Pete Recommends – Weekly highlights on cyber security issues August 5 2018

Subject: Surprising Things the Government Knows About Americans – 24/7 Wall St.
Source: 24/7 Wall St.
https://247wallst.com/special-report/2018/07/27/surprising-things-the-government-knows-about-americans/

According to the U.S. Constitution, a population count is required every 10 years. The first decennial census was conducted in 1790 and consisted of just six questions. The census has grown in size and complexity since then, and today encompasses demographic, social, and economic information about America’s communities.

As government national surveys become more comprehensive, resistance to the surveys has also increased. For example, the share of households that have declined to participate in the annual census has steadily increased from 0.9% in 2007 to 2.1% in 2016. Many respondents may feel that some questions — concerning grooming habits, marriage history, and snoring tendencies, for example — are unnecessarily probing.

Based on the questions asked in several major national surveys, 24/7 Wall St. identified some of the most surprising things the government knows about Americans.

Click here to see the full list of surprising things the government knows about Americans.


Subject: These are the websites your clean-install Windows PC connects to by itself
Source: MSPoweruser via LLRX
https://www.llrx.com/2018/07/the-6-types-of-cyber-attacks-to-protect-against-in-2018/

Since the release of Windows 10, Microsoft has been accused of breaching privacy and connecting users to services without proper disclosure. The company now has released a list of websites and services that a Windows PC connects to after a clean install.


Subject: Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software
Source: Defense One
Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software // Tech Insider

https://www.defenseone.com/threats/2018/07/pentagon-creates-do-not-buy-list-russian-chinese-software/150100/

Increasingly alarmed at foreign hacking, DOD and intelligence officials are racing to educate the military and defense contractors.

“What we are doing is making sure that we do not buy software that’s Russian or Chinese provenance,” she said. “Quite often that’s difficult to tell at at first glance because of holding companies.”

The Pentagon started compiling the list about six months ago. Suspicious companies are put on a list that is circulated to the military’s software buyers. Now the Pentagon is working with the three major defense industry trade associations — the Aerospace industries Association, National Defense Industrial Association and Professional Services Council — to alert contractors small and large.

NB RSS feed for Defense One — Technology:
https://www.defenseone.com/rss/technology/


Subject: DOE looks to double number of electric utilities sharing cyber threat data
Source: FCW
https://fcw.com/articles/2018/08/01/doe-crisp-expansion-williams.aspx

The Energy Department’s cybersecurity information sharing program is expanding its network of electric utilities by year’s end. Energy Secretary Rick Perry, speaking at the Department of Homeland Security’s July 31 National Cybersecurity Summit in New York City, said DOE hopes to double the number of utilities that share cyber threat information. “We’re aiming this year to double the number of electric utilities in our CRISP — Cybersecurity Risk Information Sharing Program,” Perry said during a panel with telecom and energy industry CEOs that was led by DHS Secretary Kristjen Nielsen.

Perry also noted the department’s increased focus on cybersecurity, primarily standing up the Cybersecurity of Energy Security and Emergency Response (CESER) office in the last year and its new ACES initiative, which stands for Accelerating Cybersecurity in the Energy Sector “to enhance our preparedness and response to threats.”


Subject: New tool helps users decide which countries their internet traffic transits
Source:  Princeton’s Center for Information Technology Policy via EurekAlert! Science News
https://www.eurekalert.org/pub_releases/2018-08/pues-nth080218.php

The internet gives people worldwide access to applications and services, but in many cases, internet traffic passes through a few dominant countries, according to new research from Princeton University.

Following the 2013 revelations of U.S. government surveillance, officials from several countries expressed a desire to reduce their dependence on U.S. communications infrastructure. Brazil has taken notable steps toward this goal, including beginning construction of an underwater cable to Portugal and developing a large ecosystem of internet exchange points to help in-country networks better connect.

This new study from Princeton researchers represents an early look at the effectiveness of these measures.

Despite Brazil’s efforts, a large proportion of its internet traffic continues to traverse the United States. One explanation, the researchers suggested, may be that business considerations prevent internet service providers from using internet exchange points in Brazil.

NB other EurekAlert! Tech & Engr news https://www.eurekalert.org/bysubject/technology.php


Subject: FBI Releases Article on Securing the Internet of Things
Source: FBI via US-CERT
https://www.us-cert.gov/ncas/current-activity/2018/08/02/FBI-Releases-Article-Securing-Internet-Things

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

As our reliance on IoT becomes an important part of everyday life, being aware of the associated risks is a key part of keeping your information and devices secure. NCCIC encourages users and administrators to review the FBI article for more information and refer to the NCCIC Tip Securing the Internet of Things.

NB IC3.gov News RSS feed: https://www.ic3.gov/rss/news.xml

see also: https://www.ic3.gov/media/2017/171017-1.aspx


Posted in: Computer Security, Cybercrime, Cybersecurity, Energy, Privacy