My most recent post over at LiquidMatrix Security Digest

To the surprise of most everybody who read this, Google has grown a pair in the fight for free speech and against internet censorship. Well.. at least they say they are..

…the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

This comes after the apparent attack upon Google and other American organizations originating from China.

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

As of the time I wrote this post Google.cn is still up, so no preemptive praise just yet. I’m going to be interested to hear what else pops up about this story in the near future.

Read on

Some other insight so far:

RSnake
Rep. Eshoo Responds to Attack on Google

Cheers,
Matt

Just really couldn’t avoid doing a write-up on this story for LSD. This one goes out to anybody who got one of our glorious shwag pieces illustrating our favorite word here at the digest, CYBERDOUCHERY.

I know what the reaction from my fellow liquidmatrix folk will be on this but I hope the rest of you can at least keeps your heads from exploding.

The all powerful and knowing Wall Street Journal announced today that the Obama administration is putting together a “new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare.” Before I continue let me state that I am not trying to be a sarcastic punk and don’t think it is a bad idea for the U.S. government to catch up on technology in a security sense. How I feel about the media is a different story.

Anyway, the article goes on to state that this “new military command” is the result of the proverbial straw on the camel from earlier this week when the (again all powerful and knowing) Wall Street Journal published the story amply titled “Computer Spies Breach Figher-Jet Project”. Which, in my opinion, based on the title would warrant some government action. However, watch some awesome back peddling:

The move comes amid growing evidence that sophisticated cyberspies are attacking the U.S. electric grid and key defense programs. A page-one story in The Wall Street Journal on Tuesday reported that hackers breached the Pentagon’s biggest weapons program, the $300 billion Joint Strike Fighter, and stole data. Lawmakers on the House Oversight and Government Reform Committee wrote to the defense secretary Tuesday requesting a briefing on the matter.

Lockheed Martin Corp., the project’s lead contractor, said in a statement Tuesday that it believed the article “was incorrect in its representation of successful cyber attacks” on the F-35 program. “To our knowledge, there has never been any classified information breach,” the statement said. The Journal story didn’t say the stolen information was classified.

Well that is just impressive work that demonstrates media experience beyond my years.

But wait! I smell a new cyber buzzword!

A draft of the White House review steps gingerly around the question of how to improve computer security in the private sector, especially key infrastructure such as telecommunications and the electricity grid. The document stresses the importance of working with the private sector and civil-liberties groups to craft a solution, but doesn’t call for a specific government role, according to a person familiar with the draft.

Defense Secretary Robert Gates plans to announce the creation of a new military “cyber command” after the rollout of the White House review, according to military officials familiar with the plan.

The article goes on to use my new favorite buzzword cyber command some more in detail. Read on if you dare.

So in an utter disregard for buzzwords, CNN Homeland Security Correspondent Jeanne Meserve has dwelled into James’ land of cyberdouchery. The article entitled “Smart Grid may be vulnerable to hackers” briefly discusses the United States and it’s respective power companies anxiously deploying a high-tech power grid while simultaneously raping the words “cyber” and “smart”.

Power companies are installing new automated meters at an astonishing rate which seems to be the first step in the roll out. The eventual goal is to improve electricity efficiency and reliability using sensors on your home meters that talk back to the power grid. President Obama is on board dishing out $4.5 billion towards all this.

So where does the problem lie?

Well some interesting quotes throughout the article define the issue very clearly. One of our friends at InGuardians, Ed Skoudis chimed in stating,

“I think we are putting the cart before the horse here to get this stuff rolled out very fast.”

Also, Matt Spaur, a product marketing analyst added my favorite tidbit,

“Any network can be hacked.”

All in all, this is obviously a huge security issue and if you even remotely (no pun intended) glanced at Live Free or Die Hard you’d get the picture. Electric grids are all ready “hackable” you just have to not be afraid of heights and be a huge fan of rubber. The automation wouldn’t necessarily create many new vulnerabilities, it would most definitely increase the risk by increasing the likelihood and severity of exploitation.

With this system in place there really is no room for “roll it out and patch it later.” We can all hope that the money makers take their time on this one and do it right.

Article Link