October 2008 – Page 4 – CyberSecurity Institute

UK cybercrime overhaul finally comes into effect

Posted on October 2, 2008December 30, 2021 by admini

Scotland has devolved authority in areas such as computer crime law, so measures such as the clear criminalisation of denial of service attacks entered the statue books north of the border a year ago in October 2007. First up, the maximum penalty for unauthorised access to a computer system (the least serious of three hacking offences covered in the original act) has been raised from six months to two years in prison, making the offence serious enough that an extradition request can be filed.

Requests to introduce changes along these lines were made repeatedly by industry representatives during parliamentary hearings on UK computer crime laws, but are nonetheless controversial in some circles.

Spyblog describes the changes as “ill-defined” and duplicated in the Identity Cards Act 2006 as far as attacks on the planned National Identity Register centralised database are concerned.

Politicians initially suggested an outright ban on so-called hacking tools, which would have made possession of dual-use software package such as Nmap a criminal offence.

Following industry lobbying the measures were modified but still include provisions that criminalise the distribution or creation of “hacking tools” where criminal intent can be established, modifications that have failed to satisfy security experts.

http://www.theregister.co.uk/2008/09/30/uk_cybercrime_overhaul/

New Federal Law Targets ID Theft, Cybercrime

Posted on October 2, 2008December 30, 2021 by admini

Under current law, federal courts only have jurisdiction if the thief uses interstate communication to access the victim’s PC.

Some ID theft victims can spend thousands of dollars and months or years dealing with credit bureaus and debtors from accounts fraudulently opened in their names, but the law doesn’t appear to take into account lost opportunities associated with identity theft.

http://voices.washingtonpost.com/securityfix/2008/10/new_federal_law_targets_id_the.html?nav=rss_blog

Secure Computing Unveils Cyber Security Initiative

Posted on October 2, 2008December 30, 2021 by admini

Secure Computing is used by the world’s most demanding customers to virtually eliminate risks from cyber attacks, espionage or sabotage that may cause loss of life, property, economic loss and disruption or create devastating environmental disasters.

Timed in conjunction with the fifth annual National Cyber Security Awareness (NCSA) Month in October, Secure Computing’s Cyber Security Initiative kicks-off an intensive effort to provide corporations with informative research, tools, technologies, solutions and best practices vital for companies and federal agencies evaluating–or re-evaluating–their approach to critical infrastructure protection. Critical infrastructure comprises all computer systems that can be targets of criminal threats, industrial espionage and/or politically motivated sabotage such as the power grid, water supply, railways, nuclear energy plants and more.
Attacks on such networks can cause loss of life, threaten public safety, impact national security, or create economic upheaval or environmental disaster. It is estimated that the destruction from a single wave of cyber attacks on U.S. critical infrastructures can exceed $700 billion USD — the equivalent of 50 major hurricanes hitting U.S. soil at once.

“Even though businesses and government agencies know they need to secure their networks, many don’t have the in-house expertise or time it takes to fully secure systems,” explained Scott Montgomery, vice president of Global Technical Strategy for Secure Computing. “We want to elevate awareness so that they understand how to change behavior to make security a high priority.” In the industries where security is paramount and network-to-network interconnection is the norm, security is not an option…it is a necessity.

With a unique combination of high-speed application layer defenses, reputation scores, geo-location control, and long history of no patches or hacks, Secure Computing can defend critical networks without jeopardizing their core functionality and availability requirements. Security is needed to protect key aspects of the network: the control system assets themselves and information about critical assets. A major urban utility company servicing over 10 million customers purchased Secure Computing’s Secure Firewall (previously known as Sidewinder) 14 years ago to protect their control network.

The data and resulting analysis will be published on the website mid-October.

http://www.ebizq.net/news/10350.html

IT security fears snarl business innovation

Posted on October 2, 2008December 30, 2021 by admini

“Today’s businesses cannot grow in the absence of a healthy environment for the realization of new innovations,” said IDC Vice President Chris Christiansen in a prepared statement.

· And, creating a repeatable process for making risk/reward calculations for new initiatives.

http://www.securityinfowatch.com/online/IT-Asset-and-Technology-Centers/IT-security-fears-snarl-business-innovation/17857SIW364

Why Risk Management Doesn’t Work

Posted on October 2, 2008December 30, 2021 by admini

The Verizon report is a collective analysis of some 530 forensic investigations of data breaches that the company has done in large enterprises. It breaks down the causes of the breaches by industry and draws conclusions about the most common types of attacks committed in each.

In financial services, for example, Verizon investigated many sophisticated attacks involving cooperation of insiders and organized outsiders, as well as social engineering. In the food and beverage industry, on the other hand, the attacks were much less sophisticated, and the likelihood of internal attacks was only about 4 percent, while the likelihood of external and partner attacks was 70 percent to 80 percent. “In food and beverage, though, we saw a lot more repeatable, data-compromise-in-a-box sort of attacks — sort of the way…” Verizon found similar differences in the sophistication and approaches used to attack data in other industries, including retail and high technology.

Retail, for example, reported the highest number of breach incidents, but a relatively low level of attack sophistication.

What these results might mean, Sartin says, is that employing a generic risk calculation, such as the likelihood of insider threats, may be a mistake unless industry-specific factors are accounted for.

http://www.darkreading.com/document.asp?doc_id=165107&WT.svl=news2_3

EU to introduce ‘virtual strip searches’ at airports by 2010

Posted on October 1, 2008December 30, 2021 by admini

Air passengers scanned by the new technology walk into a large booth where electromagnetic waves are beamed on to their body to create a virtual three-dimensional “naked” image from reflected energy.

Gareth Crossman, Director of Policy at Liberty, said: “I don’t think people are aware of what these scanners can do and how demeaning it is to have your body on display.

Security officials in the United States have pioneered use of the scanners at New York and Los Angeles airports because the technology reveals the contours of the body, picking up hidden items, such as guns or knives, more effectively than standard physical “pat-down” checks. Paolo Costa, Chairman of the European Parliament’s Transport Committee, is concerned over the safety of the new technology and how “nude” images of passengers will be viewed, then stored, by security officials.

http://www.telegraph.co.uk/news/worldnews/europe/3110533/EU-to-introduce-virtual-strip-searches-at-airports-by-2010.html