Everything from passwords being left around on desks to computers missing critical patches to sensitive data being stored on unencrypted laptops. Believe it or not - that's just the 'tame' stuff. It gets worse. Much worse.
A US federal court in New York closed out the year by saying that it's OK for the government to search travelers' electronic devices at border checkpoints without reasonable suspicion that people have done anything wrong, given that "reasonable" takes on a whole new dimension when you're talking about the crucial zone of border crossings.
The kill switch - aka Standard Operating Procedure 303 - describes a shutdown and restoration process for wireless networks in the event of a national crisis that would prevent, among other things, the remote triggering of radio-activated explosives.
Specifically, the US government is reportedly thinking about tax breaks, insurance perks and limited lawsuit protection for organizations that opt in to standards that are now getting hammered out.
A fund of up to $6 billion has been set aside by the US Department of Homeland Security (DHS) to build a central repository of security tools and expertise for government use.
A statement put out by the Department of Homeland Security says that hunches and intuition are enough to justify warrantless searches, and it's not explaining anything much beyond that. It goes on to provide Constitutional analysis that's mostly redacted.
The FBI and DHS are seeing dozens of attacks on ambulance and hospital communication lines as extortionists demand $5,000 for supposedly unpaid payday loans.
"Unless it is absolutely necessary to run Java in web browsers, disable it", DHS-sponsored CERT team says
Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch?
It's time to rip Java out of your browser for better security... unless you have a really good reason not to.
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Hacktivist group NullCrew recently announced a succesful intrusion against a website in the DHS.GOV domain hierarchy.
It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.
The US Department of Homeland Security has issued an alert that hackers have released proof of concept exploit code for vulnerabilities in a common SCADA software package used to manage solar energy systems.
A summary from the first panel session of Black Hat 2012 where infosec luminaries Jeff Moss, Adam Shostack, Bruce Schneier and Marcus Ranum tackled the role of government in securing the internet.
The US Department of Homeland Security (DHS) are planning on new-style airport security which will be able to beam a laser at us from 164 feet away. Without having to pat us down, without us even knowing it's happening.
Interest in a free, encrypted web chat service called Cryptocat has spiked following the detainment and interrogation of its developer at the US border.
After writing about the hacking of SCADA systems I was contacted by one of the hackers, pr0f. I interviewed him via email to get his thoughts on how secure our critical infrastructure really is.
An attack that allegedly destroyed a pump at a municipal water processing facility has raised alarms about the security of critical infrastructure in the United States.
The US government is following in the footsteps of Germany, Japan and Australia by proposing that ISPs should attempt to detect botnet infected PCs and notify their owners.