May 31, 2006
By TIM KAUFFMAN
Federal
employees pose a bigger threat to private data than the computer hackers most security systems are designed to thwart, privacy officials and lawmakers said.
Many agencies are vulnerable to the same type of security breach that occurred most recently at the Veterans Affairs Department, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit group concerned with technology’s impact on privacy. In the VA case, which was announced publicly May 22, a laptop containing names, Social Security numbers and birthdates of 26.5 million veterans was stolen from the home of an employee who was working on a project.
Source:
http://federaltimes.com/
By Alice Lipowicz
In Japan, for instance, internal vein pattern scans of fingers and palms are becoming popular for identity management. Electronics giants Fujitsu Ltd. and Hitachi Ltd. are promoting the technology.
On May 11, the University of Tokyo Hospital announced it was the first major hospital to adopt Fujitsu’s palm-vein authentication technology for its ID cards and to discard its fingerprint-based system.
Advocates of vein scanning said it avoids the perceived law enforcement stigma of fingerprinting and is highly accurate and resistant to tampering. But the technology has yet to proliferate beyond Japan.
Source:
http://www.washingtontechnology.com/
By Doug Beizer
To keep pace with adversaries, the Defense Department and the National Security Agency’s Information Assurance Directorate have an ongoing effort called the Cryptographic Modernization Initiative. The initiative’s goal is to transform and modernize information assurance capabilities for the 21st century.
“In the encryption world, probably on a timeframe of every seven to 10 years, there’s a need for new encryption algorithms,” said Anthony Caputo, chairman and CEO of SafeNet Inc. of Belcamp, Md. “
Because every year, the enemy or hackers’ tools are getting better, periodically you have to increase the strength of the encryption algorithms. That’s what the Cryptographic Modernization [Initiative] does.”
Source:
http://www.washingtontechnology.com/
Could a ruthless new breed of cyber-terrorist cause meltdown at the click of a mouse? Jimmy Lee Shreeve reports According to cyber-security experts, the terror attacks of 11 September and 7 July could be seen as mere staging posts compared to the havoc and devastation that might be unleashed if terrorists turn their focus from the physical to the digital world.
Scott Borg, the director and chief economist of the US Cyber Consequences Unit (CCU), a Department of Homeland Security advisory group, believes that attacks on computer networks are poised to escalate to full-scale disasters that could bring down companies and kill people. He warns that intelligence "chatter" increasingly points to possible criminal or terrorist plans to destroy physical infrastructure, such as power grids. Al-Qa'ida, he stresses, is becoming capable of carrying out such attacks.
Source:
http://news.independent.co.uk/
May 30, 2006
Deal was intended to help U.S. effort to fight terrorism
Paul Meller
The Parliament appealed to the Court of Justice in Luxembourg, claiming that the commission was wrong to conclude that European citizens' personal data would be adequately protected by authorities in the U.S. and that the national governments were wrong to approve the agreement to transfer the data, signed with the U.S. government in May 2004.
The court agreed with both claims by Parliament and overruled both the commission and the council of national governments.
"Neither the commission decision nor the council decision are founded on an appropriate legal basis," the court said in a statement.
Source:
http://www.computerworld.com/
(Posted) by Roland Piquepaille
Quantum cryptography (QC) is still in a very early stage and there are very few commercial products available. But this doesn't prevent researchers to look at new solutions. For example, physicists from the University of Wien, Austria, are testing qutrits instead of the more common qubits. These qutrits can simultaneously exist in three basic states — instead of two for the qubits. This means that QC systems based on qutrits will inherently be more secure. But if QC using qubits has been demonstrated over distances exceeding 100 kilometers, the experiments with qutrits are today confined within labs. For more information, read this abstract of a highly technical paper or continue below.
Source:
http://blogs.zdnet.com/
By Andrea Coombes, MarketWatch
Consider:
§. In some grocery-store check-out lanes, customers who've preregistered their fingerprint can simply swipe their finger to have their grocery bill deducted from their checking account. You don't need to bring your wallet, nor remember your loyalty card. Pay By Touch, maker of fingerprint scanners used by grocery-store chains including Piggly Wiggly in the South and Albertson's Jewel-Osco stores in the Midwest, says it has 2.3 million people enrolled in various fingerprint-authentication programs.
§. Hewlett-Packard Co. says it now offers fingerprint scanners in 80% of the laptop computers it aims at the business market.
§. In Japan, customers at some automated-teller machines place their hand in a scanner for access to their accounts.
§. Five million cell phones in Japan and Korea are embedded with fingerprint sensors to restrict access to the photos, e-mails and address books stored there, said Jim Burke, a vice president at Melbourne, Fla.-based AuthenTec, maker of those 5 million scanners plus others used in computers and other devices. That cell-phone technology will be available in cell phones in the U.S. in 2007, Burke estimates.
Source:
http://www.marketwatch.com/
Massively’s Biometrics Delivers High Performance, High-Volume Capabilities at a Fraction of the Cost of FPGA-Based Systems
Massively Parallel Technologies, Inc. (Massively), a provider of on-demand high-performance computing (HPC), announces fingerprint match rates of 465,000 records per second using only its advanced, patented Howard software technology. Measuring true end-to-end match times (rather than just compute time, which does not reflect real-world performance requirements). Massively is expanding its already impressive performance by targeting 1-second match times running on commodity commercial off-the-shelf systems searching tens-of-millions to hundreds-of-millions of biometric records over the next few months.
...
Source:
http://www.prweb.com/
Mark Bereit
It's not a given that the quality of software will always be poor. The essential complexity of software is not some immutable universal law. Writing from inside the development trenches, this author redefines the problem and points to other industries that can offer solutions.
Source:
http://www.ddj.com/
May 29, 2006
By Daniel Pasco, Chief Engineer/Executive VP, Brain Murmurs Inc.
I've noticed that although there are many different volunteer Grid computing systems, no single commercial products seems to have emerged as the dominant player. I have some thoughts to share on the obstacles preventing the advancement of Grid technology in the marketplace, and a solution for overcoming them.
The Problem: Security
The single biggest issue is, in my opinion, security. In a volunteer grid system, the computing software has to run on a computer that belongs to someone and is used for things other than supercomputing. I used to work as a network administrator at Kistler Aerospace, and know just how paranoid folks are about their computers. People are suspicious of anything that might make them stop working.
....
Source:
http://www.gridtoday.com/
May 28, 2006
A British company that grew out of the University of Bristol cryptography department is turning email encryption into a mainstream option with the development of a super user-friendly free download of its product called Private Post.
They’ve made the one-off registration process quick and easy (you have to wait for an email from them to verify that you are the email address you say you are – happens very quickly but some people forget to go and look for it) and once you’ve registered you can send encrypted email to anyone – ALL YOU NEED IS THE RECIPIENT’S EMAIL ADDRESS.
Source:
http://www.it-observer.com/
BY Vance Bjorn
So let’s debunk the myths and misconceptions here, and get rid of the apprehension about biometrics.
1. One of the most common misconceptions is that fake fingers can easily fool a fingerprint authentication system. However, with currently-available technology, the optical reader scans the fingerprint and uses an algorithm that can detect three dimensional structures so photocopies, transparencies or latent images of a fingerprint will not be accepted as valid.
2. People fear that companies are storing fingerprint images. Enterprise authentication applications do not store an actual fingerprint image, but rather identify data points on the finger to create a stream of ones and zeros that is a unique representation of the fingerprint.
Source:
http://www.kioskmarketplace.com/
DigitalPersona(R) Pro Software Extends Support of Embedded Fingerprint Readers in Dell, HP, and Toshiba Notebooks
Retail Systems 2006 Show -- Digital Persona, Inc., the leading provider of fingerprint authentication solutions for enterprise networks and commercial applications, today announced the latest version of its award-winning enterprise solution DigitalPersona Pro v 3.5, with support for notebooks from Dell, HP, and Toshiba with embedded fingerprint readers.
Source:
http://biz.yahoo.com/
“The issue is the central database. But no-one knows if it'll work, or if it'll be accurate enough - it's more about perceived security than actual security.”
Osborne has an idea for a safer alternative to the central database: to actually store the person’s data on the card, ensuring only the template is downloaded and the identity processing and verifying happens on the card using Java and local data.
Source:
http://www.contractoruk.com/
May 21, 2006
Sarah D. Scalet
How it works: The way Google works is by "crawling" the Web, indexing everything it finds, caching the index information and using it to create the answers when someone runs a Web search. Unfortunately, sometimes organizations set up their systems in a way that allows Google to index and save a lot more information than they intended. To look for open ports on CSO's Web servers, for instance, a hacker could search Google.com for INURL:WWW.CSOONLINE.COM:1, then INURL:WWW.CSOONLINE.COM:2, and so on, to see if Google has indexed port 1, port 2 and others. The researcher also might search for phrases such as "Apache test page" or "error message," which can reveal configuration details that are like hacker cheat sheets. Carefully crafted Google searches sometimes can even unearth links to sloppily installed surveillance cameras or webcams that are not meant to be public.
Source:
http://www.computerworld.com/
Those accused of cybercrimes are facing serious charges. That could spell the end of the white-hat hacker.
By Larry Greenemeier
Eric McCarty goes before a federal judge this month on charges he damaged the University of Southern California's online application system. McCarty, 25, says he was just trying to highlight the Web site's security vulnerabilities.
A not-guilty plea just might fly with a jury, since it doesn't appear McCarty did anything with the data he stole. But as data theft and other cybercrimes wreak damages nationwide, the "white-hat hacker" defense won't win him much sympathy. Meanwhile, prosecutors and judges are treating these cases much more seriously.
Source:
http://www.informationweek.com/
Knowledge of U.S. laws may not help if IP goes AWOL
Bob Brown Today’s Top Stories
May 16, 2006 (Network World) -- The CAD/CAM company thought it was protecting itself, having employees of the Indian outsourcing company that was debugging its source code sign non-disclosure agreements. But when a disgruntled outsourcing employee swiped a copy of the code a few years back and tried to sell it to the CAD/CAM vendor's competitors, the vendor found out that the NDAs were of little use when it came to prosecuting the alleged thief in India.
Source:
http://www.computerworld.com/
By John E. Dunn, Techworld
NEC and Mitsubishi Electric have claimed another important breakthrough in the use of quantum principles to secure computer communications - they’ve managed to interconnect cryptographic systems from different vendors for the first time.
Researchers at the University of Tokyo’s Institute of Industrial Science were able to verify that the two systems were functioning correctly by conducting an eavesdropping experiment.
source:
http://www.techworld.com/
Our Bureau / Chennai/ Bangalore
Microsoft Research is taking the evagelising route to popularise the idea that research is indeed a good career option and that it pays to be a good researcher.
Microsoft Research Labs which was set up in Bangalore an year ago to work on a broad range of computer science subjects, has initiated measures to inculcate research aptitude in top science universities in India.
The lab has initiated a first-of-its-kind series of Microsoft Research Summer Schools to advance the art of research and in specific to computer science education. With this, the labs also intends to build up a good pipeline of researchers for its own works.
Source:
http://www.business-standard.com/
By DAN MITCHELL
FOR all the improvements in computer security, using the Internet is growing only more dangerous — both at home and at work.
The annual Web@Work survey, conducted by Harris Interactive for the security firm Websense, found that the number of companies reporting spyware infestations had jumped 50 percent in the last year alone, and now nearly 92 percent of companies report that they have found spyware on their networks (websense.com).
Spyware is a somewhat loose term, and can mean anything from often innocuous Web cookies to Trojan programs that can hijack a computer.
Source:
http://www.nytimes.com/
By Will Sturgeon, silicon.com
Passwords are fatally flawed, it's true, but for now they are the best option for many companies. But almost everybody could be managing them more effectively.
Source:
http://www.zdnet.com.au/
Episode 1 - Nortel's Approach To SecurityWelcome to the first Help Net Security Podcast. We are going to be focusing on the enterprise and informing you on new products and technologies. While at the Infosecurity show in London we met up with Shirley O'Sullivan, the Security Leader EMEA at Nortel. In this podcast you can listen to her discuss their approach to security.
(CNN) -- Portland, Oregon is the unlikely capital of a global software revolution. The revolution is called Open Source. And its leader? Linus Torvalds, the reclusive founder of Linux.
Kristie Lu Stout: What's your ballpark figure in terms of how many Linux developers there are out there?
Linus Torvalds: I actually only work with a few handfuls so I tend to directly interact with maybe 10 - 20 people and they in turn interact with other people. So depending on how you count, if you count just the core people, 20 -50 people. If you count everybody who's involved; five thousand people -- and you can really put the number anywhere in between... Almost, pretty much all, real work is done over e-mail so it doesn't matter where people are.
Source:
http://edition.cnn.com/
Graeme Wearden and Tom Espiner
ZDNet UK
Security experts fear that the UK government is on track to outlaw the supply of network security tools, and even scripting languages such as Perl.
IT and security professionals who make network monitoring tools publicly available or disclose details of unpatched vulnerabilities could be convicted under a proposed UK law, experts have warned.
Source:
http://news.zdnet.co.uk/
By Todd Spangler
Security managers need cutting-edge technologies to get a 30,000-foot view of their operations—and to wage the ongoing battle against network attacks.
In the book of thankless jobs, information-security professionals would be listed alongside such occupations as "manager of making sure no salmonella contaminates the beef" and "executive in charge of avoiding hours-long flight delays." In other words, people only realize the singular importance of your task when you've failed.
Worse, because security threats mutate so rapidly, a security manager must be utterly paranoid about this thankless job. The good news? New tools are making life easier for security teams. Three security technologies have hit their stride in 2006:
source:
http://www.baselinemag.com/
The culture of Bangladesh is composite, and over centuries has assimilated influences of Hinduism, Jainism, Buddhism, and Islam. It is manifested in various forms, including music, dance and drama; art and craft; folklores and folktales; languages and literature, philosophy and religion, festivals and celebrations, as also in a distinct cuisine and culinary tradition.
Source:
http://en.wikipedia.org/
May 17, 2006
By Jeremy Kirk, IDG News Service
A teenager who crashed a former employer's server by sending a torrent of junk e-mail, a practice known as mail bombing, could still face up to five years in prison after the case was sent back to trial.
On Thursday, a British appeals court rejected a lower court's ruling that David Lennon didn't violate the U.K.'s Computer Misuse Act of 1990. Lennon is charged with one count of unauthorized modification of a computer.
The case goes to the core of calls to revise the Computer Misuse Act with more specific language to address denial-of-service attacks.
Source:
http://www.infoworld.com/
May 16, 2006
In response to recent attacks against University computers and networks, OHIO has formed a Security Incident Response Team (SIRT) to take immediate and aggressive steps to inform members of the University community and to improve the security of data and IT resources on all Ohio University campuses.
Source:
http://www.ohio.edu/
Home to the world's most popular podcasts: this WEEK in TECH, this WEEK in MEDIA, Security Now, Inside the Net, FLOSS Weekly, and the Daily GizWiz.
Steve explains the most common of all security flaws...Source:
http://twit.tv/
ANNA GRESHAM, Staff Writer
Your finger has become as good as gold, or at least green, as in money green. At some gas stations, grocery stores and banks your finger is the key to your buying power.
Paying for gas, food and cashing checks with a finger is not a thing of the future anymore. It is reality.
Source:
http://www.goupstate.com/
WASHINGTON, May 12 /U.S. Newswire/ -- Kenneth Kwak, 34, of Chantilly, Va., was sentenced today by U.S. District Judge Royce Lamberth to five months in prison followed by five months of home confinement, based upon Kwak's conviction for
gaining unauthorized access to and obtaining information from a Department of Education computer system, the Department of Justice announced today.
Kwak's sentence results from his March 2006 guilty plea to one count of
intentionally gaining unauthorized access to a government computer and thereby obtaining information. In his plea, Kwak, who had been working in an office responsible for ensuring the security of Department of Education computer systems, admitted that he had
placed software on a supervisor's computer which enabled him to access the computer's storage at will. He later used that access on numerous occasions to view his supervisor's intra-office and Internet email as well as his other Internet activity and communications; Kwak then shared this information with others in his office.
Source:
http://releases.usnewswire.com/
"A company’s security set-up needs to be as dynamic as the organisation itself. It cannot permit an employee to access data from his previous project or department after his job role changes"
- Ajay Kumar Country Manager, India Aventail
Source:
http://www.expresscomputeronline.com/
May 12, 2006
By Bob Brown, NetworkWorld.com
The heart of the system is fingerprint reading technology and encryption hardware built in to the company's IBM T series laptops that enables the saving of usernames and passwords to multiple applications, including in-house and third-party programs. Brown says the technology is reliable, with false prints being accepted only one out of 10,000 times.
"The one downside we've seen to this is that if you have the software manage your passwords you don’t know what they are," Brown said. "So if you were to go to another workstation you might not be able to get in."
Source:
http://www.networkworld.com/
Trojan may have swiped info from 125 countries
Paul Roberts Today’s Top Stories
Webroot notified the FBI after it discovered the stolen information, which had been groomed and organized in folders by country where it was "
ready to be sold," Eschelbeck said. The stolen data was hosted on an FTP server hosted by nLayer Communications in New York, according to Webroot. However, the company does not know who is behind the scam, Eschelbeck said.
Source:
http://www.computerworld.com/
Jaikumar Vijayan Today’s Top Stories
Antivirus software firm Sophos PLC usually issues advisories about software vulnerabilities and threats in third-party products. This week the company warned enterprises of a vulnerability affecting a wide range of
its own products.
Source:
http://www.computerworld.com/
Daily Mail Via Thomson Dialog NewsEdge
Yesterday he said outside court: 'My intention was never to disrupt security. I was looking for UFO reports.' Asked whether he regretted his actions, he said: 'Obviously. But I did not do the damage.
I was amazed at the lack of security.' Though McKinnon was able to view details about naval munitions and shipbuilding, he did not access classified information, an investigation found.
Source:
http://www.tmcnet.com/
TOKYO --(Business Wire)
Security of most modern cryptography is based on computational complexity, and the extraordinary time necessary for cryptanalysis. It has been pointed out that modern cryptography may be threatened by the increasing speed and ability of computers in the future.
To that end, many are suggesting a shift to using quantum encryption. This type of optical cryptography uses quantum-state photons to carry data, and
has the advantage of being able to detect eavesdropping.
Source:
http://www.tmcnet.com/
May 11, 2006
Source: http://www.directbuy.com/
By Martin McKeay
I disagree with the assumption that we, as security professionals, don't know the trouble we're in. He uses the old urban legend of "boiling frog syndrome" to illustrate how things are getting worse and no one is noticing.
Anyone who's been in security for long knows that the cybercriminals are innovating at an incredible rate. All a hacker has to do is find a single new vulnerability. Security professionals have to protect against every known vulnerability as well as anticipating new vulnerabilitiies. We have to defend every system, all a cybercriminal has to do is find one vulnerable system.
Source:
http://www.computerworld.com/
By Douglas Schweitzer
The need for security is one of those facts of life in the world of computing. And, as this CW article points out, features in the upcoming Vista OS will likely "irritate" some users so much that businesses may delay upgrading to this newest Windows incarnation. To gain more security, you lose a certain measure of convenience.
This reminds me of how it was back in the 1960's when some drivers (and passengers) felt seat belts were "inconvenient," to the extent that many of us refused to use them. The cold hard fact is that hardened security isn't going to make everyone happy and yes, there needs to be a balance between the two (security and convenience).
Source:
http://www.computerworld.com/RElated link:
http://www.computerworld.com/
The company is now scrambling to get the drives back
Sharon Fisher Today’s Top Stoy
Idaho Power had recycled approximately 230 SCSI drives -- a year’s worth of updates -- through a single salvage vendor, Grant Korth, which then sold 84 of the drives to 12 parties through eBay. The company recovered 146 of the drives from the vendor. It also got assurances from 10 of the 12 parties that bought them on eBay that the drives would be returned or the data on them would not be saved or distributed.
Source:
http://www.computerworld.com/
The company is now scrambling to get the drives back
Sharon Fisher Today’s Top Stoy
Idaho Power had recycled approximately 230 SCSI drives -- a year’s worth of updates -- through a single salvage vendor, Grant Korth, which then sold 84 of the drives to 12 parties through eBay. The company recovered 146 of the drives from the vendor. It also got assurances from 10 of the 12 parties that bought them on eBay that the drives would be returned or the data on them would not be saved or distributed.
Source:
http://www.computerworld.com/
Industry reps say issues are well known; risk can be mitigated
Jaikumar Vijayan Today’s Top Stories
The reason? Most ATM transaction data is not encrypted and can be more easily compromised when it is traversing an IP network compared with dedicated lines, according to a white paper (download PDF) from Redspin Inc., a security auditing company in Carpinteria, Calif.
Source:
http://www.computerworld.com/
May 10, 2006
Source: The Engineer Online
“Using a unique diamond-based device which produces a single photon of light, we will be able to detect eavesdroppers and stop highly sensitive information being intercepted or stolen,” said Quantum Communications Victoria (QCV) CEO and University of Melbourne scientist, Dr Shane Huntington.
Source:
http://www.e4engineering.com/
Frederic Raynal
Cryptology is everywhere these days. Most users make good use of it even if they do not know they are using cryptographic primitives from day to day. This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses.
Source:
http://www.securityfocus.com/
Submitted by Compugasm / by Chad Perrin
Have you seen the new commercials by Mac, showing a Bill Gates look-alike (representing Microsoft) and a young actor (representing Mac). The Bill Gates guy has caught some kind of cold (computer virus) and the young guy is not affected.
Source:
http://comixpedia.com/
May 09, 2006
Judge:
'Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this'May 09, 2006 (Reuters) -- LOS ANGELES -- A 20-year-old who prosecutors say hijacked computers to damage computer networks and send waves of spam across the Internet was sentenced yesterday to nearly five years in prison.
Source:
http://www.computerworld.com/
By Wendy Grossman
There was a time when the very existence of the National Security Agency was completely secret. Many of the sort of people who are interested in it (such as this crowd from the annual Computers, Freedom, and Privacy conference) are, therefore, somewhat surprised by the idea that it has a cryptologic museum.
Source:
http://www.theregister.co.uk/
By David Miller
According to McAfee, from 2003 to 2005 the annual rate of vulnerability discovery on Apple's Mac OS platform has increased by 228 percent, compared to Microsoft's products, which only saw a 73 percent increase.
Source:
http://www.internetnews.com/
May 06, 2006
In practice, the anti-circumvention provisions have been used to stifle a wide array of legitimate activities, rather than to stop copyright infringement. As a result, the DMCA has developed into a serious threat to several important public policy priorities:
... The DMCA Chills Free Expression and Scientific Research
... The DMCA Jeopardizes Fair Use
... The DMCA Impedes Competition and Innovation
... The DMCA Interferes with Computer Intrusion Laws
Source:
http://www.eff.org/
May 05, 2006
News Story by Paul F. Roberts
MAY 03, 2006 (INFOWORLD) - An effort to force spammers to stop soliciting certain e-mail addresses went bad on Monday, after at least one spammer began sending large volumes of unsolicited e-mail to members of a "Do Not Spam" list run by Israeli firm Blue Security.
Source:
http://www.computerworld.com/
May 04, 2006
News Story by Cara Garretson
Called the Symantec Phish Report Network, this group was initially formed by antiphishing vendor WholeSecurity, which Symantec acquired last September. Symantec modified the terms of membership and is relaunching the network with the participation of RSA Security, eBay, PayPal, Wells Fargo and Yahoo.
Source:
http://www.computerworld.com/
Source: European Biometrics Portal
... the heart of the Europe Union, in Brussels, Belgium. The new centre is an interactive facility, designed to showcase advanced identity management solutions to customers and illustrate potential real-life examples of biometrics technology. These range from cutting edge e-ID card and passport technology to the very advanced biometric identification techniques including 3D facial, electronic iris and finger print recognition.
Source:
http://www.egovmonitor.com/
Start-up to ship a switch-based network-access control appliance
“The idea is to model vulnerability to malware,” Aziz says about the virtual-machine approach adopted by FireEye security purposes. Only Avinti, a start-up funded by Symantec and two venture-capital firms to detect unknown keyloggers and Trojans in e-mail, is known to be applying the virtual-machine concept in similar fashion in its iSolation Server.
Source:
http://www.computerworld.com/
May 03, 2006
By Peter A. Buxbaum
Thin clients contribute to enhanced security by concentrating security administration in the hands of trained professionals and taking it away from end users, who otherwise have to update their systems and applications against emerging threats. “You can’t ask users to be security experts,” said Alan Paller, director of research at the SANS Institute, a computer-security training organization. “That doesn’t work because attacks have moved from operating systems to users. You want to try to not allow users to hurt themselves. Thin clients are the only proven way of doing that, because you’re moving control out of the hands of users and putting it with someone who has better skill at maintaining security.”
Source:
http://www.military-information-technology.com/
By Holly Sraeel
When talking about security and the rising occurrence of financial crime, there are several factors to be considered, all of which are interconnected and imperative to resolve. These include understanding the changing nature of financial crime; the technologies available to counter attacks, particularly the growing number of online incursions; and the need to educate employees and customers on this digital warfare.
Source:
http://www.banktechnews.com/
May 02, 2006
...
All wireless Network Interface Cards (i.e., PC cards) used in corporate laptop or desktop computers must be registered with the computer security team and where possible enabled for access using MAC address control on the access points.
Lost or stolen cards should be reported immediately.
All computers with wireless LAN devices must utilize a corporate-approved Virtual Private Network (VPN) for communication across the wireless link. The VPN will authenticate users and encrypt all network traffic.
...
Source:
http://www.smartbiz.com/
First Product, SocketShield, Protects Users Against Drive-by Downloads, Malicious Web Sites and other Crimeware Exploits
ATLANTA, May 1 /PRNewswire/ -- Bob Bales and Roger Thompson, two computer security industry pioneers, have joined forces to launch Exploit Prevention Labs, a new computer security software company. The company's first product, SocketShield, now in beta, protects Internet users against the growing threat of zero-day exploits that take advantage of unpatched vulnerabilities in Windows operating systems and applications.
Source:
http://biz.yahoo.com/
Tom Espiner
ZDNet UK
Q The UK government claims identity theft will be cut by the upcoming UK ID card scheme. Will it actually mitigate the threat?ID cards will make identity theft worse. I'm not sure what they are supposed to solve.
Having a single ID is much more dangerous [than multiple IDs]. The risks are severe, as it makes ID much more valuable. Identity theft is fraud due to impersonation, and a centralised ID card is that much more valuable to criminals.
Identity can be hijacked, and cards can be faked. All of the 9/11 terrorists had fake IDs, yet they still got on the planes. If the British national ID card can't be faked, it will be the first on the planet. A national ID card is so costly and gives so little in return -- it's just a bad deal.
With its 2.2.2 Java Card release, Sun Microsystems has added contactless capabilities and biometrics support for smart card chip manufacturers and smart card vendors. The CTST announcement came prior to a talk on the "Future of Java Card" to be delivered by Sun's chief information officer. Beneficiaries of the new platform specification include telecom service providers, government IT agencies, and payment associations.
Source:
http://www.secureidnews.com/
Visa and Nokia launch phone payment pilot project in Malaysia.
By Jakob Holm
Consumers in Malaysia now have the possibility to shop and pay using their mobile phones. The possibility comes after Visa International and Finnish cell phone maker Nokia released the world's first credit card payment pilot system in the country.
During a four-month trial period Nokia and Visa is to test the system using a newly developed Nokia phone.
“The "Mobile Visa Wave Payment Pilot" project marks the first step in plans to turn
mobile phones into electronic wallets for consumers,” officials said.
The payment system builds on the Visa Wave smart card technology that uses radio frequencies to eliminate the need to swipe credit card into a reader.
Source:
http://www.scandasia.com/
By Elizabeth Millard
May 1, 2006 7:00AM
"In the early days, it was all about ego. At that time, hackers just wanted to prove they were smart," said Stuart McClure, head of McAfee's Avert Labs. "
Today, hacking is absolutely predominantly financial. Everything is driven by financial gain."
Sometimes referred to as "white hats," some hackers are not fiddling around with authentication and encryption to steal anything or even deface a Web site. Rather, the white hats are legitimately concerned about the security of either a single system or the Internet itself.
"Black hats," or "crackers," on the other hand, are the bad guys of the online world, the digital miscreants who steal data, perpetrate fraud, wreck Web sites, and generally make individuals and companies fearful and angry.
Source:
http://www.newsfactor.com/
Clipped Tag would chop transmission distance
News Story by Ann Bednarz
The latest to tackle the issue is IBM, which this week is expected to demonstrate its design for an RFID tag with a
disabling feature that limits -- but doesn't kill -- a wireless chip's ability to broadcast item information.
Source:
http://www.computerworld.com/
May 01, 2006
BLUE BELL, Pa.--(BUSINESS WIRE)--April 25, 2006--
While privacy remains a major concern of people around the world, new research from Unisys Corporation (NYSE:UIS) debunks some of the traditional myths concerning protection and use of identity credentials. The results show that a majority of consumers would share personal data if they knew the end user will securely protect their information and they can perceive a clear benefit in convenience gained.
Source:
http://home.businesswire.com/
By Dan Ilett
The government is ploughing too many resources into the ID cards scheme while failing to provide resources to fight e-crime, a member of the House of Lords has claimed.
Source:
http://www.silicon.com/
InsideDefense.com NewsStand | Jason Sherman | April 27, 2006
This focus on “identity assurance” for access to sensitive information and physical locations shifted after U.S. forces in Iraq began facing regular attacks from insurgents, said John Woodward, an intelligence analyst at the RAND Corp. and former director of the DOD Biometrics Management Office.
Source:
http://www.military.com/
Posted Apr 27th 2006 8:47AM by Ryan Block
... researchers at Carleton University in Ottawa, Canada are working on
a system for thought-based biometrics by scanning and interpreting each individual's unique brain-wave signatures that occur when they think of a certain thought or can identify patterns uniquely -- kind of like that Peter Pan pixie dust thing, except in this case you get granted access to your box.
Source:
http://www.engadget.com/
