IT and Audit News
Privacy advocates ask U.S. government for a Do Not Track list;security experts discuss top 10 security gaps; Microsoft launches e-health service; survey offers tips on managing change.
Privacy Advocates Ask U.S. Government for a Do Not Track List
Nine privacy groups asked the U.S. Federal Trade Commission to implement a Do Not Track list similar to the currently used Do Not Call list, which will prevent consumers from having their online activities unknowingly tracked and used by marketers and advertisers.
Gov. Schwarzenegger Signs Law Prohibiting RFID Implants
The state of California has enacted legislation that prohibits employers and others from asking people to use radio frequency identification (RFID) tags. Other states, including Wisconsin and North Dakota, have adopted similar laws against RFID implants in humans.
Panel Endorses Bill to Stop Online Censorship
The U.S. Congress endorsed legislation that could bar Internet companies in the United States from cooperating with authorities in China and countries with similar political regimes.
Government Mishap Reveals Sensitive Information
A recent reply all e-mail sent to 7,500 people from the U.S. Department of Homeland Security flooded mail servers with more than 2 million e-mails, which revealed subscribers personal information, including telephone numbers and other classified data.
Bill Could Enable ID Theft Victims to Seek Financial Restitution
The U.S. Senate recently introduced a bill that would allow victims of identity theft to seek restitution for money and time spent repairing their credit history.
Security Experts Discuss Top 10 Security Gaps
Reviewing policies and procedures and enhancing physical security are two of the 10 security gaps experts have observed time and time again.
Authorities Seize US $2 Billion in Fake Checks
An Internet financial scam crackdown yielded more than US $2.1 billion in seized fake checks and 77 arrests in The Netherlands, Nigeria, and Canada.
Three Steps to Securing Virtual Machines
Keeping operating systems and applications patched, deploying intrusion detection software, and patching virtual machines will help to increase the security of virtual IT environments.
Smaller Botnets Are on the Rise
Criminals are decreasing botnet sizes to make it harder for security companies to track and contain their illegal operations.
Trojan Poses as Software Plug-in to Steal Usernames
The PWS-Pykse Trojan is tricking victims into executing malicious code by disguising itself as a Skype plug-in.
Hackers May Be Intercepting Internet Phone Calls
A security firm discovered that Internet phone service from Vonage Holdings Corp. is vulnerable to attacks by hackers who are able to intercept calls to the company's subscribers.
Security Expert Discusses Hijacked Domain Name Servers, Among Other Threats
Roger Thompson, chief technology officer of Exploit Prevention Labs, discusses the threats he is most concerned about and what organizations can do to protect their networks.
Company Invents Programming Language for Mass Surveillance
Researchers at AT&T developed Hancock, a C variant, to mine the company's telephone and Internet records for surveillance activities.
Microsoft Launches E-health Service
The software giant has launched an online health-care service that allows users to share health records online to help patients take control of their records and monitor their medical conditions.
Virtual Rootkits Do not Pose Security Threats
Researchers from Carnegie Mellon and Stanford universities say that rootkits that use virtualization techniques cannot remain undetected on a system.
Startups Are Offering Tools to Better Contain Insider Threats
Startup security companies are offering tools that give IT departments greater control over who's accessing corporate data.
Choosing the Right Software Vendor
The software-as-a-service model can help small and mid-size companies to benefit from software applications that save time and money.
Gmail Can Synchronize With iPhones and Desktops
Google mail, or Gmail, now uses technology that can synchronize with Outlook Express, Outlook 2007, Outlook 2003, Apple Mail, Windows Mail, and Thunderbird 2.0.
Cracking Software Could Make it Easier to Recover Passwords
New software uses a computer’s graphics and central processing units to decrease the amount of time required to recover forgotten passwords.
Software Vendors Address Security Flaws
Security software vendors Symantec Corp. and McAfee Inc. have addressed vulnerabilities criminals can exploit in their products to cause a denial-of-service attack or run malicious code.
OTHER IT AND AUDIT NEWS
Survey Offers Tips on Managing Change
In partnership with Tripwire, the IT Process Institute has identified best practices in change management. http://www.itweek.co.uk/itweek/news/2201187/itil-
U.S. Residents Have a Misconceived Notion of Security
A recent poll found that most U.S. residents have outdated or disabled security software that could lead to a virus or spyware attack.
UK Firms Lack Adequate Disaster Recovery Plans
A survey commissioned by Symantec found that organizations in the United Kingdom lack effective disaster recovery plans, thus leaving them vulnerable to fines and prosecution due to their inability to properly prepare for system outages.
Enhancing Encryption for PCI DDS Compliance
The IT Compliance Institute discusses five steps for overcoming encryption hurdles that may hinder compliance with the Payment Card Industry Data Security Standard, also known as the PCI DDS.
ID Thieves May Avoid Prison Charges
According to a study by the U.S. Secret Service, identity thieves have a 50 percent chance of avoiding jail time.
Non-technical Glossary of Malware Terms
CIO magazine defines some of the most commonly used IT terms.