Edward Snowden: ‘Governments can reduce our dignity to that of tagged animals’. From Guardian. In this foreword from The Assassination Complex, a new book about drone warfare, the whistleblower explains why leaking information about wrongdoing is a vital act of resistance. One of the challenges of being a whistleblower is living with the knowledge that people continue to sit, just as you did, at those desks, in that unit, throughout the agency; who see what you saw and comply in silence, without resistance or complaint. They learn to live not just with untruths but with unnecessary untruths, dangerous untruths, corrosive untruths. It is a double tragedy: what begins as a survival strategy ends with the compromise of the human being it sought to preserve and the diminishing of the democracy meant to justify the sacrifice.
Samsung Smart Home flaws let hackers make keys to front door. From ArsTechnica. Computer scientists have discovered vulnerabilities in Samsung’s Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world. The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things (IoT) platforms for connecting electronic locks, thermostats, ovens, and security systems in homes. The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren’t easily fixed. They went on to say that consumers should think twice before using the system to connect door locks and other security-critical components.
On Cyber Security, Non-Executive Directors Had Better Speak Up. From Forbes. The cyber threat posed to corporations needs little explanation these days. The potential impact of an attack is so great as to threaten the very existence of some businesses and to cause severe losses to others. Had Sony or Saudi Aramco been retailers with average cash reserves, the loss of their entire networks as the result of attacks might have proven existential given the length and depth of their cyber crises. The data losses suffered by Target and Heartland were significant enough, but to add insult to injury, the remaining directors of these companies and others are now subject to shareholder derivative and securities lawsuits—This despite being victims of a crime. For most corporations, it is generally understood that this is no longer an exotic risk buried in the detail of risk register to be left to the IT Department. Rather it is a very significant challenge of direct concern to the board.
Sources: Trump Hotels Breached Again. From KrebsOnSecurity (Archived, April 4 2016). Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year. A representative from Trump Hotels said the organization was investigating the claims. “We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”
- What is Zero Trust Network Segmentation? From Palo Alto Networks. The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. There is inadequate visibility, control and protection of user and application traffic transiting high-risk network boundaries, and an outdated assumption that everything on the inside of an organization’s network should be trusted. The Zero Trust architecture approach, first proposed by Forrester Research, is intended to address this by promoting “never trust, always verify” as its guiding principle. With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets — regardless of what it is and its location on or relative to the corporate network. By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, you can protect critical intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout your network.