Cybersecurity thoughts on Presidents’ Day

In January 2008, the Bush Administration established the Comprehensive National Cybersecurity Initiative (CNCI).  Recently, the Obama Administration released several notices on cybersecurity, below is an Executive Order.

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: 

Section 1. Policy. In order to address cyber threats to public health and safety, national security, and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.

Continue reading here http://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari

It is of note, during this White House Summit held at Stanford University, CEOs from Google, Yahoo, Facebook – absent. Tim Cook, Apple CEO, attended.

Americano LatteSMALL TALK  On a coffee + laptop observational side note:  I was at a coffeebar on Saturday and there were only Macs everywhere.  Yes, I did the 360 check while waiting for my Americano-latte.  It’s like you could only stay and drink coffee if you owned an Apple product … and sign on the Square POS iPad (which can we agree we love / hate the emailed receipt?!).  So apparently, if I bring my ThinkPad, I might need to trek down to other coffeeshop down the street – they use an older school Point of Sale system and have the most amazing hazelnut gelato.  + | shew |

Five Year Plan

SMALL TALK    I’m working on my five year plan, just trying to figure out the font.  < that’s a line in the pilot episode of Chuck >  I’ll be honest, that was the funniest line, made me laugh and I’ve used it as a tag line — but I never watched past the pilot episode (nor ever used Geek Squad).   +  | shew |

fiveyearplanSince we’re on a television tangent … Just saw esxi console on Blacklist, now I *know* it’s a documentary. + | james.shew |

Welcome

stumptown at sidecarNERD TALK  requires more espresso.  And since it’s late, ahem early am and we are up wrestling technical fun time warps, I’ll save my eloquent thoughts for the mid morning first jumpstart shot of caffeine.  Thank you Sidecar, Stumptown, Rose Park, and even in the pinch, Starbucks for the assists.

+  | shew |

UPDATE 15.48 |  A Nice SRP Circumventing Trick | During a recent penetration test, my goal was to smuggle data around out of a hardened virtual application.  This particular test, included a vApp designed to restrict everything not needed to display and edit a Word document.  Between Group Policy Objects and Software Restriction Policies, there were practically no third-party applications available to manipulate, and most Windows internal programs were either removed or hijacked by a Digital Rights Management DLL.

Continue reading