IT and Audit News
Privacy advocates ask U.S. government for a Do Not Track list;security experts discuss top 10 security gaps; Microsoft launches e-health service; survey offers tips on managing change.
______________________________________
GOVERNMENT GRAPEVINE
Privacy Advocates Ask U.S. Government for a Do Not Track List
Nine privacy groups asked the U.S. Federal Trade Commission to implement a Do Not Track list similar to the currently used Do Not Call list, which will prevent consumers from having their online activities unknowingly tracked and used by marketers and advertisers.
http://www.eweek.com/article2/0,1895,2210389,00.asp
Gov. Schwarzenegger Signs Law Prohibiting RFID Implants
The state of California has enacted legislation that prohibits employers and others from asking people to use radio frequency identification (RFID) tags. Other states, including Wisconsin and North Dakota, have adopted similar laws against RFID implants in humans.
http://www.informationweek.com/security/showArticle.
jhtml?articleID=202402856
Panel Endorses Bill to Stop Online Censorship
The U.S. Congress endorsed legislation that could bar Internet companies in the United States from cooperating with authorities in China and countries with similar political regimes.
http://news.scotsman.com/latest_technology.
cfm?id=1694812007
Government Mishap Reveals Sensitive Information
A recent reply all e-mail sent to 7,500 people from the U.S. Department of Homeland Security flooded mail servers with more than 2 million e-mails, which revealed subscribers personal information, including telephone numbers and other classified data.
http://www.computerworld.com/action/article.do?command=
viewArticleBasic&articleId=9040878&intsrc=hm_list
Bill Could Enable ID Theft Victims to Seek Financial Restitution
The U.S. Senate recently introduced a bill that would allow victims of identity theft to seek restitution for money and time spent repairing their credit history.
http://www.informationweek.com/news/showArticle.jhtml;
jsessionid=JJ0B5VIB3ML5UQSNDLPSKHSCJUNN2J
VN?articleID=202403735
______________________________________
SECURITY UPDATES
Security Experts Discuss Top 10 Security Gaps
Reviewing policies and procedures and enhancing physical security are two of the 10 security gaps experts have observed time and time again.
http://www.itcinstitute.com/display.aspx?id=4348
Authorities Seize US $2 Billion in Fake Checks
An Internet financial scam crackdown yielded more than US $2.1 billion in seized fake checks and 77 arrests in The Netherlands, Nigeria, and Canada.
http://www.news.com/Spam-scam-crackdown-nets-2-
billion-in-fake-checks/2100-7348_3-6211585.html?
tag=cd.top
Three Steps to Securing Virtual Machines
Keeping operating systems and applications patched, deploying intrusion detection software, and patching virtual machines will help to increase the security of virtual IT environments.
http://security.itworld.com/4367/nlssecurity071009/
page_1.html
Smaller Botnets Are on the Rise
Criminals are decreasing botnet sizes to make it harder for security companies to track and contain their illegal operations.
http://www.news.com/F-Secure-sees-smaller-botnets-
on-the-rise/2100-7349_3-6210900.html?tag=cd.top
Trojan Poses as Software Plug-in to Steal Usernames
The PWS-Pykse Trojan is tricking victims into executing malicious code by disguising itself as a Skype plug-in.
http://www.informationweek.com/security/showArticle.jhtml
?articleID=202403942
Hackers May Be Intercepting Internet Phone Calls
A security firm discovered that Internet phone service from Vonage Holdings Corp. is vulnerable to attacks by hackers who are able to intercept calls to the company's subscribers.
http://news.scotsman.com/latest_technology.cfm?
id=1698512007
Security Expert Discusses Hijacked Domain Name Servers, Among Other Threats
Roger Thompson, chief technology officer of Exploit Prevention Labs, discusses the threats he is most concerned about and what organizations can do to protect their networks.
http://searchsecurity.techtarget.com/qna/0,289202
,sid14_gci1280366,00.html
Company Invents Programming Language for Mass Surveillance
Researchers at AT&T developed Hancock, a C variant, to mine the company's telephone and Internet records for surveillance activities.
http://blog.wired.com/27bstroke6/2007/10/att
-invents-pro.html
______________________________________
SOFTWARE UPDATES
Microsoft Launches E-health Service
The software giant has launched an online health-care service that allows users to share health records online to help patients take control of their records and monitor their medical conditions.
http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9040999&
intsrc=hm_list
Virtual Rootkits Do not Pose Security Threats
Researchers from Carnegie Mellon and Stanford universities say that rootkits that use virtualization techniques cannot remain undetected on a system.
http://www.news.com/Virtual-rootkits-not-a-problem%2C-
say-researchers/2100-7349_3-6211166.html?tag=cd.top
Startups Are Offering Tools to Better Contain Insider Threats
Startup security companies are offering tools that give IT departments greater control over who's accessing corporate data.
http://www.informationweek.com/security/showArticle.
jhtml?articleID=202403843
Choosing the Right Software Vendor
The software-as-a-service model can help small and mid-size companies to benefit from software applications that save time and money.
http://smallbusiness.itworld.com/4394/071018smbsaas/
page_1.html
Gmail Can Synchronize With iPhones and Desktops
Google mail, or Gmail, now uses technology that can synchronize with Outlook Express, Outlook 2007, Outlook 2003, Apple Mail, Windows Mail, and Thunderbird 2.0.
http://www.informationweek.com/software/showArticle.jhtml;
jsessionid=Y3UUE4STOIGGUQSNDLPSKHSCJUNN2JVN
?articleID=202601159
Cracking Software Could Make it Easier to Recover Passwords
New software uses a computer’s graphics and central processing units to decrease the amount of time required to recover forgotten passwords.
http://www.informationweek.com/software/showArticle.jhtml;
jsessionid=Y3UUE4STOIGGUQSNDLPSKHSCJUNN2JV
N?articleID=202601180
Software Vendors Address Security Flaws
Security software vendors Symantec Corp. and McAfee Inc. have addressed vulnerabilities criminals can exploit in their products to cause a denial-of-service attack or run malicious code.
http://searchsecurity.techtarget.com/originalContent/
0,289142,sid14_gci1280365,00.html
______________________________________
OTHER IT AND AUDIT NEWS
Survey Offers Tips on Managing Change
In partnership with Tripwire, the IT Process Institute has identified best practices in change management. http://www.itweek.co.uk/itweek/news/2201187/itil-
offers-tips-managing
U.S. Residents Have a Misconceived Notion of Security
A recent poll found that most U.S. residents have outdated or disabled security software that could lead to a virus or spyware attack.
http://www.news.com/Poll-Americans-wrong-about-computer-
security/2100-1029_3-6211093.html?tag=cd.top
UK Firms Lack Adequate Disaster Recovery Plans
A survey commissioned by Symantec found that organizations in the United Kingdom lack effective disaster recovery plans, thus leaving them vulnerable to fines and prosecution due to their inability to properly prepare for system outages.
http://www.itweek.co.uk/itweek/news/2201373/storage
-stats-paint-disastrous
Enhancing Encryption for PCI DDS Compliance
The IT Compliance Institute discusses five steps for overcoming encryption hurdles that may hinder compliance with the Payment Card Industry Data Security Standard, also known as the PCI DDS.
http://www.itcinstitute.com/display.aspx?id=4383
ID Thieves May Avoid Prison Charges
According to a study by the U.S. Secret Service, identity thieves have a 50 percent chance of avoiding jail time.
http://security.itworld.com/5010/071023idtheft/
page_1.html
Non-technical Glossary of Malware Terms
CIO magazine defines some of the most commonly used IT terms.
http://www.cio.com/article/135453/
|
Print Article