Toward Buffer Overflow Extinction
The first time a buffer overflow was used as part of an attack on information systems, at least the best I can find, was the infamous 1988 Morris worm. While the Morris worm propagated across Unix, buffer overflows have been the bane of Windows security for years. Microsoft is furthering its efforts to push this problem into the history books.
When Criminal Intent Lurks One Cube Away
The ongoing Société Général fraud story is a case study in insider threats. The costs, north of $7 billion for the French bank, are high and likely to go higher. For the rest of us, it leaves an uneasy question: Do we have a rogue in our organization? And if so, what do we do about it?
Federal Government To Spend $30 Billion On New Security Efforts
One of the most interesting IT security news stories to hit this week is that the Bush administration is apparently proposing $6 billion (maybe this is an increase on existing spending. That's not yet clear) be invested to shore up federal network security next year, and up to $30 billion across seven years. This is good news. Maybe.
The Four (Non) Myths Of IT Security
Some of the reports and surveys security firm Symantec has provided over the years I've found both useful and informative. This most recent report, which hit today, isn't one of them.
IR for the Enterprise
Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features
Real Men Don't Fear the Web
Study reveals 'macho factor' in online security as many males express overconfidence in their system integrity
Are You SCAP Ready?
In case you missed it, about a year ago the Office of Management and Budget issued policy memorandum M-07-11, aka the Implementation of Commonly Accepted Security Configurations for Windows Operating Systems. Essentially, this mandates that all federal agency systems must adhere to the Federal Desktop Core Configuration (FDCC) by February 2008. That's this Friday.
Free Identity Theft Webinar Tomorrow
This week's release of a new report on Identity Theft (and strategies for avoiding and combating it) will be accompanied by an online Identity Theft Webinar tomorrow, Thursday, January 31, at 2 pm EST.
Point. Click. Phish.
Are you ready to launch your own phishing scam, but don't know where to start? Too tired from your day job to copy write your own fraudulent e-mails? Or, are you like millions of others who just don't know how to leverage Facebook or Orkut for illicit profit? These are no longer problems for you.
Lancope Reports Record Growth
Lancope dominates global network behavior analysis market in 2007; adoption of StealthWatch drives 100% growth for 2nd consecutive year
Third Brigade Joins PCI SSC
Third Brigade announces that it has joined the PCI Security Standards Council as a participating organization
Should Your IP Address Be Private?
The European Union has just ruled that Spain's Telefonica SA doesn't have to hand over the identities of file sharers on its networks . At least, not simply because the allegedly aggrieved party asks for such information.
Whoops: $73 Billion In Fraudulent Trades Just Slipped By Us
While there's no hard evidence yet released on what could prove to be one of the largest frauds in financial history, some details are starting to surface. It's my hunch that this case, other than its financial magnitude, will not prove much different than previous insider frauds.
IT Security Vs. Censorship
In a memo distributed to employees, Tribune Co. owner Sam Zell called for all of Tribune's business units to yank the use of content filters. Now, I'm not sure anyone, myself included, would list content filters among their most favorite things. Yet, I'm not so sure Zell made a good move -- at least not for Tribune's IT security.
Google, NTT, & GSA Deploy SAML 2.0
Organizations leverage SAML 2.0 Liberty Federation to enable business services, meet regulatory requirements, and protect against fraud
Happy Data Privacy Day!
We're less than a week away from finding out whether Punxsutawney Phil predicts six more weeks of winter. While we wait for him to make his annual weather forecast, we've got time to squeeze in another holiday. You may not be as familiar with this one -- there's no parades, gift-giving or time off from work. Frankly, it's a shame we have to acknowledge it at all. But it's a testament of the kind of world we live in. Today is Data Privacy Day.