ENCRYPTION
THREAT ALERT: Static Encryption Key Found in SAP HANA Database. SAP’s in-memory relational database management system, HANA, contains a whopper of a security weakness: a default encryption key guarding passwords, stored data and backups. an attacker could use a SQL injection, directory traversal, XML external entity attack or exploit another web-based vulnerability in order to remotely execute code. Since the encryption key is static and the same for every SAP HANA installation by default, an attacker with access would be able to read an encrypted data store. Read more
[THREATPOST.COM]
QUESTION: Why Can’t Silicon Valley Create Breakable Non-Breakable Encryption? Ever since Apple and Google enabled full-device encryption by default on their mobile operating systems, the law enforcement community has been kicking up a stink. The head of the FBI issued dire warnings of children dying if the crypto trend was allowed to continue. The head of the NSA agrees, and so too does the British Prime Minister. Read more
[THEREGISTER.CO.UK]
GREAT NEWS: There’s Now A Decryption Tool For Teslacrypt Ransomware. TeslaCrypt looks very much like the Cryptolocker ransomware, but in addition to encrypting the usual assortment of file types (documents, images, videos, database files, etc.), it also hits file types associated with video games and game related software (saved games, Steam activation keys, etc.). Read more
[NET-SECURITY.ORG]
FEDERAL, STATE & LOCAL GOVERNMENT
OPM: OPM breach a failure on encryption, detection. The biggest misstep in the breach of Office of Personnel Management networks was not the failure to block the initial breach but the lack of encryption, detection and other safeguards that should have prevented intruders from obtaining any useful information. Read more
[FEDERALTIMES.COM]
CRADA AGREEMENT: Microsoft and NOAA Collaborate to Enable Data Access and Innovation Across Government and Industry. Microsoft will host weather, water, ocean, and climate data provided by NOAA scientists on the Microsoft Azure Government cloud platform. We will host such well-known NOAA datasets as the Global Forecast System, Global Ensemble Forecast System, and Climate Forecast System. We also look forward to working with NOAA and our partners in government and industry to identify and expose other datasets of interest. Read more
[MICROSOFT.COM]
PRIVACY: A Retrospective Look – Smelling The Roses In The IDESG. As the IDESG evolves in its third year, we are seeing work on the Identity Ecosystem Framework (IDEF) progressing deliberately and in an organized manner. The IDEF is a foundational document that presents the core requirements and standards, functional model, and means to assess and recognize conformance for the participants of the Identity Ecosystem. Read more
[NSTIC.BLOGS.GOVDELIVERY.COM]
MANAGEMENT: News and Notes from GITEC 2015. The 2015 GITEC Summit, held in Baltimore, featured more than 200 government and industry leaders discussing some of the biggest issues facing federal technology leaders today. Here are news and notes from the conference. Read more
[FEDTECHMAGAZINE.COM]
STATE BUDGET: California Refocuses Statewide IT Plan. The Golden State has the largest state budget for information technology in the nation. That draws a lot of attention to how California’s various agencies and departments spend their IT resources as well as the state’s longer term IT strategy. Read more
[STATESCOOP.COM]
PODCAST: Veteran Federal Contracting Officer Talks About Benefits Of Agile Software Development. Veteran federal contracting officer Jonathan Mostowski at U.S. Digital Service used the painting analogy during a “Behind the Buy” podcast interview with Anne Rung, the administrator of the Office of Federal Procurement Policy, to explain the benefits of agile software development compared to the traditional “waterfall” approach. Read more
[FIERCEGOVERNMENTIT.COM]
DOWNLOAD REPORT: Department of Defense Cyber Strategy April 2015. In a manner consistent with U.S. and international law, the Department of Defense seeks to deter attacks and defend the United States against any adversary that seeks to harm U.S. national interests during times of peace, crisis, or conflict. Read more
[PUBLICINTELLIGENCE.NET]
==========
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.
==========