tagged w/ Financial Identity
-
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.The US Defense Information Systems Agency announced that it is going to released a... more
-
-
By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit of breachery from the Miami Herald: It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings...By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit... more
-
-
Review the state of play of cyber security for the government and the private sector, including recommendations on how to create a more productive public-private partnership. Cyber security policies are rapidly expanding, indicating the critical threat faced by any organization using Internet-based technologies. In 2008, the Bush Administration launched the most comprehensive cyber security policy review in the federal government’s history. Soon after taking office, President Obama tasked the National Security Council to review our nation’s cyber security policy. In April, the first major bill calling for broad federal regulations and unprecedented power over private sector cyber systems was introduced in the Senate.Review the state of play of cyber security for the government and the private sector,... more
-
-
Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate.Thieves prey on our deepest and strongest emotions, and two people madly in love and... more
-
-
Sun Tzu’s theories are for the tactically minded professional wanting to secure every possible advantage - for the professional who wants to understand the mental, moral, and physical realms of conflict. WHY? Because that’s how we win on the street.Sun Tzu’s theories are for the tactically minded professional wanting to secure... more
-
-
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises” -Tom Gillis, VP and general manager of Cisco.
According to Cisco Systems’ Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy.“We see many signs that criminals are mimicking the practices embraced by... more
-
-
The majority of Twitter users don’t mind sharing their tweets (i.e. their Twitter updates) with the rest of the world. After all, sharing ones thoughts/actions is at the core of social networks like Twitter, Facebook, MySpace. However, what users often don’t realize is that in aggregate, their tweets paint a picture about who they really are.The majority of Twitter users don’t mind sharing their tweets (i.e. their... more
-
-
Why cyber defense? How is this different than “security”? The difference is in motivation, purpose, and risks. Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.Why cyber defense? How is this different than “security”? The difference... more
-
-
Report: Naked video of ESPN reporter used to spread virus; Cyber expert shortage may hinder government in protecting Web sites, internal systems; Adobe promises patch for seven-month old Flash flaw; Report: federal documents detail iPods overheating, catching fire; Vietnam security firm in trouble after tracking hackers; Adobe investigating zero-day bug in Flash; Blackberry maker questions Etisalat software upgrade; Open-source firmware vulnerability exposes wireless routers; Clever attack exploits fully-patched Linux kernel; Trust but verify: Security risks abound in the IT supply chain…Report: Naked video of ESPN reporter used to spread virus; Cyber expert shortage may... more
-
-
Simple social engineering tactics can often be used to get to sensitive information simply by supplying a valid SSN. I know many of the business companies I’ve called, when just doing unscientific tests, started out the call with, “May I have your account number please?” To which I say, “Oh, darn; I don’t have that with me! Could I give you my SSN instead?” And usually they say, “Sure; give me the SSN.” Bingo. Social engineering is powerful and used by many crooks.Simple social engineering tactics can often be used to get to sensitive information... more
-
-
Computerworld reports that one in five companies search social networking sites during the hiring process, although many experts believe that number is much higher. You may think that you’re immune to ID theft or misinformation because you don’t have any MySpace, Twitter or Facebook accounts- but read on and you will find that is far from the truth.Computerworld reports that one in five companies search social networking sites during... more
-
-
The idea of having confidential records shopped to competitors and then offered up for sale to the highest bidder would be enough to keep any CIO up at night. Yet, as scary as this scenario is, cyber extortion remains rare. The bigger threat - one that should legitimately keep IT professionals up at night - is on the inside.The idea of having confidential records shopped to competitors and then offered up for... more
-
-
Companies buy these so called certified products thinking they have the magic bullet to solve their ITIL project, and they’ll skip the hard part, which is designing the processes for their organization.
So instead of a magic bullet they’ll just shoot themselves in the foot with a real bullet.
ITIL isn’t about specific products but instead about putting in processes that bring efficiency to the organization.Companies buy these so called certified products thinking they have the magic bullet... more
-
-
Nielsen Online reported that by the end of 2008 social networking had overtaken email in terms of worldwide reach. Sites such as Facebook, Twitter, Myspace and Linkedin provide users with a way to build and interact with a community in real time on a familiar platform at a very low cost.Nielsen Online reported that by the end of 2008 social networking had overtaken email... more
-
-
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
-
-
Bruce Schneier points out the attacks against US Federal sites that succeeded in shutting them down or the malware spread by USB thumb drive that infected the US Military Central Command, demonstrate a lack of common sense anti-virus and patch management. But that is a very big deal Bruce…Bruce Schneier points out the attacks against US Federal sites that succeeded in... more
-
-
Twitter suspends accounts of users with infected computers; South Korea blocks sites to help end cyber attacks; Kansas audit raises computer security questions; Apple still mute to iPhone complaints; U.S. State Dept. workers beg Clinton for Firefox; Snooping through the power socket; New York official: Tagged site stole identities; Firefox 3.5 vulnerability rated ‘highly critical; Probe into cyberattacks stretches around the globe; BlackBerry update bursting with spyware; French workers threaten to blow up Nortel factory; FBI charges satellite descramblers…Twitter suspends accounts of users with infected computers; South Korea blocks sites... more
-
-
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
-
