The CyberWire Daily Briefing 06.25.13

Cyber Trends

Cybercrooks target SMBs with new types of attacks (CSO) He added that Symantec has partnered with the National Cyber Security Alliance because "of the worry that there's just not enough awareness

Australian boards urged to wake up to cyber threat (The Australian Financial Review) Data breaches cost Australian companies an average of $2.72 million during 2012, according to research firm Ponemon. Photo: Reuters Company boards and

Nearly 200,000 new malware samples appear daily (Help Net Security) Most companies greatly underestimate the number of new malicious programs appearing daily, and only six per cent recognize the true scale of the threat, according to B2B International and Kaspersky

Legislation, Policy and Regulation

There is no "right to be forgotten" by search engines, says top EU court advisor (PC World) The senior advisor to Europe's top court said Tuesday that Google is not responsible for third party information in its search results and that there is no general "right to be forgotten" under the current data protection laws

Encryption would exempt ISPs from data breach notification to EU customers (CSO) New rules on how to implement the ePrivacy law come into force in August

G8 governments sign Open Data Charter (FierceGovIT) During its summit in Northern Ireland, the G8 issued a declaration and signed an Open Data Charter on June 18, stating their intent to promote machine readable and publicly-available government data

CHIME, others want feds to take their time with health IT regulation (FierceHealthIT) The College of Healthcare Information Management Executives, the American Medical Informatics Association and a bevy of other healthcare information technology stakeholders want the federal government to tread carefully in its efforts to regulate the industry

Canada's long-delayed spam laws risk being quietly shelved (Naked Security) Anti-spam legislation in Canada should have been in force several years ago but it's unlikely that the laws will have any teeth for several more years, and they may even fall by the wayside. So Canadians, unless you want to be the weak link, pester your politicians to pull their collective fingers

International cooperation in the fight against cybercrime (Help Net Security) Today's cyber threats are becoming increasingly more targeted and sophisticated with criminal networks operating across the world, coordinating complex attacks against targets in a matter of minutes

NSA instigates security measures to hamper future whistleblowers (ZDNet) Former NSA contractor Edward J. Snowden, currently on the run, has set a precedent which may hamper future whistleblowers in the United States. Once the now-fugitive leaked details about surveillance on American citizens to the media, Snowden went on the run -- moving from Hong Kong to Russia over the weekend -- and is expected to attempt to reach Cuba. The U.S. government has revoked his passport and warned other countries not to help the former contractor on his international travels, predictably using political weight to try and bring the whistleblower to heel and back on American soil

Cheney : Lawmakers favored secrecy on surveillance (Boston Herald) Cheney said he was directly involved in setting up the program, run by the National Security Agency, or NSA, in the weeks after the 9/11 attacks. He said it has had "phenomenal results" in preventing terrorist attacks. Cheney did not specify which

US must increase security transparency to gain popular support — former NSA director (RT) US security officials must scrutinize the surveillance programs disclosed by Edward Snowden and inform the American public better about their potential benefits, former NSA and CIA director Michael Hayden admitted in an interview on RT's SophieCo

Focus Should Be On Government Secrecy, Not Snowden, Whistleblower Advocates Say (Washington Post) Some members of Congress and Secretary of State John F. Kerry say Snowden has betrayed his country. Whistleblower advocates acknowledge that he might have committed a crime, yet they firmly identify Snowden as a whistleblower. This presents a dilemma

What Allowing The NSA's Surveillance Says About You And Me (Talk Radio News Service) Over the past few weeks I've listened intently as Washington has tried to deal with the revelations that the NSA is data mining every phone call we make and monitoring our e-mails and

UNCLE SAM'S DRAGNET Why Americans have the right to be left alone (Sky Valley Chronicle) In 1929, Secretary of State Henry Stimson dismantled the department charged with breaking

Bill Seeks Limits On Call Data Collection (Washington Post) The chairman of the Senate Judiciary Committee on Monday renewed long-frustrated efforts to expand congressional oversight of government surveillance programs following disclosures about the intelligence community's collection of phone and Internet records

U.S. Senators to NSA: That FISA fact sheet isn't totally factual (Venture Beat) The National Security Agency is "misleading" those who read its FISA fact sheet, explaining what intelligence the NSA can collect and how it handles Americans' data, according to Senators Ron Wyden and Mark Udall. The two wrote a letter to NSA chief General Keith Alexander urging the agency to correct the "inaccuracy"

2013 Joint Strategic Plan on Intellectual Property Enforcement (White House) As President Obama has made clear, "[o]ur single greatest asset is the innovation and the ingenuity and creativity of the American people. It is essential to our prosperity and it will only become more so in this century." So it matters that we have the right approach to intellectual property enforcement; one that is forceful yet thoughtful, dedicated and effective, and that makes good and efficient use of our resources

Products, Services, and Solutions

Microsoft and Oracle Team Up To Bring Java, Oracle Database, Linux and WebLogic Server To Azure And Windows Server (TechCrunch) Ahead of their joint press conference later today, Microsoft and Oracle announced a new partnership that will bring a number of Oracle products to Windows Server and the company's Azure cloud computing platform. These Oracle products include Java, Oracle Database and Oracle WebLogic Server

Napatech, Procera to showcase 80 Gbps DPI at Cisco Live 2013 (Telecompaper) Intelligent network adapter vendor, Napatech and global network intelligence company, Procera Networks have announced the companies will demonstrate an 80 Gbps Deep Packet Inspection (DPI) offering at Cisco Live 2013 in Orlando, Florida

Codecademy for the cloud: Google's new Cloud Playground is pure genius (Venture Beat) The biggest challenges with adopting a new platform are unfamiliarity, uncertainty, and switching costs. Which is exactly why Google's new Cloud Playground is a perfect way to get serious about tempting developers to switch from Amazon or Microsoft's clouds

Major part of DCGS now open source (FierceGovIT) A recently created military software open source foundation received its first major chunk of code when Lockheed Martin donated in May middleware software used in the Distributed Common Ground System, a military data analysis tool the subject of mounting controversy

Datameer Democratizes Advanced Big Data Analytics (InformationWeek) Datameer 3.0 promises drag-and-drop machine learning with clustering, column-dependency, decision tree and predictive recommendations on top of Hadoop

Google Mine Wants To Track Your Stuff (InformationWeek) Google reportedly is testing Google Mine, a Google+ offshoot that lets you share info about your real-world objects. Sounds more like a gold mine for Google

Hadoop: From Experiment To Leading Big Data Platform (InformationWeek) 6th annual Hadoop Summit, held this week in Silicon Valley, will highlight Hadoop's evolution from backroom science project to mainstream big data manager

Technologies, Techniques, and Standards

US-CERT Warns Of Default Password Risks (Dark Reading) Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends

DDoS attacks: What they are and how to protect yourself (Help Net Security) Ameen Pishdadi is the CTO at GigeNET. In this interview he discusses the various types of DDoS attacks, tells us who is at risk, tackles information gathering during attacks, lays out the lessons that

Creating a DDoS Mitigation Strategy (BankInfoSecurity.com) Creating a DDoS Mitigation Strategy. Listen To This Interview. In defending against distributed-denial-of-service attacks, enterprises must comprehend the motives of the cyber-assailant, Booz Allen Hamilton's Sedar Labarre says. "[Organizations] need

Thinking About Security Considerations in SCADA Systems (1) (Electrical Engineering Portal) SCADA System can be affected by a number of threats, which may be natural or intentional. So it is very much important to focus on security aspects of SCADA Systems

Connecting the Dots, Missing the Story (Slate) With Big Data, the government doesn't need to know the "why" behind anything. Could Big Data have prevented 9/11? Perhaps--Dick Cheney, for one, seems to think so. But let's consider another, far more provocative question: What if 9/11 happened today, in the era of Big Data, making it all but inevitable that all the 19 hijackers had extensive digital histories

Why Hadoop projects fail — and how to make yours a success (Venture Beat) Without doubt, "big data" is the hottest topic in enterprise IT since cloud computing came to prominence five years ago. And the most concrete technology behind the big data trend is Hadoop

Marketplace

Senate Spotlights Companies Working With Secret Data (Corporate Counsel) Following some high-profile leaks of classified data, the spotlight was shining last week on corporations hired to do secret intelligence work for the federal government. The scrutiny came from congressional hearings as well as from a new report on political contributions by private contractors

Expect security clearance delays (Air Force Times) Over the last decade, the government has fought tooth and nail -- largely successfully -- to speed up the security clearance process and encourage intelligence agencies to share more information with one another. But as Washington reels from the recent

Cisco China Sales Vulnerable as Media Urge Domestic Shift (Bloomberg) Cisco Systems Inc. (CSCO) faces a backlash in China, where it generates about $2 billion in annual sales, after state-run media said the company poses a security threat and urged a shift toward domestic suppliers

Skype ditched peer-to-peer supernodes for scalability, not surveillance (ZDNet) Before Microsoft acquired Skype in 2011, the voice calling service was already ditching its "near impossible to wiretap" peer-to-peer model in favor of the cloud. Skype's principal architect explained in an email on Sunday why the company redesigned its backend infrastructure, which many have claimed made it easier for governments to wiretap calls

Encryption Firm Silent Circle Sees Surge in Enterprise, Govt Clients (GovConExecutive) Silent Circle, which provides communications encryption tools and services for enterprises and government agencies, has witnessed a surge in its business since the company's launch in October 2012, The Washington Post reported Monday

NSA Prism Spying Scandal: Tech Companies Struggle to Open Up (Bloomberg BusinessWeek) The phone calls began late in the morning, Silicon Valley time, on June 6. Representatives of nine leading U.S. technology companies received a flurry of calls and e-mails from reporters at the Guardian and the Washington Post, asking them to comment on explosive stories they would soon publish. Their reports, based on government documents leaked by former National Security Agency contractor Edward Snowden, alleged that the country's leading Internet firms were giving the NSA and the Federal Bureau of Investigation "direct access" to their servers and thus to the e-mails, photos, and other private information of hundreds of millions of users around the world. The papers gave the companies roughly two hours to respond, according to spokespeople for four of the businesses

Interpol anti-hacker agents to attend Trend Micro cyber boot camp (V3.co.uk) Interpol has officially partnered with security firm Trend Micro to benefit from its tools and expertise in the ongoing war against cyber crime. The partnership will see Interpol and Trend Micro establish a new Global Complex for Innovation (IGCI)

Soltera to support SPAWAR info operations (UPI) Sotera Defense Solutions Inc. provides systems, solutions and services in support of the U.S. intelligence community, Department of Defense, Department of Homeland Security and federal law enforcement agencies. Recommended Stories. U.S. seeks to buy

Research and Development

DOE Opens New Smart Grid Integration Testing Facility (IEEE Spectrum) The U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) are launching a new user facility for testing utility-scale renewable energy grid integration

Medical ontology helps automate image-retrieval system (FierceHealthIT) How do you train a computer to effectively retrieve medical images? Researchers at Case Western Reserve University in Cleveland, Ohio claim some success as part of an effort to build a large-scale medical image retrieval system for consumers

Cyber Attacks, Threats, and Vulnerabilities

Cyber attack hits South Korea websites (BBC News) "The government can confirm a cyber attack by unidentified hackers that shut down several sites including the Blue House," the Science Ministry said in a statement, referring to the presidential office. The website for the office for Government Policy

South Korea Sounds Alert After Official Websites Hacked (SecurityWeek) South Korea issued a cyber attack alert Tuesday after hackers penetrated a number of official websites, including the presidential Blue House, on the anniversary of the outbreak of the Korean War

Technical Problems, Not Cyberattacks Caused Iranian Oil Network Outage (SecurityWeek) Over the weekend, an Iranian government agency boasted that they'd successfully blocked a cyberattack that had targeted the networks of the Oil Ministry and the National Iranian Oil Company (NIOC). After the proclamation was made early Saturday, the head of IT at the NIOC, Ahmad Tavallaei, posted to the Iranian Oil Ministry's website that a technical problem - not a cyberattack - was the cause of network problems, which eventually led to a temporary shutdown

Anonymous Africa Attacks Swaziland Government, Zimbabwe Ministry of Defence (Softpedia) Anonymous Africa continues its operation against governments they consider corrupt. The hacktivists' latest targets are the official portal of the government of the Kingdom of Swaziland and the website of Zimbabwe's Ministry of Defence

City of Waterville Police website hacked, server rooted by Group HP Hack (HackRead) Making his name in cyber world, NeT-DeViL from Group HP Hack has came up with another high profile hack. This time the official server of City of Waterville has been hacked and defaced yesterday against the role of UN, US, UK and Iran's role in Syrian crises. The sites were left with a deface page along with a message and a Youtube video, showing wounded Syrian children. The deface message was expressed in

EMI Music India Website Hacked & Defaced by Turk Hack Army (HackRead) On 14th June 2013, the xXM3HM3TXx hacker from Turk Hack Army had hacked and defaced the official website EMI Music India (www.emimusic.in), known as a giant of music industry in India and all over the world. The hacker left a deface page along with a message on the hacked EMI website and greetings to the whole crew, yet the reason for attacking the site was not mentioned anywhere

Data of 47K training to become Florida teachers exposed (SC Magazine) The sensitive information of several thousand individuals training to become Florida teachers was inadvertently made available online by a university that was handling the data

Payroll company error prompts security breach concern (Houston Chronicle) Technical issues encountered by the city of Houston's payroll contractor could have potentially exposed personal information for nearly 5,000 local government workers, including more than 1,000 in the Houston Police Department

The other hacking scandal: Suppressed report reveals that law firms, telecoms giants and insurance companies routinely hire criminals to steal rivals' information (The Independent) Some of Britain's most respected industries routinely employ criminals to hack, blag and steal personal information on business rivals and members of the public, according to a secret report leaked to The Independent

Media phone–hacking? Tip of the iceberg, says leaked police report (The Register) Thought the NotW was bad…check out the lawyers, insurers. A suppressed report from "Britain's FBI" has revealed that the rich, insurance companies, law firms and telecoms companies hired private investigators to run unlawful hacking and blagging campaigns of the type that brought down Rupert Murdoch's News of the World, according to The Independent

Bug Exposes Facebook Data Correlation, Privacy Issues (Threatpost) An information disclosure bug has drawn back the curtain on some of the data correlation Facebook does with users' contact details and opened the social network's policies up to criticism

Facebook 'dossier' find raises contact list privacy questions (CSO) Given the lack of privacy, people need to separate their personal contact lists from their business address book, one analyst noted

Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search (TechCrunch) A hacker has exploited Facebook's graph search to collect a database of thousands of phone numbers and Facebook users. Both parties agree that all the information was left public by users (even if the users themselves may still not realize it). But Facebook issued him a cease and desist after the hacker continued to scrape data and argued with Facebook that the availability of the information

The race for resources (Internet Storm Center) A week ago one of our readers, Cedric, submitted a PHP web shell he found on a compromised server. PHP web shells are a pretty common thing – once attackers identify a vulnerability that allows them to upload such a PHP file (which is usually a RFI, Remote File Inclusion, vulnerability), they install it to make further activities easier. PHP web shells have gone a long way and are today very powerful. The attacker can use a PHP web shell to navigate through directories, upload and download files and do much, much more

SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild (Webroot Threat Blog) One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products. Fact or fiction? Keep reading

Scam Sites Now Selling Instagram Followers (TrendLabs Security Intelligence Blog) Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment – with the amount depending on the number of followers you prefer

Latest Pushdo Variants Challenge Antimalware Solution (TrendLabs Security Intelligence Blog) Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other "tricks". However, hiding the network traffic - specifically from monitoring outside an infected computer - is not an easy task, but is something that the botnet creators have improved through the years

Carberp malware source code offered for sale with $50,000 price tag (CSO) Includes Chinese-made rootkit module

Taking a closer look at the Glazunov exploit kit (Naked Security) Following on from my recent articles on the Redkit exploit kit, I thought I would take a look at another exploit kit that is not that well known

Raspberry Pi bot tracks hacker posts to vacuum up passwords and more (Ars Technica) Dumpmon scours Twitter for sensitive data hiding in plain sight

Apple Phishing Scams on the Rise (Threatpost) Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information

Yahoo says unleashing people's old accounts will be fine, just fine (Naked Security) It will be OK, the company says. We're not giving away your content or personal details, and we're sending bouncebacks for a month. Has that convinced critics? Unlikely

Top five data breaches in 2013…so far (SC Magazine) Midway through 2013 we've sorted through the endless breaches that have already taken place, and have decided on what we believe are the top incidents in 2013 thus far. Don't forget to check out our "breaches" section for more information on the topic

Academia

Canadian academic urges greater digital diplomacy on Ottawa (FierceGovernmentIT) A Canadian academic is lamenting his country's lack of social presence in diplomacy, arguing in a paper that lack of Canadian diplomatic presence on social media channels such as Facebook and Twitter will condemn the country to "progressively fade in international affairs"

Litigation, Investigation, and Enforcement

China, Russia Extradition Row Is Pure Realpolitik (Wall Street Journal) In any big game, it's important to always know the score. And now, in light of how China and Russia are handling the Edward Snowden affair, President Barack Obama knows this: There will be no personal favors in these relationships, only coldblooded calculations

The Age Of American Impotence (Wall Street Journal) Funny how Mr. Putin always seems to discover his inner civil libertarian when it's an opportunity to humiliate the United States

Whistle-Blow A Happy Tune (San Francisco Chronicle) Snowden is smart enough to have amassed huge amounts of U.S. intelligence but dumb enough to run to Hong Kong - then Moscow - to out himself as a whistle-blower. As of my deadline, his final destination is unclear. He's smart enough to have won a top-security clearance from a government dumb enough to give it to him

Portrait In Respect (Wall Street Journal) The Obama Administration wants the world to know that it cares very deeply about bringing self-admitted national-security leaker Edward Snowden back to the U.S. to stand trial. If only the world seemed to care as much about what the U.S. thinks

U.S. Is Worried About Security Of Documents Snowden Has (Washington Post) The ability of contractor-turned-fugitive Edward Snowden to evade arrest is raising new concerns among U.S. officials about the security of top-secret documents he is believed to have in his possession - and about the possibility that he could willingly share them with those who assist his escape

Hong Kong: Shadowy Envoy Encouraged Fugitive To Leave (Washington Post) The message was blunt and was delivered Friday night by a shadowy emissary who didn't identify himself but knew enough to locate Edward Snowden's secret caretaker: The 30-year-old American accused of leaking some of his country's most sensitive secrets should leave Hong Kong, the messenger said, and if he decided to depart the authorities would not interfere with his travel plans

Leaker's Flight Raises Tension Between U.S. And 3 Nations (New York Times) Frustrated Obama administration officials pressed Russia on Monday to turn over Edward J. Snowden, the national security contractor who disclosed surveillance programs, while warning China of consequences for letting him flee to Moscow

Kerry Reproaches Russia as Ecuador Considers Snowden Asylum (Bloomberg) The U.S. lashed out at Russia for letting former U.S. intelligence contractor Edward Snowden transit through Moscow as Ecuador considered his bid for asylum

Snowden in Moscow: An Unexpected Windfall for Russian Spies (AFP via SecurityWeek) Former US intelligence contractor Edward Snowden's stop in Moscow is an unexpected windfall for the Russian secret services even if it risks worsening the already strained relations between the Kremlin and Washington

China and U.S. war over Snowden (Cyberwarzone) China rebuked the United States on Tuesday for accusing it of facilitating the flight of fugitive U.S. spy agency contractor Edward Snowden, and said suggestions that it had done so were "baseless and unacceptable"

U.S. Said to Explore Possible China Role in Snowden Leaks (Bloomberg) U.S. intelligence agencies are investigating whether Edward Snowden's leaks may be a Chinese intelligence operation or whether China might have used his concerns about U.S. surveillance practices to exploit him, according to four American officials

China Outsmarted US in Snowden Chess Game: Experts (Cyberwarzone) China interceded to allow Edward Snowden's dramatic flight from Hong Kong, calculating that infuriating the United States for now was necessary to prevent deeper corrosion to their relationship, analysts and media said Monday

What the PRISM Stories Tell Us About the Press (Volokh Conspiracy) If you don't share my fascination with the journalistic ethics of the Snowden reporters, you can skip this long piece. But both of the protagonists have now defended themselves, so I'm posting their messages, with commentary

Obama Has Charged More Under Espionage Act Than All Other Presidents Combined (Slate) The U.S. government charged former National Security Agency contractor Edward Snowden with three felonies, including two under the Espionage Act. He now becomes the eighth person to be charged under the Espionage Act under Obama, according to Firedoglake. That is more than double all previous presidents combined. Prior to Obama's administration only three people who leaked information had been charged under the 1917 statute that was never really intended for leakers. The arguments that Obama uses now to use that statute to go after those who reveal information were first brought up by Ronald Reagan's administration when it went after a Navy civilian analyst who leaked photographs to a British military magazine. But now the practice has become widespread

Did Edward Snowden Hand Over His Laptops to the Guardian or Another Media Outlet? (Slate) In a conference call with reporters on Monday, WikiLeaks founder Julian Assange stayed mostly quiet about Edward Snowden's travel plans. But while Assange refused to comment on Snowden's whereabouts ("he is in a safe place and his spirits are high"), he still managed to make news by implying that the NSA leaker may have turned over the four laptops he left Hawaii with to one or more media outlets. According to the Guardian, those laptops may contain access to "some of the US government's most highly-classified secrets"

EXCLUSIVE: Snowden sought Booz Allen job to gather evidence on NSA surveillance (South China Morning Post) Edward Snowden tells the Post he took a job at NSA contractor Booz Allen Hamilton to collect proof of surveillance programme

South Africa government Knew British Agents were spying (Cyberwarzone) South Africa was well aware British agents were spying on foreign delegates during the 2009 G20 summit, but chose to deal with the matter privately to avoid being embarrassed, reports the Mail & Guardian (M&G)

Snowden on the run, leaks continue unabated (Help Net Security) The chase is on for whistleblower Edward Snowden and the U.S. government. After legally leaving Hong Kong for Moscow, and despite having his U.S. passport revoked, the former NSA sysadmin and analyst

Snowden leaks may embarrass Canberra (Brisbane Times) Australian officials said it was still unclear precisely what information Mr Snowden may have taken from the National Security Agency and his former employer, defence and intelligence consulting firm Booz Allen Hamilton. Despite this officials said

Contractor who cleared Snowden's background check under investigation, OPM IG says (FierceGovernment) The contractor the Office of Personnel Management uses to conduct security clearance checks may have committeed contract fraud, OPM Inspector General Patrick McFarland said in a June 20 Senate Homeland Security and Governmental Affairs subcommittee on efficiency and effectiveness of federal programs and the federal workforce hearing

Kim Case A Hard Nut To Crack (Washington Post) The seeds of a great mystery story hang over the case of Stephen Jin-Woo Kim, who has pleaded not guilty to charges that he leaked highly classified information about North Korea to Fox News reporter James Rosen four years ago

How Barrett Brown shone light on the murky world of security contractors (The Guardian) Unlike Edward Snowden or Bradley Manning, Brown is not a celebrity. But after helping expose a dirty tricks plot, he faces jail

Google gets 35 days to wipe its WiSpy data (Naked Security) The UK's Information Commissioner's Office (ICO) is, once again, rattling its stick at Google, demanding that it delete the Street View car data that it's already told the company to delete - twice

Design and Innovation

CIA Unveils Redesigned Public Website (Central Intelligence Agency) The Central Intelligence Agency (CIA) today introduced a major redesign of its public website…to make it more accessible to users. The revamped website includes a wealth of new and updated information along with innovative features. As Director John O. Brennan noted, "The new and improved website reflects CIA's strong commitment to educating and informing the American people about the Agency's history, mission, and organization. I encourage the public to explore the website and learn more about an American institution dedicated to protecting our country's security"

Big Data Needs Creative Types, Too (InformationWeek) Teradata technologist sees a growing need for both left-brain and right-brain types in data-driven enterprises. We hear a lot about the shortage of data scientists, those hard-to-find professionals trained to analyze massive data sets, gain insights from them, and communicate that information to an organization's management team. These data gurus must be well-versed in multiple technical and business disciplines, including analytics, computer science, math, modeling and statistics. Oh, and people skills are good to have, too

Comment: Securely Embracing 'Shadow-IT' — the Apps an IT Department Can't Control (Infosecurity Magazine) For what seems like an eternity, IT departments have been worried about overspending, projects running late and even website frailties and attacks - all of which are laudable concerns and ones that should be kept in mind. But today there is an even larger concern, and it's called 'Shadow-IT'

Security Needs More Designers, Not Architects (Dark Reading) The better we design the user experience, the more we reduce our risk. A few years ago I somewhat egotistically wrote Mogull's Law in a blog post. It states, "The rate of user compliance with a security control is directly proportional to the pain of the control vs. the pain of noncompliance." A shorter version of saying this is, "Computer users will take the path of least resistance"