CyberSecurity Institute

While some high-profile agencies have addressed privacy issues, “privacy is a much less mature concern in government” than security, Wohlleben said.

The 16th annual ITAA survey of U.S. government CIOs included interviews with 36 CIOs or assistant CIOs and three government oversight officials between August and December 2005.

In addition to security concerns, federal CIOs also identified as key priorities standardizing and consolidating their IT infrastructure, improving project management, and examining ways to use managed services from outside vendors, according to the survey.

One general theme in the interviews was concern about executing long-term plans, Wohlleben said. While federal CIOs see themselves as agents of change in coming years, shifting priorities within government can make it difficult to carry through long-term IT plans, he said. They’re multiyear implementations in a political environment where laws are being changed, in a budgetary environment where budgets are being changed.”

http://www.infoworld.com/article/06/03/07/76192_HNsecuritytopgovcio_1.html

China saw the largest increase in botnet activity with a 37 per cent growth of botnet infected systems and a 153 per cent increase in attacks originating there. That’s not to say China is full of criminals. But with a well-documented history of software pirating, it stands to reason that many systems hooking up to the Net in the People’s Republic aren’t patched properly and vulnerable to infection.

With a population of 1.3bn, the 94m Chinese who are online represents a point right at the bottom of the S-curve expected as the Internet revolution takes off there. If the black market in vulnerability trading increases, as Symantec predicts, massive numbers of systems coming online in China will prove an ideal vector for attack.

http://www.pcpro.co.uk/news/84523/black-market-thrives-on-vulnerability-trading.html

The debate over the virus sample has highlighted a rift between the more the conservative antivirus industry and a group of security researchers that do not adhere to the industry’s stance against publishing virus code and associating with virus writers.

Many security researchers believe that open disclosure of security vulnerabilities leads to better security. As those researchers begin to study viruses, worms and bot software, they argue that the same logic means the open discussion of threatening vectors for worms.

Last month, security researcher Kevin Finisterre admitted to creating the three versions of the OSX/InqTana worm and sending them to antivirus companies as a way to highlight weaknesses in Apple’s operating system.

“We work with people on a trust basis, people who have been in the industry and are known to us,” said Joe Telafici, director of operations for the antivirus emergency response team (AVERT) at security firm McAfee.

Graham Cluley, senior technology consultant at rival antivirus firm Sophos, also mentioned the articles as a reason for questioning the group’s conduct. “Right now, none of us can protect against this virus because we haven’t seen the code,” Cluley said.

http://www.securityfocus.com/news/11379?ref=rss