Thursday, May 31, 2007

DHS publishes sector-specific protection plan for IT infrastructure

ComputerWorld's article, DHS publishes sector-specific protection plan for IT infrastructure," discusses the DHS 17 Sector-Specific Plans (SSPs), see also DHS Completes Key Framework for Critical Infrastructure Protection.

US Internet 'Spam King' arrested

Yahoo's article, "US Internet 'Spam King' arrested," covers the arrest of Robert Soloway. The article states:

"Spam is a scourge of the Internet, and Robert Soloway is one of its most prolific practitioners," said US Attorney for the Western District of Washington Jeffrey Sullivan.

Computer viruses invade SSU class -- on purpose

The Santa Rosa Press Democrat's article, "Computer viruses invade SSU class -- on purpose," discuss a class taught by Professor George Ledin that involves creating computer viruses in a secure lab. The article states,

"But the class is not without its detractors. Three companies that develop software to fend off malicious computer programs sent SSU hostile letters, said Ledin, former chairman of the computer science department."

Tuesday, May 29, 2007

China Crafts Cyberweapons

PC World's article, "China Crafts Cyberweapons," discusses the May 25, 2007 DoD report, "Annual Report to Congress: Military Power of the People’s Republic of China." Interestingly, this is somewhat old news, see the 2006 item from FCW: "DOD: China fielding cyberattack units," from May 25, 2006.

Saturday, May 26, 2007

Globalization has made software development a national security issue

Computerworld's article, "Globalization has made software development a national security issue," quotes former US cyber security tsar Andy Purdy as saying "Companies are looking for the least expensive source of production, but there isn't enough concern about the security of these networks and the data being stored on them."

Tip o' the hat to Ruzena

Thursday, May 24, 2007

Proposed National Database Raises Privacy Concerns

EWeek's article, "Proposed National Database Raises Privacy Concerns," discussed the ramifications of the database needed for the Secure Borders, Economic Opportunity and Immigration Reform Act of 2007 (PDF).

BBN Selected as GENI Project Office

The NSF press release, "Three Wishes for a Future Internet? GENI Project Will Soon Be At Your Command," report
that BBN Technologies has been selected to serve as the Global Environment for Network Innovations(GENI) Project Office.

Saturday, May 19, 2007

Russia accused of cyberattack on Estonia

The Guardian's article, "Russia accused of unleashing cyberwar to disable Estonia," discusses attacks on websites in Estonia and raises the possibility of involvement by the Russian government.

Friday, May 18, 2007

Hundreds click on Google link that promises PC infection

The Register's article, Feeling left out? Get your PC infected today!, discusses a Google Adwords campaign that said "Drive-By Download Is your PC virus-free? Get it infected here!" 409 users clicked on the ad.

Friday, May 11, 2007

Google preparing to police the web

A blog entry at Roughtype, "Google preparing to police web," describes possible efforts by Google to identify malware sites. See also, "The Ghost in the Browser" and the New Scientist article, "Web browsers are new frontline in internet war.

House panel approves e-voting paper trails

CNet's article, "House panel approves e-voting paper trails," says:

All U.S. voting systems would be required to produce or make use of verifiable paper ballots in time for the next presidential election under a bill approved this week by a House of Representatives panel.

Wednesday, May 09, 2007

CA Sect. of State will engage in Top-To-Bottom review of Voting Computers

The California Secretary of State's website has an article, "Top-To-Bottom Review," says:

Secretary of State Debra Bowen will begin a thorough top-to-bottom review of the voting machines certified for use in California the week of May 14, 2007. The review is designed to restore the public's confidence in the integrity of the electoral process and is designed to ensure that California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible.

Putting Coders' Security Chops to the Test

Application Development Trends article, "Putting Coders' Security Chops to the Test," describes SANS' series of assessment and certifications designed to test the security skills of programmers.

Monday, May 07, 2007

Document shell-code attacks on the rise

Infoworld's article, "Document shell-code attacks on the rise," states:

Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division.

Saturday, May 05, 2007

TJX Breach started via WEP

The Wall Street Journal article, "How Credit-Card Data Went Out Wireless Door," discusses how the TJX break-in involving as many as 200 million credit card numbers occured by breaking WEP security at a Marshall's in Saint Paul, MN. See also Security Focus and Slashdot.

TSA Lost Data on 100K Employees

Wired News reports: "TSA Lost Sensitive Data on 100,000 Employees."

Friday, May 04, 2007

Bruce Schneier: "Do We Really Need a Security Industry?"

Bruce Schneier's blog entry, "Do We Really Need a Security Industry?," suggests that as IT evolves into something that "just works," then security will become a service that part of a larger solution.

Florida moves towards paper ballots

The NY Times article, "Florida Acts to Eliminate Touch-Screen Voting System," states that Florida voted to replace electronic voting computers in 15 counties with optical scan machines. Florida uses optical scan machines in the other 53 counties. See also the press release from the Florida Voters Coalition.

Thursday, May 03, 2007

Researchers: Health sensors open new doors for hackers

Arizona State University's article, "Researchers: Health sensors open new doors for hackers," discusses the work of Sandeep Gupta surrounding securing personal health sensors via key distribution.

Wednesday, May 02, 2007

Lip Reading Camera Research in the UK

Electronic Design's article, "Lip-Reading Technology Knows What You Said," discusses a computer vision project by Richard Harvey, a lecturer at University of East Anglia. The three year project is funded by the U.K. Engineering and Physical Sciences Research Council. In principle, this software could be applied to British surveillance cameras.

HD-DVD Processing Key Dust Up

There is quite a bit of traffic on Slashdot, "Censoring a number," and
" Attempts To Suppress HD-DVD Revolt," about the HD-DVD Processing Key that can be used to decrypt HD-DVDs. New keys will be released by AACS. What's interesting about this is that a secret (the key) is now not a secret and we have entered into a race to find processing keys as they come out. For further details, see the take down notice from