Pages

Tuesday, December 27, 2005

Monday, December 19, 2005

Friday, December 16, 2005

icWales - Hackers stole from bank customer

Nailing PIN security

Standards on the way for encrypting data on tape, disk

Microsoft's security patches hit snag

Microsoft's security patches hit snagLatest updates appear to have overwritten a file used to keep track of approved updatesBy Robert McMillan, IDG News ServiceDecember 14, 2005 print thisPrinter Friendly VersionSome users of Microsoft (Profile, Products, Articles) Corp.'s Software Update Services (SUS) may be experiencing a minor annoyance, thanks to a glitch in the company's latest security patches, released Tuesday. The latest update may be changing the status of software updates that had been previously approved by administrators who use the service, according to Microsoft.SPONSORIT STRATEGY GUIDE: BUSINESS PROCESS MANAGEMENT (BPM)Sponsored by BMC SoftwareSPONSORIT STRATEGY GUIDE: SERVICE-ORIENTED ARCHITECTURESponsored by Flashline"If you synchronize your server after December 12, 2005, all previously approved updates may be unapproved and the status may appear as 'updated,' Microsoft said in a note published Wednesday. (http://support.microsoft.com/?kbid=912307)SUS is used by Microsoft administrators to gain more control over which Microsoft software patches get installed on their network. When a patch has been tested and determined to be appropriate for installation, it can be marked as "approved" and then automatically installed on the PCs being managed by the service.Tuesday's glitch disrupts that process.The problem is that the latest updates appear to have overwritten a file that is used to keep track of approved updates, said Russ Cooper, a scientist at security vendor Cybertrust Inc.Microsoft's note lists a number of work-arounds for this issue, but the simplest solution is to simply restore this file, called Approveditems.txt, from a backup copy, Cooper said."This shouldn't be a big problem for anybody because you're backing up that text file, aren't you?" he said. "But if you're not, be prepared to do a bunch of clicking."Microsoft plans to release a script that will reset these settings to a previous state, the company said.

Microsoft's security patches hit snag | InfoWorld | News | 2005-12-14 | By Robert McMillan, IDG News Service


Former company director admits theft of trade secrets

Monday, November 21, 2005

Study: Security still top IT spending priority | InfoWorld

Google Base launched with security hole

Don't Trust Trusted Computing

Token-based Authentication Is a Success for ETrade - Computerworld

Keeping out the data thieves

Ex-Microsoft Employee Sentenced In Software Theft

Boeing Says Laptop with Employee info Stolen

Stop Data Thieves Who Get... - Computerworld

Insuring IT security

Cyber Security Summit Outlines Evolving Threats, Solutions

Senate Panel Approves Data-Breach Bill - Security Feed - Blog - CSO Magazine

Iowa State IT Students To Try Their Luck Against Hackers

Study: Security Still Top IT Spending Priority - Security Feed - Blog - CSO Magazine

Friday, November 18, 2005

Senate panel approves data-breach bill - Computerworld

Market Analysis: Tape Encryption | Avoiding a Data Debacle | November 24, 2005 | Network Computing

Computer crime: Data theft, spyware, id theft

Hackers Raid 5300 Indiana University Students

Hackers Cracked Gmail

MarkMonitor Protects Customers from Phishing

Tape Encryption Devices: Host-based vs. Appliance | New Tape Measure | November 24, 2005 | Network Computing

Technology News: ID Security : Survey: Consumers Inclined to Switch Banks if Victimized

Report: Identity theft overblown

Six Plead Guilty for Role in ID Theft Ring

Monday, November 14, 2005

Making Internet banking more secure

How a well-dressed thief made $1 million a year stealing laptops from offices

Selling old storage tapes can lead to data risk

Banks Urged to Automate Online Transaction Controls - Computerworld

Prioritising Security in E-Commerce

It Takes A Hacker To Catch One > November 14, 2005

Evaluating Intrusion Prevention Systems

Ban corporate Skype usage immediately, says Info-Tech Research Group: Financial News - Yahoo! Finance

Armed forces revamp IT security

NMCI gets hacked

Scale your compliance solution

Feds calling for greater online banking security

My security. My notebook. The latest from Fujitsu PC Australia

Prioritising Security in E-Commerce

Phishing strikes eBay

Computer crime: Cybercops, cyber-FBI

Thursday, November 10, 2005

Check employees' home computers for threats to your network

Irreplaceable Data Lost by Europeans Due to Hacker Activity - addict3d.org

October Surprise: The Industry Reacts to FFIEC Guidance on E-Banking Authentication

Wired News: No Fed Security Laws, Hurrah!!

New center to help intelligence community exploit public information

Special Report: Digital investigations: difficult expensive?and necessary

Stolen PC holds sensitive consumer data | Tech News on ZDNet

Phishing Scam Lured Users with Bogus Google Site - Yahoo! News

Online banking too risky? Some say yes | CNET News.com

PayPal scam

Thursday, November 03, 2005

Online Banking Still Easily Hackable

Digital pens to prescribe paper some rest | CNET News.com

Black Hat presentation yields another Cisco bug

Invasion of the Stock Hackers

Build extra secure Web applications

Crypto gurus hash out future

IBM offers encryption tool for in-transit data - Computerworld

Security is your biggest IT Priority

Microsoft patches may break Web sites

Cisco squashes 'critical' Net attack bug

Microsoft hires bounty hunter to fight

Monday, October 31, 2005

Data Management - The Push for Continuous Data Protection

Industrial espionage, Part 6: Cases

Noted crypto expert performs detailed Skype vulnerability analysis

Web banking undergoing security upgrade

IT security LOB strives for standards consistency among agencies

E-mail scam phishes for Wells Fargo clients

How The NSA Secures Computers

Chevron has had it with passwords

The scary side of recycling hard drives

Start-up takes aim at online prevention

Safer With SOAs--Or Not?

22 ways to foil credit card thieves

You Know These Security Threats--You Hired Them > October 31, 2005

Cut your online risks

FBI and CSI release new Computer Crime report

Biometric devices to aid Authentication process

Adapting security to looming challenges - Express Computer

Security Threats hinder IT Development

End-point security gains importance

Wireless networks remain unprotected

Another headache: records security - 2005-10-31

Thursday, October 27, 2005

(IN)Secure Magazine version 1.4

SNW: Users See Disaster Recovery As a Top Issue - Security Feed - Blog - CSO Magazine

How to pull off a successful proof of concept - Computerworld

SNW: Users concerned about data security, encryption - Computerworld

Addressing Conflicts of Interest in Security Processes

Help's A Firewall Away > October 24, 2005

How to use cryptography to tighten security - Computerworld

Processes are key to IT security, says Gartner

The danger of relying solely on Active Directory for backups

10 Security Myths That Need To Be Put To Rest

How to use cryptography to tighten security - Computerworld

Keychain - Openssh Key Management - OSNews.com

Telcos Strive for Better Global Security

Making signatures more secure / IBM is developing new technology to foil forgers

Fighting cybercrime on a shoestring budget

FISMA guidance nearly complete

Cybereye: Don't neglect the perimeter in your rush to secure data

Banks to blacklist rogue workers in fraud fight | Tech News on ZDNet

Survey: Online Criminals Are Chasing Web Users Away > October 26, 2005

Get Safer Online, NHTCU suggests

Inside hackers' kindergarten (Karen Dearne, OCTOBER 25, 2005)

Security Tools Under Security Threat

Tuesday, October 25, 2005

DNS servers 'vulnerable to attack' - ZDNet UK News

IAC gives agencies manual on IT security compliance

Justice appeals order cutting some Interior systems from Internet

Squabble continues over credit card breach

Skype flaws open computers to attack

Increasing demand for high quality security professionals

Dutch Say Suspects Hacked 1.5M Computers - Yahoo! News

Computer crime, new figures

Cybercrime: new approach

Hackers, Scammers Hide Malicious JavaScript On Web Sites

Symantec Testing Database Security Appliance

One password to rule them all

Security software traps PCs infected by viruses, spyware

Responding to Data-Security Needs

Email Security: How Much is Enough?

BofA hits delay in move to stronger authentication

Tuesday, October 18, 2005

New Security Features in IE 7.0

The Writing on the Wall - Computerworld

Banks to strengthen Web log-ons to thwart ID theft | CNET News.com

Cybercrime being fought in new ways

Costly virus damage

Security staff pack more punch with top managers

Lessons of warfare for IT security

Windows patch backfires on the security-minded | Tech News on ZDNet

Hackers: new targets

Take 10 steps to secure

Using new access keys

Friday, October 14, 2005

Survey: Online retailers still sharing users' personal data - Computerworld

How safe is your mail?

One in six people's private personal data may have been compromised

Microsoft employee blasts 'fake' service pack

The hackers who can put your IT security to the test - vnunet.com

Don't Forget to Lock the Door

Bank hits back at phishing with security trial

Symantec to unleash 'Big Brother' on the world

Military foundation's website hacked-The Korea Herald

Congress agrees to split off DHS cybersecurity unit (10/13/05)

5,259 phishing sites in August 2005 | IT Facts

NASA Struggles to Fix Network Security Holes

Hacker Protection for Your Web Applications

Security experts warn of Windows worm - PC Magazine

Thursday, October 13, 2005

Protecting Customer Data: Grappling With Lost Data, Broken Trust

Still insecure about Net banking

Techworld.com - Secure servers compromised by SSL bug

Security Awareness Is the Public's Best Ally

CipherTrust Tackles IM Security

A Good Judge of Character

VoIP is not as secure as you think

US cybersecurity all at sea

Government must push on IT security - Computing

Staff 'need reasons' to believe in security

Energy Department auditors cite cybersecurity flaws at FERC

Tuesday, October 11, 2005

Liberty Alliance releases legal, privacy guidelines

Secunia - Advisories - BEA WebLogic 24 Vulnerabilities and Security Issues

Privacy Concerns, Expense Keep Fingerprinting, Eye Scans Out of U.S. ATMs

Control system security: whose problem is it?

N.C. State Professor Victim Of Online Theft

Careless Users Challenge Mobile Security

Cybercrime thrives in online underworld

Security management advances

Secure your PC and maintain your privacy

What Are Digital Vaults?

Man with 130 IDs steals 1m pounds

Slew of New IM Threats Reported

People: Your network's weakest link - ZDNet UK News

Extract value from compliance by concentrating on the broader security goals

Handhelds on fire WiFi on guard

Researcher lashes out at Oracle's security effort

Monday, October 10, 2005

The Four Most Dangerous Security Myths

A convicted hacker debunks some myths - Oct 7, 2005

Cyber Security Month Aims To Calm Consumers E-nerves

Bank ID-theft charges rankle privacy groups

http://www.bizjournals.com/industries/high_tech/e_commerce/2005/10/10/portland_story2.html


The Business Journal of Portland


From the October 10, 2005 print edition
Bank ID-theft charges rankle privacy groups
Andy Giegerich
Business Journal staff writer
Collectively, identity theft costs Oregonians $5 billion annually.

Individually, it could cost them between $9.99 and $15 a month in bank fees to protect their financial information.

Lenders offering the fee-based identity theft services say the safeguards help victims navigate several layers that only tangentially relate to their bank. It's thus necessary to charge administrative fees, the lenders say.

Advocates say the practice plays on consumer fears while offering extras that should come standard with normal bank accounts.

The protective services include insurance that helps recover, among other things, wages victims may lose as they rectify their theft-related problems.

"It's a value-added service, and consumers have the freedom to decide if they want to pay for it," said Bank of America spokesman Rich Brown of his bank's PrivacySource offering.

Cleveland-based KeyCorp has begun heavily touting its Privacy Matters service, for which it charges $9.99 monthly ($14.99 to individuals and their spouses).

Wells Fargo began offering its fee-based Select identity theft protection service last year for $12.99 a month. Bank of America also offers the PrivacySource credit monitoring system for $129 yearly.

The $50 billion-yearly identity theft industry affects 9 million Americans. In Oregon, the impact is estimated at around $5 billion yearly.

To fight it, KeyBank enlisted Atlanta-based Coverdell & Co. to create an identification theft-fighting package. The program offers prevention, detection, restoration and emergency cash coverage, said Martin Webb, KeyBank's Cleveland-based vice president of retail insurance.

The prevention aspect secures the customer's electronic data; the detection occurs through weekly fraud alerts.

The restoration component slashes the time in which Key informs multiple credit card carriers of any thefts. The offering further provides "an experienced, licensed investigator" who'll help restore both a client's identity and credit records.

Key's program further provides victims with $25,000 worth of insurance for lost funds and pays up to $500 per week in lost wages for four weeks.

Webb said about 5,000 customers across the country have so far purchased the services.

"That's a very good response, and we're seeing accelerated enrollments in the program," he said.

The Wells Fargo program mirrors the Key offering in several regards. Wells Fargo Select provides personal credit reports compiled from the country's three major credit reporting agencies: Equifax, Experian and TransUnion. The bank further monitors credit daily, quickly alerting customers to any discrepancies.

Wells offers up to $10,000 in identity theft insurance and provides "resolution specialists" who help victims reassemble their lives.

Neither bank would discuss how much the programs cost to administer.

Privacy advocates say they've long opposed programs in which banks benefit from their customers' misfortune.

Chris Hoofnagle, senior counsel for the Washington, D.C.-based Electronic Privacy Information Center, said the financial services industry "is expert at creating products out of problems they created. ... The credit reporting agencies, which have a legal obligation to ensure that your credit report is secure and accurate, place advertisements stoking fears about accuracy and security in order to sell credit monitoring services."

In terms of identity theft, Hoofnagle said banks want to turn the problems into a profit base. The institutions should instead expend resources toward ensuring that credit cards are more secure, he said.

Hoofnagle's group wants the Federal Trade Commission to make credit monitoring a free service for bank customers.

Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego-based consumer advocacy group, takes a similar tack.

"My feeling is no one should have to pay for credit monitoring," she said. "If there's activity, the customer should be notified. It's as simple as that."

Givens pointed out that customers can receive one free credit report from each of the three main credit reporting agencies per year.

"You can order one every four months, and you don't have to pay subscriber fees to your bank," she said.

Givens added that she's no fan of the packages' insurance component. The lost wages section doesn't reimburse what victims spend mailing documents or copying paperwork, she said.

Some insurers offer low-cost policies, for $25 a year, she added.

Overall, Webb and Wells Fargo spokesman Tom Unger said their products help spot and solve problems more quickly.

"You can get the report annually for free, but if you're counting on that, it might be 365 days before you find out someone changed your address," Unger said.

Added Webb, "Certainly there's a cost associated with the bundling of the different products involved in the programs," including the insurance portion.

Unger, in explaining the program's fees, maintained that the arrangement helps customers deal with many parties, including credit card companies and other lenders.

"We not only deal with accounts at our bank, but accounts anywhere," he said. "It's a retail product and we think it has value and we've priced it fairly and appropriately."

One top industry analyst predicted banks could soon offer such programs as standard.

"Just because they charge today doesn't mean they'll charge tomorrow," said Jim Bradshaw, vice president and senior research analyst for D.A. Davidson's Lake Oswego office.

Consider, he said, online bill payment programs: "Those started out at $15.95 a month in some cases. Now, most banks are giving them away."

But because outside contractors often oversee the services, banks might face other issues. In working with Coverdell & Co., KeyBank has chosen a partner owned by Vertrue Inc. The Stamford, Conn., company, formerly known as MemberWorks Inc., collects and sells mailing lists of credit card issuers and banks.

"We do feel confident in the product meeting fully our compliance and privacy requirements," Webb said.

agiegerich@bizjournals.com | 503-219-3419

HOWTO: Bypass Email Filters

Visa CEO Says Laws, Incentives Needed to Improve Credit Card Data Security - Computerworld

Data Security Risks Missing From Disaster Recovery Plans - Computerworld

Security Log - Computerworld

IT risk too important to leave to CIO

IETF promises new configuration standard

Phishers Zero in on E-Banking

Microsoft: keeping security friends close, enemies closer

Web Application Firewall Evaluation Criteria - Web Application Security Consortium

Cops smash 100,000 node botnet - vnunet.com

A special budget for security

Bank of America notifying customers after laptop theft

How to secure Instant Messaging and improve communication

Visa to spend $200m fighting fraud

Preventing Identity Theft Online

Be aware of this Windows registry vulnerability

Symantec Internet Security Threat Report Identifies Shift Toward Focused Attacks on Desktops

Friday, October 07, 2005

Microsoft says Windows is safer than you think

Wired News: A Real Remedy for Phishers

FBI's expanding spy probe raises concern about computer security

Hackers Fiercer Than Ever, FBI Says

Protecting Files at Home Using Encrypted Containers | Linux Journal

FAQ: Inside Microsoft's Client Protection | Tech News on ZDNet

Slew of Windows patches coming

Hitachi Develops World's Smallest Finger Vein Authentication Device

Zimbra debuts open-source collaboration suite beta - Computerworld

Managing Risks in IT Operations

Private Sector Needed For Identity Management

Thursday, October 06, 2005

ChoicePoint Seeks an Anti-Fraud Balance

Bank of America Describes Grid Deployment

Summit Reveals High Security Awareness - Security Feed - Blog - CSO Magazine

Internet crime shifts to Russia - Computerworld

The sky really is falling - Computerworld

New Security Threat: Text Messaging

Web Application Firewall (WAF) Technology Grows

Microsoft to Introduce New Security Software for Windows - New York Times

Fake Google Toolbars Go Phishing

Increased Need to Protect Online Business Applications Set to Fuel Growth of Untapped Web Application Firewall Market

How much security belongs in LAN switches?

Victims coughing up to online extortionists | The Register

Firms hit hard by organised IT crime - vnunet.com

Visa CEO calls for data protection laws, incentives

Network feud leads to Net blackout

Log data management is a challenging Sarbanes-Oxley issue

Monday, October 03, 2005

Hacker warning for US air traffic control

Hacker hits University of Georgia employee records server - Computerworld

Two Out of 3 Organisations Fear Network Security Threats Through Instant Messaging (IM)

Security, strategy concerns delay enterprise wireless device rollouts

Sidebar: Be Prepared - Computerworld

Survey Finds Good Communication Key to Managing Data Breaches - Computerworld

Backdoor Trojan targets Microsoft Access

Iron Mountain Touts Value of Encryption - Computerworld

Gartner: Unattended PCs a menace - Computerworld

ChoicePoint seeks an anti-fraud balance - Boston.com

Online safety threats lurk in instant messages

The State Of E-Mail (In)Security

Wednesday, September 28, 2005

Document integrity still at the mercy of human error - Computerworld

Security breaches could prove costly to data companies - Computerworld

Firms 'prone to hackers'

Lawmaker doesn't rule out cybersecurity regulation

Online Crime Rises Dramatically, Report Says - BizReport

Businesses keep ignoring mobile security

Article from bizjournals.com: RBC Dain suspects client information theft

RBC Dain Rauscher Corp. has launched an investigation into claims that personal client information has been stolen from the company.

The Minneapolis-based securities firm said several of its clients have received anonymous letters stating that their personal information was stolen. The letter were sent by someone claiming to be a former employee.

RBC Dain Rauscher said it is working with local and federal authorities to investigate the claims, and the company has hired an outside firm specializing in identity theft.

"This suspected criminal activity is something we're taking very seriously," RBC Dain Rauscher CEO John Taft said in a statement. No evidence has been found to support the claims, he said.

RBC Dain Rauscher is asking any clients who have received a suspicious letter to contact the company immediately.

RBC Dain Rauscher is a wholly owned subsidiary of Royal Bank of Canada in Toronto.

Copyright(c) American City Business Journals Inc. All rights reserved.

You can view this article on the web at:
http://twincities.bizjournals.com/twincities/stories/2005/09/26/daily22.html

Symantec Internet Security Threat Report Identifies Shift Toward Focused Attacks on Desktops