http://www.youtube.com/watch?v=2ediTghuXrQ
Jul 21 2011
Information Security Breaches: Avoidance and Treatment based on ISO27001
Information Security Breaches: Avoidance and Treatment based on ISO27001
If you are running a business, you learn to expect the unexpected. Even if you have taken all the right precautions, your company might still find itself confronted with an information security breach. How would your business cope then?
There are lots of books that will tell you what to do to prevent an information security breach. This book is different. It tells you what you have to do if a security breach occurs.
Security breaches sometimes occur because computers containing sensitive information are not returned to their owners. NATO laptops have been spotted in flea markets, and US government computers were put up for sale on Ebay. Security breaches may also be the result of data theft. A bad apple in your company may be tempted to sell your confidential data to a rival firm.
If something happens, your company needs to be ready to take prompt and decisive action to resolve the issue. This book tells you the plans and procedures you need to put in place to tackle an information security breach should it occur. In particular, the book gives you clear guidance on how to treat an information security breach in accordance with ISO27001.
If a breach occurs, the evidence needs to be secured professionally. You need to know the rules on evidence gathering, and you need to be capable of isolating the suspect laptops right from the start. If you want your company to respond rapidly to an information security breach, you need to make sure that the responsibilities and roles in your company are clearly defined.
Benefits to business include:
Recover faster
An information security breach can have crippling consequences. However, with the right emergency measures in place, you will be able to recover quickly from the incident and resume normal operations.
Preserve customer confidence
An information security breach can result in loss of records and disruption to service. This can do serious damage to your relationship with your customers. It is vital for you to be prepared for an information security breach, so that if it ever happens you can preserve customer confidence.
Assist the investigation
Uncovering the root causes of an information security breach requires detective work. If an information security breach occurs, the investigators will need to be able to identify the problem. You can help them to do that by keeping proper records.
Catch the criminals
In the event of data theft, you will want to be in a position to act promptly and decisively. So you should set up an incident management system. This will mean that in the event of data theft, the police will have a greater chance of getting hold of the incriminating evidence they need to secure a conviction.
As Michael Krausz warns, “It is the prudence of management that decides on a company’s fate once a serious incident occurs, not only the size.”
What others are saying about this book …
‘…I recommend this pocket guide to anyone implementing ISO27001, and indeed to anyone who is concerned about the risks of security breaches, and who wants to know how best to prepare their organization for the unpleasant events that are bound to happen from time to time…’
Willi Kraml, Global Information Security Officer
‘…The author thankfully narrows down some important vocabulary to a practical usage in real life situations. The book gives what it advertises: a quick pocket guide to avoidance and treatment of security breaches with references to ISO27001…’
Sascha-A Beyer, Senior Manager
‘…Michael Krausz has created a valuable tool for both professional as well as less knowledgeable persons in respect to the ISO27001 Standard… Written in plain English, this handbook is easy to follow even by a novice in the Information Technology Field. Therefore “Information Secuirty Breaches” is a must within the ‘tool box’ of anyone who deals with IT issues on an every-day basis…’
Werner Preining, Interpool Security Ltd
‘Michael Krauz did a good job. His pocket guide is small enough to be read in only a few minutes, yet is packed full of valuable information presented in a structured way. The case studies especially help to understand the topic. As former CIO of a large company I can recommend it.’
Christian H Leeb, Holistic Business Development
About the author: Michael Krausz is an IT expert and experienced professional investigator. He has investigated over a hundred cases of information security breaches. Many of these cases have concerned forms of white-collar crime. Michael Krausz studied physics, computer science and law at the University of Technology in Vienna, and at Vienna and Webster universities. He has delivered over 5000 hours of professional and academic training and has provided services in eleven countries to date.
Don’t let your organisation fall victim to a security incident … download your copy today!
Information Security Breaches: Avoidance and Treatment based on ISO27001
Jul 20 2011
8 tactics for mobile data privacy and security
By Mary Mosquera
With the sweeping use of mobile devices by healthcare providers, physicians and hospitals need to embrace best practices for protecting sensitive patient data, privacy experts say. For example, encrypt sensitive data when it is necessary to store on wireless devices.
Sixty-four percent of physicians own a smartphone and one third of them have an iPad, with another 28 percent planning to buy one within six months, according to research cited by ID Experts, which offers data protection and response services, in a July 20 announcement
Many of the current 10,000 mobile healthcare applications were designed to enable their users to access to electronic health records (EHRs). At the same time, in the past two years, the Office of Civil Rights has reported that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device and led to the exposure of the personal health information of 1.9 million patients, which started many consumers questioning the security of EHR systems and the data they house.
The Office of Civil Rights oversees health information privacy in the Health and Human Services Department and publishes on its website incidents involving the sensitive information of at least 500 individuals.
To more effectively protect patient data, Rick Kam, president of ID Experts recommended the following practices:
1. Don’t store sensitive data on wireless devices. If required, encrypt data.
2. Enable password protection on wireless devices and configure the lock screen to come on after a short period of inactivity.
3. Turn on the “remote wipe” feature of wireless devices.
4. Enable Wi-Fi network security. Do not use wired equivalent privacy (WEP). Wi-Fi protected access (WPA-1) with strong passphrases offers better security. Use WPA-2 if possible.
5. Change the default service set identifier (SSID) and administrative passwords.
6. Don’t transmit your wireless router’s SSID.
7. Only allow devices to connect by specifying their hardware media access control (MAC) address.
8. Establish a wireless intrusion prevention system.
“Many Wi-Fi networks in hospitals and doctor’s offices are not secure,” Kam cautioned, “and coupled with the increased mobile device usage, patient data is at risk.”
Jul 15 2011
Court Ruling on “Due Diligence” Online Banking Security
The ruling in the Patco Construction vs. People’s United Bank case set precedence, because the judge basically ruled that the bank’s below par security was sufficient for small business — and Patco (small business) was held liable for paying for the fraud that was a result of an average bank security. To know more details of the case, Brian Krebs has written a great post on this case.
http://krebsonsecurity.com/2011/06/court-passwords-secret-questions-reasonable-ebanking-security/
Brian Krebs also wrote about another high profile case (emi v comerica) which was decided in the favor of small business (EMI)
http://krebsonsecurity.com/2011/06/court-favors-small-business-in-ebanking-fraud-case/
Baed on these two cases it is hard to know how the next online banking fraud case will be decided and on which precedence. I guess the courts are still trying to figure out how to decide these complex cases and where to set the due diligence bar for the banks.
Jul 14 2011
The TickITplus Kick Start Guide has Been Launched
Following the release late last month of the Base Process Library, the Kick Start Guide – the essential guide for all organisations pursuing TickITplus certification – has been launched
/EIN Presswire/ — Following the release late last month of the Base Process Library (http://www.itgovernance.co.uk/products/3460), the Kick Start Guide – the essential guide for all organisations pursuing TickITplus certification – has been launched. The guide can be purchased here www.itgovernance.co.uk/products/3469 in a PDF format or hard copy.
The guide will provide organisations that need to achieve compliance with the TickITplus scheme with information about identifying and selecting the scope of certification and developing in-house resources. It contains guidance on identifying processes, mapping them to TickITplus processes and establishing the assessment strategy. The TickITplus Kick Start Guide also offers advice on preparing for, participating in and following up an assessment.
TickITplus (www.tickitplus.org) is the successor of TickIT and provides improved process modelling to facilitate more efficient business and quality systems planning and improvement. TickITplus gives entry level access to capability grading for small IT organisations and offers significant cost savings for those already pursuing both ISO9001 and Capability Maturity Measurements.
As an introductory guide, the TickITplus Kick Start Guide concentrates specifically on achieving the Foundation level of the scheme, either through initial entry or transition from the existing TickIT scheme.
The Kick Start Guide can be purchased today from www.itgovernance.co.uk/products/3469
Jul 13 2011
Do US companies do enough for their cyber security?
IT Governance Ltd, the ISO27001 and information security experts have reported that they are making a number of free resources available for download from their US website to help US companies meet the challenges of increased cyber crime.
July 12, 2011 /24-7PressRelease/ — IT Governance Ltd, the ISO27001 and information security experts have reported that they are making a number of free resources available for download from their US website (www.itgovernanceusa.com) to help US companies meet the challenges of increased cyber crime. This week the company has published a white paper on cyber security which can be downloaded from here http://www.itgovernanceusa.com/cyber-security.aspx
Cyber security has become an issue for every nation in the world. In the US over the last 3 months there have been data breaches against high-profile organizations including Fox, Sony, Gmail, the IMF (International Monetary Fund) and major government departments. Two weeks ago, the Arizona State Police again became the victim of a cyber attack. The hack was announced on Twitter less than a week after a previous attack from Lulz Security.
US companies need to do their utmost in order to defend themselves form hackers and protect their information assets. At present, key changes in the US legislation are being discussed, and sooner or later, it is likely that strict data security measures will be imposed on organizations, which they will need to comply with. Organizations who do not act now may face serious fines in the future or even become the subject of a class action lawsuit, if the loss of customer’s data is established. Such was the case with Sony in April when a Canadian Play Station Network (PSN) user claimed damages in excess of $1 billion. This followed another lawsuit filed by an American PNS user. The consequences for companies compromising customers’ data can be severe, leading to both big financial implications and reputation damage.
IT Governance, which specializes in cyber security and compliance solutions, has published a white paper on their US website that provides information on some of the key developments US companies and their directors or IT managers need to be aware of in order to protect their business from cyber attacks. The white paper can be downloaded for free here: http://www.itgovernanceusa.com/cyber-security.aspx
Alan Calder, CEO of IT Governance, comments, “There are a few essential steps that organizations should be following if they are to implement an effective security strategy. Most organizations would only take certain measures if they are given the reasons why they should be doing this and know that their investment of time and money is worth. What is a more convincing reason than the data breaches we all witness? At IT Governance, we not only advise customers what should be done, but also provide guidance and solutions to their problems. We have the most comprehensive range of resources across a number of areas, from books and toolkits through to e-learning and software tools.”
US companies can be doing more than taking partial measures to fight cyber crime. Implementing best practice in information security management has become the most popular approach to tackling cyber security; demonstrating to both customers and business partners that an organization is working to the highest standard. Accredited certification to ISO27001 gives an organization internationally recognized and accepted proof that its system for managing information security – its ISMS or cyber security readiness – is of an acceptable, independently audited and verified standard. Everything US companies need to know about ISO27001 is explained on this website: http://www.27001.com
Jul 11 2011
Privacy and Law
Your personal info is manageable and controlable most of the time as far as privacy is concern , until you have to use it for commercial use (to apply cxredit card, to apply for bank account or to apply for a job). then it depends on these commercial entities how they are goning to use, share, manage or secure your personal information. Most of the laws regarding privacy tells you how your privacy being violated but they leave to us how to make these commercial entities to protect our personal information or stop them from selling it to the highest bidder.
Below are the some of the privacy protection laws for consumers which you need to be aware of:
Privacy act of 1974: this legoslation prohibits the federal government from creating secret database on individuals and limits how agencies can share information. This give you the right to request your information and to sue the government for failing to follow the Act. This might be important to know for the people who are on the no fly list database. For more details check out http://www.epic.com/privacy/1974act/
Fair Credit Reporting Act: FCRA lets you access your cedit bureau records and corrects inaccuracies and it alos allows you to obtain free credit resport every year.
Telephone Consumer Protection Act: This law does not provides a whole lot of protection against telemarketing calls but TCPA made it illegal to send unsolicited fax advertisement.
Family Educational Rights and Privacy Act: FERPA limits sharing of the students and lets you opt out.
Gramm leach Bliley Act: GLBA allows you to tell your bank to stop sharing your information with third parties.
Health Insurance Portability and Privacy Act: HIPAA gives you access to your medical records and limits the disclosure of medical information by health care entity or provider
Jul 08 2011
How to protect ourselves from Payment Fraud
Some basic advice has been issued by Apacs, and includes:
- * Don’t let your cards or your card details out of your sight when making a transaction
- * Do not keep your passwords, login details or Pins written down
- * Do not disclose Pins, login details or passwords in response to unsolicited emails
- * Only divulge card details over the phone when you have made the call or when you are familiar with the company
- * Access internet banking or shopping sites by typing the address into your browser. Never enter your personal details on a website you have accessed via a link from an e-mail
- * Shop at secure websites by checking that the security icon is showing in your browser window (a locked padlock or an unbroken key)
- * Always log out after shopping and save the confirmation e-mail as a record of your purchase
For more advice you can visit:
Spotting and avoid common scams, fraud and schemes online and offline
How the scam works and what you need to do about it.
and
Online payment Security and Fraud Prevention
Jul 07 2011
Securing the Enterprise in a Changing World
RSA Conference 2011 Keynote – Securing the Enterprise in a Changing World – Bill Veghte
An applications transformation has begun, creating both challenges and opportunities: with users (consumers) demanding everything as a service, anywhere, how can enterprises secure critical corporate infrastructure assets and information? Building security into applications, assessing risk– even before coding begins, and applying quality and operational management using ITIL concepts to the practice of security are key.
Jul 05 2011
Newly released ISO/IEC 27005:2011 helps improve risk management
/EINPresswire.com/ ISO 27005:2011, the newly released international information security risk management standard, is now available to the international community of business continuity and information security practitioners.
Information security risk management is one of the core competencies of information security. This Standard is an essential companion to ISO/IEC 27001 and ISO/IEC 27002 and replaces ISO/IEC 27005:2008.
ISO 27005:2011 supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. The Standard is applicable to all organisations of all types and sizes, which intend to manage risks that could compromise the organisations information security.
IT Governance Ltd, an international distribution partner for IEC and a global leader in ISO27001 information, products and services, is making ISO/IEC 27005:2011 available from all its main websites. ISO 27005:2011 ISRM, can be downloaded today from www.itgovernance.co.uk/products/1852 .
“The new ISO/IEC 27005:2011 is a much better standard than was the 2008 version”, comments Alan Calder, CEO of IT Governance, “First, it is a better written, more coherent standard. Second, it is aligned with the risk management standard ISO31000, which makes it easier to integrate Enterprise Risk Management approaches with information security risk management. Third, it provides good, practical guidance on carrying out the risk assessment required by ISO27001, together with clear guidance on risk scales. Fourth, it has good guidance on threats, vulnerabilities, likelihoods and impacts. ISO27005 should become standard additional guidance on risk assessment – the ISMS core competence – for all organisations tackling ISO27001.”
Organisations that would like to save time and money whilst implementing the new Standard should consider applying vsRisk – an ISO27001:2005 compliant information security risk assessment tool produced by Vigilant Software, the specialist software subsidiary of IT Governance.
vsRisk (www.itgovernance.co.uk/products/744) simplifies each step of an ISO27001 risk assessment, allowing compliance project managers to capture their information security policy and objectives, plus the scope of their information security management system, and undertake a rapid appraisal of all key areas, including groups, assets and owners. The tool makes ISO27001 compliance achievable for a far wider range of organisations and professionals by minimising the need for specialist knowledge and significantly undercutting the cost of generalist risk management tools.
As well as supporting ISO/IEC 27001:2005 and ISO/IEC27002, vsRisk complies with BS7799-3:2006, ISO/IEC27005, NIST SP 800-30 and the UK’s Risk Assessment Standard.
A copy of the ISO27005:2011 standard can be downloaded immediately from www.itgovernance.co.uk/products/1852 and the vsRisk CD-ROM can be ordered from www.itgovernance.co.uk/products/744 .
Jul 03 2011
Identity Theft Prevention | Credit Reports & Fraud Alerts
“Identity theft is the information age’s new crime. A criminal collects enough personal data on the victim to impersonate him to banks, credit card companies and other financial institutions. Then he racks up debt in the victim’s name, collects the cash and disappears. The victim is left holding the bag.
While some of the losses are absorbed by financial institutions–credit card companies in particular–the credit-rating damage is borne by the victim. It can take years for the victim to completely clear his name.” Bruce Schneier
http://www.youtube.com/watch?v=wyLzWYRC8CA
More Info on Identity Theft Countermeasures and Safeguards
Jun 29 2011
TSA Is NOT Security It’s A JOKE!
“Security measures that just force the bad guys to change tactics and targets are a waste of money,” said Bruce Schneier, “It would be better to put that money into investigations and intelligence.”
The security boss of Amsterdam’s Schiphol Airport is calling for an end to endless investment in new technology to improve airline security.
Marijn Ornstein said: “If you look at all the recent terrorist incidents, the bombs were detected because of human intelligence not because of screening … If even a fraction of what is spent on screening was invested in the intelligence services we would take a real step toward making air travel safer and more pleasant.”
“TSA Is NOT Security It’s A JOKE!” Issac Yeffet
http://www.youtube.com/watch?v=s7pICJ0i6Jc
Jun 29 2011
The weakest link in computer hacking?
Image by copyfighting via Flickr
The weakest link in computer hacking? Human error
By Cliff Edwards, Olga Kharif,Michael Riley, Bloomberg News
The U.S. Department of Homeland Security ran a test this year to see how hard it was for hackers to corrupt workers and gain access to computer systems. Not very, it turned out.
Staff secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into office computers, curious to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.
“There’s no device known to mankind that will prevent people from being idiots,” said Mark Rasch, director of network security and privacy consulting for Falls Church, Va.’s Computer Sciences Corp.
The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers. The intruders’ ability to exploit people’s vulnerabilities has tilted the odds in their favor and led to a spurt in cybercrimes.
In real-life intrusions, executives of EMC Corp.’s RSA Security, Intel Corp. and Google Inc. were targeted with e-mails with traps set in the links. And employees unknowingly post vital information on Facebook or Twitter.
It’s part of a $1 trillion problem, based on the estimated cost of all forms of online theft, according to McAfee Inc., the Santa Clara computer security company.
Hundreds of incidents likely go unreported, said Rasch, who previously headed the Justice Department’s computer crime unit. Corporate firewalls costing millions to erect often succeed in blocking viruses and other forms of malware that infect computers and steal data such as credit card information and passwords. Human error can quickly negate those defenses.
“Rule No. 1 is, don’t open suspicious links,” Rasch said. “Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.”
A full report on the Homeland Security study will be published this year, Sean McGurk, director of the department’s National Cybersecurity and Communications Integration Center, said at a June 16 conference in Washington.
Tactics such as spear-phishing – sending a limited number of rigged e-mails to a select group of recipients – rely on human weaknesses like trust, laziness or even hubris.
That’s what happened in March, when attackers used a clever ruse to exploit their discovery that RSA – the company that provides network-access tokens using random secondary passwords – was in a hiring campaign.
Two small groups of employees received e-mails with attached Excel spreadsheets titled “2011 Recruitment Plan,” the company said in April. The e-mails were caught by the junk-mail screen. Even so, one employee went into the folder, retrieved the file and opened it.
The spreadsheet contained an embedded Adobe Systems Inc. Flash file that exploited a bug, then unknown to San Jose’s Adobe, that allowed hackers to commandeer the employee’s PC. RSA said information related to its two-factor SecurID authentication process was taken.
Banks may be forced to pay $50 million to $100 million to distribute new RSA SecurID devices, according to Avivah Litan, a Gartner Inc. research analyst.
“The team that hacked us is very organized and had a lot of practice,” Uri Rivner, head of new technologies at RSA Security, said at a June 17 conference in Spain. “I can compare them to the Navy Seals Team Six, which hit Osama bin Laden.”
The FBI began warning in early 2009 about a rise in spear-phishing attacks. To succeed, they require the target to open a link presumably sent by someone they know or trust.
Total phishing attacks increased by 6.7 percent from June 2010 to May 2011, according to Symantec Corp.’s State of Spam & Phishing monthly report. The number of non-English phishing sites increased 18 percent month over month.
Spear-phishing is evolving into what Rasch calls whale phishing: Targeting senior-level executives whose computers may have access to far more sensitive information that rank-and-file workers.
Technology executives are attractive targets because their positions give them access to a trove of information, and they tend to believe they’re better protected from computer hackers than their employees, Rasch said.
Hackers research decision makers by browsing social networks, reading up on news about the company, and creating e-mails and links that appear to be genuine and come from people that the targets know.
“Phishing is on a different trajectory than it’s been in the past,” said Malcolm Harkins, Intel’s chief information-security officer.
This article appeared on page D – 2 of the San Francisco Chronicle on June 28, 2011
Hacking: The Art of Exploitation
Related articles
- Phishing emerges as major corporate security threat (deurainfosec.com)
- Spear phishing (charlotte.news14.com)
Jun 28 2011
InfraGard Insights: Separation of Duties and…
InfraGard is a FBI partner site – which is a public-private partnership devoted to sharing information about threats to US physical and Internet infrastructure.
Discussion of two important principles of information security:
Separation of Duties and the concept of least privilege and the Impact on System Administration.
Principles of Information Security
Jun 24 2011
How safe is your personal information on social network?
With corporations, criminals and governments all looking to capture your information via the internet, how safe are you once you logon?
How Disappear Erase Digital Footprint
Jun 22 2011
President lays out cyberwar guidelines, report says
President Barack Obama has developed guidelines for how the U.S. should respond to–and initiate–cyberattacks, the Associated Press is reporting.
Citing anonymous defense officials, the news service claims the guidelines include a wide range of cyberwar efforts to be employed by the U.S. during both peacetime and when conflicts are underway, including installing viruses on international computers and taking down a country’s electrical grid.
According to the Associated Press, the guidelines also allow for defense officials to transmit code through another country’s network to ensure the connection can be made. Though it wouldn’t necessarily carry a dangerous payload at the time, that connection could be used in the future if an attack was authorized on the specific country.
The Associated Press’ report on the president’s cyberwar guidelines comes just a week after the Chinese military called on its government to invest in more defense against the U.S.
“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak,” the Chinese military wrote in its official newspaper, Liberation Army Daily. “Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”
Read remaining post @ The Digital Home:
Jun 15 2011
LULZ Security Hacks CIA Website!
“Tango down – cia.gov – for the lulz,” the group, which had earlier claimed responsibility for hacking into the websites of the U.S. Senate, Sony, Nintendo and Fox News, wrote on its Twitter feed.
“While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed,” Sophos senior technology consultant Graham Cluley said.
“There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.”
http://www.youtube.com/watch?v=AozrqppyEf0
Cyber War: The Next Threat to National Security and What to Do About It
Jun 14 2011
Hacker Groups Attacks US Senate WebSite
Image via Wikipedia
US Senate Hacked! “We Don’t Like The U.S. Government Very Much” LULZ Security
The video states some reasons in significant rise of hack attack by Lulz Security on US information assets including critical assets (US senate) which is a growing threat to national security.
Leon Penetta warned in last week hearing that next Pearl Harbor might very well be a cyber attack which may affect power grid, financial system or government system.
“The Computer systems of exective branch agencies and the congress were probed or attacked on an average of 1.8 billion times per month last year” Sen. Susan Collins (R-ME)
http://www.youtube.com/watch?v=aFD3W6LhO04
Cyber War: The Next Threat to National Security and What to Do About It
Jun 12 2011
U.S. Underwrites Internet Detour Around Censors
By JAMES GLANZ and JOHN MARKOFF
The Obama administration is leading a global effort to deploy “shadow” Internet and mobile phone systems that dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.
The effort includes secretive projects to create independent cellphone networks inside foreign countries, as well as one operation out of a spy novel in a fifth-floor shop on L Street in Washington, where a group of young entrepreneurs who look as if they could be in a garage band are fitting deceptively innocent-looking hardware into a prototype “Internet in a suitcase.”
Financed with a $2 million State Department grant, the suitcase could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet.
The American effort, revealed in dozens of interviews, planning documents and classified diplomatic cables obtained by The New York Times, ranges in scale, cost and sophistication.
Some projects involve technology that the United States is developing; others pull together tools that have already been created by hackers in a so-called liberation-technology movement sweeping the globe.
The State Department, for example, is financing the creation of stealth wireless networks that would enable activists to communicate outside the reach of governments in countries like Iran, Syria and Libya, according to participants in the projects.
In one of the most ambitious efforts, United States officials say, the State Department and Pentagon have spent at least $50 million to create an independent cellphone network in Afghanistan using towers on protected military bases inside the country. It is intended to offset the Taliban’s ability to shut down the official Afghan services, seemingly at will.
The effort has picked up momentum since the government of President Hosni Mubarak shut down the Egyptian Internet in the last days of his rule. In recent days, the Syrian government also temporarily disabled much of that country’s Internet, which had helped protesters mobilize.
The Obama administration’s initiative is in one sense a new front in a longstanding diplomatic push to defend free speech and nurture democracy. For decades, the United States has sent radio broadcasts into autocratic countries through Voice of America and other means. More recently, Washington has supported the development of software that preserves the anonymity of users in places like China, and training for citizens who want to pass information along the government-owned Internet without getting caught.
But the latest initiative depends on creating entirely separate pathways for communication. It has brought together an improbable alliance of diplomats and military engineers, young programmers and dissidents from at least a dozen countries, many of whom variously describe the new approach as more audacious and clever and, yes, cooler.
Sometimes the State Department is simply taking advantage of enterprising dissidents who have found ways to get around government censorship. American diplomats are meeting with operatives who have been burying Chinese cellphones in the hills near the border with North Korea, where they can be dug up and used to make furtive calls, according to interviews and the diplomatic cables.
The new initiatives have found a champion in Secretary of State Hillary Rodham Clinton, whose department is spearheading the American effort. “We see more and more people around the globe using the Internet, mobile phones and other technologies to make their voices heard as they protest against injustice and seek to realize their aspirations,” Mrs. Clinton said in an e-mail response to a query on the topic. “There is a historic opportunity to effect positive change, change America supports,” she said. “So we’re focused on helping them do that, on helping them talk to each other, to their communities, to their governments and to the world.”
For remaining article on U.S. Underwrites Internet Detour Around Censors
A version of this article appeared in print on June 12, 2011, on page A1 of the New York edition with the headline: U.S. Underwrites Internet Detour Around Censors..
Jun 09 2011
Citi credit card security breach discovered
Image via Wikipedia
“Citigroup says it has discovered a security breach in which a hacker accessed personal information from hundreds of thousands of accounts.
Citigroup said the breach occurred last month and affected about 200,000 customers.”
“During routine monitoring, we recently discovered unauthorized access to Citi’s account online,” said Citigroup, in a prepared statement. “A limited number — roughly 1 percent – of Citi bankcard customers’ accounting information (such as name, account number and contact information including email address) was viewed.”
According to its annual report, Citigroup has about 21 million credit card accounts in North America, where the breach occurred.
The statement went on to say that the customers’ Social Security numbers, dates of birth, card expiration dates and card security codes “were not compromised.”
Well the routine monitoring discovered the Citi Group incident which clearly shows that intrusion was not discovered during the incident but after the incident had happened.
Cyber intrusion cost will increase and depend upon how late the incident was detected. The organizations should change their corporate strategy to more proactive approach where they can maintain, monitor and improve security controls based on the current value of the information asset.
If you’re a Citibank customer, we suggest you take a look at your account and immediately report any irregularities.
Stopping Identity Theft: 10 Easy Steps to Security
http://www.youtube.com/watch?v=KH0zno_6d9M
« Previous Page — Next Page »
