Group items tagged

Social networkig may seed malware spread. Education is still one of the most successful computer security tools

Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web. 1) Most Web Posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites. Click here to find out more! Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently, and My.BarackObama.com was infected with malicious comment spam.

Update on Feb. 18, 8:33 a.m.: Facebook is backing off changes to its terms of service, informing users on their official blog that they will remain intact. "Over the past couple of days, we received a lot of questions and comments about the changes and what they mean for people and their information," Facebook CEO Mark Zuckerberg writes in the blog. "Based on this feedback, we have decided to return to our previous terms of use while we resolve the issues that people have raised." To learn more, read our original post below. Facebook is having trouble dousing the flames in a firestorm over its trustworthiness. A recent change in its terms of use -- the legalese tacked onto the bottom of most websites -- has sparked concerns that the social networking giant plans to own all users' information forever. Founder and CEO Mark Zuckerberg claimed in a blog post Monday that "on Facebook people own and control their information." But privacy advocates still aren't satisfied. "I think in simple terms it's a tug of war over user data," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington. "People put information on a Facebook page to share with friends. But it's pretty much with the understanding that they're deciding what to post and who has access to it. Facebook, like any other company, is trying to obtain maximum commercial value from its users."

A leading technology advisor to President Obama said in a research note for his investment firm today that privacy and net neutrality will be among the biggest telecommunications issues facing the Federal Communications Commission and the administration going forward. Analyst Blair Levin, who was the co-lead of Obama's technology and innovation team along with nominated FCC Chair Julius Genachowski, wrote in a Stifel Nicolaus research note that the economic crisis and change of administration will shift the focus of telecom policy away from traditional phone companies to "Internet/edge" players. Indeed, Google and other Web video and voice companies like Skype have been increasingly active in recent years at the FCC, pushing particularly for net neutrality rules that would prevent carriers from blocking or charging more for certain content that travels over the Web. Levin said in a note that net neutrality will emerge again as an issue in the new administration for wireless networks. On the other hand, there won't likely be a push for new net neutrality rules for cable, DSL, and fiber network carriers at the FCC. "(There is a) consensus emerging that disputes about whether a wireline network management tool is 'reasonable' (or is actually blocking or degrading traffic) to be resolved on a case-by-case basis," Levin wrote in the note with analysts Rebecca Arbogast and David Kaut. It would be a tough climb to impose rules that force wireless carriers to open their networks. Apple and AT&T successfully argued to lawmakers and regulators to keep their exclusive iPhone contract. Skype's petition to the FCC to force carriers to allow any handset or software to operate on any network was shot down by former FCC Chairman Kevin Martin. He said the biggest "sleeper" issue will be privacy. With a major overhaul of healthcare records to the Web, the rise in behavioral advertising and cloud computing, where information is stored in computers strung across many geographies

Even a booster of electronic systems like David Blumenthal, who just started his Washington post as the national coordinator of health IT, points to a myriad of challenges when it comes to digitizing the nation's medical records. Just take a look at his piece this month in the New England Journal of Medicine, in which he cites technical concerns and worries about patient privacy, among other things. In an interview with the WSJ, he said problems can crop up if the systems are installed too quickly and without enough technical support. There are plenty of potential advantages that electronic records can bring, from helping hospitals and doctors get information quickly on patients' medical histories to making catches when two drugs are being prescribed that may interact dangerously together. But there are also risks: Take a look at a study in Pediatrics that cites the case of Children's Hospital of Pittsburgh, which initially saw a rise in the death rate for certain patients after computerizing its order-entry system, perhaps because it took longer to begin their treatment. (The hospital told the WSJ the study was "flawed," adding the mortality rate had fallen since then.) The WSJ also cites the case of a patient who was initially given an incorrect diagnosis based on a mix-up involving electronic records and a test result for another patient. Health Blog Question of the Day: What's been your experience with electronic records? Do they prevent safety problems or create new risks?

The FBI has used a secret form of spyware in a series of investigations designed to nab extortionists, database-deleting hackers, child molesters, and hitmen, according to documents obtained by CNET News. One suspect used Microsoft's Hotmail to send bomb and anthrax threats to an undercover government investigator; another demanded a payment of $10,000 a month to stop cutting cables; a third was an alleged European hitman who was soliciting for business from a Hushmail.com account. CNET News obtained the documents -- totaling hundreds of pages, although nearly all of them were heavily redacted -- this week through a Freedom of Information Act request to the FBI. The FBI spyware, called CIPAV, came to light in July 2007 through court documents that showed how the bureau used it to nab a teenager who was e-mailing bomb threats to a high school near Olympia, Wash. (CIPAV stands for Computer and Internet Protocol Address Verifier.) A June 2007 memo says that the FBI's Deployment Operations Personnel were instructed to "deploy a CIPAV to geophysically locate the subject issuing bomb threats to the Timberline High School, Lacy, Washington. The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.com."

Should responsibility for defending against cyberattacks be moved from the Dept. of Homeland Security to the military? Air Force Gen. Kevin Chilton suggested as much at a Congressional hearing where he warned of U.S. vulnerability to cyberwarfar "across the spectrum." Such attacks "potentially threaten not only our military networks, but also our critical national networks," Chilton told a House Armed Services subcommittee, the Washington Post reported. As head of Strategic Command, the general isn't responsibel for defending civilian networks, just government computers. [Stratcom's responsibility is] "to operate and defend the military networks only and be prepared to attack in cyberspace when directed. I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them." Well, that's where the 60-day interagency overview of cybersecurity comes in. At the end of that, Chilton said, responsibility for protecting private sector networks may well fit under Stratcom's duties. So what impact in having the military at the center of cybersecurity? Importantly, it brings offensive ops into the defense game. And where the military is involved, can NSA be far behind? No. Operational control over both [offensive and defensive ops], Chilton said, has been delegated to Lt. Gen. Keith B. Alexander, the head of the National Security Agency. … NSA, according to Chilton, already has a role in information security, and the agency's support "has been instrumental in our efforts to operate and particularly to defend our networks," he said. Combining oversight of cyber defense and offense made sense, Chilton said, "because they're so interconnected. . . . As you consider offensive operations, you want to make sure your defense are up."

Is your bank on the list?

Failed Banks Thirty-six banks have failed this year, up from the 25 that shut down in 2008, which included Washington Mutual, the largest bank failure in US history. While the banks that have closed this year are not as large as WaMu, there have been some substantial banks that failed with assets in the billions. Click on to find out which of them rank as the 10 largest failures so far in 2009. Source: FDIC Posted June 4, 2009 »Slideshow: Largest Bankruptcies »Slideshow: World's Safest Banks

The D.C. agency that handles college financial aid requests said yesterday that it had accidentally e-mailed personal information from 2,400 student applicants to more than 1,000 of those applicants. The Office of the State Superintendent of Education (OSSE) said it has notified all students of the breach, which occurred when an employee of the agency's Higher Education Financial Services Program inadvertently attached an Excel spreadsheet to an e-mail. The information included student names, e-mail and home addresses, phone and Social Security numbers and dates of birth. The disclosure involved the "DC OneApp," an online application that allows D.C. students to apply for a series of grant programs. They include DCTAG, which provides awards of up to $10,000 toward the difference between in-state and out-of-state tuition at public four-year-colleges in the 50 states. The accidental disclosure went to about 1,250 DCTAG applicants, officials said. OSSE never publicly announced the breach, which occurred Wednesday. It did express regret for the incident in an e-mail sent to students and parents the next day. A parent made the e-mail available to The Washington Post over the weekend.

Visa Inc.'s top risk management executive today dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure. Speaking at Visa's Global Security Summit in Washington, Ellen Richey, the credit card company's chief enterprise risk officer, insisted that despite recent data breaches at two payment processors, the Payment Card Industry Data Security Standard (PCI DSS) "remains an effective security tool when implemented properly." Richey added that breaches such as the ones at Heartland Payment Systems Inc. and RBS WorldPay Inc. were shaping public opinion and obscuring what otherwise has been "substantial progress" on the security front over the past year. "I'm sure that everyone in this room has read the headlines questioning how an event of this magnitude could still happen today," Richey said, referring to the Heartland breach. "The fact is, it never should have" - and indeed wouldn't have if Heartland had been vigilant about maintaining its PCI compliance, according to Richey. "As we've said before," she continued, "no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach." Pointing to Visa's decision last week to remove both of the breached payment processors from its list of PCI-compliant service providers, Richey said that Heartland would face fines and probationary terms that were proportionate to the still-undisclosed magnitude of the breach. "While this situation is unfortunate, it does not make me question the tools we have at our disposal," she said of the PCI rules.

Congress already has more than 40 committees and well over 100 subcommittees. Does it really need one more? How about another task force? Or a working group? Yes, says Sen. John McCain: A new panel is needed to cope with a relatively recent and unquestionably grave threat - hacking.

The rise and fall of PRBC is a case study of the growing market for our personal financial data, where the incentives for helping consumers and making profits don't always align.