Featured Articles
Experts warn of shortage of U.S. cyber pros
NEW YORK (Reuters) - Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks at a time when attacks are on the rise.
Symantec Corp Chief Executive Enrique Salem told the Reuters Media and Technology Summit in New York that his company was working with the U.S. military, other government agencies and universities to help develop new programs to train security professionals.
"We don't have enough security professionals and that's a big issue. What I would tell you is it's going to be a bigger issue from a national security perspective than people realize," he said on Tuesday.
Jeff Moss, a prominent hacking expert who sits on the U.S. Department of Homeland Security Advisory Council, said that it was difficult to persuade talented people with technical skills to enter the field because it can be a thankless task.
"If you really look at security, it's like trying to prove a negative. If you do security well, nobody comes and says 'good job.' You only get called when things go wrong."
The warnings come at a time when the security industry is under fire for failing to detect increasingly sophisticated pieces of malicious software designed for financial fraud and espionage and failing to prevent the theft of valuable data.
Moss, who goes by the hacker name "Dark Tangent," said that he sees no end to the labor shortage.
"None of the projections look positive," said Moss, who serves as chief security officer for ICANN, a group that helps run some of the Internet's infrastructure. "The numbers I've seen look like shortages in the 20,000s to 40,000s for years to come."
Reuters last month reported that the National Security Agency was setting up a new cyber-ops program at select universities to expand U.S. cyber expertise needed for secret intelligence operations against computer networks of adversaries. The cyber-ops curriculum is geared to providing the basic education for jobs in intelligence, military and law enforcement.
The comments echo those of other technology industry executives who complain U.S. universities do not produce enough math and science graduates.
U.S. defense contractor Northrop Grumman Corp on Monday launched the first undergraduate honors program in cybersecurity with the University of Maryland to help train more workers for the burgeoning field.
Salem pointed to British banks as one industry already struggling to find enough network securityexperts.
"Because there's such a concentration of financial services companies there, there's not enough security expertise already in London. We see it. Banks can't find enough security professionals," he said.
Moss, who founded the Defcon and Black Hat hacking conferences that are held in Las Vegas each summer, said that U.S. government agencies are so desperate to fill positions that they are poaching security experts from private firms.
In some cases, security firms have retaliated by refusing to send their most talented cyber experts on government jobs for fear of losing them. Instead they send their "B Team" consultants, Moss said.
Some companies have even begun writing non-poaching clauses into their contracts with clients to guard against losing their top cybersecurity talent.
Government officials from normally secretive agencies, including the National Security Agency, FBI and U.S. military, attend Defcon each year to recruit gifted hacking geeks who they might not otherwise be able to identify.
(Additional reporting by Andrea Shalal-Esa; Editing by Steve Orlofsky, Phil Berlowitz and Ron Popeski)
Source: http://news.yahoo.com/experts-warn-shortage-u-cyber-pros-011408761--finance.html
Lockheed wins network deal worth up to $1.91 billion
WASHINGTON (Reuters) - Lockheed Martin Corp (LMT), the Pentagon's largest supplier, has won a contract worth up to $1.91 billion to manage the U.S. military's Global Information Grid networks on a day-to-day basis, the U.S. Defense Department said on Friday.
It said the contract would run for three years and included two two-year options, which if picked up would make the total price $1.91 billion.
The contract includes a mix of firm-fixed-price, fixed-price with incentive, cost-plus-incentive-fee, and cost-plus and fixed-fee pricing plans, according to the Pentagon's announcement in its daily digest of big weapons deals.
(Reporting By Andrea Shalal-Esa; Editing by Gary Hill)
Source: http://finance.yahoo.com/news/lockheed-wins-network-deal-worth-064210857.html?l=1
Drones, computers new weapons of US shadow wars
WASHINGTON (AP) — After a decade of costly conflict in Iraq and Afghanistan, the American way of war is evolving toward less brawn, more guile.
Drone aircraft spy on and attack terrorists with no pilot in harm's way. Small teams of special operations troops quietly train and advise foreign forces. Viruses sent from computers to foreign networks strike silently, with no American fingerprint.
It's war in the shadows, with the U.S. public largely in the dark.
In Pakistan, armed drones, not U.S. ground troops or B-52 bombers, are hunting down al-Qaida terrorists, and a CIA-run raid of Osama bin Laden's hide-out was executed by a stealthy team of Navy SEALs.
In Yemen, drones and several dozen U.S. military advisers are trying to help the government tip the balance against an al-Qaida offshoot that harbors hopes of one day attacking the U.S. homeland.
In Somalia, the Horn of Africa country that has not had a fully functioning government since 1991, President Barack Obama secretly has authorized two drone strikes and two commando raids against terrorists.
In Iran, surveillance drones have kept an eye on nuclear activities while a computer attack reportedly has infected its nuclear enrichment facilities with a virus, possibly delaying the day when the U.S. or Israel might feel compelled to drop real bombs on Iran and risk a wider war in the Middle East.
The high-tech warfare allows Obama to target what the administration sees as the greatest threats to U.S. security, without the cost and liabilities of sending a swarm of ground troops to capture territory; some of them almost certainly would come home maimed or dead.
But it also raises questions about accountability and the implications for international norms regarding the use of force outside of traditional armed conflict. The White House took an incremental step Friday toward greater openness about the basic dimensions of its shadowy wars by telling Congress for the first time that the U.S. military has been launching lethal attacks on terrorist targets in Somalia and Yemen. It did not mention drones, and its admission did not apply to CIAoperations.
"Congressional oversight of these operations appears to be cursory and insufficient," said Steven Aftergood, an expert on government secrecy issues for the Federation of American Scientists, a private group.
"It is Congress' responsibility to declare war under the Constitution, but instead it appears to have adopted a largely passive role while the executive takes the initiative in war fighting," Aftergood said in an interview.
That's partly because lawmakers relinquished their authority by passing a law just after the Sept. 11 terrorist attacks that essentially granted the White House open-ended authority for armed action against al-Qaida.
Secret wars are not new.
For decades, the CIA has carried out covert operations abroad at the president's direction and with congressional notice. It armed the mujahedeen in Afghanistan who fought Soviet occupiers in the 1980s, for example. In recent years the U.S. military's secretive commando units have operated more widely, even in countries where the U.S. is not at war, and that's blurred the lines between the intelligence and military spheres.
In this shroud of secrecy, leaks to the news media of classified details about certain covert operations have led to charges that the White House orchestrated the revelations to bolster Obama's national security credentials and thereby improve his re-election chances. The White House has denied the accusations.
The leaks exposed details of U.S. computer virus attacks on Iran's nuclear program, the foiling of an al-Qaida bomb plot targeting U.S. aircraft, and other secret operations.
Two U.S. attorneys are heading separate FBI investigations into leaks of national security information, and Congress is conducting its own probe.
It's not just the news media that has pressed the administration for information about its shadowy wars.
Some in Congress, particularly those lawmakers most skeptical of the need for U.S. foreign interventions, are objecting to the administration's drone wars. They are demanding a fuller explanation of how, for example, drone strikes are authorized and executed in cases in which the identity of the targeted terrorist is not confirmed.
"Our drone campaigns already have virtually no transparency, accountability or oversight," Rep. Dennis Kucinich, D-Ohio, and 25 other mostly anti-war members of Congress wrote Obama on Tuesday.
A few dozen lawmakers are briefed on the CIA's covert action and clandestine military activity, and some may ask to review drone strike video and be granted access to after-action reports on strikes and other clandestine actions. But until two months ago, the administration had not formally confirmed in public its use of armed drones.
In an April speech in Washington, Obama's counterterrorism chief, John Brennan, acknowledged that despite presidential assurances of a judicious use of force against terrorists, some still question the legality of drone strikes.
"So let me say it as simply as I can: Yes, in full accordance with the law — and in order to prevent terrorist attacks on the United States and to save American lives — the United States government conducts targeted strikes against specific al-Qaida terrorists, sometimes using remotely piloted aircraft, often referred to publicly as drones," he said.
President George W. Bush authorized drone strikes in Pakistan and elsewhere, but Obama has vastly increased the numbers. According to Bill Roggio of The Long War Journal, an online publication that tracks U.S. counterterrorism operations, the U.S. under Obama has carried out an estimated 254 drone strikes in Pakistan alone. That compares with 47 strikes during the Bush administration.
In at least one case the target was an American. Anwar al-Awlaki, an al-Qaida leader, was killed in a U.S. drone strike in Yemen in September.
According to a White House list released late last year, U.S. counterterrorism operations have removed more than 30 terrorist leaders around the globe. They include al-Qaida in East Africa "planner" Saleh Ali Saleh Nabhan, who was killed in a helicopter strike in Somalia.
The drone campaign is highly unpopular overseas.
A Pew Research Center survey on the U.S. image abroad found that in 17 of 21 countries surveyed, more than half of the people disapproved of U.S. drone attacks targeting extremist leaders in such places as Pakistan, Yemen and Somalia. In the U.S., 62 percent approved of the drone campaign, making American public opinion the clear exception.
The U.S. use of cyberweapons, like viruses that sabotage computer networks or other high-tech tools that can invade computers and steal data, is even more closely shielded by official secrecy and, arguably, less well understood.
Sen. John McCain, R-Ariz., has been a leading critic of the administration's handling of information about using computers as a tool of war.
"I think that cyberattacks are one of the greatest threats that we face," McCain said in a recent interview, "and we have a very divided and not very well-informed Congress addressing it."
Defense Secretary Leon Panetta and national security officials often talk publicly about improving U.S. defenses against cyberattack, not only on U.S. government computer systems but also against defense contractors and other private networks linked, for example, to the U.S. financial system or electrical grid. Left largely unexplained is the U.S. capacity to use computer viruses and other cyberweapons against foreign targets.
In the view of some, the White House has cut Congress out of the loop, even in the realm of overt warfare.
Sen. James Webb, D-Va., who saw combat in Vietnam as a Marine, introduced legislation last month that would require that the president seek congressional approval before committing U.S. forces in civil conflicts, such as last year's armed intervention in Libya, in which there is no imminent security threat to the U.S.
"Year by year, skirmish by skirmish, the role of the Congress in determining where the U.S. military would operate, and when the awesome power of our weapon systems would be unleashed has diminished," Webb said.
___
Online:
Pew Research Center: www.pewresearch.org
Source: http://news.yahoo.com/drones-computers-weapons-us-shadow-wars-125921790.html
Microsoft scrambles as it patches 26 bugs, warns users of active attacks
Hectic, info-packed Patch Tuesday as software maker yanks update, patches worm-ready flaw and tells customers to get some fixes manually
Computerworld - Microsoft on Tuesday patched 26 vulnerabilities, including one in Internet Explorer (IE) that's already being exploited. The company also warned customers of a new zero-day attack and quashed yet another instance of a bug that the Duqu intelligence-gathering Trojan leveraged.
The software maker also ditched one security update at the last minute and substituted another in its place, probably because the second was more serious.
Of Tuesday's seven security updates, three were rated "critical," Microsoft's top-most threat ranking, while the other four were marked "important," the next-most-serious label.
The 26 vulnerabilities -- one more than Microsoft last week told users to expect -- included 10 critical, 14 important and two judged "moderate" in the company's four-step scoring system.
Independent researchers almost unanimously pegged MS12-037 as the update Windows users should grab first.
The 13-bug patch collection affects all versions of IE, including IE10 on Windows 8 Consumer Preview, the February sneak peak that was superseded by the Review Preview two weeks ago.
"It's always important to get an IE update deployed," said Jason Miller, manager of research and development at VMware, as he cited the browser's popularity, especially in business, and thus the huge number of possible victims.
Microsoft admitted that one of the baker's dozen was already being exploited by hackers, raising the importance of applying the update immediately. "Microsoft is aware of limited attacks attempting to exploit the vulnerability," stated the company's advisory, which divulged no other details of the ongoing exploits. The vulnerability affects only IE8, the 2009 version that remains the most widely used version of Microsoft's browser.
A second vulnerability patched by MS12-037 has been publicly disclosed, Microsoft said.
Also included in the 13 was a critical vulnerability that French firm Vupen Security exploited to hack IE9 at March's Pwn2Own contest, where researchers face off against browsers for cash prizes. For its efforts, which featured a hack not only of IE9 but also Google's Chrome, the Vupen team took home $60,000.
Last week, Andrew Storms, director of security operations at nCircle Security,bet that the Vupen bug would be patched this month. But Tuesday, he said it was too close to call between the IE update and a rival, MS12-036, for first-to-fix honors.
"Certainly, [MS12-036] makes it to the top of the worrisome list," said Storms.
That update, also rated critical, patches just one vulnerability in the Remote Desktop Protocol (RDP), a Windows component that lets users remotely access a PC or server. RDP is frequently used by corporate help desks, off-site users and IT administrators to manage servers at company data centers and those the enterprise farms out to cloud-based service providers.
Read the complete article here:
Adobe patches critical Flash bugs
Sandboxed plug-in for Firefox is also pushed out
By Gregg Keizer | Computerworld US | Published: 09:12, 11 June 2012
Adobe has patched seven critical vulnerabilities in Flash Player -- the fifth security update so far in 2012 -- and released a sandboxed plug-in for Mozilla's Firefox.
The company also released the "silent update" tool for OS X, and said it had prepped Flash for the upcoming OS X 10.8, aka Mountain Lion, by signing its code, a requirement if users are to install software downloaded from sources other than Apple's own Mac App Store.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," said Adobe in an advisory published on Friday.
The flaws were all over the map, and included memory corruption, integer and stack overflow, and security bypass bugs. One of the seven was tagged as a "binary planting" vulnerability in the Flash installer.
"Binary planting" is a synonym for what others call "DLL load hijacking," a bug class first uncovered nearly two years ago by HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit.
Because many Windows applications don't call DLLs using a full path name, instead using only the filename, hackers can trick an application into loading a malicious file with the same title as a required DLL.
Unlike the last Flash security update, which Adobe issued 4 May, these bug patches are for vulnerabilities that the company has not seen exploited in the wild.
Among those Adobe credited for reporting the vulnerabilities was a researcher from the Google Chrome team, another from Symantec and two engineers who work for Microsoft.
Microsoft and Adobe have been working even closer than usual of late: Last week, Microsoft announced that it had, with Adobe's help, integrated Flash Player into the Metro version of Internet Explorer 10 (IE10).
That move seemed to contradict Microsoft's earlier promise that it would not allow plug-ins -- Flash Player is probably the most widely-used browser plug-in on the planet -- in IE10 on Metro, the new tablet-oriented user interface (UI) within Windows 8 and the sole mode on Windows RT.
Read the complete article here:
http://news.techworld.com/applications/3362955/adobe-patches-critical-flash-bugs/
Building Your Own PC - The Advantages
by Musa Aykac
You might want to think about building your own PC if you are serious about computing. This can be particularly advantageous if you are into gaming, because it means you will have a system that is perfect for your needs. It can take quite a bit of time and effort to actually build a PC yourself, but once you have accomplished this task you will be very proud of yourself and will have a real sense of achievement. There is a lot of prestige to be had by building your own computer, and this is how it should be. If you are thinking of building yourself a PC then the following will explain some of the advantages of doing this.
You will know that what you end up with is going to be of high quality. When you buy a computer that has been manufactured by someone else you take a leap of faith. Maybe the assembler was having a bad day when your machine was put together, or maybe the company used some cheap parts. When you do this yourself, however, you are in charge of the parts that are used, and you can make sure that it is put together properly.
- The fact that you have assembled the computer yourself should make it a lot easier to fix things if they go wrong.
- The amount that you will learn when you build your own PC is astounding. This knowledge is going to benefit you in the future and will mean that you have a much better understanding of computers.
- It will be possible for you to make sure that your computer has the best gaming card and all the hardware that you will need for it and if you enjoy games this will be of huge benefit to you.
- You could end up with orders for other people if your PC building exercise is successful. You might even be able to turn this into a full time job depending how good you are at it. Who knows, you could be the next Michael Dell!
More Information:
When it comes to gaming cards, and R4 carte in particular, follow the link for a wealth of choice.
Source: http://www.PopularArticles.com/article274792.html