53cur!ty 6109

Cyber Crooks Fish In Your Waters! by; Rick McCann www.privateofficer.com « Privateofficernews’s Weblog: "Their two-year rise might be the greatest success story of the former Eastern Bloc’s high-tech boom — if only it weren’t so illegal. The cash might be coming from your bank account, and they could be using the computer in your den to commit their crimes."

Source: privateofficernews

Being a Spy Technology Creator >> CRIMINOLOGY CEOLOGY >> Whistler's Blog at ZDNet UK Community: "We don't make software for the highest bidder, instead we make it for governments and agencies who vow to keep our name secret, because after all they are better at that than anyone in the tech industry."

Source: zdnet

State Hacking/Computer Security Laws: "I thought it would be a cool project to collect all of the state hacking/computer fraud laws I could find into one collapsible menu system."

Source: irongeek

SANS Institute - SANS Top 20 Internet Security Risks of 2007 Point to Two Major Transformations in Attacker Targets: "Scenario 1: The Chief Information Security Officer of a medium sized, but sensitive, federal agency learned that his computer was sending data to computers in China. He had been the victim of a new type of spear phishing attack highlighted in this year's Top 20. Once they got inside, the attackers had freedom of action to use his personal computer as a tunnel into his agencys systems."

Source: sans

Source: cisco

Another month, another monster Apple security update: "Including Monday's fixes, Apple has patched approximately 200 bugs in the nine security updates it has issued so far during 2007. Four of the nine featured fixes for more than 40 different vulnerabilities."

Source: computerworld

10 Tips on Using Public Computers Safely: "Carry your Own Software
There are many software applications that can run off USB drives. For example, the portable Firefox browser will keep its cache and sensitive data on the USB drive, not the public computer's drive."

Source: mysecurepc

The Fuss About Gmail and Privacy: Nine Reasons Why It's Bogus: "For that matter, the very act of sending an email message consists of having a number of programs on different machines read and store your mail. Every time you send an email message, it is typically routed through a number of computers to get to its destination. Run the traceroute command at a command prompt on any Linux or UNIX system (including Mac OS X) or tracert on a Windows system to see the hops that your internet packets go through from your machine to any destination site. Anyone equipped with a packet sniffer at any of those sites can snoop any mail that they want. In fact, the NSA recently proved the effectiveness of this approach by tracking down terrorists by way of their mail traffic."

Source: oreillynet

End Users Flout Enterprise Security Policies - Security services News Analysis - Dark Reading: "'We already know about users who create problems because they don't know the policy and about users who violate policies with malicious intent,' says Sam Curry, vice president of product management and marketing at RSA. 'What we're finding is that there is a third, growing group of users who knowingly violate security policy not to do something malicious, but because they are trying to get their jobs done. This sort of violation is innocent, but deliberate.'"

Source: darkreading

Free Preview - WSJ.com: "So far this year, more than 270 organizations have lost sensitive information like customer credit-card or employee Social Security numbers -- and those are just the ones that have disclosed such incidents publicly."

Source: wsj

Lessons Learned - WSJ.com: "Mr. Haephrati's Trojan took screenshots of the victims' computers at regular intervals. All of this information was sent back to nine servers, the back-office computers that store and process data, operated by the Haephratis and their cohorts."

Source: wsj

Holistic approach to security still missing, warns Ernst & Young - Computerworld UK - The Voice of IT Management: "Firms are still failing to implement a holistic approach towards information security as the security function remains too isolated from executive management and the strategic decision-making process, according to Ernst & Young’s tenth annual Global Information Secuirity survey."

Source: computerworlduk

China Link Suspected in Lab Hacking - New York Times: "A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security."

Source: nytimes

Enterprise Security Today | Hackers Get Federal Lab Visitor Data: "The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security . The practice is called 'phishing .'"

Source: enterprise-security-today

Insider Threat to Information Systems: "Example 7: On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code."

Source: rf-web.tamu

Bruce Schneier Blazes Through Your Questions - Freakonomics - Opinion - New York Times Blog: "Wireless is certainly the way of the future. From a security perspective, I don’t see any major additional risks. Sure, there’s a potential for messing everything up, but there was before. Same with power outages. Data transmitted wirelessly should probably be encrypted and authenticated; but it should have been over wires, too. The real risk is complexity. Complexity is the worst enemy of security; as systems become more complex, they get less secure. It’s not the addition of wireless per se; it’s the complexity that wireless — and everything else — adds."

Source: nytimes

How to Secure Your Computer, Disks, and Portable Drives | LISNews: "Bruce Schneier says Unfortunately, cryptography can't solve most computer-security problems. The one problem cryptography can solve is the security of data when it's not in use."

Source: lisnews

MI5 warns over China hacking menace | The Register: "MI5 has warned UK businesses of the threat posed by state-sponsored Chinese hackers. The UK security service has sent an advisory to banks and law firms warning them to guard against attack from 'Chinese state organisations'."

Source: theregister

Schneier on Security: Security in Ten Years: "Predictions are easy and difficult. Roy Amara of the Institute for the Future once said: 'We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.'"

Source: schneier

Photos: Inside Microsoft's war room | ZDNet Photo Gallery: "A good deal of Microsoft's current security practices can be traced to painful lessons learned over the past 10 years. Microsoft's Security Response Center, at company headquarters in Redmond, Wash., grew out of those lessons."

Source: ZDNet