Group items tagged

Netbook web surfers beware. That low-cost netbook you're using could be a high-speed gateway into your life, bank accounts, passwords and other personal data. Netbooks have made headlines since their 2007 launch, making PCs accessible to millions of non-traditional users. But their cheap cost could also carry a steep price tag due to lax security that makes them easier prey for viruses and hackers. Since their introduction less than two years ago by Taiwan's Asustek, nearly all major PC makers, including Hewlett-Packard, Dell, Acer and Lenovo, have jumped on the netbook bandwagon. But their no frills nature, combined with low computing power and relative lack of sophistication among their users could combine to create the perfect storm for hackers and virus creators looking for easy targets, analysts say. "The Internet is full of dangers, regardless of what computer you are using," said Sam Yen, greater China marketing manager at anti-virus software maker Symantec. "But keeping in mind that the netbook is primarily used to surf the Internet, those dangers are possibly multiplied many-fold, especially if there is no anti-virus software installed in the machine." Price tags as low as $300 mean that netbooks often lack such standard gear as firewalls and other anti-virus software typically found in other computers, leaving them highly vulnerable to attacks. "Frankly, netbook security is not there yet," said Pranab Sarmah, an analyst at the Daiwa Institute of Research. "The positioning of the netbook means PC brands are going to do whatever it takes to make the price point attractive to consumers, which means keeping costs low." Many netbook users are relative Internet newcomers, and may not be aware of precautions they can take to protect themselves. Low computing power also means savvy netbook users may shut down critical security programs to boost speed. "It's a Catch-22 situation," said Gartner analyst Lillian Tay. "If you're running too many security prog

A former Fannie Mae IT contractor has been indicted for planting a virus that would have nuked the mortgage agency's computers, caused millions of dollars in damages and even shut down operations. How'd this happen? The contractor was terminated, but his server privileges were not. Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland (press report, complaint and indictment PDFs). From early 2006 to Oct. 24, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly targeted Fannie Mae's network after he was terminated. The goal was to "cause damage to Fannie Mae's computer network by entering malicious code that was intended to execute on January 31, 2009." And given Fannie Mae-along with Freddie Mac-was nationalized in an effort to stabilize the mortgate market Makwana could caused a good bit of havoc. Makwana worked at Fannie Mae's data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers. The tale of Makwana malware bomb plot is a warning shot to all security teams and IT departments. Given the level of layoffs we've seen lately the ranks of disgruntled former employees is likely to grow. Is there any company NOT lopping off a big chunk of its workforce? And some of these workers may even have Makwana's access privileges and knowledge of the corporate network.

Recent news reports on copier security have brought to the forefront how information stored on a copier's hard drive may be accessible to would-be identity thieves and others. While this vulnerability is eye-opening to many, this concern has been important to manufacturers for quite some time. Just as you would install a virus scan on your laptop or PC, you need data safeguards for multifunction printers (MFPs).

IT directors are adding multiple layers of protection to their networks and constantly upgrade those measures to adjust for new threats. Is this good? Is the Internet too broken to fix? Is there a better path to enterprise network security? One option is a new "gated community" Internet, where users give up their freedoms and anonymity for safety. My initiation to the Internet and the World Wide Web occurred in 1994 in a large meeting room at an Atlanta hotel. Most of the 100 or so seats were empty. Those in attendance seemed fairly rabid about this new network and took exception to one speaker's prediction that the Web would become a major marketing vehicle. "Not gonna happen," said one attendee. "We'll spam them into submission if they try. We won't let this become commercialized." I kind of chuckled to myself. Those early adopters were mainly concerned with protecting the Internet from commercialization and marketing. Security was not even part of the discussion. Now, it is threatening to dismantle the Internet as a communication and commerce tool. Cyber attacks on U.S. government computer networks increased a reported 40 percent in 2008, according to data from the U.S. Computer Emergency Readiness Team. More than 100 million credit card accounts at Heartland Payment Systems were compromised last year. In November, the Pentagon suffered from a cyber attack in the form of a global virus or worm that spread rapidly throughout a number of military networks, and caused the agency to ban the use of external storage devices, such as flash drives and DVDs. And this is just the tip of the Internet security Relevant Products/Services iceberg. Enterprise networks are being used to launch phishing Relevant Products/Services and other Internet scams, such as the Conficker worm that infected 12 million computers late last year. IT directors everywhere are adding multiple layers of protection to their networks and constantly having to upgrade those measures to adjust fo

In honor of this day, the California Office of Privacy Protection--the first governmental privacy office in the nation--has created a presentation which you can download from their Web site at www.privacy.ca.gov. It's called "Secure Your Computer to Protect Your Privacy," and it explains why computer owners should use Internet firewalls, install and maintain anti-virus and anti-spyware software, and keep their operating systems and applications up to date to protect themselves from malicious attacks. The state privacy office offers lots of other information on how Californians can protect themselves and their data. You can visit their Web site, call them toll-free at (866) 785-9663, or go Wednesday at 5:30 p.m. to the main San Francisco Public Library, where Joanne McNabb, the state's privacy chief, is scheduled to appear on a panel with representatives from Microsoft, Intel, the Center for Democracy and Technology, MySpace and Teen Angels. The panel is free and is part of an international effort to raise awareness about privacy practices and privacy rights

Symantec may not be concerned about the much-discussed Conficker virus, but the company is now dealing with an incident involving its own data security. Two weeks ago, the BBC published an investigative report in which reporters, working with an India-based middleman, bought credit-card information obtained from a Symantec call center. Cris Paden, a spokesman for the Cupertino, Calif., security-software firm, said it sent warning letters to the slightly more than 200 customers affected by the theft. It began an internal investigation immediately after being notified by the BBC. "We believe this was an isolated incident," Mr. Paden said, "but as the investigation continues, we will promptly notify any additional customers affected by the situation and will take appropriate action to protect their interests." In a letter to New Hampshire's attorney general, Symantec said, "We have no evidence that the credit card information of any United States resident was actually compromised." Mr. Paden added that to his knowledge, none of the stolen credit cards were used before their owners canceled them.

IT practices such as identity management, email and URL filtering, virus scanning and electronic monitoring of employees can get companies that do business globally into a heap of trouble if deployed without an understanding of global data privacy laws. The warning was one of several alarms raised in a presentation on global privacy best practices by Gartner Inc. analysts Arabella Hallawell and Carsten Casper at the recent Gartner Risk Management and Compliance Summit in Chicago. Always a thorny issue, the protection of personally identifiable information (PII) is made more complicated in a world where there is limited agreement on how best to do that. According to the Gartner analysts, the world is divided into three parts when it comes to data privacy laws: countries with strong, moderate or inadequate legislation. The European Union, under the European Union Directive on Data Protection, possesses the strongest privacy regulations, followed by Canada and Argentina; Australia, Japan and South Africa have moderate to strong, recent legislation; laws in China, India and the Philippines are the least effective or laxly enforced. The United States has the dubious distinction of occupying two categories -- the strong column, due to the 45 state breach notification laws on the books, and the weak column, because of the lack of a federal law. Even among the three categories, nuances abound. Under the European Union Directive, member countries enact their own principles into legislation, and some laws (like Italy's) are more stringent than the directive's standards. Russia's very recent law is modeled after the strong EU laws, but how it will be enforced remains questionable. And in the U.S., state breach notification laws vary, with Nevada and Massachusetts proposing the most prescriptive data privacy legislation to date.

Privacy and civil liberties advocates are urging lawmakers working on the forthcoming economic stimulus package to ensure that any language to spur adoption of electronic medical records includes meaningful security safeguards. The American Civil Liberties Union, Consumer Action, the National Association of Social Workers, Patient Privacy Rights and others sent letters to House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and President-elect Barack Obama Wednesday asking them to ensure individuals can control the use of their medical records and protect them from what they believe is a thriving industry of firms that share and sell medical data. "We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing. Katz said her group has been pleased with progress that the House Energy and Commerce, and Ways and Means committees made last year.

" One of the biggest security risks that companies face is employees who fall victim to phishing e-mails, which can lead to stolen log-in credentials and virus infections. SocialPET is a simple Web-based testing tool that lets businesses run their own phishing tests to find out which employees understand security procedures and which are at risk to falling prey to real phishing scams. "