Twitter
LinkedIn
RSS

Archive for April 17th, 2012


FBI Arrests Cabin Cr3w Hacker for Utah Police Attacks

“Federal agents have arrested another member of the Cabin Cr3w hacking group, an offshoot of the Anonymous hacktivist network, for breaching two Utah police websites. John Anthony Borell III of Toledo, Ohio, has been charged with two counts of computer intrusion, according to an indictment unsealed yesterday (April 16) in a federal court in Utah. The indictment states that on two separate occasions in January, Borell hacked into the servers of the Utah chiefs of police and the Salt Lake City Police Department and leaked classified documents….”

Read More...

FFIEC: How Well Do Banks Conform?

“How well do banks conform to the FFIEC's updated Authentication Guidance? Gartner analyst Avivah Litan says most have made progress, but they still struggle with the details. As she reviews banking institutions, Litan sees risk assessments being completed, as well as a focus on security enhancements to ACH and wire payments systems, customer education, and a review of which existing fraud-detection systems need to be updated.”I think they're well underway about knowing what they need to do,” Litan says….”

Read More...

Educating Patients About Authentication

“When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. In an interview with HealthcareInfoSecurity's Howard Anderson (transcript below), Spooner notes that some patients have complained that the authentication method for its patient portal is cumbersome.”It's a real communications issue to help the patients understand that we're trying to protect them,” he notes.

Read More...

Preventing Breaches: Beyond Compliance Why Checklist Approach to Security Is Not Enough

“Just how common are information breaches in healthcare? It's impossible to know for sure, but a new survey finds that 27 percent of healthcare organizations have experienced a reportable breach in the past 12 months.

Read More...

Tackling HIE Privacy Issues Establishing Trust Takes Time, Analyst Says

“Organizers of health information exchanges must guard against underestimating the amount of time it takes to tackle privacy issues, says IDC's Lynne Dunbrack.”It takes some time to establish trust and to work through the data governance issues,” says Dunbrack, who recently wrote a report on HIE best practices.”Organizations need to work with each other and with their consumers and not underestimate the level of trust that's required in order to achieve successful exchange of information,” she says in an interview….”

Read More...

Cloud Costs for Government Could Rise

“Cloud computing for governments in the United States, especially services tailored for the federal government, may not be as efficient or as cheap as many would hope, says Richard Falkenrath, a principal with the security consultancy The Chertoff Group.”Part of the appeal of a cloud architecture is the efficiency that comes from scale and locating your services where they are cheapest,” Falkenrath says in an interview with Information Security Media Group. “As you become more and more conservative on security and safety and sovereignty of the data, you deny yourself the ability to pursue that.”Limiting data to cloud computing servers located only within the United States means federal, state and local governments can't leverage cloud architectures built around consumer needs, driving costs higher, too….”

Read More...

Forever-Day Bugs

That’s a nice turn of phrase : Forever day is a play on “zero day,” a phrase used to classify vulnerabilities that come under attack before the responsible manufacturer has issued a patch. Also called iDays, or “infinite days” by some researchers, forever days refer to bugs that never get fixed­–even when they’re acknowledged by the company that developed the software. In some cases, rather than issuing a patch that plugs the hole, the software maker simply adds advice to user manuals showing how to work around the threat.

Read More...

Anonymous Hacker Havittaja Takes down US Department of Justice Website

“A member of the Anonymous hacking group has taken down the website of the US Department of Justice with a Distributed Denial of Service (DDoS) attack.

Read More...

Apple Releases Flashback Malware Removal Tool and Patches

“Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware. The Flashback Trojan exploited three Java vulnerabilities to gain remote access to the infected systems and likely included a keylogger capability to capture authentication credentials, and is thought to have infected more than 600,000 systems. The removal tool will detect and automatically remove the malware from the infected device….”

Read More...

Microsoft Dismisses Zeus Botnet Takedown Criticism

“Last month, Microsoft teamed with a cross-sector coalition of interested parties in instigating the legal and technological assault that resulted in the seizure of multiple command and control servers operating a massive Zeus Trojan botnet. It was the second occasion where the tech giant Microsoft used the power of the courts to strike at the heart of a massive botnet operation.”In our most complex effort to disrupt botnets to date, Microsofts Digital Crimes Unit in collaboration with Financial Services Information Sharing and Analysis Center (FS-ISAC) and NACHA The Electronic Payments Association, as well as Kyrus Tech Inc

Read More...