2014 Data Breach Investigations Report (Verizon)

Excerpt from the 2014 Data Breach Investigations Report.

“We have more incidents, more sources, and more variation than ever before—and trying to approach tens of thousands of incidents using the same techniques simply won’t cut it. Not only would the dominant incident characteristics drown out the subtleties of the less frequent varieties, but we cannot continue to study those characteristics as though they occur in isolation. In order to expose latent patterns in the data, we applied a statistical clustering technique. We identified nine patterns that together describe 92% of the confirmed data breaches we collected in 2013. We find it simply astounding that nine out of ten of all breaches observed by 50 global organizations over a full year can be described by nine distinct patterns.”

Download full report here.

Steganography

Steganography (pronounced STEHG-uh-NAH-gruhf-ee, from Greek steganos, or “covered,” and graphie, or “writing”) is the hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted data.

In modern digital steganography, data is first encrypted by the usual means and then inserted, using a special algorithm, into redundant (that is, provided but unneeded) data that is part of a particular file format such as a JPEG image. Think of all the bits that represent the same color pixels repeated in a row. By applying the encrypted data to this redundant data in some random or nonconspicuous way, the result will be data that appears to have the “noise” patterns of regular, nonencrypted data. A trademark or other identifying symbol hidden in software code is sometimes known as a watermark.

 

How to hide a file using steganography

Link: QuickStego Download

Source:

Rouse, Margaret. “What is steganography?” TechTarget. Retrieved from http://searchsecurity.techtarget.com/definition/steganography

Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014

Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are “the least worst thing;” may they fill the vacuum of wishful thinking.

5 Steps for Preventing Security Breaches (Infographic)

5 Steps for Preventing Security Breaches

Source: http://www.cbtnuggets.com/5-steps-for-preventing-security-breaches

Anonymous: We Are Legion – The Story of the Hacktivists

A Documentary about the Activist Group Anonymous.

Dissecting Stuxnet

The Stuxnet computer worm is perhaps the most complicated piece of malicious software ever built; roughly 50 times the size of the typical computer virus. It leveraged an array of new techniques to spread and conceal itself while attacking Iranian nuclear enrichment centrifuges. Symantec Chief Architect Carey Nachenberg explains how the Stuxnet worm spread, evaded detection and ultimately accomplished its mission.