Month: November 2003

In a letter to the Senate on Monday, Bush called the Council of Europe’s controversial treaty “an effective tool in the global effort to combat computer-related crime” and “the only multilateral treaty to address the problems of computer-related crime and electronic evidence gathering.”

Even though the United States is a nonvoting member of the Council of Europe, it has pressed hard for the cybercrime treaty as a way to establish international criminal standards related to copyright infringement, online fraud, child pornography and network intrusions.

The U.S. Department of Justice says the treaty will eliminate “procedural and jurisdictional obstacles that can delay or endanger international investigations.”

Civil libertarians have objected to the treaty ever since it became public in early 2000, arguing that it would endanger privacy rights and grant too much power to government investigators.

“It would require nations that participate in the treaty to adopt all sorts of intrusive surveillance measures and cooperate with other nations, even when the act that’s being investigated is not a crime in their home country.”

So far, according to the Council of Europe, only three countries–Albania, Croatia and Estonia–have ratified the treaty.

The treaty requires each participating nation to ban the distribution of software that is designed for the “purpose of committing” certain computer crimes, requires Internet providers to ensure “expeditious preservation of traffic data” upon request, and permits real-time wiretapping of Internet service providers.

An addition to the Council of Europe’s cybercrime treaty would ban “hate speech” from the Internet, a common prohibition in European nations that violates the U.S. Constitution’s First Amendment.

The Justice Department said last year that it does not support the optional addition but still endorses the underlying treaty.

More info: [url=http://news.com.com/2100-1028_3-5108854.html?tag=nefd_top]http://news.com.com/2100-1028_3-5108854.html?tag=nefd_top[/url]

While the Redwood City, Calif., company didn’t detail any specific product plans, it said Wednesday that it intends to add features such as identity management and application security to its Web security products and internal firewalls.

It will also add the ability to audit systems for regulatory compliance to its internal security products.

The strategy, outlined at Check Point’s annual industry analyst conference, is the latest move by a security company to offer a more integrated and easily managed approach to securing corporate information systems. Check Point’s announcement confirms that integrating security is a trend that companies will be forced to follow, said Jeff Wilson, an industry analyst with technology watcher Infonetics Research.

Check Point’s Kraynak said that the company hasn’t decided on whether to release Check Point-branded hardware devices as it ventures into Web security and internal security.

More info: [url=http://rss.com.com/2100-7355_3-5109589.html?part=rss&tag=feed&subj=news]http://rss.com.com/2100-7355_3-5109589.html?part=rss&tag=feed&subj=news[/url]

The move, first publicly proposed on Tuesday to a security mailing list, is the latest by hackers and security researchers to fight off corporate public relations and government policies that aim to suppress information about vulnerabilities from the public.

Any group that represents the interests of vulnerability researchers could counter the Organization for Internet Safety–a group founded by Microsoft and several security firms that perform work for the software giant–which has proposed guidelines for the responsible disclosure of flaws.

The new group would help security experts contact software makers, make sure they are credited for their work, lobby against legislation that blocks research, and in some cases, act as a proxy between researchers and companies.

More info: [url=http://zdnet.com.com/2100-1105_2-5109642.html]http://zdnet.com.com/2100-1105_2-5109642.html[/url]

Infections from worms such as Blaster and Nimda are frequently traced back to mobile or remote workers; their PCs are less likely to have AV protection and up-to-date security.

In its initial phase, Cisco’s Network Admission Control technology will enable Cisco routers to enforce access privileges when an endpoint device attempts to connect to a network.

Software called Cisco Trust Agent runs on endpoint devices to determine their security state and communicates this information to the connected Cisco network where access control decisions are made and enforced. The program is described by Cisco as a key development in its Self-Defending Network Initiative, the networking giant’s strategy of integrating security services throughout Internet Protocol (IP) networks.

In future releases, this capability will be extended across multiple Cisco product platforms, including switches, wireless access points and security appliances.

More info: [url=http://www.theregister.co.uk/content/56/34055.html]http://www.theregister.co.uk/content/56/34055.html[/url]

Most notably, we witnessed the introduction of a potential major player in the intermediate- to senior-level: ISACA’s Certified Information Security Manager (CISM) certification.

In this semi-annual update to SearchSecurity’s certification landscape series, we introduce you to the many vendor-neutral security certifications available, and we re-evaluate the importance of several older elements, as you’ll read in part two.

This landscape features more security certifications than ever listed before — a total of 56, counting each GIAC credential.

While this article focuses on vendor-neutral certs, you can learn what is available by specific vendors in our accompanying article in this series.
More info: [url=http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci935445,00.html]http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci935445,00.html[/url]