Posts Tagged ‘security’
Launched by West Point and formalized in 2001, the annual Cyber Defense Exercise (CDX) pits representatives from the military service academies defending a computer network against a “Red Team” staffed by some of the more devious people from the National Security Agency (NSA) and the military services.
The U.S. Merchant Marine Academy – the smallest and without a computer science department – has managed to hold its own in competitions and win it in 2004, beating its better-funded and organized brothers at the U.S. Military Academy (West Point), the Air Force Academy, and the Naval Academy.
How’d the Merchant Marine u-grads do it? Team adviser and assistant professor Efstratios Gavas will tell all at DEFCON 17 this year in “Asymmetric Defense: How to Fight Off the NSA Red Team with Five People or Less.” While West Point more recently had a monopoly on the CDX trophy in recent years, Gavas should have good insights for any IT security professional looking to tighten the network at home.
Kudos should also be extended to the Information Assurance staff at West Point. The Army’s professors have championed cybersecurity wayyyy way back at the undergraduate level for both military and civilian higher education. If the Chinese or Russians decide to play mean on the Internet, West Point’s influence will be involved in the defense.
Security vendor Sipera Systems says it is seeing evidence of G.722 uptake among its enterprise customers.
While VP of Marketing Adam Boone didn’t have specific numbers, Sipera’s sales force has lot of “anecdotal” evidence of customers and channels asking about G.722 support. G.722 provides an advantage over other codecs as it provides higher voice quality with the same amount of bandwidth used. The company incorporated G.722 support into its free UCSniff security tool in the fall of 2008 and Sipera’s (paid) network tools can enforce policies on what codecs are used within the enterprise.
Boone believes increased adoption of high-quality voice will probably take place within the call center, with a “more efficient call center” translating to better interaction with the customer. Savings from better call quality translates to less time spent on the phone per customer.
VoIP security issues seem to be passe’, judging from the latest lineup updates for DEFCON. Only two sessions have VoIP clearly incorporated into their presentations — it’s a far cry from the days when Phil Zimmermann would pop up to plug Zfone and everyone was explaining their latest ‘sploits.
First making its guest appearance in Las Vegas at the end of July is The Middler 2.0, a man-in-the-middle tool with an expanded portfolio. The tool can now work its mischief on VoIP, producing the opportunity to interactively redirect calls, join them, or take them over; version 1.0 of The Middler does such “fun” things as grabbing cookies and passwords.
Sipera’s VIPER lab lads have moved UCSniff beyond voice into video. UCSniff 3.0 now has enhanced video eavesdropping features and there are free complementary assessment tools, VideoJak and videosnarf. The VideoJak tool can be used against a video phone and other IP video security and surveillance — you know all those movies where the video surveillance footage gets bypassed? Yah… exactly…
To be fair, VIPER lab presenters hint at a new tip gleaned from VoIP pentesting of enterprise networks to enhance one’s ability to target specific VoIP users clandestinely with “Other VoIP goodness may follow this,” but video seems be the Bigger News.
It’s summer, there’s little going on, so it is the perfect pre-DEFCON promotional show for Kevin Mitnick.
I gotta give it to Kevin, he knows how to work the media with the whole “I was a hacker, I was abused by The Man when I was caught, now I’ve gone straight and trying to make a living.”
Kevin pops out once or twice a year, typically guaranteed to show up and sign autographs, plug his books, plug his security consulting biz, then goes back under the radar. Who needs to spend money on advertising?
DEFCON and Black Hat founder Jeff Moss now sits on the Homeland Security Advisory Council. Woah!!!
Moss (aka “Dark Tangent”) will be one of 16 people providing recommendations and advice through the HSAC to the Secretary of Homeland Security. Quite a leap for the guy who started DEFCON as a big party and parlayed the event into big money when he spun up the Black Hat security conferences.
Having followed DEFCON and Moss for a number of years, he’s not one to shy away from controversy and “Speaking truth to power.” In some respects, I can’t say I’m totally surprised; Moss has been inviting “The Feds” to DEFCON over a number of years with current and former employees of the NSA, CIA, FBI, and the Army speaking at DEFCON conferences. The federal security community has a level of comfort working with Moss and they know he’s a pragmatic and a holistic thinker that isn’t bottlenecked into a single practice or discipline.
Perhaps the real surprise is the relative boldness and progressiveness of The Establishment has shown in inviting Moss. We can only but hope that when Moss speaks, The Man takes the time to listen.