atans1

Posts Tagged ‘Computer Security Agency’

Cybersecurity: “Ownself hack ownself”

In Public Administration on 13/02/2019 at 11:01 am

Given the cybersecurity problems at the Ministry of Health and Singhealth, time to “Ownself hack ownself”?

The Japanese are planning to do this (Remember Goh Cock Chok Tong’s exhortation to learn from the Japanese: Learn from Japanese — set example leh elites):

Japan gears up for mega hack of its own citizens
Unprecedented cyber attack on 200m internet enabled devices is designed to test the nation’s vulnerability

FT headline

FT reports that the experiment, which will run for five years and will be supervised by the Ministry of Internal Affairs and Communications. It is intended to focus on devices that fall into the broadly-defined category of “internet of things” (IoT). FT says, “anything from a yoga mat that informs a smartphone of your contortions, to remotely controlled factory robots” will be tested.

Well we could have our very own “Ownsef hack ownself”: the Computer Security Agency should try to hack the IT systems of govt and its agencies’ systems.

Had been tried yrs ago, sort of.

At the dawn of the internet age here, when one Lee Hsien Yang was CEO, Singtel tried, “without permission”, to access our PCs etc: “Testing if users got proper security leh”. There was public row and SingTel apologised.

And now Lee Hsien Yang is a hero of the cybernuts who wish the PAP and 70% of the voters ill. Juz because he and his tai kor no longer have pa to supervise them. They forgot he tried to do surveillance of S’poreans all those yrs ago.

Btw, when I saw u/m video of a much henpecked otter, I tot of Lee Hsien Yang. It’s alleged he got fierce sister and wife.

 

Advertisements

Memo to Paper General heading Computer Security Agency

In Internet, S'pore Inc on 17/08/2018 at 11:19 am

From a Mr Happy

I avoid Intel and use AMD in my systems. I have found that the Ryzen processor family offers great performance with out the power consumption or heat output of its predecessors.

Putting my CTO hat on for a moment, in reality there are always holes in the security of both software and  hardware or exploits previously not considered. So keep things patched, keep security layers tight, stay on top the available information and do not get complacent because at that point you assume you are secure then you become vulnerable. It comes under two headings, security and managing your IT estate, if you fail to maintain your investment you will fall behind and be vulnerable. If you or your organisation does not have the knowledge get a professional in to conduct an audit and security sweep. Organisations are facing far more security vulnerabilities and threats than at any previous point in the technology revolution and many organisations are not managing it correctly.

Comment on FT article about latest Intel problem

Paper BG can cut and paste and pass off as his own genius at work. Like SMRT Neo juz cutting and pasting ang moh practice

Related post:

Is Computer Security Agency CEO talking thru his ass about stolen info?

MAS gives finger to CSA’s CEO

In Internet, Public Administration on 25/07/2018 at 11:00 am

Remember CSA’s CEO downplaying the loss of NRIC numbers etc (Is Computer Security Agency CEO talking thru his ass about stolen info?)?

Should you be worried?

In short, not really, said the authorities. CSA chief executive David Koh said the stolen information are “basic demographic data”.

Constructive, nation-building CNA

Well it’s now clear that the central bank for one thinks he’s talking cock

“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification,” MAS said in a statement.

“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”

 

 

Is Computer Security Agency CEO talking thru his ass about stolen info?

In Internet, Media, Public Administration on 22/07/2018 at 10:32 am

I went WTF when I read this from the constructive, nation-building CNA:

Should you be worried?

In short, not really, said the authorities. CSA chief executive David Koh said the stolen information are “basic demographic data”.

“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites,” he added, noting that this has occasionally happened in past data breaches.

“But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data.”

Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-what-you-need-to-know-10549096

I repeat WTF. NRIC numbers were stolen as were names and addresses. Before this loss of info, we had been told by the PAP govt and private sector cyber security experts that the NRIC number is very important personal data and that when a criminal has access to our i/c number, address and name, lialat: could be vulnerable to all kinds of online crime. So this not true isit?

I had also read in an earlier CNA report

[C]ybersecurity expert, Mr Leonard Kleinman, pointed out that medical data contains a trove of information – from personally identifiable data to financial details – “that can be used to create a highly sought-after composite of an individual”.

Such pilfered data can fetch a high price on the dark Web, with each entry potentially selling for US$50 to US$100 more than stolen credit card data, said Mr Kleinman, who is the chief Cyber Security Advisor at RSA Asia Pacific and Japan.

“As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons,” he said.

The executive also cautioned that the fallout of such a hack may not be immediately felt either, as it could “take months” for the data to be first sold, then used.

“Given the nature of this attack, it is hard to say exactly what the end game is, especially when the attackers haven’t identified themselves,” Mr Kleinman added.

Darktrace Asia Pacific managing director Sanjay Aurora told Channel NewsAsia in an email that it can only speculate on the hacker’s motives, but medical information, like other kinds of personal data, can be easily monetised.

That said, beyond making a quick buck, Mr Aurora said a more “sinister reason” could be to cause widespread disruption and systemic damage to the healthcare service or to undermine trust in a nation’s competency to keep personal data safe.

Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-likely-nation-state-medical-data-price-10549372

So is the PAP govt downplaying the importance of the loss of info?

And if it is, why isn’t the constructive, nation-building media not signing from the same sheet?