Providing a resource like the Google Dashboard that presents all associated information in one place may actually create more privacy and security issues than it solves though.
If you know the right queries to use you can find usernames and passwords, financial spreadsheets, confidential documents, and more by leveraging the vast database of indexed information stored at Google.
Google delivers all of the juicy details it has about you in a one-stop-shopping resources like the Google Dashboard which also provides a juicy one-stop-shopping target for attackers
"Google Dashboard is akin to putting all of one's eggs in a single basket. The problem is that the average end-user is clueless on how to guard that digital basket.
So once that Google account is breached/hacked, the victim has their entire Google experience compromised."
"The new Google Dashboard addresses concerns that users have regarding just how much Google knows about them. Providing a resource like the Google Dashboard that presents all associated information in one place may actually create more privacy and security issues than it solves though."
Facebook “change-your-password” spam scam[s] are circulating
There are at least two Facebook "change-your-password" scams circulating in spam. Here's the first one. It tries to lure you to a malicious site to steal your Facebook login information.
"Facebook "change-your-password" spam scam[s] are circulating
There are at least two Facebook "change-your-password" scams circulating in spam. Here's the first one. It tries to lure you to a malicious site to steal your Facebook login information."
"Commonwealth Equity Services LLP of Waltham, Mass., agreed to pay the penalty for failing to have anti-malware software on its reps computers or written security policies to deal with security breaches. Securities brokers and registered investment advisors are required by SEC regulations to have written procedures to protect customer information."
"The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs - or "red flags" - of identity theft in their day-to-day operations. Are you covered by the Red Flags Rule? Read Fighting Fraud with the Red Flags Rule: A How-To Guide for Business to:
Find out if the rule applies to your business or organization;
Get practical tips on spotting the red flags of identity theft, taking steps to prevent the crime, and mitigating the damage it inflicts; and
Learn how to put in place your written Identity Theft Prevention Program.
By identifying red flags in advance, you'll be better equipped to spot suspicious patterns when they arise and take steps to prevent a red flag from escalating into a costly episode of identity theft.
Take advantage of other resources on this site to educate your employees and colleagues about complying with the Red Flags Rule."
1. Client-side software remains unpatched in general According to the report, major organizations on average take at least twice as long to patch client-side vulnerabilities as they take to patchoperating system vulnerabilities.
More than 60 percent of the total attack attempts on the Internet are against Web apps
"Companies are finding more than ever before that they really need to have good access policies and the right level of controls associated with those policies," said Chris Young, senior vice president of products at RSA. "Organizations often try to start out with a model of trust between permanent and temporary employees, but they also have to balance that trust with controls."
The four walls around a company's data servers are continuing to erode as end users are finding it increasingly easier to use Web-based tools and bring their work home and on the road. The latest survey finds that companies are more concerned than ever about unintentional employee errors that can lead to data leakage.
The Federal Trade Commission ("FTC") intends to apply the Red Flags Rule to lawyers and law firms, and those in the legal profession should prepare themselves by putting into place written programs to detect and mitigate against identity theft involving client accounts. Section 114 of the Fair and Accurate Credit Transactions Act of 2003 ("FACTA") directed the FTC and federal banking agencies to issue regulations requiring "financial institutions" and "creditors" to develop identity theft prevention programs designed to identify and detect "Red Flags" signaling possible identity theft. The FTC and the federal banking agencies finalized the regulations, commonly known as the "Red Flags Rule," in late 2007.
Like the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world. What are some warnings to remember?
* Don't trust candy from strangers * If it sounds too good to be true, it probably is * Don't advertise that you are away from home * Lock up your valuables * Have a backup plan
Why are these warnings important?\n\nLike the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world.\nWhat are some warnings to remember?\n\n * Don't trust candy from strangers \n * If it sounds too good to be true, it probably is \n * Don't advertise that you are away from home \n * Lock up your valuables \n * Have a backup plan \n\nClick on the link for details.
* How Do I Make Cybersecurity a Habit? * How Do I Fight Phishing Scams?
Cybersecurity is the responsibility of everyone that uses the Internet. To remind us of this important issue, October has been designated as National Cybersecurity Awareness Month.
The National Cybersecurity Division of Homeland Security is responsible for helping the protection of the cyber infrastructure. Each citizen uses this cyber infrastructure each time we use the Internet. By proactively educating everyone about cybersecurity, it will lower our Nation's vulnerabilities on the Internet and lower our collective risk. Securing cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire society-the federal government, state and local governments, the private sector, and the American people.
By protecting yourself on the Internet, you also protect others. How Do I Make Cybersecurity a Habit? Start with the Basics: Three Core Practices
* Install anti-virus and anti-spyware programs and keep them up to date. * Install a firewall and keep it properly configured * Regularly install updates for your computer's operating system
Make Ongoing Learning Easy with US-CERT Tips
Cybersecurity is an evolving issue. The U.S. Computer Emergency Readiness Team (US-CERT) Security Tips provide advice on common security topics, such as privacy, email spam, and wireless protection. The tips are sent to your e-mail once a month so that you can continuously stay up to date with changing technologies and threats. Visit US-CERT and sign up to receive US-CERT's Security Tips.
The thinking behind shifting responsibility to DHS from OMB is that Homeland Security has the cybersecurity expertise whereas OMB's proficiency is budgeting. "Already, the Department of Homeland Security is the coordinating agency on cybersecurity," the staffer said. "Now, what you're doing is drastically strengthening the role of DHS by putting into law and then also, giving them the ability to say, with FISMA, approve or not to approve agencies plans, controls, frameworks, the way they secure their systems."
The bill also continues the role of the National Institute of Standards and Technology as the key government agency to develop IT security guidance, but leaves it to DHS the decision which guidance has priority.
The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.
FTC officials announced in a statement that they would not begin enforcement of what they call the "Red Flag Rule" until Nov. 1. In the meantime, the statement said, the agency plans to add more information to its Web site. The agency is also emphasizing that it is unlikely to bring enforcement actions "if entities know their customers or clients individually, or if they perform services in or around their customers' homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft."
This is the third time the FTC has delayed enforcement of the new identity-theft rules, which under a 2003 law require businesses that act as "creditors" to set up a program to minimize risk. Lawyers, doctors and other professionals have protested the FTC's broad interpretation of "creditors" to include businesses that bill clients some time after providing services.
Research from Ponemon Institute Reveals Company-wide Strategy Governing the Use of Data Encryption Technologies Reduces Risk of Breach
LONDON, July 8 /PRNewswire/ -- PGP Corporation, a global leader in enterprise data protection, has announced the results of the third annual study by The Ponemon Institute, identifying the steps UK organisations are taking in order to safeguard their confidential data. The 2009 Annual Study: UK. Enterprise Encryption Trends study, which polled IT security professionals at 615 enterprises and public sector organisations, found that 70% of UK organisations have been hit by at least one data breach incident within the last year, up from 60% in the previous year. The number of firms experiencing multiple breaches was also up, with 12% of respondents admitting to more than five data loss incidents in the twelve month period (up from 3%). Less than half of these breaches (43%) were publically announced; there was no legal or regulatory requirement to disclose the remaining 57% of incidents.
Research from Ponemon Institute Reveals Company-wide Strategy Governing the Use of Data Encryption Technologies Reduces Risk of Breach
LONDON, July 8 /PRNewswire/ -- PGP Corporation, a global leader in enterprise data protection, has announced the results of the third annual study by The Ponemon Institute, identifying the steps UK organisations are taking in order to safeguard their confidential data. The 2009 Annual Study: UK. Enterprise Encryption Trends study, which polled IT security professionals at 615 enterprises and public sector organisations, found that 70% of UK organisations have been hit by at least one data breach incident within the last year, up from 60% in the previous year. The number of firms experiencing multiple breaches was also up, with 12% of respondents admitting to more than five data loss incidents in the twelve month period (up from 3%). Less than half of these breaches (43%) were publically announced; there was no legal or regulatory requirement to disclose the remaining 57% of incidents.
Focus on the Privacy of Individuals on Social Networking Sites is Well Founded, but Security Impact
Print article
Refer to a friend
2009-07-18 11:11:38 - Based on the Privacy Commissioner's recommendations to respect PIPEDA as well as the privacy of Canadians, Facebook has promised to review its practices. Companies should also pay close attention, as social networking sites can increase security risks and introduce new attack methods.
Toronto, ON July 18, 2009 -- The Commissioner's report sternly voices the common concerns of privacy-conscious Facebook users about the social networking site's approach to data collection, sharing and retention. By demanding changes to current practices, the Privacy Officer seeks to help Facebook implement protective controls that comply with Canada's federal law Personal Information Protection and Electronic Documents Act. "The added
disclosure practices and transparency around the use of personal information will go a long way towards building the trust of individuals and in my personal opinion, will improve Facebook's business rather than curtail its potential" according to Claudiu Popa, a recognized security expert and Informatica's founder. "However we must remember that social networking sites as a whole are information aggregators, they accumulate and consolidate detailed information about people and even employers. That's why we advise corporate clients to enforce policies regarding social networking and other online activity that could pose a threat to information security
". Over the past few years, organized criminals have improved phishing techniques, social engineering and other targeted attacks to the point where exploits are precisely targeted to individuals and organizations. This year, Informatica's Research division has observed a definite
Researchers at networking giant Cisco Systems Inc. are warning of the increasingly sophisticated cybercriminal underground economy and how it could be attractive to those having trouble finding work or facing layoffs in a troubled global economy.
"There's a lot of business sophistication," said Patrick Peterson, Cisco fellow and chief security officer. "Cybercriminals are taking a lot of Harvard Business School approaches, making them very difficult to combat, and it really does increase their success rate and the impact they have on us."
researchers are also seeing lower-volume, but more frequent botnet attacks. Peterson said it's a sign cybercriminals are trying to stay under the radar. Researchers from the University of California, Santa Barbara, who studied the Torpig botnet, discovered that it had been operating for several years, stealing login credentials for hundreds of thousands of online bank accounts.
The report also highlights how smartphones and social networking websites are being increasingly targeted by cybercriminals, lured by the massive amount of personal data displayed over time on websites such as Twitter, MySpace and Facebook.
Cisco has been tracking a rise in malicious SMS text messages, appearing from a trusted source prompting victims to call and reveal sensitive account information
"It's really all about social engineering to trick users, and with the amount of data people place in the public eye, it's become easier to conduct these attacks,"
Researchers at networking giant Cisco Systems Inc. are warning of the increasingly sophisticated cybercriminal underground economy and how it could be attractive to those having trouble finding work or facing layoffs in a troubled global economy.
TOPEKA | A legislative audit in Kansas has raised questions about the security of state computer networks and whether agencies are vulnerable to cyber attacks like a recent one against U.S. government Web sites.
The audit reviewed computer security issues at five state agencies and found some weak password controls and missing security patches for servers. And 39 percent of one unnamed agency's passwords were cracked within five minutes using free software available on the Internet.
Asked whether other agencies have the same vulnerability, auditor Allan Foster said Friday that the five tested represented a cross-section of state government
The audit took about two months and was in the works well before a widespread cyber attack on U.S. and South Korean government Web sites over the Fourth of July weekend. Officials suspect it originated in North Korea.
Seventeen of 133 servers scanned at the five agencies, or 13 percent, were missing at least one security patch for their operating systems, the audit found. Forty-nine were missing at least one patch for their software applications, and 30 were missing three or more patches for applications.
To breach an agency's passwords, hackers would have to find a vulnerable server, hunt down an encrypted list of passwords and copy it, Foster said. In the audit's case, agencies cooperated for testing purposes.
Still, even with the encryption, after 24 hours, the lowest percentage of cracked passwords was 23 percent.
TOPEKA | A legislative audit in Kansas has raised questions about the security of state computer networks and whether agencies are vulnerable to cyber attacks like a recent one against U.S. government Web sites.
The audit reviewed computer security issues at five state agencies and found some weak password controls and missing security patches for servers. And 39 percent of one unnamed agency's passwords were cracked within five minutes using free software available on the Internet.
Asked whether other agencies have the same vulnerability, auditor Allan Foster said Friday that the five tested represented a cross-section of state government
Koobface is sending out more bad links this time around.
The use of URL shortening services on Twitter have made it difficult for people to tell what Web site they'll end up at, Ferguson said. However, Twitter tools such as TweetDeck will show the full URL, which can help make people make a better security judgement, he said.
Some of Koobface's bad links have advertised, for example, videos of Michael Jackson, where the malware writers are trying to pique people's interest in current news events, said Graham Cluley, senior technology consultant for Sophos. If a person followed the link, it would lead to a Web site asking the user to download an upgrade for their Flash multimedia players but is actually Koobface,
Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.
The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person's Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.
"The new Google Dashboard addresses concerns that users have regarding just how
Snapshot
