Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
10/27/2014 | 1:41:20 PM
Re: Data Nationalism
I will be honest with you, I am surprised that we haven't responded militarily yet.  China and Russia are both outright robbing us in broad daylight.  
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/27/2014 | 7:02:34 AM
Re: Data Nationalism
Hi Thomas, are you referring to a proactive defense or what else?

Thanks Pierluigi
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
10/24/2014 | 6:16:18 PM
Re: Data Nationalism
Well, if hacking gets really bad, there's no reason it couldn't prompt a military response. I expect that will happen sooner or later, if only to send a message.
SgS125
50%
50%
SgS125,
User Rank: Ninja
10/24/2014 | 4:24:03 PM
Re: Data Nationalism
It is time for us to limit the access these criminals have to our "free" resources.  Why do we allow anyone from the former Russian empire any access to our Internet resources?  They all seem to be criminals who can't be found or are protected by their Governments.  I suspect we like to have an open Internet because our "whitehat" boys in DHS like to hack back and get what they can as well.  From my perspective I say lets just shut off the pipe and control the access.  What value do the web resources of the "unfree" world offer us in America anyway?

 

Sure they can buy a server here and have at it, but once discovered we can at least shut it down.  Maybe we could even find them easier?

 
lancop
50%
50%
lancop,
User Rank: Moderator
10/24/2014 | 1:33:06 PM
The internet has become such a threat platform that one wonders...
The problem with the "Information Economy" is that stealing information has become trivial for those with the resources to do it professionally, and the real economy, the capability to use what was once proprietary information to manufacture real things, has been outsourced to emerging market countries by the Wall Street Consensus. That means that emerging market countries, like China, are increasingly poised to become the new epicenter of the Global Supply Chain and older industrial countries are becoming less & less relevant to a globalized 21st century economy except as consumers. Add to this the beefing up of military capabilities and the increasing confidence in using newly acquired weapons technologies in projecting national political power, and you have a guaranteed recipe for international conflicts in both the geo-political & economic spheres over the decades ahead. Yes, it is time to re-think how we connect critical IT infrastructure to a globalized, increasingly insecure internet infrastructure that is disempowering our own society by making it trivially easy for our competitors & adversaries alike to simply steal our intellectual property, undermine our militiary security and leech off of our economic prosperity. It often appears that we are suffering from "too much connectivity" and all this connectivity is not actually improving our way of life, but simply distracting us from those things that are really important. We're increasingly vulnerable because of feature creep that opens up more & more of our life to remote hacking, while merely delivering the appearance of "cool" innovations that marketers love as selling points but security personnel realize are actually new security holes big enough to drive a truck bomb thru. More & more I see the Information Economy as resembling the Subprime Mortgage Bond Market: just another misbegotten child of the Wolves of Wall Street - always looking for something to hype, sell and walk quickly away from when it turns out to be just smoke & mirrors. But it is likely that we have way too much momentum behind this Information Economy B.S., so I expect that we will crash into the economic slowdown ahead while text messaging.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/24/2014 | 10:47:24 AM
Re: Data Nationalism
You raise a debate that has been raging in other nations, @Chrisitan Bryant. Your thoughts on this are provocative, for sure. I'd love to hear what other readers think about this. Let's debate!
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
10/24/2014 | 3:28:49 AM
Data Nationalism
You might be surprised to hear me talk about a solution to issues like this from a perspective of data nationalism, being a GNU software user and Free Software Foundation supporter.  However, I am also about solutions to problems, and advanced forms of data nationalism are a direct approach to ending these types of network attacks and remote data breeches that cross continents.

The "world wide" web as we know it has reached its end, anyway.  It's time, as security analysts, to put on the tinfoil hats and take a few doses of paranoia.  First, access to the Internet is a service already, so start treating it more like one.  Federate the Internet (US, China, Canada, Brazil, etc.) and write interfaces between each unique instance of Internet ecosystems that cost money to access; expensive access, at that.

Once global networks and Internet providers are fractured and new standards and protocols are put in place to keep everyone with once open access out, hacking threats from other countries will initially be zero.  Of course, over time, the same hackers we worried about before will figure out ways to get in; however, now the pipe will be a single entry point and a small one, at that.  We can more easily monitor and prevent intrusion from non-USA would-be hackers.

Companies like Google and Facebook - who federated Internet supporters initially worried would never support such initiatives - could actually stand to benefit greatly from such changes, being able to demand high costs of countries like China and the EU whose users will want access to American Facebook and G+ users.  

It's another one of those tough decisions and unpopular ideas that holds incredible opportunity for control and security overall for American Internet-based companies and Government agencies and resources, but whose implementation just plain scares too many people.  It may be time to get over the fear.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...