Security News Curated from across the world
Check fraud increased last year over 2008; 42 percent of the victims say their checks were stolen and their signatures forged, up from 35 percent the previous year.
The ITRC says the bottom line is you can’t completely prevent ID theft.
http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=224900713&cid=RSSfeed
Let’s face it, it’s an ongoing battle to get security, performance, reliability, auditing, and availability all right. Even when the benefits are undeniable, it’s still a good idea to go slow, a lesson that should have been relearned with server virtualization.
Boosting server utilization by a factor of 10 and consolidating lots of underused systems is a great thing, but the virtual server sprawl that quickly followed is a management nightmare.
Moving fully to cloud computing implies virtualizing storage and networking and putting a healthy bet on the capabilities of those not-so-mature management tools.
The main business reasons for moving to private clouds are lowering ongoing costs, reducing capital investment, and accelerating delivery of services.
http://www.informationweek.com/news/software/hosted/showArticle.jhtml?articleID=224900576
ICS Cyber Security Solutions — A Complex Mix
There are significant factors that make ICS cyber security difficult for suppliers as well as end users. An ICS cyber security solution is not a single product; instead it is a combination of architecture, practices, behavior, security components — both hardware and software — and 3rd party services.
http://www.automation.com/content/arc-advisory-ics-cyber-security-market-driven-by-risk?x=1&pagePath=00000000,00000307,00002525
“One of every four American homes (24.5 percent) had only wireless telephones (also known as cellular telephones, cellphones, or mobile phones) during the last half of 2009 — an increase of 1.8 percentage points since the first half of 2009,” the National Center for Health Statistics wrote in a report (available here in PDF format).
The wireless carriers love this, because the money is in data plans, not voice plans, noted Avi Greengart, research director for mobile products at Current Analysis. And while the numbers are surprising, there’s more to it, he added. “I think some of these trends are a little overblown. Rise in text and dip in voice is due to the competitive factors that have forced voice package prices down and forced carriers to offer unlimited packages,” he told InternetNews.com.
He noted that U.S. minutes of voice usage are still higher than anywhere else in the world. “We’ve gone from an era where the only way to get in touch with someone was by phone. Then came e-mail, then text and now social network messages and instant messenger.”
http://www.cioupdate.com/features/article.php/3882366/Bye-Bye-Landlines-Voice-Communication.htm
Threats on portable storage devices rose to the top of the list as the most popular malware, evident by a rash of AutoRun infections that held the No. 1 and No. 3 spots for top five malware over the last quarter. Security experts contend that attacks delivered via portable storage devices have experienced a revival in recent months, after being dormant for an extensive period of time. “It’s kind of like your old-school style of malware, one device to another device” said Dave Marcus, security research and communications manager for McAfee Labs.
All of the top five threats remained consistently popular worldwide.
Marcus said that social-engineering attacks, particularly those targeting social networks, are continuing on a rapid upward trend. “A lot of people don’t realize the bad guys read the same news the good guys do,” Marcus said.
And despite reports of copious malware sourced internationally, the report also showed that the U.S hosted the vast majority of new malicious URLs, totaling 98 percent.
http://www.crn.com/security/224900212
Lawyers speaking at the Law Seminars International event on Monday offered advice about the types of research companies should do before signing up for cloud services to make sure they can protect themselves from potential legal fallout.
One of the most important issues facing companies that wish to store or process data in the cloud is determining which legal systems have jurisdiction over the data. A company using a cloud service could have users all over the world and those users’ information could be shifted to facilities around the globe. “So there are four possible legal locations for the information at any moment,” James said. Laws applicable to the location of the company’s headquarters, the location of the servers, the location of the consumer and the location of the communications equipment transmitting the information between the user and the provider could all potentially apply.
On the federal level, legislation like the Health Insurance Portability and Accountability Act and the Children’s Online Privacy Protection Act defines how businesses handle certain kinds of data like information related to health and children.
In addition, 45 states have laws covering how companies must secure customer data. “Although many state statutes are similar, there are enough outliers that you need to think about them,” said Reingold. For instance, some states define personally identifiable information as including a mother’s maiden name, biometrics and birth dates while others only include more basic information like name, Social Security number and driver’s licence number.
“The reason we can have this service that is inexpensive is because [cloud providers] can put their servers anywhere and can shift loads based on things like where the cost of energy is lower,” said Francoise Gilbert, a lawyer with IT Law Group.
Some companies may initially think it’s a good strategy to find a provider with data centers in countries that have no data protection laws. Europe and a few countries that have adopted a similar model including Tunisia, Morocco and Uruguay have clear laws covering what kinds of personal data companies can store and whether they can move that data in and out of the country. In the U.S., companies may collect some of that information to look for diversity in their workforce. But if they use a cloud provider with data centers in Europe, European law prohibits them from storing that kind of data.
“The legal system has been far, far outpaced by technology,” said Reingold.
http://www.pcworld.com/businesscenter/article/196578/cloud_service_users_face_confusing_legal_landscape.html