Category: News

At a press conference to set out the rules, DHS chief Michael Chertoff, played the Honest Joe card: “It’s very simple and it’s really a matter of common sense.

Applicants for driver’s licenses will need to bring documents to their state Department of Motor Vehicles offices to validate or prove five things: who they are, what their date of birth is, what their legal status is in the United States, their social security number and their address.

There are no solid plans to encrypt the barcode, meaning for example that bars might have access to patrons’ home addresses.

Inviting comment in its recommendations, the DHS said it “leans toward” scrambling the data, but said that cost might outweigh any privacy benefits. The history of such systems, such as the National DNA Database in the UK, suggest they are susceptible to mission creep; civil libertarians point out that once established, the only way for a database to go is bigger.

http://www.theregister.co.uk/2007/03/03/real_id_recommendations/

“Identity management is one aspect of security that becomes a lot more complex in a Web services environment, because now you need a way to preserve the identities of both users and applications across different services.

The merger of Cisco and Reactivity could make it easier for enterprises to build a common structure for Web services security in at the network level, rather than forcing application developers to resolve the security issues at the program level, experts say. From that standpoint, especially in the virtualized data center, Reactivity and Cisco are in a good spot to make things happen.” “There is a threat of external attacks, and we’re addressing that, but in Web services, there’s a more important threat, which are security problems caused inadvertently by misprogramming,” says Sirota.

http://www.darkreading.com/document.asp?doc_id=117912&WT.svl=news1_2

Data seepage — not to be confused with data leakage — is where seemingly innocuous data gets exposed by your chatty client applications over public WiFi connections, or even inside the enterprise network.

Robert Graham, Errata Security’s CEO and David Maynor, its CTO, will use this Windows- and Linux-based tool to demonstrate just how much danger data seepage can pose, during their Black Hat presentation on March 1.If your users are working from an airport or Panera Bread WiFi connection, their machines are announcing themselves to anyone else on those machines, which makes your corporate network a target.

The Oracle client, for instance, will try to connect to its server if you have cached credentials on your laptop.

“And Apple is even more chatty than Windows.”

Next, Errata will develop a proof of concept showing how an attacker could set up a trojan server that could respond to the client’s requests, posing as an Oracle database, Web server, or a wireless access point, says Graham.

http://www.darkreading.com/document.asp?doc_id=117636&f_src=darkreading_section_296

For an annual premium as low as $1,500 a year — or as high as several hundred thousand — enterprises can buy policies that will reimburse them in the event of unauthorized system access, stored data losses, customer privacy violations, cyber extortion, and cyber terrorism. Depending on the coverage, your company could receive reimbursements not only for downtime caused by a hack, but for lost business or legal settlements with complaining customers. If you work in a company that’s a high-risk target, and maintains shoddy security systems and practices, you can expect to pay a high premium for insurance.

A site like MySpace has to concern itself with liability costs associated with libel or other offenses that might be committed via the site.

There are many types of coverage — AIG’s NetAdvantage plan alone has 10 different offerings — but they can all be divided into “first party” or “third party” coverage, experts explain. “To get this type of coverage, you have to go through a broker,” Davis says.

http://www.darkreading.com/document.asp?doc_id=117536&f_src=darkreading_section_296

However, Paul Brettle, technical manager for Stonesoft said that the long lead time for development of security products was no different to what happened with previous versions. He said that Microsoft has been much more efficient in getting the product out to third-party providers to enable them to be Vista aware. “Microsoft has significantly changed several parts of the architecture of Windows for Vista,” said Brettle. “This has forced many providers of security solutions to completely re-engineer their software to support this change.”

http://www.itpro.co.uk/news/102716/malware-more-compatible-with-vista-than-antimalware-products.html

The Coast Guard is requiring the same of all Coast Guard personnel who connect to the services network over Standard Work Station III (SW III) computers, according to a Dec. 21 message sent to all personnel by Rear Adm. The Coast Guards requirement stems from directives by the U.S. Strategic Command regarding DOD Information Operations Condition (Infocon) procedures and Homeland Security Department policy directives on sensitive systems, Hewitts message said.

Last month, DOD raised its Infocon status from Level 5, or normal operating conditions, to Level 4 in the face of continuing and sophisticated threats to DOD networks.

http://www.fcw.com/article97216-12-28-06-Web