Cyber Security Institute

Wednesday, March 28, 2007

Saudi government gets tough on cybercrime and criminals

According to the Saudi cabinet, there will be new harsher penalties for committing cybercrime inside the country. A bill that was passed on Monday, would charge people who commit crimes online with a $133,000 fine, and one year in prison. The cabinet said in a statement that it passed a proposal from the Shura assembly that was submitted last year.


Monday, March 26, 2007

How to safely dispose of old mobile devices

The lifespan of notebook PCs, PDAs and smartphones is falling as the pace of technology marches ever onwards.  But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the office rubbish.  Deleting data on your portable device rarely means that the data goes away forever.  There are commercially available utilities that can un-delete `deleted’ data in seconds.  Many organisations allow staff to access the company network using a wireless notebook, PDA or smartphone, with network based security software.  It’s worth noting that the latest exploits can use connection hijacking to give hackers access to the company network using the mobile device as a stepping stone, which poses a danger when the unit is passed on or falls into the wrong hands.


Saturday, March 17, 2007

Europe to develop guidelines on RFID

The European Commission will develop guidelines for the use of radio frequency identification, or RFID, in businesses and government.  RFID technology is used to identify assets wirelessly at short range, and is used in many industries to help make companies more efficient and to prevent theft.  Speaking at the CeBit technology trade show in Hannover, Germany, on Thursday, information society commissioner Viviane Reding said the Commission would draft rules later this year to amend EU e-privacy legislation that factors into the use of RFID.


Wednesday, March 14, 2007

Forget hackers; companies responsible for most data breaches, study says

That conclusion is based on a review of 550 security breaches reported in major U.S. news media outlets from 1980 to 2006.  It showed that internal foul-ups such as putting personally identifiable information accidentally online, missing equipment, lost backup tapes or other administrative errors were responsible for 61% of the incidents.


Tuesday, March 13, 2007

Goldman Sachs IT spending survey: Winners and losers

In a Goldman Sachs research report on IT enterprise spending for 2007, the top 10 priorities by rank were applications integration, security, cost cutting, business intelligence, ERP, Web-based app development, datacenter consolidation, disaster recovery, compliance/risk management and identity and access management.


Microsoft has released SP2 for Windows 2003

A new event log event has been created to address certain situations in which the Cluster service account becomes excessively restricted by domain policy.

Data access components
XmlLite is new with Windows Server 2003 SP2. XmlLite is a fast, low-level, native XML parser with a small memory footprint. 

Distributed systems
New options have been added to the Dcdiag.exe Domain Name System (DNS) tests.

File systems
Icacls.exe is an upgrade of the Cacls.exe tool in Windows Server 2003 SP2, and can be used to reset the access control lists (ACLs) on files from Recovery Console, and to back up ACLs.

Microsoft Message Queuing
The default storage limit for message queuing has been changed to 1 gigabyte (GB).

Networking and communications
• This version of Windows Server 2003 SP2 includes an update that enables you to simplify the creation and maintenance of Internet Protocol security (IPsec) policy.

• Group Policy support for non-broadcasting networks and Wi-Fi Protected Access 2 (WPA2) settings has been added to the Windows wireless client in Windows Server 2003 SP2.
• The Windows wireless client now supports WPA2, which enables you to take advantage of high levels of standards-based connection and encryption security. New security features include:
• Non-broadcast network profiles are now marked with a flag to improve the security of the Windows wireless client.
• Windows will not automatically connect to a peer-to-peer network, even if it has been automatically saved in the preferred network list. You must manually connect to a peer-to-peer network profile.

Windows Deployment Services
Starting with this version of Windows Server 2003 with SP2, Remote Installation Services is replaced by Windows Deployment Services.

Monday, March 12, 2007

McAfee maps malware risk domains

A global road map of the riskiest and safest places to surf online found Russian and Romanian sites among the top-level domains most commonly hosting malicious downloads, browser exploits, and scams.  A survey of 265 top-level domains by McAfee, dubbed Mapping the Mal Web, revealed large differences in safety from one domain to another.  The most risky large country domains were Romania (.ro, 5.6 per cent risky sites) and Russia (.ru, 4.5 per cent risky sites).  These East European country domains were the most likely to host exploit or “drive-by-download” sites run by hackers.  Even though the Netherlands (.nl), Germany (.de) and the United Kingdom (.uk) are all relatively safe country domains, each of their country domains account for more than 2 million clicks to high or medium-risk sites every month.


Thursday, March 08, 2007

A New Spin on Honeynets

Darknets, honeynets: When do you use one or the other?  A darknet, allocated but unused IP address space that ISPs and large enterprises have in reserve, is increasingly becoming a useful tool for catching attacks early.  “With a darknet, you listen for attack and connection attempts,” says Adam O’Donnell, senior research scientist with Cloudmark Inc. “There are lower maintenance requirements [than with a honeyet] because you don’t have to maintain a real piece of server hardware or virtual hardware.”  “Darknets are there to collect large network captures.  They can deduce DDOS, DOS, and botnet threats a lot faster and more completely because a honeynet in theory is just one POP [point of presence],” says Ralph Logan, partner with the Logan Group and vice president of The Honeynet Project.


Wednesday, March 07, 2007

ID theft forecast: Gloomy today, worse tomorrow

Virtually every trend line for identity theft is bad news, a research analyst said today as she released a survey showing that 15 million Americans were victimized during a recent 12-month span.  For the year-long period that ended last August, 15 million people were burned by some kind of fraud related to identity theft, said Avivah Litan, a Gartner Inc. analyst.  The average identity theft fraud loss more than doubled in 2006 to $3,257 from $1,408 the year before, while the percentage of recovered funds dropped to 61% in 2006 from 87% in 2005.  The average loss on new-account fraud—where criminals use the data they’ve stolen to open new credit card or bank accounts—was $5,962 in 2006, a jump of 223% over 2005’s $2,678.  And unauthorized charges to credit cards leaped nearly fourfold, to an average last year of $2,550.


Saturday, March 03, 2007

Homeland Security plays real reasonable on Real ID

The Department of Homeland Security fronted up as a reasonable gent yesterday when it granted state civil servants extra time to implement the Real ID Act.  In what amounted to a standard “we’re listening” tip of the hat to civil liberties campaigners, the DHS issued guidelines for implementing the Real ID Act, which play down many of the most contentious aspects of program to nationally standardise identity documents.  The long-awaited rules (PDF), issued on Thursday in Washington DC, will ease the timetable for state governments to adopt the Act, and delay an initial insistence on RFID technology and biometrics.  The DHS recommendation will allow extensions until the end of 2009.


Friday, March 02, 2007

Microsoft Hit By U.S. DOT Ban On Windows Vista, Explorer 7, and Office 2007

Citing concerns over cost and compatibility, the top technology official at the federal Department of Transportation has placed a moratorium on all in-house computer upgrades to Microsoft’s new Windows Vista operating system, as well as Internet Explorer 7 and Office 2007, according to a memo obtained Friday by InformationWeek.