fishbowl” phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA’s information assurance directorate, who spoke about the so-called “Fishbowl” project, which today focuses on voice use of smartphones, at a session here today at the RSA Conference.

“We wanted to use the commercial standards that are out there,” said Margaret Salter, technical director in NSA’s information assurance directorate. “We wanted plug and play — but that was hard.” The NSA also wants interoperability in order not to be trapped in vendor ok-in, but this is turning out to be hard to achieve.

The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present.

IPSec VPN rather than SSL VPN

NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means “the voice call is doubly encrypted,” Salter said. “There’s VoIP encryption and IPsec encryption.”

The NSA is relying on a alphabet soup of standards for its Fishbowl smartphones: Suite B IPSec, IKE v.2, Elliptic Curve Diffie-Hellman, Elliptic Curve DSA, the SHA2 hash, all well-known in security circles. The NSA contracted to build some elements of its Fishbowl smartphone prototypes on Motorola Android since what it wants isn’t commercially available. But NSA wants it to be, and to that end is releasing the basic architecture with the hope the high-tech industry will get on board in software design. The NSA also has included a so-called “police app” to make sure everything is in place on the smartphone as it should be, said Salter. She noted a number of the NSA employees in the room were now carrying their Fishbowl phones with them, which she said showed surprisingly little voice delay, even with double encryption processes.

In publishing all its Fishbowl standards on the NSA website, “our hope is someone will show this to the vendors and say ‘I want that,’” said Salter.

The NSA plans to propose its mobile security design as an internationally-oriented Common Criteria standard, with the idea that products would start to make it through the NIAP labs. The Defense Information Systems Agency (DISA), which is responsible for large-scale practical networking deployments for the military, “is looking at copying this on a large scale,” said Salter. She added: “We’ll be standing up an enterprise app market,” noting that today there are a large number of people already writing apps for military purposes.

The mobile operating system question

Although NSA doesn’t want to be wedded to one mobile operating system platform, its investigations into suitable choices have so far led it to Google Android mainly because with it you can change the underlying OS, and with Apple iOS for example, you can’t, Salter noted. One change was made so digital certificates would be stored in a way NSA thinks is better.

“It’s not our intention to only use Android,” she adds. NSA has some misgivings about Android at any rate because the intelligence agency discovered that the phone manufacturers of Android smartphones are themselves changing the Android OS so much, that “Android is not Android. It’s whatever the maker of the phone decides to put in.” Salter said the NSA would be glad to see that aspect of Android somehow recede.

The NSA naturally already has various secure telephone systems, among them the older STU-III encryption phones. To get them all to work together, there will need to be some gateway systems, said Salter, and that’s one reason that mobile telephony traffic is being routed from an undisclosed carrier back to NSA, which is based in Ft. Meade, Md., so this interoperability can be achieved as well as various security and authentication checks.

Article source:

View full post on National Cyber Security » Computer Hacking

AlienVault creates centralised threat detection system

Open-source security information and event management (SIEM) vendor AlienVault has launched a new system for sharing threat intelligence among users of its OSSIM platform.

SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. While the technology is used widely, OSSIM claims to have the largest number of users — more than 18,000 and to be the only open source-based SIEM platform.

Previously, OSSIM threat intelligence could only be shared within individual organisations. However, AlienVault’s new Open Threat Exchange (AV-OTX) system allows intelligence to be shared among all its customers that opt to use the service, meaning that the threat data is far more comprehensive.

“Many of our large customers were coming to us and saying they needed a way to know what was going on in the wider community,” said Richard Kirk, Head of Europe for AlienVault. “They could see what was happening in their own network but they knew that they were only a small piece of the global community.”

AlienVault customers can opt to use the new service by downloading the latest version of OSSIM for free. The new version of OSSIM uploads a set of data from the local system to AlienVault’s secure cloud on an hourly basis. Some of the data will be automatically cleansed and validated, and the rest is reviewed by a group of scientists in AlienVault’s Research Lab, to ensure that only the most accurate and actionable intelligence is published.

That intelligence data is then distributed to all of the OSSIM users that have opted to use the service, allowing them to react quickly or take preventative measures against future threats.

AlienVault is not the only security firm to offer a central threat detection system. Symantec, McAfee and Trend Micro also collect intelligence data from their customers in order to detect threats early and respond quickly. However, Kirk claims that these companies are only looking at one small slice of what’s going on.

“In the case of McAfee, for example, all they’re looking at is anti-virus information,” said Kirk. “It’s very sophisticated what they do, because they collect and process anti-virus information from all of the clients that they have, but at the end of the day it’s only anti-virus. They’re not looking at intrusion detection, they’re not looking at firewall information, they’re not looking at proxy servers, web servers, all those things. Only an SIEM platform can do that.”

AlienVault expects the new system to be particularly attractive to telecoms companies, that run networks on behalf of large banks or industrial companies, as it allows them to automate the monitoring and protection of all those systems across the board.

“Internet threats are global by nature and they need to be countered from an equally global perspective,” said Jose Luis Gilperez, director of product development and security innovation at Telefonica Digital, a customer of AlienVault.

“With the AlienVault Open Threat Exchange, an attack on any part of our network or on any member of the AV-OTX community alerts everyone in the community and helps us all respond to threats far more effectively.”

Article source:

View full post on National Cyber Security » Computer Hacking

Fujitsu creates antivirus virus for Japanese government

Fujitsu has developed code for the Japanese government that will destroy malware and collect information on its creators.

The government decided to investigate the possibilities of such code in 2005, and three years later the Defense Ministry’s Technical Research and Development Institute awarded Fujitsu a ¥178.5m ($2.3m) contract to develop it. The software has now been completed and is undergoing testing in a closed network environment, the Yomiuri Shimbun reports.

The code is designed to identify malware, chiefly that which is used to set up a botnet, and can both eliminate it on the host PC and also identify which computer the malware came from, then attempt to erase the code at source. The software has also shown more limited utility at identifying key loggers and other code designed to steal data.

Sources in the government told the paper that the code would be used to identify the origin of infections for domestic systems and not used overseas, since Japanese law makes it difficult to use such tools outside of national borders. However, the Defense Ministry and Foreign Ministry have begun legislative consideration regarding the matter.

The code itself shouldn’t be too hard to develop, since the malware industry already turns out software that checks for competing code on infected machines and deletes it. However, Graham Cluley, senior technology correspondent at Sophos, gave the idea a resounding thumbs-down.

“There have been a few attempts in the past to create ‘good’ viruses,” he writes. “The Cruncher virus, for instance, was designed to save disk space by compressing files, and Mark Ludwig’s KOH virus tried to win the title of a ‘good virus’ by encrypting hard drive data. And we’ve even seen malware that is designed to find child abuse images and report its discoveries to the authorities. But the simple truth is that none of them have needed to be viral to deliver their positive benefit.” ®

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Page 1 of 212»

My Twitter

  • The latest The Ciber Crime Daily! Thanks to @GregoryDEvans @HasvdRiet @twbriggs
    about 8 hours ago
  • RT @GregoryDEvans: Are LGBT Students Safe? – Leadership 360 – Education Week
    about 9 hours ago
  • RT @GregoryDEvans: 8 New Uses For Old Things Around The House, According To Toddlers #security #hacker #HTCS
    about 15 hours ago
  • RT @GregoryDEvans: 8 New Uses For Old Things Around The House, According To Toddlers #security #hacker #HTCS
    about 15 hours ago
  • Cyber Security News Today is out! @gregorydevans #hacker
    about 15 hours ago By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans