Security News Curated from across the world
Lurie said progress has been made in using technology to improve communications and pandemic surveillance but that more investment was needed.
As a step toward establishing methods to measure whether a community is ready for a large-scale health emergency, RAND recently convened an expert panel to come to a clear definition of public health preparedness.
http://govhealthit.com/article102525-04-20-07-Web
The exec explained that Six Flags, which owns 29 parks in the U.S. and Mexico, is in the middle of a major IT restructuring, which involves “segmenting” different parts of the business for security purposes.
“For example,” he said, “if we bring Kodak in to sell photos to our customers, they are on their segment and it can’t be hacked into.”
Encryption was also high on the agenda during the panel debate, prompted by the apparent ambivalence of many IT managers toward the technology. Just over a quarter of respondents confirmed that they encrypt laptop data, although only 8 percent lock down data on all devices, such as USB drives.
The biggest gripe from the panelists concerned the lack of security for portable media such as USB drives, which is something of an ongoing source of frustration for many IT managers.
http://www.darkreading.com/document.asp?doc_id=122196&WT.svl=news2_2
“Previously, they may have been lost in the general noise of one to two million pieces of malware per day,” the report states. “Target organizations are those with data worth stealing,” the report says.
“One gang has been using the same two attack files since November 2006,” the report says. The Taiwan gang changes its source IP address frequently, making it hard to detect, MessageLabs says. The IP address hosting the Web server that dishes out the malware is registered to China United Telecommunications Corp. in Beijing. Emails from the Taiwan gang are not particularly attractive, generally showing only a string of unreadable characters and carrying attachments.
Many antivirus applications do not yet detect the Trojan, according to the messaging security company.
http://www.darkreading.com/document.asp?doc_id=122009&WT.svl=news2_5
More interesting are those areas with the highest per capita rate of perps: the District of Columbia, Nevada, New York, Tennessee, Maine, and Florida.
http://www.usnews.com/usnews/news/badguys/070416/top_10_internet_crimes_of_2006.htm
Key conclusions
– Europe’s IT professionals overwhelmingly indicate (78%) that data theft represents the primary information security threat – more significant than either viruses or hacker infiltration
– Of all possible results of compromised information security, the threat of leakage of confidential information is keeping more members of the IT department (93%) awake at night than any other
– Europe’s primary data leakage channels are identified as portable storage devices, e-mail, and Internet-based channels such as web-mail and forums
– Only 11% of those surveyed were confident their company’s information security had not been breached over the last year – a figure which closely mirrors the number of companies with anti-leakage solutions in place – with 42% admitting to between 1-5 breaches and 37% unable to say with certainty that that no breach had occurred
– The lack of industry standards is highlighted as the primary obstacle (42%) to wider implementation of anti-leakage technologies
– Perceived solutions include the deployment of comprehensive anti-leakage software, the implementation of appropriate organizational measures – such as clear and consistent internal security policies – controls on external network access, and raising staff awareness and discipline through training.
http://www.viruslist.com/en/analysis?pubid=204791935
“They put in Windows with no intention of ever patching it, and then they are surprised when they get hit by a worm,” Graham says. Or they avoid patching and vulnerability testing because these processes pose risks of their own for SCADA systems –introducing other bugs to their highly sensitive and uptime-demanding systems, for instance. “They are managed by a Pearl Harbor-type mentality,” Graham says.
Attacks exploiting the latest OPC bugs could be avoided if logins were required in the app because the attacker needs login privileges to do his dirty work.
“Auditing is not as in-depth in my opinion or as transparent for SCADA” as it is for other industries. And some security experts say commercial IDS/IPS, antivirus, and SIM products don’t really fit for SCADA.
Mark Fabro, CEO of Lofty Perch, which makes SIM solutions for the water utility industry as well as other critical infrastructure companies, says commercial IDS/IPS and SIM systems don’t map well to industry control systems, where there are thousands of different protocols, many of them proprietary.
http://www.darkreading.com/document.asp?doc_id=121887