The Week(s) that Was (Were) - 8/31/2012

It's been a tough couple of weeks, sports fans.  I've not been good about keeping up on INFOSEC current events and sharing them out with you.  Here is a backlog that has a big blind spot from last week.  Feel free to make any article suggestions I should include from the blind spot and I'll get them next week. There was a lot of talk about infrastructure in this batch. [12],[18],[22]  This is always a tricky subject to discuss. You want to discuss the weakness without drawing too much attention to them.  I think we all acknowledge there is much room for improvement in our infrastructure control network.  These are just the latest observations.

The potential attack vector on human brainwaves is a little unnerving, but you can probably find all of that on Facebook anyway. [7], [10]  And speaking of brainwaves, Mr. Jack Daniel has some interesting insight on how to market to us INFOSEC types.  [9]

Link Dump

E. Chickowski, “ABCs Of Factoring Risk Into Cloud Service Decisions,” Dark Reading. [Online]. Available: [Accessed: 31-Aug-2012].
K. Jackson-Higgins, “Crypto Experts Called On To Crack Cyberspy Tool’s Encryption,” Dark Reading, 14-Aug-2012. [Online]. Available: [Accessed: 15-Aug-2012].
T. Walsh, “Excellence in Risk Management IX: Bridging the Gap: Be Visible, Be Valuable, Be Strategic.” March & McLennan Companies, 16-Apr-2012.
C. Osborne, “FTC accuses Facebook of misleading developers over security,” ZDNet, 13-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
B. Krebs, “Inside a ‘Reveton’ Ransomware Operation,” Krebs on Security, 12-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
“iOS Security.” Apple, Inc., May-2012.
P. F. Roberts, “Leaky web sites provide trail of clues about corporate executives,” IT World, 13-Aug-2012. [Online]. Available: [Accessed: 15-Aug-2012].
P. C. Pinto, P. Thiran, and M. Vetterli, “Locating the Source of Diffusion in Large-Scale Networks,” Phys. Rev. Lett., vol. 109, no. 6, p. 068702, Aug. 2012.
J. Daniel, “Marketing to the cynical, skeptical, and jaded (us),” Uncommon Sense Security. 13-Aug-2012.
J. Schofield, “‘Mind hackers’ could get secrets from your brainwaves,” ZDNet, 27-Aug-2012. [Online]. Available: [Accessed: 28-Aug-2012].
T. Armerding, “Mysterious font left by malware befuddles -,” CSO Online, 14-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
D. Goodin, “Mystery malware wreaks havoc on energy sector computers,” Ars Technica. [Online]. Available: [Accessed: 17-Aug-2012].
E. Messmer, “New NIST encryption guidelines may force fed agencies to replace old websites,” Network World, 15-Aug-2012. [Online]. Available: [Accessed: 17-Aug-2012].
A. Lane, “Pragmatic WAF Management: Policy Management,” Securosis, 13-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
B. Schneier, “Preventive vs. Reactive Security,” Schneier on Security, 13-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
R. Lemos, “Researchers Hunt Sources Of Viruses, Memes,” Dark Reading, 14-Aug-2012. [Online]. Available: [Accessed: 15-Aug-2012].
D. Fisher, “Shamoon Malware Steals Data, Overwrites MBR,” ThreatPost, 16-Aug-2012. [Online]. Available: [Accessed: 17-Aug-2012].
“Simulation: what if digital WMDs attack America?,” KurzweilAl, 11-Aug-2012. [Online]. Available: [Accessed: 14-Aug-2012].
E. Messmer, “Startup envisions CISO collective to share cyberattack information,” Network World, 14-Aug-2012. [Online]. Available: [Accessed: 16-Aug-2012].
S. Garfinkel, “The iPhone Has Passed a Key Security Threshold,” Technology Review, 13-Aug-2012. [Online]. Available: [Accessed: 13-Aug-2012].
“The Mystery of the Encrypted Gauss Payload,”, 14-Aug-2012. [Online]. Available: [Accessed: 15-Aug-2012].
R. M. Baum, “U.S. Needs To Spend More On Infrastructure,” Chemical and Engineering News, 16-Jul-2012. [Online]. Available: [Accessed: 14-Aug-2012].
S. Baker, “US-China ‘proxy’ talks on cyberweapons,” The Volokh Conspiracy, 02-Jul-2012. [Online]. Available: [Accessed: 13-Aug-2012].