DHS

(get it in RSS or Atom)

Report shows US federal agencies are failing to employ very basic security measures

US federal agencies. Image courtesy of Shutterstock

Everything from passwords being left around on desks to computers missing critical patches to sensitive data being stored on unencrypted laptops. Believe it or not - that's just the 'tame' stuff. It gets worse. Much worse.

US court dismisses suit brought against border laptop searches

US court dismisses suit brought against border laptop searches‏

A US federal court in New York closed out the year by saying that it's OK for the government to search travelers' electronic devices at border checkpoints without reasonable suspicion that people have done anything wrong, given that "reasonable" takes on a whole new dimension when you're talking about the crucial zone of border crossings.

US Homeland Security must disclose 'internet kill switch', court rules

US Homeland Security must disclose 'internet kill switch', court rules

The kill switch - aka Standard Operating Procedure 303 - describes a shutdown and restoration process for wireless networks in the event of a national crisis that would prevent, among other things, the remote triggering of radio-activated explosives.

$80 million yacht hijacked by students spoofing GPS signals

$80 million yacht hijacked by students spoofing GPS signals

Students from the University of Texas/Cockrell School of Engineering successfully managed to spoof a ship's GPS signals, sending counterfeit signals that slowly, subtly overpowered the authentic GPS signals until the ship ultimately came under their control

White House mulls waving cash at businesses to get them to beef up cybersecurity

White House mulls waving cash at businesses to get them to beef up cybersecurity

Specifically, the US government is reportedly thinking about tax breaks, insurance perks and limited lawsuit protection for organizations that opt in to standards that are now getting hammered out.

DHS to set up $6 billion one-stop security shop for government agencies

DHS to set up $6 billion one-stop security shop for government agencies

A fund of up to $6 billion has been set aside by the US Department of Homeland Security (DHS) to build a central repository of security tools and expertise for government use.

US upholds the right to search your laptop at the border without warrant

US upholds the right to search your laptop at the border without warrant

A statement put out by the Department of Homeland Security says that hunches and intuition are enough to justify warrantless searches, and it's not explaining anything much beyond that. It goes on to provide Constitutional analysis that's mostly redacted.

TDoS attacks target US emergency call centers

TDoS attacks target US emergency call centers

The FBI and DHS are seeing dozens of attacks on ambulance and hospital communication lines as extortionists demand $5,000 for supposedly unpaid payday loans.

"Unless it is absolutely necessary to run Java in web browsers, disable it", DHS-sponsored CERT team says

Even if you've patched, it may be time to turn Java off in your browser

Can you really justify having Java installed on your main web browser any more? Even if you have installed the latest security patch?

It's time to rip Java out of your browser for better security... unless you have a really good reason not to.

Monday review - the hot 22 stories of the week

dow-250

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Apple and Mozilla - 'Just say no to Java'

New security hole found in multiple Java versions

After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.

DHS website falls victim to hacktivist intrusion

DHS website falls victim to hacktivist intrusion

Hacktivist group NullCrew recently announced a succesful intrusion against a website in the DHS.GOV domain hierarchy.

It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.

Hackers pwn the sun - Exploit code released for software used to manage solar energy plants

Hackers p4wn the sun: release exploit code for photovoltaic system software

The US Department of Homeland Security has issued an alert that hackers have released proof of concept exploit code for vulnerabilities in a common SCADA software package used to manage solar energy systems.

Black Hat - Smashing the future for fun and profit

BlackHatSil250

A summary from the first panel session of Black Hat 2012 where infosec luminaries Jeff Moss, Adam Shostack, Bruce Schneier and Marcus Ranum tackled the role of government in securing the internet.

Hidden government scanners could soon analyze your every molecule

Hidden government scanners could soon analyze your every molecule

The US Department of Homeland Security (DHS) are planning on new-style airport security which will be able to beam a laser at us from 164 feet away. Without having to pat us down, without us even knowing it's happening.

Drone hijacked by hackers from Texas college with $1,000 spoofer

uav_thumb

University researchers have hacked and hijacked a drone, after officials from the Department of Homeland Security offered them $1,000 to try.

Interest in Cryptocat spikes following developer's interrogation at US border

cryptocat_thumb

Interest in a free, encrypted web chat service called Cryptocat has spiked following the detainment and interrogation of its developer at the US border.

Interview with SCADA hacker pr0f about the state of infrastructure security

Goatse hacker pleads guilty to stealing iPad user data

After writing about the hacking of SCADA systems I was contacted by one of the hackers, pr0f. I interviewed him via email to get his thoughts on how secure our critical infrastructure really is.

US SCADA infrastructure woefully unprotected

CCWaterTowerchristinejwarner250

An attack that allegedly destroyed a pump at a municipal water processing facility has raised alarms about the security of critical infrastructure in the United States.

DHS and NIST proposal suggests American ISPs should assist in stopping botnets

iStock_CircuitBadge250

The US government is following in the footsteps of Germany, Japan and Australia by proposing that ISPs should attempt to detect botnet infected PCs and notify their owners.