The Week That Was - 2013-05-13

I have a decent sized batch of links for you all this week.  As a warning, I'll occasionally wander out of the purely INFOSEC or risk realms.  There are a couple of those items thrown in this week.  It's important to look around at other subjects to give us perspective and insight.  Part of that extra perspective this week comes from a guest appearance by Superchunk (with some NSFW lyrics). But, I'll still focus mostly on the INFOSEC side of things.  For example, SQL Injection is still a favorite.  [1]  The bad guys like it because it works.  There's no sense in working harder when smarter gets you there faster.  Web application security continue to be an important block in the foundations of our security programs.

While web application security has been a part of our basic INFOSEC blocking and tackling for some time, mobile devices are quickly becoming another fundamental area we need to master.  This week had one notable development in the mobile department.  The U.S. Department of Defense has approved the Samsung KNOX platform for use in its networks on the Galaxy S4.  [25]  The KNOX platform sports containerization, encryption, and VPN support natively.  It's a brave new world, everyone.

And Big Brother is a part of that new world as evidenced by a few stories I found this week.  [5], [9], [12]  Apple is collecting too much personal information according to the German courts.  No more location-based advertising for Apple when dealing with German citizens.  Also, The Happiest Place on Earth, takes a step towards creepy.  Now you and your entire family get RFID chipped at Disney World so the Mouse can herd you to the rides and attractions with the shortest lines.  Oh, and develop a pretty detailed consumer profile of your entire family while they're at it.  Finally, India has instituted a system to collect and monitor all mobile phone traffic and Internet traffic in the interest of national defense.  Some days, a quiet compound in the middle of Montana doesn't sound so bad.

Finally this week I'd like to point out that me and my Generation X cohorts aren't nearly as screwed up as you all thought we'd turn out.  [16]  In fact, we're doing a pretty good job of staying educated and we even plan to move our of our parents' basement next month.    Superchunk can explain further (Lyrics NSFW):

Link Dump

[1]  E. Chickowski, “10 Reasons SQL Injection Still Works,” Dark Reading, 08-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[2]  O. Räisänen, “A determined ‘hacker’ decrypts RDS-TMC,” Absorptions, 04-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[3]  “Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China 2013,” May-2013. [Online]. Available:

[4]  T. Wilson, “Anonymous, LulzSec, OpUSA Plan Broad Attacks On Government Agencies, Banks On Tuesday,” Dark Reading, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[5]  L. Whitney, “Apple ordered by German court to change its privacy rules,” CNET, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[6]  E. Weese, “Battelle helping Bechtel destroy chemical weapons at plant in Kentucky - Columbus - Business First,” Columbus Business First, 08-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[7]  D. Hubbard, “Breaking news: Traffic from Syria Disappears from Internet,” Umbrella Security Labs, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[8]  J. Morariu and A. Emery, “Conquering the Dusty Shelf Report: Data Visualization for Evaluation,” Visualizing Data, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[9]  M. Phillips, “Disney’s $1 billion plan to take even more of your money at Disney World,” Quartz, 08-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[10]  “Done is better then perfect,” VizWiz, 08-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[11]  D. Hamermesh, “Font Improvement,” Freakonomics, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[12]  P. Muncaster, “India introduces Central Monitoring System,” The Register, 08-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[13]  B. Schneier, “Intelligence Analysis and the Connect-the-Dots Metaphor,” Schneier on Security, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[14]  R. Cave, “Into the Rabbit Hole: Protocol Anomaly Detection,” Solutionary Minds, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[15]  L. Mirani, “It’s not just about China and America—smaller countries want to wage cyberwar too,” Quartz, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[16]  “Live and learn: Most GenXers continue their education.” [Online]. Available: [Accessed: 07-May-2013].

[17]  M. Lee, “Meeting aliens will be nothing like Star Trek—fact,”, 08-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[18]  “Microsoft confirms zero-day vulnerability exploiting IE8,” Network World, 06-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[19]  J. Leyden, “Microsoft plasters IE8 hole abused in nuke lab PC meltdown,” The Register, 09-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[20]  S. Gallagher, “Network Solutions seizes over 700 domains registered to Syrians,” Ars Technica, 08-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[21]  C. Mims, “New Zealand isn’t exactly outlawing software patents—it’s doing something more interesting,” Quartz, 09-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[22]  R. Beckhusen, “Pentagon Wants ‘Human Surrogate’ for Ray Gun Tests,” Danger Room, 08-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[23]  P. M. Sandman, “Peter Sandman: Guestbook 2013,” The Peter Sandman Risk Communication Website, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].

[24]  “Prolexic Tracks More Than 47 Million DDoS Attack Bots Worldwide; Public Portal Now Available,” Dark Reading, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[25]  M. Mimoso, “Samsung’s Secure Version of Android Gets DoD Blessing,” Threatpost, 06-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[26]  G. Cook, “Secrets of the Criminal Mind: Scientific American.” [Online]. Available: [Accessed: 07-May-2013].

[27]  T. Woody, “Tesla hits its first profitable quarter and sets its sights on Europe and Asia,” Quartz, 09-May-2013. [Online]. Available: [Accessed: 09-May-2013].

[28]  S. Musil, “U.S. says Chinese government behind cyberespionage,” CNET, 06-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[29]  C. Farivar, “US financial regulator: We could regulate Bitcoin ‘if we wanted’,” Ars Technica, 07-May-2013. [Online]. Available: [Accessed: 07-May-2013].

[30]  L. Brassell-Cicchini and C. Laufer, “Worst-Case Planning: 10 Steps to Effective Crisis Response,” Risk Management, 07-May-2013. [Online]. Available: [Accessed: 08-May-2013].