backtop


Print 37 comment(s) - last by noxipoo.. on Jun 15 at 12:17 PM


Microsoft security chief Scott Charney is a leading candidate for the cybersecurity czar position, created by President Obama.  (Source: Microsoft)
President Obama will soon pick a candidate to lead our nation's cybersecurity efforts

Cybercrime, particularly attacks from foreign sources, is on the rise.  In the past month, many government systems and systems of government contractors have been penetrated by hackers from China or elsewhere.  Meanwhile petty cybercrime also remains a problem with malware, phishing, and botnets a lucrative business for some cyber-criminals.

Past exercises have shown the U.S. to have weak cyber-defenses, largely because of poor coordination between the organizations tasked with our government's security.  President George W. Bush and his successor President Barack Obama have set out to improve on this situation by allocating money to security and creating a new cybersecurity czar position to organize the fight.

Two leading candidates have emerged for this job.  The first is Scott Charney, head of Microsoft's cybersecurity division.  According to a source close to Mr. Charney, Mr. Charney says he won't take the job, however, the source believes that he would change his mind if pressed.  In the past Mr. Charney lead PricewaterhouseCoopers' cybercrime unit and before that he worked for the Justice Department's computer crime section.

The leading alternative is Paul Kurtz.  Mr. Kurtz served on the National Security Council under both President Clinton and President Bush.  He was a member of President Obama's transition team leading the cybersecurity efforts.

There are also a handful of other candidates that stand a shot.  Rep. Tom Davis, a moderate Virginia Republican; Sun Microsystems executive Susan Landau; Maureen Baginski, a veteran of the National Security Agency and Federal Bureau of Investigation; Frank Kramer, an assistant defense secretary under Clinton; Melissa Hathaway, who led a cybersecurity review for the president; and James Lewis of the Center for Strategic and International Studies think tank, are all under consideration, says a source.

John Thompson, chairman of the board of Symantec Corp. who had previously been considered a front runner turned the position down.

One thing that adds to the difficulty of the efforts is that the exact role of the job and its authority (and jurisdiction) remains undefined.

Some candidates have already begun to criticize each other.  Mr. Lewis struck out at the corporate candidates, commenting, "Some guy from industry is going to write a national security strategy? No, they aren't. You don't just pick this up.  You need somebody who knows the national security game, who knows government and who knows about the technology."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Small Web Sites
By Mitch101 on 6/12/2009 11:18:44 AM , Rating: 2
I run a number of small sites and one that is growing pretty good now. As we speak I have someone attempting to hack one of my small sites by trying to push a PHP script through on my image upload area. Example script.php.gif

Aside from reporting this issue to his ISP which will take several days because they don't provide a phone numbers and denying him from his IP address which he realized then comes back a few hours later trying again from another local IP address and I have to repeat the process of blocking this person out.

I would love the option of being able to prosecute this person because of their activity but I am no big company and my recourse is to just keep blocking this jerk until he goes away or finds a way in. Its blatantly obvious to what they are trying to do and every time they create an account I revoke it one would think they should get the hint but a couple hours later they are back. Apparently my site is serving as this persons training facility for learning to hack. I certainly feel for many small sites which may not even know they are being attacked.

We really need a recourse toward quickly identifying the hackers that target small sites and get them prosecuted as if they targeted a large site. These people will never target amazon or any large company to really get caught by a heavily monitored security groups with the money and man power to really go after these people. Its the small sites that need some cyber security group to assist them in addressing these issues.




RE: Small Web Sites
By bdewong on 6/12/2009 1:21:52 PM , Rating: 2
One of the biggest things to remember when programming server side scripts is "Never trust user input." Maybe you put in checks to make sure that the image is actually an image, maybe not. But if you put in sufficient checks, this shouldn't be a problem. Just let the guy have his account and keep trying to upload the "pic" and it should be denied by the script.

Another possibility is that the person is not really a person at all and is just a bot programmed to sign-up, and try and upload a script. If that is the case, maybe an email verification or CAPTCHA is in order.

If the latter case is true, the "person" responsible will never be "easy" to track. And in the case of big sites like amazon, sure bots will try and do the same thing, it's just that they get filtered out so fast that it isn't anything to worry about.


"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki