The Week That Was - 10/22/2012

Welcome back, sports fans!  We've got a decent sized list of links this week.  One of the threads I picked up on was some lingering commentary on the Huawei and ZTE revelation last week.  And when I say revelation, I mean that the mainstream media recently picked up on it.  First, China rounded up 9,000 cyber criminals and the timing was pretty blatant, but maybe that was the point.  [4]  Thomas Claburn discusses how Huawei and ZTE might rebuild some of the trust they've lost.  [23-24], [27]  I've got to ask myself does it matter?  Could the edge devices have already served their purpose?  Discuss amongst yourselves. ThreatPost had an interesting article on gathering threat intelligence with open tools. [11]  Dennis Fisher listed some interesting resources there.  Most interesting to me was the Silobreaker tool.  [20]  I've not used it but it seems like it has a lot of potential applications.  I'd love to get some time to experiment with it.

Lastly, I need to talk about risk.  There is a new Risk Hose episode out and I'm ashamed to say I've not yet listened to it.  [7]  There have also been some interesting articles over on the SIRA blog.  Jeff Lowder has been ranting on ordinal abuse.  [13], [22], [26]  Apparently, you'll go blind if you do it too much.  Seriously though, it's good stuff.  On the surface it might seem like trivial semantic hair-splitting, but I don't think it is.  You can't effectively describe the advantages of one approach while lacking the ability to describe the deficiencies of the alternatives.  Understanding measurement types gives you the insight necessary.

Link Dump

B. Prince, “Adobe Bolsters Security In Reader, Acrobat XI,” Dark Reading, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
S. Sharwood, “Apple banishes Java from Mac browsers,” The Register, 19-Oct-2012. [Online]. Available: [Accessed: 19-Oct-2012].
P. Roberts, “BYOD: Filling The Holes In Your Security Policy,” Dark Re, 15-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
P. Muncaster, “Chinese arrest 9,000 cyber-crims,” The Register, 16-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
B. Krebs, “Critical Java Patch Plugs 30 Security Holes,” Krebs on Security, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
C. Osborne, “Cyberthieves steal $400,000 from Bank of America,” CNet News, 16-Oct-2012. [Online]. Available:$400000-from-bank-of-america/. [Accessed: 18-Oct-2012].
A. Hutton and J. Lowder, “Episode 28: Deep Thoughts with Risk Hose - The Risk Hose Podcast,” Risk Hose Podcast, 18-Oct-2012. [Online]. Available: [Accessed: 19-Oct-2012].
D. Fisher, “Eugene Kaspersky Unveils Plans for New Secure SCADA OS,” ThreatPost, 16-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
C. Farivar, “FCC says Big Cable can now encrypt TV signals to halt ‘service theft’,” Ars Technica, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
J. Leyden, “‘Four horsemen’ posse: This here security town needs a new sheriff,” The Register, 18-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
D. Fisher, “Gathering Threat Intelligence With Open Tools,” ThreatPost, 15-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
I. Thompson, “IBM claims first with Hadoop data security suite,” The Register, 18-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
J. Lowder, “Is Probability Even Compatible with an Ordinal Scale? Probably Not,” Society of Information Risk Analysts, 15-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
R. Lemos, “Keeping Data Out Of The Insecure Cloud,” Dark Reading, 15-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
“Kosovo group claims hack of US weather service.” [Online]. Available: [Accessed: 19-Oct-2012].
“Level of measurement,” Wikipedia, the free encyclopedia, 15-Oct-2012. [Online]. Available: [Accessed: 17-Oct-2012].
“New NIST software checks performance of biometrics applications against 2011 standard.” [Online]. Available: [Accessed: 18-Oct-2012].
“Nissan steer-by-wire cars set for showrooms by 2013,” BBC News, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
“Security experts sound medical device malware alarm.” [Online]. Available: [Accessed: 19-Oct-2012].
“Silobreaker,” Silobreaker, 15-Oct-2012. [Online]. Available: [Accessed: 16-Oct-2012].
C. Brook, “Survey: SMBs Remain Blissfully Unfazed by Cyberthreats,” ThreatPost, 18-Oct-2012. [Online]. Available: [Accessed: 19-Oct-2012].
J. Lowder, “Three Good Sources about Levels of Measurement,” Society of Information Risk Analysts, 16-Oct-2012. [Online]. Available: [Accessed: 17-Oct-2012].
T. Claburn, “What Huawei, ZTE Must Do To Regain Trust,” Dark Reading, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].
T. Claburn, “What Huawei, ZTE Must Do To Regain Trust,” InformationWeek, 17-Oct-2012. [Online]. Available: [Accessed: 22-Oct-2012].
R. Stiennon, “Why risk management fails in IT,” Network World, 16-Oct-2012. [Online]. Available: [Accessed: 19-Oct-2012].
J. Lowder, “Why Risk Management Is Unavoidable in IT and How It Can Succeed--Part 1,” Society of Information Risk Analysts, 18-Oct-2012. [Online]. Available: [Accessed: 19-Oct-2012].
P. Muncaster, “ZTE drops spy tech subsidiary,” The Register, 17-Oct-2012. [Online]. Available: [Accessed: 18-Oct-2012].