Category: News

Analysts at the Farmington, Conn.-based company studied data from media reports, as well as several industry analyst reports, to develop the tool’s proprietary algorithms.

“Until now, organizations have struggled to assess the scope of their financial risk should they be hit with a data loss incident,” said Adam Sills, a lead underwriter with Darwin, in a written statement.

According to Darwin, organizations can use the Tech//404 Data Loss Cost Calculator to estimate their financial exposure in three categories: internal investigation expenses; customer notification and crisis management expenses, and regulatory/compliance expenses.

http://www.darkreading.com/document.asp?doc_id=121698&WT.svl=cmpnews2_1

The prototype so far has focused on one subset of RFID, the 13.56 ISO 15693 tags that are typically used in credit card and smart card applications.

http://www.theregister.co.uk/2007/04/08/rfid_guardian/

And many exploit providers simply wait for Microsoft Corp.’s monthly patches, which they then reverse-engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said.

While investigating a Trojan horse named Gozi recently, Jackson discovered that it was designed to steal data from encrypted Secure Sockets Layer streams and send it to a server in St. Petersburg, Russia. A customer query returning three passwords for a small retailer might cost 100 WMZ, while a query for 10 passwords for an international bank might fetch 2,500 WMZ or more. Customers could also choose how they wanted their search results delivered — as compressed files in e-mails or via FTP. In addition to the original Trojan horse, the server also hosted two ready-to-deploy variants in a separate staging area.

Often, groups such as the HangUp Team also offer a detection monitoring service with which they keep an eye on antivirus vendors to know exactly when signatures are available that can detect their malware.

The actual server hardware that the 76Service used was being managed by another entity called Russian Business Network (RBN), which provided Simple Network Management Protocol-based management and back-up services.

“We are not talking about kids doing it for kicks over the weekend anymore,” said Yuval Ben-Itzhak, chief technology officer at Finjan Inc., a San Jose-based security vendor. That report said that cybercriminals hold “vulnerability auctions” in which they sell information on freshly discovered software flaws to the highest bidder.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9015588&taxonomyId=17&intsrc=kc_top

A stakeholder group will be formed first to advise the Commission on the development of its RFID policy. The group will report back to the Commission by the end of 2008 on any reform to European laws that it thinks is needed.

Major issues, according to Reding, include privacy, trust and governance.

“We should stimulate the use of RFID technology in Europe while safeguarding personal data and privacy,” Reding told reporters at CeBit. Reding also said that the Commission would not tie up use of RFID in regulation. “When I come to CeBit, people ask, ‘What regulation are you proposing today?’
We must not overregulate RFID, but we must provide the industry with legal certainty,” she said.

The Commission also published a strategy report on Thursday that was produced after consulting with interested parties. In the report, the Commission said RFID tags–the hardware attached to the assets in question–needed to be more secure, particularly in terms of encryption and authentication.

http://news.com.com/Europe+to+develop+guidelines+on+RFID/2100-11746_3-6167977.html?tag=nefd.top

Clustering A new event log event has been created to address certain situations in which the Cluster service account becomes excessively restricted by domain policy. Data access components XmlLite is new with Windows Server 2003 SP2. XmlLite is a fast, low-level, native XML parser with a small memory footprint. Distributed…

In a memo to his staff, the DOT’s CIO Daniel Mintz says he has placed “an indefinite moratorium” on the upgrades as “there appears to be no compelling technical or business case for upgrading to these new Microsoft software products.

Among the concerns cited by Mintz are compatibility with software applications currently in use at the department, the cost of an upgrade, and DOT’s move to a new headquarters in Washington later this year.

“Microsoft Vista, Office 2007, and Internet Explorer [7] may be acquired for testing purposes only, though only on approval by the DOT chief information officer,” Mintz writes.

In an interview Friday, DOT chief technology officer Tim Schmidt confirmed that the ban is still in effect. The DOT’s ban on Vista, Internet Explorer 7, and Office 2007 applies to 15,000 computer users at DOT proper who are currently running the Windows XP Professional operating system.

The memo indicates that a similar ban is in effect at the Federal Aviation Administration, which has 45,000 desktop users.

http://www.informationweek.com/news/showArticle.jhtml?articleID=197700789