Cyber Security Institute

Tuesday, March 30, 2010

FAA Launches Real-Time Security Pilot With IBM

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.  The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform real-time analytics on heavy throughput data streams of up to millions of events or messages per second.  FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA’s firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as VeriSign’s iDefense.  In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA’s domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation’s inspector general.


Friday, March 26, 2010

A Security Checklist for Deploying Software-as-a-Service

In recent years, software-as-a-service (SaaS) has emerged as a viable application delivery method, and most enterprises are now including some SaaS software in their portfolios.  The most important shift is looking at your software vendor not as a product company, but rather as a service provider.  This guide will help you compare your organization’s risk management and compliance priorities to the SaaS provider’s security policies and procedures.


Wednesday, March 24, 2010

Senate Committee OKs Cybersecurity Act

A crucial piece of cybersecurity legislation is one step closer to becoming law after being approved during a Commerce, Science & Transportation Committee hearing Wednesday.  The Cybersecurity Act, S. 773, aimed at protecting critical U.S. network infrastructure against cybersecurity threats by fostering collaboration between the federal government and the private sector firms that maintain that infrastructure, is now on its way to the Senate floor.


Wednesday, March 17, 2010

Forensics for GPS Unit

Blackthorn2 -


Forensic Analyser - TomTom Edition - - company seems to be dead
TomTology -
EnCase Enscript - can parse TomTom files once they have been recovered from a device


Device Seizure
\Garmin\GPX\Current.gpx is an text file that contains trips details


Wednesday, March 03, 2010

Database Security Lacking at Financial Services Firms

Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers’ and employees’ privacy at risk, according to a new study from the Ponemon Institute.  The study, commissioned by enterprise software and consulting firm Compuware (NASDAQ: CPWR), identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.


Crackdown on Mariposa: Botnet Infected 13 Million PCs

Security software firms worked with international law enforcement agencies, the FBI and the Georgia Tech Information Security Center to neutralize and eventually arrest three criminals who allegedly masterminded a massive botnet scam that ensnared more than 13 million PCs.  The suspects, who officials say called themselves the “Nightmare Days Team” and dubbed their botnet project “Mariposa,” were arrested at their Basque Country residence by Spanish authorities last month.  The arrests came after a year-long investigation by local law enforcement agencies and security software vendors Panda Security, which is headquartered in Bilbao, Spain, and Defence Intelligence of Ottawa, Ontario.


Tuesday, March 02, 2010

Symantec Chief Says Cloud Security the Next Step

With enterprise data growing at an overall rate of 60 percent per year, it’s time to take a closer look at that information and determine its economic value.  Because if we don’t, the bad guys certainly will.  That was the warning from Symantec (NASDAQ: SYMC) CEO Enrique Salem, speaking here at the RSA Conference 2010.  He warned that as computing power moves out to the cloud, that will drive a need for digital devices to provide you with greater access to that data.  But, he added, mobile devices are increasing in importance along with cloud computing, and they require new security methodologies to deter data theft.


Monday, March 01, 2010

State Of Application Security: Nearly 60 Percent Of Apps Fail First Security Test

Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software.  Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.


Verizon Offers Up Its Data Breach Framework

Verizon Business here today released to the public its framework for gathering and analyzing forensics data from a data breach that is the basis for its comprehensive annual data breach reports.  The hope is that the framework will facilitate more cooperation and data-sharing among breach victim organizations.