LATEST FBI CERT VULNERABILITIES

The latest vulnerabilities and updates (the hack and patch) from the FBI’s Computer Emergency Readiness Team:

Microsoft Releases Security Advisory 977544

more

SSL and TLS Vulnerable to Man-in-the-middle Attacks

more

Apple Releases Safari 4.0.4

more

NATIONAL CYBER ALERT SYSTEM BULLETINS

The latest cybersecurity alert bulletins from the FBI:

SB09-320: Vulnerability Summary for the Week of November 9, 2009

more

SB09-313: Vulnerability Summary for the Week of November 2, 2009

more

SB09-306: Vulnerability Summary for the Week of October 26, 2009

more

CYBER SECURITY ALERTS

US-CERT Cyber Security Alerts:

TECHNICAL

TA09-314A: Microsoft Updates for Multiple Vulnerabilities

more

TA09-294A: Oracle Updates for Multiple Vulnerabilities

more

TA09-286B: Adobe Reader and Acrobat Vulnerabilities

more

NEW THREATS

US-CERT Recently Published Vulnerability Notes:

VU#632633: Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32

more

VU#120541: SSL and TLS protocols renegotiation vulnerability

more

VU#654545: Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

more

BLOG

Debunking the Growing Use of Misleading Claims and False Truisms in Cybersecurity: Wind River and Goggle Android Examples (Release)

more

Cyber Secure Institute Calls Wired Magazine’s “2009 Smart List” Idea “Forget Medical Privacy” Profoundly Stupid (Release)

more

Cyber Secure Institute Releases Preliminary Analysis of the National Institute of Standards and Technology’s Newly Announced Recommended Security Controls for Federal Information Systems and Organizations

more


The White House, the Pentagon, power grids, all have been compromised. If these systems can be hacked no system is secure. You, your family, your company could be next.

Why? Because, the technologies we depend on to secure our nation, drive our economy, run our companies and live our lives are all fundamentally insecure.

In fact, these technologies, despite claims of security, are actually certified by the federal government as insecure; the National Security Agency and the National Institute for Standards and Technology have certified that these technologies are only secure against inadvertent and non-hostile threats. But the cyber attackers we face today are serious, sophisticated, technologically-advanced bad actors with hostile intent—the Chinese Military, the Russian mafia, corporate espionage spies, and disgruntled IT insiders.

We are in constant race between the hackers and the patchers (the IT staffers who run behind the hackers trying to fill the gaps as they learn of them). And, we are losing:

  • Every year cyber attacks cost the U.S. economy $226 billion.1
  • Every month identity theft affects more than 33,333 American children.2
  • Every day up to 5 million fraudulent phishing emails are sent.3
  • Every three seconds someone’s identify is stolen.4

This needs to change.

The goal of the Cyber Secure Institute is to help bring about that change. We will do so by raising awareness of the cyber threats we face; raising the bar for cybersecurity technologies, and driving the development and deployment of truly effective—cyber secure—technologies.

1CRS, The Economic Impact of Cyber-Attacks, April 1, 2004.

2http://www.cbsnews.com/stories/2007/05/26/scitech/pcanswer/main2855324.shtml

3http://www.antiphishing.org

4Cybersecurity and Consumer Data, Hearing Before the Subcommittee on Commerce, Trade and Consumer Protection, Committee on Energy and Commerce, Nov. 19, 2003.

One of the primary purposes of the Cyber Secure Institute is to drive the development of inherently secure technologies and to push the deployment of these technologies. The Institute is looking to identify technologies that qualify for certification as Cyber Secure. Technology providers are encouraged to submit technologies to us for consideration.

Membership Page

CIO Blog

The Cyber Secure Institute CIO Blog

The Cyber Secure Institute has launched a new CIO Blog, which focuses on more technical aspects in developing and deploying inherently secure technologies.

The blog can be found HERE.

LATEST NEWS

11.18.09

Infosecurity Magazine: Los Alamos fails to toe information security line again

Los Alamos National Laboratory has spent $45 million on information security for its classified computer network in the past eight years, but it is still inadequate, according to a report from the Government Accountability Office.

Read More

11.16.09

Computer World: Obama said to be close again to naming cybersecurity chief

The Obama administration is once again reported to be close to naming a White House cybersecurity coordinator. A story in the Federal Times, quoting unnamed sources, said that an announcement could come as soon as Thanksgiving.

Read More

SC Magazine: Mass Mutual database accessed without authorization

The personal information about employees of Springfield, Massachusetts-based insurance provider, Mass Mutual might be at risk after a company database was accessed by an individual without authorization.

Read More

11.13.09

Dark Reading: New Flash Attack Has No Real 'Fix'

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.

Read More

11.12.09

Computer World: PCI DSS: No Angel, But Certainly Not the Devil

Security luminaries Anton Chuvakin and Ben Rothke explain why 451 Group analyst Josh Corman is off his rocker when he compares PCI security to a devil and "No Child Left Behind."

Read More

Dark Reading: 'Likely' Windows Kernel Vuln Addressed By Latest Microsoft Patch

Weighing in at about half the size of its giant October security patch, Microsoft's November security patch includes six security bulletins to address 15 vulnerabilities in Windows, Windows Server and Microsoft (NSDQ: MSFT) Office.

Read More

VIDEO

Staged cyber attack reveals vulnerability in power grid

Watch video of the DHS Aurora Project showing the vulnerability of power generators and grids through SCADA systems.

View