benrothke writes: Large enterprises have numerous information security challenges. Aside from the external threats; there's the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions (anti-virus, routers/switches, firewalls, IDS/IPS, ERP, access control, identity management, single sign on and others), often generating tens of millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with regulatory compliance issues placing an increasing burden, there needs to be a better way to manage all of this. Getting the raw hardware, software and people to create a SOC is not that difficult. The challenge, and it's a big challenge, is integrating those 3 components to ensure that a formal SOC can operate effectively. In Security Operations Center: Building, Operating, and Maintaining your SOC, authors Joseph Muniz, Gary McIntyre and Nadhem AlFardan have written an indispensable reference on the topic. The authors have significant SOC development experience, and provide the reader with a detailed plan on all the steps involved in creating a SOC. Keep reading for the rest of Ben's review.
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×
An anonymous reader sends the story of another prison where inmates are learning the basics of programming, despite having no access to the vast educational resources on the internet. Instructors from Columbia University have held a lengthy class at New York's Rikers Island prison to teach the basics of Python. Similar projects have been attempted in California and Oklahoma. The goal wasn’t to turn the students into professional-grade programmers in just a few classes, [Instructor Dennis] Tenen emphasizes, but to introduce them to the basics of programming and reasoning about algorithms and code. "It’s really to give people a taste, to get people excited about coding, in hopes that when they come out, they continue," says Tenen. ...Having an explicit goal—building the Twitter bot—helped the class focus its limited time quickly on learning to do concrete tasks, instead of getting bogged down in abstract discussions of syntax and algorithms.
An anonymous reader writes: A campaign taking shape in Brazil seeks to fight online harassment in an unusual way: by posting the abusive comments on real billboards. "The group collects comments from Facebook or Twitter and uses geolocation tools to find out where the people who have posted them live. They then buy billboard space nearby and post the comments in huge letters, although names and photos are pixelated." Brazil has laws prohibiting racial abuse, but this group doesn't think the government is doing enough to stop it. The campaign's founder said, "Those people [who post abuse online] think they can sit in the comfort of their homes and do whatever they want on the internet. We don't let that happen. They can't hide from us, we will find them."
retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.
An anonymous reader writes: At least three new episodes of Mystery Science Theater 3000 will be filmed, thanks to over $2 million in online contributions from fans. Responding to a Kickstarter plea by series creator Joel Hodgson, fans contributed over $1.5 million within just two days, and after five more they'd push Hodgson over the first $2 million threshold. "We've got movie sign," Hodgson posted on Twitter, noting that for each additional $1.1 million raised over the next 20 days, three more new episodes would be filmed. And this Thursday he'll be hosting a grateful online marathon of classic episodes on Thanksgiving Day, a tradition which dates back nearly 25 years, when "Mystery Science Theater 3000" first began its 8-year run on Comedy Central and the Sci-Fi channel.
Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches Onlinecensorship.org to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal.
An anonymous reader writes: The ISIS terror group appears to have 5 to 6 members offering 24-hour support on how to encrypt communications, hide personal details and use apps like Twitter while avoiding surveillance. It's kind of like a 'help desk,' though not an actual call center hiding in the hills. It is a group of IT specialists answering questions from locations spread out all over the world, according to Aaron Brantly at the Combating Terrorism Center at West Point. It has been find out that the advice is largely being relayed on an ISIS channel on Telegram, a messaging app that has become popular among members of the group because it allows for special secret chats. The jihadi help desk has lengthy training manuals, and Brantly has reviewed over 300 pages of training documents and roughly 25 YouTube videos that provide tips to evade intelligence agencies and law enforcement.
BarbaraHudson writes: Softpedia is reporting that Anonymous, along with social media users, have identified several thousand Twitter accounts allegedly linked to ISIS members. "Besides scanning for ISIS Twitter accounts themselves, the hacking group has also opened access to the [takedown operation] site to those interested. Anyone who comes across ISIS social media accounts can easily search the database and report any new terrorists and supporters. The website is called #opIceISIS [slow right now, but it does load] and will index ISIS members based on their real name, location, picture, Twitter, Facebook, and YouTube accounts." Anonymous crowdsourcing their operations... welcome to the brave new world, ISIS. An article at The Independent reminds everyone that this information has not been independently confirmed, and that Anonymous is certainly capable of misidentifying people. It's also worth exploring the question of why Twitter hasn't already disabled these accounts, and why intelligence agencies haven't done anything about them, if they're so easy to find.
An anonymous reader writes: "Name an inequity, and it is highly likely that social media has helped call meaningful attention to it, if not started and hashtagged a movement," claims the NY Times. The article suggests people are much more willing to complain about meaningless issues now that they have a public audience. "The smartphone in particular has facilitated extemporaneous caviling. Irritations that the passage of time may have soothed can, in the moment, be immediately expressed to an audience." Further, an aggrieved social media post can lend more weight to a minor problem than the author ever intended, or than it deserved. An offhand tweet can lead to a nationwide media frenzy as people who aren't connected with a complaint's author lack perspective and emotional context for it.
An anonymous reader writes: Dan Kimmel, who works for U.S. Bank in its technology and operations section, dropped out of the race for a Minnesota House seat after unleashing a firestorm of criticism. The controversy erupted after Kimmel tweeted, "ISIS isn't necessarily evil. It is made up of people doing what they think is best for their community. Violence is not the answer, though." The tweet rapidly led to harsh criticism on twitter and spread from there. The DFL Party Chair issued a statement saying that Kimmel's "views have no place in our party. On behalf of the Minnesota DFL, I strongly condemn his comments. ..." The House Minority Leader for the DFL called for Kimmel to end his campaign. Kimmel issued a written apology and withdrew from the race.
An anonymous reader writes: As usual, Anonymous members are quicker to respond to threats than investigators and have announced #OpParis as revenge for the Paris attacks. Their action is similar to #OpISIS from this spring, launched after the Charlie Hebdo attacks. Previously Anonymous ousted thousands of ISIS Twitter accounts in #OpISIS. In a more conventional response, the government of France has been bombarding ISIS positions in Syria with airstrikes, and hunting for suspect Salah Abdeslam in connection with Friday's killings.
The L.A. Times reports that Islamic State, the group variously known as ISIL, ISIS, and Daesh, has claimed responsibility for the multi-pronged terror attack yesterday in Paris which left at least 128 people dead, most of them from among the audience of a rock concert at the Bataclan theater, in the heart of the city. Details of how Friday’s assaults were carried out remained hazy. It was still unclear, for example, whether the restaurants and concert theater were attacked by two separate teams of militants or one group that went from one place to another. ... Attackers opened fire on the crowd with automatic weapons, shouting “God is great!” or blaming France for airstrikes on Islamic State in Syria, according to some reports. Dozens of concert-goers were killed before French forces stormed the theater. Many Parisians posted appeals and photos on social media asking for news of friends or loved ones whom they had not heard from since the attacks. One man said on Twitter that a government hotline set up to inquire about missing persons was so overloaded that calls could not get through. In the wake of the attacks and with an overloaded public infrastructure, Facebook activated its post-disaster check-in tool for Parisians to notify loved ones that they are safe. According to Reuters, French President Francois Hollande has vowed to undertake a "mercliess" response to the attacks.
An anonymous reader writes: Multiple sources are reporting that at least 18 people are dead across three shootings in central Paris. The Associated Press reports as many as 26, as of this writing. Some victims were at a restaurant, while others were at a nearby theater. Early reports indicate there may be a hostage situation with more people at that theater. Police have also confirmed an explosion at a bar near Stade de France stadium, where a football match was underway between France and Germany. There are reports of other explosions heard at the stadium as well, but no details yet. "The attack comes as France has heightened security measures ahead of a major global climate conference that starts in two weeks, out of fear of violent protests and potential terrorist attacks." The attacks occurred not far from where the Charlie Hebdo shooting happened in January. "French news media reported that Kalashnikov rifles had been involved in the shootings — a favored weapon of militants who have attacked targets in France — and that many rounds had been fired."
itwbennett writes: On Wednesday, Sprint customer Johnny Kim discovered an in-store technician adding MDM software to his personal iPhone 6 without prior notice or permission. Kim took to Twitter with his complaint, sparking a heated conversation about privacy and protection. One expert who commented on the issue told CSO's Steve Ragan that 'it's possible Sprint sees the installation of MDM software as an additional security offering, or perhaps as a means to enable phone location services to the consumer.' But, as Ragan points out, 'even if that were true, it's against [Sprint's] written policy and such offerings are offered at the cost of privacy and control over the user's own devices.' (MDM here means "Mobile Device Management.")
Dave Knott writes: Nine names, 23 email addresses and 57 unlabelled phone numbers were published by hackers last weekend as part of an Anonymous-organized effort to "unhood" members of the Ku Klux Klan. There are doubts, however, about the Operation KKK data dump's veracity — and about one file, in particular, that alleges four U.S. senators and five mayors have hate group associations. The questionable data was released on PasteBin by an individual called Amped Attacks, who has now distanced himself from Anonymous, stating "i am not apart of anonymous nor have i ever claimed to be. i am my own man that acts on my own accord. i do however respect #OpKKK." To clarify the situation, Anonymous took to Twitter on Tuesday evening to state that "the twitter account that released the pastebin with the government officials that are clearly not KKK". Meanwhile, the Anonymous members behind Operation KKK say that "the actual release for Operation KKK will be 5 Nov." This is of course a date that has no small significance for Anonymous.
An anonymous reader writes: Anonymous has begun releasing the personal details of members of the Ku Klux Klan, escalating its cyberwar against the white supremacist group. Last week the hacktivist group promised to reveal the identity of 1,000 members of the KKK after getting possession of the private information through a compromised Twitter account. A press release from Anonymous reads in part: "After closely observing so many of you for so very long, we feel confident that applying transparency to your organizational cells is the right, just, appropriate and only course of action. You are abhorrent. Criminal. You are more than extremists. You are more than a hate group. You operate much more like terrorists and you should be recognized as such. You are terrorists that hide your identities beneath sheets and infiltrate society on every level. The privacy of the Ku Klux Klan no longer exists in cyberspace. You’ve had blood on your hands for nearly 200 years. You continue to inflict civil rights violations, commit violent crimes and solicit others to commit violent criminal acts. You seek to intimidate and/or eliminate those that are different from you and those that you dislike by any means possible. You seek to terrorize anyone and anything that you feel is a threat to your narrow view of the 'American way of life'."
benrothke writes: It wasn't that long ago that building a full network security test lab was an expensive prospect. In The Network Security Test Lab: A Step-by-Step Guide, author Michael Gregg has written a helpful hands-on guide to provide the reader with an economical method to do that. The book is a step-by-step guide on how to create a security network lab, and how to use some of the most popular security and hacking tools. Read below for the rest of Ben's review.
The New York Times reports that the European Parliament has voted to adopt "a nonbinding but nonetheless forceful resolution" urging the EU's member nations to recognize Edward Snowden as a whistleblower, rather than aid in prosecuting him on behalf of the United States government. From the article: Whether to grant Mr. Snowden asylum remains a decision for the individual European governments, and thus far, none have done so. Still, the resolution was the strongest statement of support seen for Mr. Snowden from the European Parliament. At the same time, the close vote — 285 to 281 — suggested the extent to which some European lawmakers are wary of alienating the United States. ... The resolution calls on European Union members to "drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties." Also at Wired, USA Today and many others; Snowden himself has tweeted happily about the news.
AmiMoJo writes: A tweet from Tom Conrad has highlighted an issue with Apple's Siri digital assistant. When asked certain questions about music, Siri refuses to answer unless you subscribe to Apple Music. Instead of falling back to a web search for the information, Siri tells the user that it cannot respond due to the lack of a subscription. Apple Music has been the source of music related data for Siri since it launched, but until now did not require a subscription to answer questions.