Uncategorized


Understanding IPSec

This quick tutorial gives you a foundation for understanding the IPSec protocol and how it can be used to secure some online sessions.

Data security: Whose job is it really?

By Andrew Jaquith
Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.
Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization. Read the full story [csoonline.com]


By Carrie-Ann Skinner, PC Advisor
 
The credit card details of 19,000 Brits that shopped online were freely available on Google, it has been revealed. Anyone using the search engine could have easily accessed not only the name and addresses of thousands [infoworld.com] of Visa, Mastercard and American Express card holders, but also the full card details too.
 
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.  Google confirmed the information has since been removed.

By David Neal, vnunet.com

A recent warning from AT&T’s chief security officer, Edward Amoroso, that the cost of cyber crime is running into trillions of dollars [vnunet.com] has been confirmed by security firm Finjan.

Earlier this month Amoroso and a panel of security experts told a US Senate Commerce Committee that revenues from cyber crime now exceed those of drugs crime, and are worth some $1tn (£700bn) annually. The report [PDF from senate.gov] also warned that techniques are rapidly evolving.

By Robert Lemos, SecurityFocus
A number of security-focused open-source projects have announced their participation as mentoring organizations in Google’s Summer of Code [google.com].
They include the NMap Project, the OpenSSH project and the Honeynet Project.
Read the full article [securityfocus.com]

By Joan Goodchild, CSO
“The dean of the security deep thinkers,” “security luminary, ” and “risk-management pioneer” are all phrases that have been used to describe Dan Geer. Considered one of the foremost leaders in information security, his resume includes time as president and chief scientist at Verdasys Inc, a critical role in Project Athena at MIT, and a now famous firing from @Stake for co-writing a paper warning that a Microsoft monoculture threatened national security.
These days Geer, a 2009 CSO Compass Award winner, is CISO with In-Q-Tel, a non-profit venture capital firm that invests in security technology in support of the intelligence community. Geer recently spoke with CSO [csoonline.com] and explained why, despite all he has accomplished in his past, his sights are still set toward the future of security. Read the full Q&A interview.

By Peter Ferrie, Microsoft
Another day arrives and, with it, another way to run code. This time, it’s executing arbitrary code in System Management Mode (SMM) memory. That sounds kind of exciting, right? A SMM rootkit? Does that mean that we need an anti-malware scanner for SMM memory now? Or will it just fade away? All this and more will be answered shortly. But first…

By Michael Field, Sydney Morning Herald
 
TelstraClear, Telstra’s New Zealand subsidiary, has hired one of the worlds best known hackers [smh.com.au] — a teenager known as “Akill”. 
 
Owen Thor Walker, a 19-year-old who became the subject of a US Federal Bureau of Investigation’s “Operation Bot Roast” cyber crime investigation, was part of a hacker group known as the A-Team. 

By Katie Moussouris, Microsoft
Quite often in our industry, two (or five) people can look at the same problem from different angles, and see radically different things.  Rare is the situation that reads the same to everyone, forwards and backwards.  It’s all about perspective.
In my appearance on the ‘Partial Disclosure Dilemma’ Panel at SOURCEBoston this year, I found myself surrounded by great minds who most certainly do not think alike.  While there was some agreement and common ground between all parties on the dais, namely wanting to make the Internet safer and protecting people, there was little agreement on the best way to accomplish that goal. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.