We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Despite some improvements, the State Department still falls short in its information security efforts, according to a new report from Inspector General Howard J. Krongard. Nearly half of the 34 departmental posts and bureaus audited by the inspector general from April to September 2006 displayed shortcomings in IT security, according to the report.
After an auditor found serious security problems in the way it handled sensitive data on laptops, the Internal Revenue Service said it will have all laptops encrypted within the next few weeks. Speaking in an interview with National Public Radio over the weekend, Internal Revenue Service Commissioner Mark Everson said his organization was making the effort following a recently released audit that found unencrypted data on a large percentage of IRS laptop computers.
The government is taking some cautious steps toward what has been called Web 2.0, letting users contribute to rather than merely browse agency Web sites. The Patent and Trademark Office is piloting a program to invite online comment on patent applications. And the Federal CIO Council's Semantic Interoperability Community of Practice uses wiki software so that attendees and presenters can post material about the group's monthly meetings.
Male. Between 30 and 50 years old. Residing in California, Texas, Florida or New York. That's the most likely profile for a 2006 victim of web-based crime, according to a report from the FBI and the National White Collar Crime Center. The Internet Crime Complaint Center (IC3) processed 10 percent fewer cybercrime complaints last year than during 2005, according to the report. The amount of money lost, however, increased. The total dollar loss from all referred cases was more than $198 million for 2006, a $15 million increase from the year before.
Supporters of the Spy Act hope that the bill's third time is a charm. On Thursday, the anti-spyware bill--which has twice passed the U.S. House of Representatives only to be rejected by the Senate--got its third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection. The unwanted programs, in addition to stealing a victim's data, could also make an innocent PC user appear guilty of a crime. In Connecticut, a substitute teacher has been found guilty of four counts of risk of injury to a minor after her classroom PC started displaying pornographic pop-up ads. A forensic investigator working for the defense found that the computer had been significantly compromised by spyware programs, and security researchers have criticized the prosecution for not adequately investigating the digital evidence. The teacher is scheduled to be sentenced at the end of March.
The Internet's key site identity system is in mounting danger from new techniques that could cause havoc by turning it into a free-for-all market, the World Intellectual Property Organization warned on Monday. And the United Nations' agency said the latest trends in registering top-level domain names (TLDs) could undermine dispute procedures under which patent holders can pursue "cybersquatters."
As reports of cybersecurity incidents grow, U.S. Department of Homeland Security officials plan to improve their ability to work on the problem face to face with private-sector experts. The DHS plans to collocate private-sector employees from the communications and IT industries with government workers at the U.S. Computer Emergency Readiness Team (US-CERT) facility here, said Gregory Garcia, assistant secretary of cybersecurity and telecommunications at the DHS.
The Health and Human Services Department needs to exert stronger leadership in determining how to apply privacy to health IT initiatives. The agency is only in the early stages of privacy efforts and its plans are unclear, the Government Accountability Office said. HHS needs a comprehensive approach as part of its national strategy for health IT, including detailed plans, milestones and mechanisms to monitor the progress of privacy and other health IT developments, said David Powner, GAO
Corporate America is getting better about telling the U.S. government about serious security incidents, according to an official from the U.S. Department of Homeland Security (DHS). In 2006, companies, universities and government agencies reported 23,000 incidents to the U.S. Computer Emergency Readiness Team (US-CERT), up from 5,000 reported in 2005, Jerry Dixon, deputy director of the DHS's National Cyber Security Division (NCSD), said at the RSA Security Conference on Wednesday.
The Bush administration may withhold technology dollars from federal agencies that are lagging on cybersecurity, a top IT official said Wednesday. The philosophy goes something like this: The government shouldn't be spending money on agencies that want to build new systems when their overall management processes remain flawed.
The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) unveiled the National Cyber Alert System, an operational system delivering to Americans timely and actionable information to better secure their computer systems. As part of this program, Homeland Security is making available a series of information products targeted for home users and technical experts in businesses and government agencies. These e-mail products will provide timely information on computer security vulnerabilities, potential impact, and action required to mitigate threats, as well as PC security
The U.S. federal agency in charge of government technology standards approved on Thursday the accreditation of two laboratories to perform certification of election computers. The National Institute of Standards and Technology (NIST) recommended that iBeta Quality Assurance and SysTest Labs be allowed to test election equipment under the current guidelines, the U.S. Election Assistance Commission (EAC) said on Thursday. If the EAC approves the recommendations, the two companies will be the first to receive credentials under the new Voting System Certification and Laboratory Accreditation Program.
Federal superspy Jack Bauer battles fate and countless foes on the hit TV show
On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations. An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 "in the face of continuing and sophisticated threats" against Defense Department networks.
Once again it is time to take note of those security blunders from the past year that have given us so many opportunities to learn from our mistakes. It has been a year rich in opportunity, with one lesson in particular being repeatedly hammered home. So the second annual Bonehead Award for Notable Failures in IT Security goes to all of those people who think it is productive to carry around sensitive data on portable devices.
With the deadline to move their network backbone to Internet Protocol Version 6 still about 18 months away, agencies
China is fielding information warfare units and developing anti-satellite capabilities aimed at countering U.S. military technology, according to a U.S. congressional commission. China
The new Police and Justice Act, published today, could criminalise legitimate IT security activity. There are fears amongst security experts that changes it makes to the Computer Misuse Act will make it illegal to distribute some vital tools. The new law modifies the Computer Misuse Act of 1990, the cornerstone of Britain's anti-hacking law. The changes make clear for the first time that denial of service attacks are an offence; but they also address the distribution of hacking tools. The new Act will make a person guilty of an offence "if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, [a hacking offence]." The word "article" is defined in the Act to include "any program or data held in electronic form".
Questions in the House of Lords in June 2005 revealed that the Cabinet Office's Central Sponsor for Information Assurance unit was developing proof-of-concept systems using Security Enhance Linux to support remote working and web services. In May this year IBM revealed that it was involved in the project along with Red Hat, Tresys Technology, and Belmin Group.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
