Cyber Security Institute

Tuesday, November 24, 2009

FBI’s network against cyber crime

Last week, when the Senate’s Subcommittee on Terrorism and Homeland Security held a hearing entitled “Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace”, the NSA wasn’t the only agency who gave an overview of its actions and practices concerning the subject. Steven R. Chabinsky, Deputy Assistant Director, of the FBI Cyber Division, also addressed the Subcommittee. He stated that “the FBI considers the cyber threat against our nation to be one of the greatest concerns of the 21st century.”  Chabinsky reminded that “terrorists do not require long term, persistent network access to accomplish some or all of their goals.


Man pleads guilty to selling fake chips to US Navy

A 32-year-old California man has pleaded guilty to charges that he sold thousands of counterfeit chips to the U.S. Navy.  In a plea agreement reached on Friday, Neil Felahy of Newport Coast, California, pleaded guilty to conspiracy and counterfeit-goods trafficking for his role in an alleged chip-counterfeiting scam that ran between 2007 and 2009.


Monday, November 23, 2009

Workers stealing data for competitive edge

Carried out amongst 600 office workers in Canary Wharf London and Wall Street New York, 41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job. Pilfering data has become endemic in our culture as 85% of people admit they know it’s illegal to download corporate information from their employer but almost half couldn’t stop themselves taking it with them with the majority admitting it could be useful in the future!  However, it would seem employers have only themselves to blame as they appear pretty lackadaisical when it comes to protecting their data from their employees with 57% of respondents stating that it’s become a lot easier to take sensitive information from under their bosses noses this year, up from 29% last year.


Wednesday, November 18, 2009

Cyber-war is here and to stay: ask US, China, Russia, Israel and France

Major countries and nation-states are engaged in a “Cyber Cold War,” amassing cyber-weapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report released by McAfee.  In particular, countries gearing up for cyber-offensives are the US, Israel, Russia, China, and France, says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.


Tuesday, November 17, 2009

Threat Level Privacy, Crime and Security Online Senate Panel: 80 Percent of Cyber Attacks Preventabl

If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday.  The remark was made by Richard Schaeffer, the NSA’s information assurance director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, “thereby raising [their] risk of detection.”  The Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security heard from a number of experts offering commentary on how the government should best tackle securing government and private-sector critical infrastructure networks.


Federal government using PS3 to crack pedophile passwords

The U.S. Customs Enforcement Cyber Crimes Center (C3) has begun using Sony consoles running Linux to solve child pornography cases.  C3 needs the processing power of about $11,000 worth of computers, which is now being provided by a network of PS3 consoles at a quarter of the cost.Though they aren’t using the new PS3 Slim (since you can’t install Linux on the new models) purchasing 20 old PS3 units is still about $8,000 cheaper than the Dell servers C3 had used previously.


Monday, November 16, 2009

FBI Says Hackers Targeting Law Firms, PR Companies

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.  The FBI has issued an advisory that warns companies of “noticeable increases” in efforts to hack into the law firms’ computer systems—- a trend that cyber experts say began as far back as two years ago but has grown dramatically.  In many cases, the intrusions are what cyber security experts describe as “spear phishing,” attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person’s business and appear to come from a trusted source.


Sunday, November 15, 2009

Hackers create tools for disaster relief

Google, Microsoft, and Yahoo may be tough competitors when it comes to Internet software and services, but they are putting their differences aside to build a developer community to tackle bigger picture problems like saving lives in emergencies.  The companies have joined with NASA, the World Bank, and PR agency SecondMuse to organize the first-ever Random Hacks of Kindness event, which was held at a warehouse space-cum community center called Hacker Dojo this weekend.  For two days, coders worked on ways to use technology to help solve real-world problems, such as how people can get information and find each other during disasters.  The event came about after representatives from Google, Microsoft, and Yahoo attended a Crisis Camp conference for emergency and disaster relief groups in Washington, D.C. in May. 
The technologists decided that they would join forces to create a community of developers to build tools to help emergency workers.


Microsoft study shows growing threat of computer worms

The danger of corporate computers becoming infected by worms has risen dramatically recently, according to a new study by Microsoft.  The study showed that, globally, the chances of infection by a computer worm had increased by almost 100 per cent when comparing the first half of 2009 with the same six-month period in 2008.


Saturday, November 14, 2009

New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit

New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they’re looking for Oct 29, 2009 | 03:53 PM By Kelly Jackson Higgins DarkReading A next-generation Web server honeypot project is under way that poses as Web servers with thousands of vulnerabilities in order to gather firsthand data from real attacks targeting Websites.  Unlike other Web honeypots, the new open-source Glastopf tool dynamically emulates vulnerabilities attackers are looking for, so it’s more realistic and can gather more detailed attack information, according to its developers.


Friday, November 13, 2009

Want to visit your child’s teacher or volunteer in a classroom?

Want to visit your child’s teacher or volunteer in a classroom?  Then you need to hand over your driver’s license for a quick background check in order to obtain a pass complete with photo and date as you enter the halls of any school in New Lenox School District 122.  Just a few weeks ago, the district installed the new security system, which scans a driver’s license and within seconds determines if the visitor is listed on the national Sex Offender Registry and Violent Offender Against Youth Database.


California Plans to Launch Information Security Operations Center

California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack.  The proposal is part of a sweeping five-year plan, released Thursday, Nov. 12 by state Chief Information Security Officer (CISO) Mark Weatherford, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals.


Security Pros Not Confident In Their Incident Response Plans, Study Says

Enterprises suffer an average of two breaches a year, but only a third of IT professionals are completely confident in their incident response plans, according to a study published earlier this week.  According to a study conducted by data recovery and forensics service provider Kroll Ontrack, about three-quarters of U.K. organizations that have an incidence response plan say their plan is “effective” to some degree, but only 25 percent say their plan is “very” effective.

Tuesday, November 10, 2009

SaaS Offerings May Play Key Role In Small Business Security, Report Says

Hackers don’t care how big your business is.  As a result, many small and midsize businesses today have enterprise-class security vulnerabilities—and only a fraction of enterprise security budgets.  To help close the gap, many SMBs are turning to third-party security services, according to a new report published today by Dark Reading and InformationWeek Analytics.  The report outlines some of the differences between the needs of the small business and those of the large enterprise.  “The biggest thing SMB IT pros have going for them is an intimate knowledge of how the business operates, where its sensitive data resides, and what its weak points are,” the report states.


Thursday, November 05, 2009

Canada - Beef information Service

The Beef Information Centre (BIC), which works with industry leaders in the promotion of Canadian beef, is commending McDonald’s Canada for its long-standing commitment to sourcing beef from Canadian producers.  This is especially timely in light of an Internet email hoax spreading false information about McDonald’s Canada’s beef sourcing practices.


Monday, November 02, 2009

Phishing, worms spike this year, say Microsoft and McAfee

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee.  Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft’s report covering the first half of 2009.


How Security Should Handle Pickets and Strikes

How Security Should Handle Pickets and Strikes 9 things a business should do - and 6 things you absolutely can’t do - to help ensure a strike or picket remains peaceful.  Excerpted from the new book The Security Manager’s Guide to Disasters.  Anthony Manley’s new book Security Manager’s Guide to Disasters covers everything from workplace violence to earthquakes.  The practical tips in this excerpt address workers’ right to picket and what security can do to help keep such situations orderly and appropriate.