Hackers hijack and deface Google Palestine

Hackers hijacked and rerouted Google’s Palestine domain to a different server apparently in objection to labelling of Palestinian territories as Israel in Google Maps.

The group Hackteach claimed responsibility and left a message on the homepage.

“uncle google we say hi from palestine to remember you that the country in google map not called israel. its called Palestine,” the statement read.“#Question : what would happens if we changed the country title of Isreal to Palestine in google maps !!! it would be revolution ..So Listen to rihanna and be cool :P.”

Earlier in May, Google changed the tagline on homepage of its Palestinian edition from “Palestinian territories” to “Palestine” in line with the UN’s decision last year upgrading the Palestinians' status to "non-member observer state."

External Security Assesment is important for all Network and applications

The most common solution to external network security assessments is scan, scan, scan…and then scan some more

One of the most common vulnerability assessment activities for all companies of all sizes is an external scan, typically targeting internet-facing websites. Because we service the vulnerability assessment and penetration testing needs of large enterprises, we know “you know” that scanning external-facing network resources is important, and an obvious high priority. But we also challenge you to understand that scanning alone is not enough, unless all you really want is a checkmark for an audit of one kind or another.

A complete job of assessing the hardness of your external network includes multiple steps. Here are four of the main steps that you should be familiar with:

1. Anonymous information gathering to discover all Internet-facing assets a hacker could identify as potential entry-points into your network
2. Scanning of your internet-available network access points and web servers for known vulnerabilities (non-credentialed)
3. Verifying scan-result findings through in-depth manual pen testing attack techniques (both credentialed and non-credentialed)
4. Providing deeply informed remediation guidance and advisory services for identified/verified vulnerabilities

Why is BriskInfoSec approached to discuss external vulnerability assessment work with large enterprises?

BriskInfoSec is approached by our large enterprise clients to assess the security of their external-facing network assets for many reasons, but chief among them are dissatisfaction with their own internal tools, their present provider, and/or their own internal team’s ability to effectively manage all of their external testing work efficiently over time in a consistent and professional manner. These kinds of situations frequently result in an assignment for someone in a company’s security staff to search out alternatives; which then open up an opportunity for BriskInfoSec to present our highly-disciplined, in-depth approach to assessing the security of their external-facing network assets as compared to their present approach.

What do these companies discover when comparing BriskInfoSec approach to external security testing with their own present approach?

Because BriskInfoSec is driven by an across-the-board corporate culture that’s passionate about delivering the highest-value findings and recommendations possible, we do more than the basic steps, we do all the steps on your behalf; and then even more than that. If you assign mid-to-low-level-importance projects to others, fine, we see that frequently. But if you have a set of high-value software assets or critical points-of-entry into your network, working with BriskInfoSec always begins with an education about scanning versus penetration testing:

• Scanning and penetration testing are not the same thing, no matter how much the marketing folks working for the scanning tools manufacturers and scanning service providers make it sound that way
• Scanning is never enough, it is only an initial step in the entire assessment process
• Just the scanning step alone done effectively needs multiple scanning tools and multiple over-lapping scans run against the same resources in order to accomplish a thorough job of the scanning step
• Scanning the same resources  with different tools (as just recommended) naturally returns different results in different data formats
• Correlating and normalizing all this desperate scanning data requires special technology: like our proprietary CorrelatedVM™ platform that’s used by all of our pen testers and available (in part) to you through our CorrelatedVM Portal at no additional cost
• Scanning identifies potential vulnerabilities, and the different scanners may recommend different remediation actions – but BriskInfoSec’s CorrelatedVM platform fixes that problem as it correlates and normalizes all the scanning data from multiple scanning products and multiple rounds of scanning into the best set of recommended remediation actions
• Potential vulnerabilities identified by the initial scanning effort need to be verified by experts to eliminate false positives, and to thoroughly analyze the remainder, while also probing for any unidentified vulnerabilities the scanners could not find – this is work that only an expert pen testing company like BriskInfoSec can deliver 

In-depth pen testing to final reporting of findings and recommendations is what sets BriskInfoSec apart, and why we are given the critical responsibility of assessing the security of your most high-value/high-risk external-facing network assets.

The power of CorrelatedVM comes at no cost to you and provides real benefits that only BriskInfoSec can deliver

CorrelatedVM™, our proprietary vulnerability assessment and pen testing management platform, will be utilized for your external network penetration testing service when you hire BriskInfoSec. The CorrelatedVM platform and your complimentary access to its SaaS-based customer portal set our deep-dive pen test work and customer-facing deliverables light years apart from all other pen test services. This one-of-a-kind, powerful platform has been continually enhanced and used exclusively by BriskInfoSec’s elite team of pen test consultants on every pen test engagement for over a decade now.


Once you see our team in action with the CorrelatedVM platform, and what CorrelatedVM can offer your organization in the way of automating and disciplining your external vulnerability assessment efforts, you’ll realize how it solves presently unsolvable problems that will profoundly benefit all of your vulnerability management programs going forward.

Contact us for conduct external security testing against your applications and Network with affordable price info@briskinfosec.com

Why do American spy agencies want a Malayalam translators at exorbitant salary ?

 

Yet conversations with current and former employees of Booz Allen and U.S. intelligence officials suggest that these contractors aren’t going anywhere soon. Even if Snowden ends up costing his former employer business, the work will probably just go to its rivals. Although Booz Allen and the rest of the shadow intelligence community arose as stopgap solutions—meant to buy time as shrunken, post-Cold War agencies tried to rebuild after Sept. 11—they’ve become the vine that supports the wall. As much as contractors such as Booz Allen have come to rely on the federal government, the government relies on them even more.


Edward Snowden was not hired as a spy. He’s a mostly self-taught computer technician who never completed high school, and his first intelligence job was as a security guard at an NSA facility. In an interview in the Guardian, he says he was hired by the Central Intelligence Agency for his computer skills to work on network security. In 2009 he left for the private sector, eventually ending up at Booz Allen. The job he did as a contractor for the NSA appears to have been basic tech support and troubleshooting. He was the IT guy.

People in intelligence tend to divide contract work into three tiers. In the first tier are the least sensitive and most menial jobs: cutting the grass at intelligence facilities, emptying the trash, sorting the mail. In classified facilities even the janitors need security clearances—the wastebaskets they’re emptying might contain national secrets. That makes these jobs particularly hard to fill, since most people with security clearances are almost by definition overqualified for janitorial work.
Snowden, with his computer expertise, fit in the middle tier: people with specialized skills. When the U.S. military first began ramping up its use of contractors during the Vietnam War, these jobs made up much of the hiring—the Pentagon was desperate for repairmen for its increasingly complex weapons and transport systems. Also in this tier are translators, interrogators, and investigators who handle background checks for government security clearances. Firms such as CSC (CSC) and L-3 Communications (LLL) specialize in this tier. Booz Allen competes for some of that work, but it tends to focus on the highest tier: big contracts that can involve everything from developing strategies to defeat al-Qaeda in the Islamic Maghreb to designing software systems to writing speeches for senior officials. Tier three contractors often are, for all intents and purposes, spies—and sometimes spymasters.

BLOG:

Spying for the NSA Is Bad for U.S. Business

William Golden heads a recruiting and job placement company for intelligence professionals. In mid-June, he’s trying to fill three slots for contractors at the Defense Intelligence Agency. As it happens, Booz Allen isn’t involved, but these are the sort of jobs the firm has filled in thousands of other instances, Golden says. Two postings are for senior counter-intelligence analyst openings in Fort Devens, Mass., one focusing on the threat to federal installations in Massachusetts, the other on Southwest Asia. The contractors would be trawling through streams of intelligence, from digital intercepts and human sources alike, writing reports and briefings just like the DIA analysts they would be sitting next to. Both postings require top-secret clearances, and one would require extensive travel. The third job is for a senior linguist fluent in Malayalam, spoken mostly in the Indian state of Kerala, where there’s a growing Maoist insurgency. That the Pentagon is looking for someone who speaks the language suggests American intelligence assets are there. The listing specifies “austere conditions.”
Golden says he constantly sees openings at Booz Allen and other contractors for “collection managers” in posts around the world. “A collection manager is someone at the highest level of intelligence who decides what assets get used, how they get used, what goes where,” he says. “They provide thought, direction, and management. They basically have full status, as if they were a government employee. The only thing they can’t do is spend and approve money or hire and fire government workers.”
The pay fluctuates widely, depending on the candidates’ skills and experience. “This money comes from the intelligence budget, so there isn’t much oversight,” Golden says. He estimates that the Malayalam translator job, for example, will pay between $180,000 and $225,000 a year. That’s partly to compensate for the austere conditions as well as insurgents’ tendency, unmentioned in the posting, to target translators first. The pay is also a reflection that the past 10 years have been boom times for private spies.