Dennis Fisher talks with former White House cyber security adviser Howard Schmidt about the need for a cyber security czar, the rise of cybercrime and how to fix federal cyber security.
Simple mistakes by organisations can cause data loss, and those errors are making it easy for cybercriminals to flourish on the Internet, according to a forensics expert who investigated some of the world’s biggest security breaches.
Even for the most experienced security professionals, understanding complex attacks and vulnerabilities sometimes can be a serious challenge. A perfect example is the recent Microsoft IIS WebDAV vulnerability, which surfaced last week and has yet to be patched by Microsoft. It’s a complicated issue, which some experts say was made more so by the guidance that the software maker released about it. Luckily, Steve Friedl of Unixwiz.net has taken the time to make some sense of it all.
Whoever is brave enough to fill the soon-to-be-created cybersecurity czar position will find a rather large pile of challenges waiting. Among them will be dealing with a confused and argumentative Congress, doing a full-scale assessment of the country’s critical infrastructure and reaching out to all of the federal agencies that have been without leadership on cybersecurity for months. But none of those should be the cybersecurity czar’s top priority.
From Information Week (George Hulme)
Today the Center for Internet Security released a set of benchmarks designed to help consumers and businesses alike communicate using their favorite toy. Whoops, I meant smartphone. The guidance is worth a look.
There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.
A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.
The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it’s much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter. Read the full story [zdnet.com]
From The Washington Post (Ellen Nakashima)
The Obama administration is set to announce the creation of a new high-level position to run the cybersecurity program for the country. The announcement is expected on Friday, along with the release of the report on the administration’s 60-day review of the country’s cybersecurity posture.
The latest large-scale malware outbreak to hit the Web, known variously as Gumblar and Geno and Martuz, is a multi-stage attack that not only infects compromised machines with a number of separate pieces of malware but also has the ability to steal credentials and block the victim from taking actions to clean his PC.
From the Associated Press
Law enforcement computers were struck by a Mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
The U.S. Marshals confirmed it disconnected from the Justice Department’s computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. Read the full story [yahoo.com]