Dennis Fisher: Okay, welcome
back to the Digital Underground podcast. This is the second in the
CSO podcasts that I’m doing and I’m really excited. I’ve got Larry
Whiteside on the phone. He’s the chief information security officer
at the Visiting Nurse Service of New York.
So we’re going to talk a lot about what specific issues he faces in his
day to day job, how they can apply to other CSOs in other industries,
we can all learn. So Larry thanks a lot
for being on the podcast.
Dennis Fisher: Okay, welcome
Dennis Fisher: Welcome to
the Digital Underground podcast. This is the first episode in what’s going to
be a series of podcasts with CSOs from states around the country. We’re going
to be discussing the unique challenges of running an InfoSec program in the
public sector and what lessons enterprise security staffs can learn from their
counterparts in government. So my guest today is Bob Maley, the chief
information security officer of the commonwealth of Pennsylvania. So Bob,
welcome to the podcast.
Dennis Fisher: Okay, welcome back to this CSO series podcast, also known
as Real World Security. My guest today is
Ed Bellis, the CISO of Orbitz Worldwide, one the top travel sites in the
world. Ed’s got a pretty broad range of
experience in the technology industry, having worked as a web architect at Ford
Motor Company, and a manager at Ernst & Young before getting into the
security world as a V.P.
[img_assist|nid=2206|title=|desc=|link=none|align=right|width=80|height=136]Botnets – apart from inundating out inboxes with spam – can also be
used for ulterior purposes such as executing DDoS attacks or hosting
websites, so understanding the “modus operandi” and size behind the
well-known names is a good idea; Here’s a top ten botnet list. Read the full article. [Help Net Security]
[img_assist|nid=2205|title=|desc=|link=none|align=left|width=100|height=100]Notre Dame University, who originally discovered a data breach back in early November 2009, said 24,000 NDU employees were affected. Read the full article. [The Observer]
[img_assist|nid=2204|title=|desc=|link=none|align=right|width=100|height=100]Security researchers have intercepted a new variant of the Zeus crimeware using Amazon’s EC2 services to command and control the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they lose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts. Read the full story [ZDNet]
[img_assist|nid=2202|title=|desc=|link=none|align=left|width=87|height=100]Cybercrooks have begun punting World Cup ticket and HD TV viewing scams as a successor to earlier lottery-based cons. Read the full article. [The Register]
[img_assist|nid=2203|title=|desc=|link=none|align=right|width=130|height=76]Admitted TJX intruder Albert Gonzalez has entered into a plea agreement
on charges that he hacked into Heartland Payment Systems, Hannaford
Brothers, 7-Eleven and two other unnamed national retailers. Read the full article. [Wired]
[img_assist|nid=2201|title=|desc=|link=none|align=left|width=100|height=100]New data compiled by Verizon in an addendum to its Data Breach Investigations Report shows that the vast majority of reported and investigated data breaches are the result of external incidents, not insider threats.
[img_assist|nid=2200|title=|desc=|link=none|align=right|width=100|height=100]An electronics testing firm in Louisiana is suing its bank, Capital One,
alleging that the financial institution was negligent when it failed to
stop hackers from transferring nearly $100,000 out of its account
earlier this year. Read the full article. [Washington Post]