Forwarded from: Richard Forno <rforno (at) infowarrior.org> YAWN. More "information sharing" ideas being proposed....which makes it what, 15 years this has been brought up regularly as a major solution to help fix our cybersecurity problems? Didn't the IPTF, PCCIP and any number of white papers, reports, think tanks, and such since the mid-90s already make such recommendations? Einstein had a term[1] for doing the same thing over and over while hoping for a different outcome. Sharing data is useless unless folks (ie industry or gov) act upon it promptly .... or at least remedy their underlying vulnerabilities that allow Bad Things(tm) to happen, which they won't since it "costs too much." The article cites the DHS guy saying that DDOS attacks have "been an eye-opening experience for a lot of very, very large organizations," W.T.F....F? We've been sounding the alarm on this since at least 1999, seen a bunch of high-profile incidents in the years since, and it's *still* an "eye opening" experience for business? That banks "may not have the capacity" (to deal with them) in 2012? Whose fault is that? Who do we blame when Bad Things(tm) Happen? Ahem, 1999 called, it wants its news cycle back!! IMHO this vaunted Executive Order on Cybersecurity that's got the DC cyber-crowd all excited these days won't make one iota of difference in the grand scheme of things....but there are those who think it will, because to them "something" is better than "nothing." Einstein really nailed it with that term [1], I think. -- rick [1] Idiocy. On Oct 22, 2012, at 02:51 , InfoSec News wrote: > http://www.computerworld.com/s/article/9232614/DHS_official_suggests_sharing_resources_to_mitigate_cyberattacks > > By Martyn Williams > IDG News Service > October 19, 2012 > > Groups of companies in the same industry could pool infrastructure resources > to help each other mitigate the effects of cyberattacks and work together on > security issues, a senior official in the U.S. Department of Homeland > Security suggested on Friday. > > The comments by Mark Weatherford, deputy undersecretary for cybersecurity, > come as a handful of American banks are dealing with a fourth week of DDoS > (distributed denial-of-service) attacks on their websites. > > DDoS attacks are one of the simplest forms of cyberattack and seek to push > websites offline by overloading them with junk traffic so they cannot handle > legitimate requests from users. > > The attacks have hit banks including Wells Fargo, U.S. Bancorp, PNC Financial > Services Group, Citigroup, Bank of America and JPMorgan Chase, and have been > claimed by hackers in Iran. > > [...] > > > ______________________________________________ > Visit the InfoSec News Security Bookstore > Best Selling Security Books and More! > http://www.shopinfosecnews.org --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Tue Oct 23 2012 - 22:41:50 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 23 2012 - 22:43:38 PDT