We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
On the surface, the results of the 11th annual CSI/FBI Computer Crime and Security Survey are positive, with fewer companies reporting financial loss from data breaches compared to last year. But a majority of companies are still reluctant to report security breaches to law enforcement, suggesting that the survey isn't capturing the full extent of the problem.
It was one year ago that Homeland Security secretary Michael Chertoff announced a departmental reorganization that would create an assistant secretary for cybersecurity and telecommunications.
The U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program's RFID system has not done enough to secure personal data stored in its Automated Identification Management System (AIDMS) database, according to a recent partially-censored report issued by Richard Skinner, the inspector general of the Department of Homeland Security. US-VISIT is a program established in 2004 by DHS to control and monitor the entry, visa status and exit of foreign visitors to the U.S.
Computers and networks, and the degree to which we rely on them, have changed almost beyond recognition since 1990, but the framework of the Act remains effective. But to reflect the changed environment, the government is proposing to increase the penalties for unauthorised access and modification of computers in the Police and Justice Bill currently before Parliament. Hacking and malware have also expanded and, more worryingly, in recent years we have seen an explosion in the availability of hacking tools and services and their use by organised criminals. To target them, we are proposing a new offence to criminalise those individuals who make and distribute hacking tools.
The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned.
Hong Kong is readying its first anti-spam laws, promising fines and long prison terms for serious offenders. The Chinese territory currently has no laws specifically outlawing junk email, and recent surveys looking at the sources of spam have included Hong Kong and China among the worst in the world.
The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication.
Electronic voting machines will be vulnerable to fraud this election season unless countermeasures are taken, according to a report issued last week by the New York University School of Law. E-voting devices, such as touch-screen or optical scan systems, are becoming more prevalent nationwide, and most of them are vulnerable to external attack, according to the report compiled by the school's Brennan Center for Justice.
(Baltimore Sun, The (KRT) Via Thomson Dialog NewsEdge) Jul. 2--WASHINGTON -- The number of reported attempts to penetrate Pentagon computer networks rose sharply in the past decade, from fewer than 800 in 1996 to more than 160,000 last year - thousands of them successful. At the same time, the nation's ability to safeguard sensitive data in those and other government computer systems is becoming obsolete as efforts to make improvements have faltered and stalled.
It's a start. On June 23, the Office of Management and Budget announced that federal agencies have 45 days to put new data-protection measures in place. The new requirements (technically, they're "recommendations," but the OMB appears serious about this anyway) include encryption for all sensitive data on mobile devices, logging of all extracts from databases containing sensitive information and verification that the downloaded sensitive data is deleted after 90 days.
The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication. The memo follows a wave of high profile data thefts and major security breeches involving remote access or the theft of government laptop computers containing sensitive personal information. The official memo (PDF) from the executive office of the U.S. president stipulates that all mobile devices containing sensitive information must have their data encrypted.
The nation's three most commonly purchased electronic voting machines are all vulnerable to fraud, a study released on Tuesday has found.
A bill introduced yesterday by Sen. Bob Bennett (R-Utah) and Sen. Tom Carper (D-Del.) both of whom serve on the Senate Banking Committee, joins a growing list of data security measures now pending before Congress. The proposed Data Security Act of 2006 seeks to create a national data protection and breach notification standard.
The U.S. Federal Trade Commission is notifying 110 people that two laptop computers containing their personal data were stolen from a locked vehicle. The information includes individuals' names, addresses, Social Security numbers, birth dates and "in some cases, financial account numbers," the regulatory agency said yesterday. The laptops are password-protected, and the FTC said it had no reason to think the data on the laptops, rather than the laptops themselves, was the target of theft.
When you use the Internet, a certain record of your activities is invariably created and - at least for a short time - retained by your Internet Service Provider. For example, when you establish an account with your ISP - whether it is AOL, Comcast, Verizon, Time-Warner, or any of thousands of ISPs you generally provide the ISP with your name, address, telephone number, and if it is a paid service, some form of payment - credit card, bank account, etc. The ISP will typically retain this account information, and will also keep records that associate this account information with any accounts that you create. Thus, while you think you are so clever creating the online persona "cyber-stud" the ISP knows that you are really a twenty nine year old permanent undergraduate engineering student living at home in your mother's basement.
The U.S. House of Representatives definitively rejected the concept of Net neutrality on Thursday, dealing a bitter blow to Internet companies like Amazon.com, eBay and Google that had engaged in a last-minute lobbying campaign to support it.
Clark Ervin was strolling down a Manhattan street in April 2005 when the red light on his BlackBerry indicated he had a message. The former inspector general of the Homeland Security Department looked at the device and saw that the Associated Press had reported the results of the latest IG investigation on airport security. Those results showed no improvement in screeners’ abilities to detect deadly weapons, compared with the results of similar investigations done in 2001 and 2003. “It was far easier than it should have been even after the [Sept. 11, 2001] attacks for government investigators to sneak these weapons through,
The IRS said that one of its laptops containing data about 291 IRS employees and job applicants went missing in early May when it was lost in transit to an agency event. The information contained on the laptop included fingerprints, names, dates of birth and Social Security numbers for the 291 individuals.
The government has outlined its first steps for coordinating and expanding federal research and development efforts aimed at improving cybersecurity. The new Federal Plan for Cyber Security and Information Assurance Research and Development, issued in April and now available online, lays the groundwork for developing an R&D agenda that will help address critical gaps in current technologies and capabilities.
The U.S. House of Representatives Judiciary Committee today approved a bill that would significantly strengthen existing federal cybercrime law and provide law enforcement with increased enforcement tools.The bill also offers authorities greater enforcement powers and resources. Included is a section that provides an additional $10 million annually to the Secret Service, FBI and Department of Justice to investigate and prosecute cybercrimes. The bill makes failing to report breaches to the FBI or Secret Service than involve at least 5,000 customers a crime punishable by up to five years in prison.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
