Password managers are the vegetables of the internet. We know they're good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that's been "123456" and "password"--the two most commonly used passwords on the web. The problem is, most of us don't know what makes a good password and aren't about to remember hundreds of them every day.
Drone aircraft used to be prohibitively expensive, but now you can buy a camera-equipped drone that talks to your smartphone for under $100. The US Department of Homeland Security has issued an alert that drones manufactured by Chinese firms might have become a little too accessible. The DHS says much of the data collected by these drones ends up on servers in mainland China where the Chinese government can access it.
Lawmakers moved on a host of bills this week centered around educational technology, including legislation aimed at restoring student privacy, bolstering the nation’s cybersecurity workforce, funding school security and better understanding participation in science and technology-related subjects among underrepresented groups.
Personnel working in cyber must continually look for opportunities to learn, say cyber professionals from across government. During a morning panel discussion on the final day of the AFCEA TechNet Cyber conference in Baltimore, high-ranking officials from the Defense Department, Department of Homeland Security and National Security Agency discussed a wide range of issues concerning the cyber workforce today and tomorrow.
“The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
Thus far, no attacks actually utilizing Spectre and Meltdown have been spotted in the wild, beyond proof-of-concept work submitted by researchers. Similarly, taking advantage of MDS is trickier than this website implies. Attackers can’t directly control what’s in the buffers they target, for example, which means the exploit may leak old, stale data of no interest. Microcode updates for systems with Sandy Lake through Kaby Lake CPUs have already shipped out to customers. First-generation-and-following Coffee Lake and Whiskey Lake CPUs are immune to this attack already.
Recruiting and maintaining a cybersecurity workforce is a complicated challenge for the government. According to the Information System Security Certification Consortium, 85 percent of cybersecurity professionals would consider leaving their current jobs. Information technologists do not need to search for positions that are exciting, respect their expertise, help them become more marketable and pay well because as many as 18 percent of non-active job seekers are contacted daily by employers seeking them out.
Officials hammered out a set of non-binding proposals published at the end of a two-day meeting organized by the Czech government to discuss the security of new 5G networks. The meeting comes amid a simmering global battle between the U.S. and China's Huawei, the world's biggest maker of network infrastructure equipment. The U.S. has been lobbying allies to ban Huawei from 5G networks over concerns China's government could force the company to give it access to data for cyberespionage.
A new Pentagon report said that China uses "cyber theft" and other methods to bolster its military, which the report claims will continue to grow rapidly. "China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals' access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches," it said.
Senior administration officials said during a call with reporters that the order will create a rotational program for cybersecurity staffers within the federal government to let them work at different agencies and pick up new skills. And they said that other measures in the order, like creating a “President’s Cup Cybersecurity Competition” for cybersecurity, will ultimately improve the quality of cybersecurity staffers in both the government and in the private sector.