barbara haven: Security

Thu, 09 Dec 2004 00:25:55 GMT

California Bill Would Restrict Researchers' Access to State Agency Data (2 December 2004).

California state senator Debra Bowen has proposed legislation that would prohibit state agencies from providing researchers with data that personally identifies California citizens.......[SANS NewsBites]

How this is implemented will be interesting to watch, because the ability to personally identify from very little data is probably not covered by this. Zip code and birthday date uniquely identified a large (majority?) of people, so the database would need to carefully designed with any large amount of data.

Wed, 08 Dec 2004 19:37:19 GMT

Free tools, always appealing

Universities Get Minimum Security Benchmarks And Free Testing Tools (29 November 2004).

EDUCAUSE has contracted with the Center for Internet Security (CIS) to allow all 4,000 universities that are EDUCAUSE institutional members to get free licenses to use and redistribute CIS minimum security benchmarks and security testing tools on college- and university-owned systems and on students, faculty, and employee-owned systems.......

[SANS NewsBites] [Rock Regan's Radio Weblog]

Wed, 08 Dec 2004 19:36:19 GMT

Security as Strategic Priority #1, an easy case to make

Experts want more government focus on cybersecurity. The Bush administration should spend more on cybersecurity research, share threat information with private-sector security vendors and set up an emergency computer network that would continue working during Internet blackouts, a computer security trade group said today. [Computerworld News] [Rock Regan's Radio Weblog]

Fri, 30 Jul 2004 01:28:01 GMT

Gates' house party draws police protection. The U.S. Department of Homeland Security announces an official "Gates Residence Security Zone." [CNET News.com]

Can I get one too? Please, Homeland Security?

Fri, 30 Jul 2004 01:24:34 GMT

InfoWorld: NIST says DES encryption 'inadequate'. The advent of massively parallel computing has rendered DES inadequate to protect federal government information, NIST said. The institute, part of the U.S. Department of Commerce, is proposing that the government withdraw Federal Information Processing Standard certification for DES... [Tomalak's Realm]

Wed, 28 Jul 2004 21:48:17 GMT

Web Worm Precautions

You've probably read the news and maybe wondered what to do:
Web Worm Seen Abating, But Leaving Systems Exposed. A computer worm that over the last 24 hours disrupted some of the world's most popular sites, including Google, tapered off as computer users patched up their defenses, analysts said. By REUTERS. [The New York Times > Technology]

If you run Windows, Computer Cops has an article on ten must-do tips to make your Windows PC more secure.

Mon, 28 Jun 2004 16:15:41 GMT

Gates dishes out security promises. Chairman says Microsoft will reduce the security updates required for Windows releases and will convince consumers to turn on auto-update. [CNET News.com]

Tue, 11 May 2004 19:57:13 GMT

RSA launches identity manager. The security software maker's product is designed to help companies securely exchange digital identities of their customers with partners and other enterprises. [CNET News.com]

In the near future, many companies and organizations planned to purchase identity management solutions (according to a source I left on another computer).

A local professional group has a meeting this evening: I joined the IT Service Management Forum. I took the Service Manager Certification Exam at the end of April, and won't hear results until next month. This exam has less than 60% pass rate— I hate the wait for results.

Background sound this morning: The Real Tuesday Weld: nostalgic but current, London in the 30s (Americans hyphenate decades, but Brits don't—or is it the other way? My transatlantic reading confuses me.)

Mon, 15 Mar 2004 23:33:23 GMT

Mon, 05 Jan 2004 20:47:39 GMT

Security flaws force Linux kernel upgrade. Open-source developers release a new version of the operating system core that fixes several bugs, including two that would grant access to intruders. [CNET News.com - Front Door]

Thu, 18 Dec 2003 21:12:25 GMT

Salon: From January 24, 2001; Crypto for the people [Tomalak's Realm]

Thu, 18 Dec 2003 21:01:14 GMT

Microsoft tidies house. roundup A beta update to Windows XP pulls down the security shutters. Plus: Microsoft sues spammers, and government bodies turn away from Office. [CNET News.com - Front Door]

Fri, 14 Nov 2003 21:42:42 GMT

CIO: FrankenPatch. Those looking to cast blame--and there were many--cried a familiar refrain: If everyone had just patched his system in the first place, Slammer wouldn't have happened. But that's not true. And therein lies our story. Slammer was unstoppable. Which points to a bigger issue: Patching no longer works. [Tomalak's Realm] This seems worth a reading later because it coincides with my patching frustration. SO if patching doesn't work, do they have a better solution?

Mon, 10 Nov 2003 21:49:49 GMT

FBI on look-out for foreign government hackers. New Ashcroft directives have broader language than 1995 from Reno. [The Register]

Wed, 15 Oct 2003 23:24:36 GMT

In this month's Crypto-gram newsletter, Bruce Schneier assesses the current California Security Breach Information Act and finds when disclosure is and is not required. This act forces companies disclose some security breaches to affected people--at least those who live in California.

Among the source documents, read the text of the California law:
<http://www.privacyprotection.ca.gov/code/...>

Do many information keepers know which of their data belongs to people who live in California?

Wed, 08 Oct 2003 18:48:54 GMT

Salon: E-mail is broken. Q&A with Dave Farber, Brad Templeton and Jakob Nielsen. You can't go home again, or at least, you can't go back to a home without spam. The questions now are: Can e-mail be saved? How bad is the problem, really? And what can be done to fix it? [Tomalak's Realm]

I appreciate Dave Farber's comments. My own email became messy recently. I've violated my personal rules for segregating email addresses. This past weekend I sent myself emails from different domains where I have email, and found sbcglobal.net blocked the email domain I thought was reliable. I'd kept that one "clean" and never publically posted, so it's probably guilt by association. Who knows? It's not on the usual lists.

Thu, 25 Sep 2003 17:21:12 GMT

Gov't agency uses buying power to encourage security. WASHINGTON - The U.S. government has started to use its immense purchasing power to influence cybersecurity, beginning with a Department of Energy (DOE) contract with Oracle Corp. that requires the software vendor to build in security configurations. [InfoWorld: Top News]

Thu, 25 Sep 2003 17:20:12 GMT

Virus strikes State Department. A computer virus hits the federal department, affecting the performance of the government's IT system that manages visa approvals, according to published reports. [CNET News.com - Front Door]

Tue, 12 Aug 2003 16:07:46 GMT

Windows worm starts its spread. "MBlast," which takes advantage of what some security experts have called the most widespread Windows flaw ever, starts making its way around the Net. [CNET News.com] NPR had this on the news this morning. I heard it as I cleaning up breakfast, and shuddered at the thought that it seems major enough to makes the news--juxtaposed between the California recall and European heatwave. Good morning, off to a flying start.

Wed, 06 Aug 2003 22:24:01 GMT

Study reveals bad password habits Relatedly, I saw Microsoft had posted many Rorschach inkblots to help people choose better passwords. People would use the first and letters of the images that the colorful inkblots suggested to you. One hopes different people see different things, and don't talk about what they saw. For example, if in an inkblot you saw a flying tiger, then you would insert the first letter of flying and the last of tiger into the password. This method mostly lacks numbers and special characters and clues for upper- and lower-case letters.

Mon, 04 Aug 2003 18:23:27 GMT

Reference List of Security Weblogs provides useful pointers after an enjoyable MS security-related weblog @cyberforge went dark a month ago (won't link to @cyberforge now, but probably did last June or May). One weblog Netsec links to current resources (things last weekend). Security changes and is difficult to keep up-to-date, but that is stating the obvious.

Mon, 07 Jul 2003 18:09:24 GMT

Uneasiness About Security as Government Buys Software. A whistle-blower who develops software for the National Security Agency says that much of the work is subcontracted to China, raising serious national security risks. By John Markoff. [New York Times: Technology]

Wed, 25 Jun 2003 21:30:49 GMT

IE flaw could unearth worm. A vulnerability in Microsoft's Internet Explorer browser could result in the creation of a serious Internet worm, security experts warn. [CNET News.com] Odd headline, but once again a buffer overflow causes problems.

Thu, 12 Jun 2003 18:31:21 GMT

Microsoft Swats at Stealthy Web Bugs. Privacy advocates say a shift by Microsoft could effectively marginalize a particularly intrusive use of Web bugs, the tracking and profiling devices used by online marketers and spammers. By Thomas J. Fitzgerald. [New York Times: Technology]

Fri, 06 Jun 2003 21:50:46 GMT

Government forms cybersecurity unit. The Department of Homeland Security says it has created a new division to address threats to the nation's "critical infrastructure assets." [CNET News.com]