- North Korea is the least vulnerable country and therefore the country with nothing to lose in a cyberwar escalation. Their attack on South Korea's infrastructure (see Time Mag story here) could be repeated in the US with much more dire consequences.
- Computerworld reports that 3G and 4G USB modems are a security risk (see story here). Wonder why? Maybe it's because most of those branded modems are manufactured by Huawei and ZTE (yeah, do a search in the box on the left and you can see my previous postings about these companies). And as further data exhaust…
- Most of the security appliances sold by so-called rock-solid security companies aren't so rock solid (see CIO story here). This is especially relevant given the still-unreported story of Anonymous hacking the RSA show with bogus USB thumb drives (see story here). My favorite quote in the CIO article reads:
There have been some voices that said Chinese networking vendor Huawei might be installing hidden backdoors in its products at the request of the Chinese government, Williams said. However, with vulnerabilities like these already existing in most products, a government probably wouldn't even need to add more, he said.The final bit of "data exhaust" that proves how head-in-the-sand we are comes again from Time Magazine story on the creation of a "cyberwar rules of engagement manual" (see story here). Rules? For, like, fighting fair? Give me a break! You think Dennis Rodman's dwarf BFF in North Korea gives a hoot about rules of cyberwarfare? Or the scriptkiddies who attacked Brian Krebs (see my previous post here)?
If someone really wants to cause some damage, Katie bar the door. Spoofing a 911 call from Brian Krebs home could have been orchestrated to cause some real damage. Just about the time the SWAT team showed up, someone could have piloted a few remote control helicopters over the men with guns and dropped cherry bombs in their midst. That would have started some real shooting.
I still can't get over the utter laughability of publishing Rules for Cyber Attacks. There is only one set of rules that might come close to working in today's environment. I've drafted them and invite comments, criticisms, edits, etc. You can read my Cyber Privateer Code at…duh…www.CyberPrivateer.com.