No excuses -- encrypt all laptops
Date: 2008-07-23 04:13:23Source: Network World Every year, more than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities. According to our research, in 2008 companies topmost security investment was laptop encryption. Laptop hard drives are getting bigger and now can hold hundreds of thousand to hundreds of millions of sensitive records.
As a CSO, one of your top priorities is probably to keep your company off the front page of the news. Is it inexcusable to have laptops in the field with unencrypted hard drives? With such new open source solutions as TrueCrypt, there are few excuses left: All laptops must be fully encrypted.
Encryption technology is easy, but encryption solutions are hard. Key management and recovery make it difficult to manage large-scale encryption. Even low-cost encryption software for laptops can add up quite quickly if you deploy it on all laptops. Even if you can afford the cost of the software, however, you have to look at the complexity of the whole solutions
Can obscurity make cryptography better?
Date: 2008-07-23 04:12:34Source: Computer World (Australia) I often disagree when the so-called experts talk about security in terms of binary decisions. Managing security risk is always a cost/benefit trade-off compared to the value of the thing being protected.
I have always been particularly bothered by security proponents who repeat the mantra, "Security by obscurity is no security," when that declaration is demonstrably incorrect. Obscurity does have value, sometimes significant value, especially in the context of the defense-in-depth paradigm. Ive written several articles defending obscurity each year, both here and elsewhere. Even though I can present facts and numbers, and readily demonstrate repeatable experiments to back up my conclusions, my critics usually rely solely on emotional arguments. At the very least, they can never show me how obscurity decreases security without coming up with hyperbolic, unlikely scenarios. A friend shared a popular saying with me: "I can show you the facts, but never convince you."
Asprox computer virus infects key government and consumer websites
Date: 2008-07-23 04:11:25Source: Times Online Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.
Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.
Experts described the Asprox virus as a alarming departure from commonplace viruses which tend to be spread through rogue e-mails and unregulated websites. Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitors computer, allowing a hacker to access financial information.
Microsoft's DNS Fix Leads to More Problems
Date: 2008-07-23 04:10:32Source: ESJ The blogosphere is awash with talk about the possible overall weakness of the Domain Name System (DNS) architecture. For its part, Microsofts released a DNS fix in its patch slate for July, but Redmond seems to have problems just getting it to end users. Moreover, some users of the DNS fix have experienced additional difficulties.
So far, since Microsofts DNS fix was issued on July 10, there have been two separate problems associated with its installation.
The software giant disclosed last week, in a technical posting on its SBS services blog, that some users experienced interruptions in the Exchange Server services component of application stacks sitting on various Windows operating systems.
China arrests cyber dissident, rights group says
Date: 2008-07-23 04:09:45Source: Reuters (UK) Chinese police have arrested a prominent Internet dissident for violating his probation terms, accusing him of posting articles on overseas websites and receiving guests without permission, a rights group said.
China has been cracking down on dissent in the run-up to next months Beijing Olympics, fearing any unrest could embarrass the country while the world is watching.
Du Daobin, from the central province of Hebei, was given a suspended sentence for subversion in 2004 having been detained by police in Wuhan for posting online essays in support of fellow dissident, Liu Di. Du was then released into house arrest, Reporters Without Borders said in an emailed statement, but was arrested this week.
Courts strike down COPA
Date: 2008-07-23 04:08:17Source: vnunet Ten years after the passing of the Child Online Protection Act (COPA) the law has been ruled unconstitutional by the courts yet again.
The 3rd U.S. Circuit Court of Appeals in Philadelphia today upheld a 2007 decision that the law was overly broad and that parental monitoring software and filtering software was a better way to protect children.
"For years the government has been trying to thwart freedom of speech on the Internet, and for years the courts have been finding the attempts unconstitutional," said Chris Hansen, senior staff attorney with the ACLU First Amendment Working Group. "The government has no more right to censor the Internet than it does books and magazines."
Steve Jobs teases over new Apple products
Date: 2008-07-23 04:07:19Source: Electric Pig Apple held a financial results conference call last night, and while the figures were some of the best in Apple’s history, we were more interested in Steve Jobs’ teasing over brand new products.
“We’re proud to report the best June quarter for both revenue and earnings in Apple’s history,” Jobs said, before dropping the bomb: “We set a new record for Mac sales, we think we have a real winner with our new iPhone 3G, and we’re busy finishing several more wonderful new products to launch in the coming months.”
Jobs’ distinction between current Macs, the iPhone and the company’s “new products” suggests Apple’s got something entirely new to treat us with. But what?
Computer tech hands over secret codes to Newsom in jailhouse visit
Date: 2008-07-23 04:06:35Source: SF Gate The San Francisco computer engineer accused of withholding access codes to the citys network surrendered the password during an unusual jailhouse visit by Mayor Gavin Newsom, authorities said Tuesday.
Newsom came away with the access codes Monday night after talking with Terry Childs, 43, of Pittsburg, who has been held since July 13 on four felony counts stemming from what prosecutors describe as an effort to block administrative access to the network that handles 60 percent of the citys information, including sensitive law enforcement, payroll and jail booking records.
Childs had given officials what turned out to be bogus passwords and then had refused to give the correct ones, even when threatened with arrest, authorities say. But Monday, Childs defense attorney Erin Crane contacted the mayors office, setting in motion the secret visit.
Last HOPE to become Next HOPE
Date: 2008-07-23 03:35:02Source: CNet News In case you were worried, HOPE is not dead.
Just as hackers experiment with technology, push boundaries, and subvert the concepts of what it means to be safe and secure, the organizers of the HOPE (Hackers on Planet Earth) conference have had some fun of their own.
Despite calling the event this weekend "Last HOPE," it wont be the final one; just the most recent one, organizer Emmanuel Goldstein told attendees at the closing ceremonies Sunday night. There will be another one in two years. It will be called "Next HOPE," he said.
Kerfuffle erupts as DNS flaw described
Date: 2008-07-23 03:34:18Source: Security Focus Well-known security researcher Halvar Flake rediscovered the flaw in the domain-name system announced by a coalition of software makers and infrastructure providers earlier this month, posting a description of the issue on his Web site on Monday.
In his posting, Flake -- the nom de guerre of Thomas Dullien, CEO of security firm Zynamics -- argued that speculating about the flaw helps software security and then proceeded to describe his theory of the issue. Details of the exact flaw have been kept quiet so that companies can patch the Internets infrastructure, but the original finder of the flaw -- IOActives director of penetration Dan Kaminsky -- had revealed the issue to a few researchers, but not to Flake.
"I know that Dan asked the public researchers to not speculate publicly about the vulnerability, in order to buy people time," Flake wrote. "This is a commendable goal. I respect Dans viewpoint, but I disagree that this buys anyone time."
|