Over the past year, Richard Clayton and I have been tracking phishing websites. For this work, we are indebted to PhishTank, a website where dedicated volunteers submit URLs from suspected phishing websites and vote on whether the submissions are valid. The idea behind PhishTank is to bring together the expertise and enthusiasm of […]
Original post by SecuMania.org
Use IBM Network Authentication Service (IBM NAS) for AIX to learn about the Kerberos policy management for passwords, and get acquainted with anything and everything about IBM NAS policy.
Original post by SecuMania.org
Skipton Financial Services has confessed to losing a laptop containing records of 14,000 customers. Information exposed by the breach includes names, addresses, National Insurance numbers, and fund investment details of clients of Skipton’s Fidelity FundsNetwork.…
Original post by SecuMania.org
Canadian security experts evaluate Google holes
PC World Canada, Canada - 17 minutes ago
He said IT managers need to keep abreast of the latest Web applications in order to inform users of this information. “Web 2.0 functionalities have been …
Original post by SecuMania.org
Sorry I haven’t posted in forever. Dre’s been covering for me while I’ve been super busy with finishing up school, reading, work, and other projects. I think Dre’s packed more information in the last month than I did all year. 2007 Security Testing Tools in Review alone is worth a third or fourth reading.
Anyways, here’s […]
Original post by SecuMania.org
OK, back from yet another road trip (hopefully the last one of the year). Microsoft is making good on one of their promises around NAP. They always said that they would retro-fit NAP onto Windows XP. Frankly with the corporate…
Original post by SecuMania.org
Cisco’s recently published annual security report is not what you’d expect from a vendor of leading edge technology products. If you’re looking for a state-of-the-art analysis of emerging security technology, you’ll be disappointed. The report opens with an analysis of 21st Century trends but presents recommendations based on elementary security principles from decades long past. In fact there’s more focus on physical security, natural disasters and people than there is on technology. To me it’s further evidence of the current evangelistic, back-to-basics trend.
And that trend is not unexpected. There are three underpinning drivers. Firstly, it’s a consequence of a new focus on human factors arising from the growing empowerment and vulnerability of IT users. Secondly, it’s a necessary correction for security budgets which have failed in recent years to allocate sufficient resources to people-focused controls. But thirdly, it’s also a sad reflection on the continued lack of initiative and imagination to develop effective new technical measures to counter the increasingly sophisticated portfolio of threats.
The latter point is a concern that should not be overlooked. We need 21st Century solutions to counter emerging threats. You can’t simply dust down old solutions. Security education is an essential line of defence but users and customers are human. They will never be completely reliable, and they simply can’t address invisible or high-bandwidth threats that might be lurking in the infrastructure. We need new thinking and solutions, not old platitudes, from our leading vendors.
Original post by SecuMania.org
To all our customers, readers of our Security Watch Blog and newsletter we at BH Consulting wish you all a very happy and peaceful Christmas and a happy New Year.
Nollaig Shona daoibh go léir agus Athbhliain faoi shéan is faoi mhaise daoibh, agus go mba seacht fearr sinn go léir ag an am seo ar an […]
Original post by SecuMania.org
I just read this article in the Boston Globe this morning, and a smirk crossed my mind in that it proves a widely held theory I share with my friends in this space that Identity Theft and a massive breach is simply the cost of doing business. Unbeleiveable. Or is It?
With services out there like Lifelock and the fact that the company who f’ed up covering the cost of monitoring, what’s $100/year for their services or free for monitoring. You’ll save at least that much shopping at TJX companies or the mom and pop shop with no overhead, and no security in place… Right?
http://www.boston.com/business/articles/2007/12/21/for_tjx_a_store_of_consumer_loyalty/
Consumers don’t stay angry in the face of a good deal.
That’s a lesson emerging from the data breach at TJX Cos., the Framingham retailer that a year ago discovered an intrusion into its computer security that compromised as many as 100 million payment-card accounts. While the episode led to lawsuits from banks and many complaints, sales at TJX stores such as TJ Maxx and Marshalls have risen steadily this year.
Customers like Florida businesswoman Hanna Lipman help explain why. In April, Visa canceled one of Lipman’s credit cards, saying it was compromised in the breach. By then, she had stopped going to the TJ Maxx store in Boca Raton.
But now, Lipman said, she is back to spending about $100 a month at the store, on pocketbooks and other items. She expects TJX will be extra-cautious about protecting her information.
“They got nailed from so many banks, I have to believe whatever can be done they have done,” Lipman said.
Another customer whose card was canceled, Phil Dunkelberger, said he still shops at a TJ Maxx store in California, but pays by cash or check to reduce his risk of data theft. “I think they’re much safer than other vendors who haven’t had a breach and gone through the pain,” he said.
Original post by SecuMania.org
The CIO of the state of Minnesota says there’s not much incentive for IT teams at government institutions to save money or take risks.
Original post by SecuMania.org