Terror Alert System Reviewed 07/29/2009

The multicolored terror alert system that was created after the Sept. 11, 2001, attacks could be getting an overhaul — or could be eliminated entirely. Homeland Security Secretary Janet Napolitano is expected to appoint a panel Tuesday to reevaluate the system, a senior administration official said. The five-tiered system that goes from green, which signals a low danger of attack, to red, which signals a severe threat of attack, has proven to be confusing at times, and critics say the different colors are too vague to deliver enough information to be useful.

Border Security 07/29/2009

A report by the Brookings Institution scheduled to be unveiled Tuesday in Detroit found that federal officials now treat security at Canadian and Mexican crossings into the U.S. the same, despite the differences between its southern and northern neighbors. The Washington-D.C.-based research group began work on the study last year with the Detroit Regional Chamber of Commerce as the Detroit and Windsor, Ontario, is the busiest Canadian-U.S. corridor. It sees about 400,000 people each day and about 16 million cars, trucks and buses going back and forth each year.

ActiveX Hole 07/28/2009

Attackers are exploiting a new critical ActiveX hole in Microsoft Office to take control of PCs by luring Internet Explorer users to malicious Web sites, Microsoft said on Monday. The zero-day hole, the third one announced by Microsoft in less than two months, is in Office Web Components ActiveX controls used to display and publish spreadsheets, charts, and databases to the Web.

Associated Press Fights Piracy 07/28/2009

Vowing to fight unauthorized reproduction of news reports online, The Associated Press said Thursday that it would add software to each article showing who created it and what limits apply to the rights to use it. The software will also notify the A.P. about how the article is used across the Web. The new program, approved Thursday by the A.P. board, follows through on a statement the company made in April that it would take on digital piracy not only for itself, but on behalf of embattled American newspapers, which own the A.P., a nonprofit corporation. But the announcement raises many unanswered questions, including who the intended targets are, what the legal limits are on using material online, and what redress it will seek.

Hotel Security 07/27/2009

Western hotel owners predict the growth of luxury brands will continue relatively undaunted in Asia despite the latest bombings at two such hotels in Indonesia. However, the incidents could put pressure on some hotels to beef up security measures at a tough time for the industry. The bombings Friday killed nine people and injured more than 50 others at the JW Marriott and Ritz-Carlton hotels in central Jakarta. They followed others in recent years at Western-branded hotels, potentially giving pause to developers of hotels under construction in Asia.

Twitter Hacks 07/27/2009

The Twitter hack that compromised sensitive company documents stored on Google Docs might illustrate gaping holes in password security policies, but Twitter attacks will likely increase as long as the micro-blogging site remains popular, security experts say.

Security PowerPoints 07/26/2009

Great collection of security powerpoint templates.

Tagged Accused of Stealing Identities 07/25/2009

New Yorks attorney general charged Thursday that Tagged.com stole the identities of more than 60 million Internet users worldwide — by sending e-mails that raided their private accounts. Andrew Cuomo said he plans to sue the social networking Web site for deceptive marketing and invasion of privacy.

Security Standards 07/24/2009

Dartmouth researchers who were pioneers in Public Key Infrastructure PKI – a system that secures and authenticates computer communications – are now playing leading roles establishing Internet standards and guidelines for security. Secure Internet activity requires being able to prove who you are. Security experts agree that the traditional approach of passwords is not always effective. PKI and public key cryptography solve these problems, and Dartmouth researchers are leading the way in helping organizations deploy PKI. A new system developed at Dartmouth called PRQP, which stands for PKI Resource Query Protocol, is now in the pipeline with the Internet Engineering Task Force IETF to become the universal way to easily implement PKI-enhanced computing security.

Weak Security 07/23/2009

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers. And while you may take steps to protect yourself against identity theft, an Associated Press investigation has found the banks and other companies that handle your information are not being nearly as cautious as they could.

Security Dual 07/22/2009

The two leading makers of computer security software, Symantec and McAfee, are like preachers who conduct dueling tent revivals. They boast and frighten and denounce each other while trying to convince the crowd that their particular brand of salvation will ward off the devil — in this case, malicious e-mail viruses and evil Internet worms. The stakes are huge: millions of global followers willing to donate a steady sum every year for protection against online threats. Recently, the competition between the two has become fiercer, as both have tried to get their software tied to more new personal computers, Web sites and Internet service providers. McAfee has been particularly aggressive, using a string of deals with large PC makers in a bid to usurp Symantec’s leadership position.

EU Asks China to Reconsider 07/22/2009

The European Union Chamber of Commerce in China urged Beijing to reconsider implementing a controversial Internet filter, saying on Monday it raised serious concerns about security, privacy and user choice. The EU Chamber said it supported measures to protect children from potentially harmful content on the Internet, but this goal could be better achieved through a healthy and open dialogue on parental controls.

DEFCON 07/21/2009

DEFCON 17 will be held July 30 - August 2, 2009, at the Riviera Hotel and Casino in Las Vegas! Admission is $120 USD at the door.

Download Interference 07/20/2009

Kaspersky Lab Inc. has won immunity in a court case that pitted customers of Zango against the Woburn-based security software firm. The case, which offered an unprecendented ruling, involved Zango users who claimed the software interfered with Zangos downloadable programs. Zango is a provider of free online videos, games and music. According to a release from Kaspersky Lab officials, Kasperskys software targeted Zango software as malware and, as a result, protected users from downloading it.

ATM Security Problem 07/19/2009

Router maker Juniper Networks has barred one of the company's security researchers from discussing security flaws in Automated Teller Machines after an ATM maker threatened legal action. Staff Security Researcher Barnaby Jack had been set to deliver a July 30 talk entitled Jackpotting Automated Teller Machines" at the Black Hat security conference in Las Vegas. But Jack abruptly asked conference organizers to pull the talk on Monday, according to Black Hat Director Jeff Moss. The talk has also been pulled from Black Hats sister conference, Defcon, he added.

Postini Spam Filtering 07/18/2009

The computer security industry historically borrows military defense concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook. Not so at Googles Postini e-mail security service provider unit. Instead, computerized systems monitor 3 billion messages per day that flow in and out of customer systems and pass through Postinis thousands of machines in data centers around the U.S. and in Europe before hitting the Internet. The Postini system is highly automated, distributed, and scalable, characteristic of all of Googles operations. Googles Gmail antispam efforts are separate from those of Postini, which Google acquired two years ago, although it follows similar computerized operations and the teams have started to integrate the processes.

Google Mastery 07/17/2009

Here is a skill that you may not have realized you need, but you need it: Become a master of Internet search. Obviously I am talking about a lot more than tossing a few words in the Google box and pushing the search button. I'm talking about understanding how to run very specific searches to find information leaks within your company and outside of it, whether intentional or accidental. Such leaks might come in the form of intentional, outright posting of sensitive information by ex-employees. Or they might be misconfigured or forgotten Web applications that were not supposed to be publicly accessible.

Jackson Security 07/16/2009

Security researchers warned Thursday of the increasing levels of viruses and spam using Jacksons name to snare unsuspecting users. One e-mail carries the subject line Remembering Michael Jackson was circulating with a worm in tow. The e-mail has a zip file attached that infects victims if downloaded.

Facebook Security Concerns 07/15/2009

Facebook has come under fire from internet security experts over a relaxation in its privacy settings, which may place younger people at increased risk of being preyed on. The popular social networking site — which has over 900,000 users in Ireland alone — is testing new settings that recommended a privacy level which exposes much of the users information to strangers. They will also have the option to share their information with everyone, in a move widely perceived as a response to Twitter, the micro-blogging site which has rarely been far from the news in recent weeks.

Cyber Security vs Privacy 07/15/2009

The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections. The pilot program, known as Einstein 3, was supposed to launch in February. But the Department of Homeland Security is still pulling the plan together, according to senior administration officials. Einstein 3 has triggered debate and privacy concerns because the program will use National Security Agency technology, which is already being employed on military networks.

Real Time Threat Detection 07/14/2009

Intenet backbone company, Interoute has launched a free tool aimed at providing up-to-date information on security threats. The Internet Barometer draws on information provided by 22 sensors placed at strategic points on the Interoute backbone network and gives accurate information on the volume of threats on the Internet at any one time.

Software Industry Conference 07/13/2009

Lots of security topics including software protection and minimizing fraud are on the schedule for the 20th Software Industry Conference July 16-18th in Boston, MA.

Britain Steps Up Cyber Security 07/13/2009

Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds or $82 billion dollars spent a year online in its economy. Launching Britain's first national cyber security strategy, security minister Alan West said hostile states and criminals were increasingly attacking British interests online and al Qaeda and like-minded groups were seeking the ability to do so.

ABCs of RSS 07/12/2009

Implementing RSS or Really Simple Syndication can be aided by an understanding of the terms relating to RSS. Learn the ABCs of RSS....

Outsource Ecommerce to Reduce Fraud 07/11/2009

Online payment fraud is huge problem, and creating a reliable fraud screening system is not only very time consuming, but also requires constant updating and maintenance. Software e-commerce providers invest in top notch fraud screening. complete article

PowerPoint Security Templates 07/09/2009

Perfect for professional Security Presentations. PowerPoint Templates for security topics.

Symposium on White Collar Crime 07/08/2009

A first-ever public symposium about the dramatic effect high-tech white-collar crime has on society will be held in August to educate the public on how they can prevent becoming a victim of Internet and financial scams. The event, called Local to Global: Protecting our community and beyond, will give both the public and law enforcement officers a better idea of how white-collar crime affects each and every community, and what law enforcement officers, security professionals and the citizens can do to protect themselves from becoming a victim. The conference and exhibition, which is being held on Aug. 20 in Fairmont at the Technology Park Research Center, will feature speakers, classroom instruction and demonstrations from members of the West Virginia High Tech Consortium and the National White Collar Crime Center, said Craig Butterworth, communication specialist for the NW3C.

Steps Businesses Can Take to Go Green 07/07/2009

A business that makes the decision to be environmentally-conscious will often promote goodwill among potential customers, while making the world a better place for future generations. Many businesses hesitate to adopt green practices because they fear it will hurt their bottom line and negatively impact profits. But many eco-conscious businesses discover that they can actually save money and bring in new customers who specifically patronize companies that actively make an effort to be environmentally friendly. Many customers may even be willing to pay a bit more for a product or service from a company that is green. Many businesses already do things that are eco-friendly, not necessarily because they are sensitive to green living, but simply to save money. That does not, however, diminish the value of their green efforts. The trick for businesses is to be eco-friendly without compromising profitability. Steps Businesses Can Take to Go Green

Clickjacking 07/06/2009

Just when you think you have got everything under control, a new Internet security problem pops up. This time, it is called clickjacking. It is legal, so your spyware or anti-virus programs do not block it. It is a common feature of Web programming that in the wrong hands can cause mayhem. A Webmaster or a hacker can program an invisible box over a legitimate Internet link. The box contains a link. Click on the harmless link and the invisible one executes untoward things. The script opens an invisible frame and does its deed. The problem with this is your computer is being controlled by somebody else who may be more than a prankster.

Aviation Security Risks 07/05/2009

At least six men suspected or convicted of crimes that threaten national security retained their federal aviation licenses, despite antiterrorism laws written after the attacks of Sept. 11, 2001, that required license revocation. Among them was a Libyan sentenced to 27 years in prison by a Scottish court for the 1988 bombing of Pan Am 103 over Lockerbie. In response to questions from The New York Times, the Transportation Security Administration, which is supposed to root out such individuals, announced that the Federal Aviation Administration suspended the licenses on Thursday. The two agencies appeared to be unaware that the men were among the nearly one million people licensed as pilots, mechanics and flight dispatchers. They were identified by a tiny family-owned company in Mineola, N.Y., demonstrating software it developed to scrub lists of bank customers for terrorism links.

Happy 4th of July - Independence Day 07/04/2009

Happy 4th of July - Freedom to all, especially those in Iran.

CyberCommand 07/03/2009

Department of Defence sanctions creation of new, united military command focused on protecting America from online attack - and waging information warfare.US defence secretary Robert Gates ordered the formation of the group earlier today, following a period of debate over the best way to defend the country from attacks over the internet. The command - which will unite a string of organisations run by the army, navy, air force - plans to tie them together into a single, coherent group that is able to both defend the United States from information warfare and strike out at hostile nations if necessary. The Department of Defence said that the group is set to begin operating later this year, and plans to be fully operation by October 2010. The move comes amid growing concern over the possibility of and the threat of cyber-espionage - including perceived attacks from inside China and Russia.

Spy Satellite Killed 07/02/2009

Homeland Security Secretary Janet Napolitano has decided to kill a controversial Bush administration program to use U.S. spy satellites to collect domestic intelligence for counter-terrorism, law enforcement and security, a senior Homeland Security official said Monday evening. The National Applications Office program was established in 2007 to provide up-to-the-minute electronic intelligence to local and state law enforcement. But it has been delayed due to concerns by privacy and civil liberties advocates -- and by some lawmakers -- that it would intrude on Americans lives.

Telecommuting Security Mistakes 07/01/2009

According to figures released recently by the Nemertes Research Group, an Illinois-based research advisory firm, as many as 71 percent of U.S. companies offer full-time or part-time telecommuting to employees. Despite the large number of employees who work out of office, another recent study from The Center for Democracy and Technology found many continue to sideline the issue of telecommuting security in favor of more urgent needs. complete article

Nuke Detector Issues 06/30/2009

Federal investigators say the governments next generation radiation detectors are only marginally better at detecting hidden nuclear material than monitors already at U.S. ports, but would cost more than twice as much. The machines are intended to prevent terrorists or criminals from smuggling into the U.S. a nuclear bomb or its explosive components hidden in a cargo container. The monitors now in use can detect the presence of radiation, but they cannot distinguish between threatening and nonthreatening material. Radioactive material can be found naturally in ceramics and kitty litter, but would be of no use in making a bomb, for instance.

Man Sues Homeland Security 06/28/2009

Steve Bierfeldt was standing in the security line at Lambert International Airport in St. Louis when he was detained by TSA officials for carrying too much money. Bierfeldt was put in a room for a half hour and asked a series of questions about the $4,700 in his possession. He says he had raised the money at a St. Louis event for the Campaign for Liberty—an organization with roots in Ron Paul’s 2008 presidential campaign. Angry and concerned over being detained, Bierfeldt has filed a federal lawsuit  against Homeland Security for what he calls an unreasonable search and violation of his constitutional rights.

China and Cuba Censor Information from Iran 06/29/2009

Out of fear that history might repeat itself, the authoritarian governments of China, Cuba and Burma have been selectively censoring the news this month of Iranian crowds braving government militias on the streets of Tehran to demand democratic reforms... In China, political commentators tinted their blogs and Twitters green to show their support ...

Jackson Death Slows Internet 06/28/2009

The internet suffered a number of slowdowns as people the world over rushed to verify accounts of the death of Michael Jackson. Search giant Google confirmed to the BBC that when the news first broke it feared it was under attack. Millions of people who searched for the stars name on Google News were greeted with an error page. It warned users your query looks similar to automated requests from a computer virus or spyware application.

Current Blog

2009 Securty Blog Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive