Friday, May 1, 2009

Friday 05/01/09

Fight to legalize iPhone jailbreaking set for Friday Apple's iPhone marketing chief will square off against the Electronic Frontier Foundation and others Friday as the U.S. Copyright Office considers whether to allow an exemption to the U.S. Digital Millennium Copyright Act (DMCA) that would permit jailbreaking. Read more...

----------

IT director pleads guilty to deleting organ donation records
May 1, 2009 (IDG News Service) The former IT director for a nonprofit organ and tissue donation center pleaded guilty to a charge that she broke into the organization's computer network and deleted organ donation database records, invoice files, and database and accounting software, the U.S. Department of Justice (DOJ) said.

Danielle Duann, 51, pleaded guilty Thursday in U.S. District Court for the Southern District of Texas to a charge related to illegally accessing the computer network of LifeGift Organ Donation Center in Houston. Duann was indicted in June on one count of causing damage to a protected computer.

----------

Report: U.S. needs 'transparent' policies for carrying out cyberattacks
... the U.S. has no clear legal or policy framework governing the development and use of such capabilities, the National Research Council warned in a report released yesterday.

----------

CEO sentenced for trashing client's Web site
... Minecode, of Bellevue, Wash., had built the online gift shop for wine retailer Vinado, but things soured in late 2006. According to the DOJ, things got so bad between the two companies that Samal ordered Verma to disable Vinado's online gift shop. The next month Samal "caused commands to be transmitted to Vinado's Web site that resulted in the deletion of Vinado's Web site, e-mail server and database in its entirety," the DoJ said.

----------

New standard for encrypting card data in the works; backers include Heartland
ASC X9 standards body launching encryption initiative with breached payment processor Heartland Payment Systems playing a big role.

----------

Federal CISOs: Bad economy could create vulnerabilities
Federal CISOs see some opportunities in the difficult economic times, with 48% of respondents saying the economy will make it easier to retain key security workers. Forty-three percent said the recession will create more vulnerabilities, according to the survey, by Cisco Systems, Government Futures and the International Information Systems Security Certification Consortium, or (ISC)2.

----------

Update: Twitter CEO confirms hack
On Wednesday, an anonymous hacker going by the name of Hacker Croll posted 13 screenshots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter.

----------

Facebook Boosts Security After Dual Phishing AttacksNewsFactor - Fri May 1, 12:18 PM ET
Facebook has brought in some soldiers to fight the war against malware and phishing scams on the social-networking site. After two different malware attacks this week, Facebook announced it would begin using San Francisco-based MarkMonitor's antifraud services as an additional layer of protection against attacks.

----------

Beware Swine Flu Spam Spammers seize on the timely topic to peddle meds, push money-making schemes, and even plant viruses of their own.

----------

Password != secure
Reading a story on how an attacker broke into the administrative interface to twitter was the following quote: "One of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found her twitter password." Social engineering and good guessing trumps security every time. Twitter have confirmed the intrusion, so sad but true. No hacking necessary. I could probably rant for hours on the subject, but most of you know the story. Enough said.

----------

The class Eric wants as #1 as soon as the budget freeze is over:
Incident Management

Continuing on the discussion started here regarding Incident Response and Incident Handling, let's now introduce Incident Management. One of the issues we face in IT security is that we do not always use a common set of definitions or terminologies, so I find explaining what I mean is helpful when I say Incident Management, which may be different from what others understand. Looking at a couple of industry definitions we can see that they differ somewhat, but have common themes.

From ITIL: The objective of Incident Management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. From SEI: An incident management capability is instantiated in a set of services considered essential to protecting, defending, and sustaining an organization’s computing environment, in addition to conducting appropriate response actions.

From ISO/IEC 27002: Information security incident management - anticipating and responding appropriately to information security breaches.

From US-CERT: An incident management capability is the ability to provide management of computer security events and incidents. It implies end-to-end management for controlling or directing how security events and incidents should be handled. This involves defining a process to follow with supporting policies and procedures in place, assigning roles and responsibilities, having appropriate equipment, infrastructure, tools, and supporting materials ready, and having qualified staff identified and trained to perform the work in a consistent, high-quality, and repeatable way.

----------

Swine Flu: What Exactly Does Phase 5 Mean?
The World Health Organization has raised its pandemic alert level to 5 because of the swine flu. Here's what it means for your company.
Read more

----------

Canada joins China, Russia in US list of top IP scofflaws
May 1, 1:24 p.m. UTC - by Jacqui Cheng Posted in: Law & Disorder
The usual suspects have shown up once again on the US Trade Representative's annual Special 301 report on nations that need to step up their game when it comes to enforcing intellectual property rights. But this year, the USTR elevated Canada to the same level as China and Russia, which has some critics incredulous towards the US' motives.
Read more

----------

From the Microsoft MSRC blog:
Changes in Windows to Meet Changes in Threat Landscape

----------

MI6 Nixed Major Undercover Operation After Memory Stick Lost
By Kim Zetter
May 1, 2009

The United Kingdom’s MI6 agency acknowledged this week that in 2006 it had to scrap a multi-million-dollar undercover drug operation after an agent left a memory stick filled with top-secret data on a transit coach.

----------

No comments: