Saturday, October 13, 2007

How ya' doin' tonight?

According to IDGNET.com via Computerworld, Commerce Bank, NA suffered a web site related breach and recovered quickly. Hackers used a technique called sql injection to reach the back-end database.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041879&source=rss_topic82


From The National Law Journal via law.com, new e-discovery rules at the state level are coming. Several states have them on the books and others are debating. This should provide some guidelines, along a wide spectrum ranging from reasonable to completely insane, for retention of electronic documents.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9041879&source=rss_topic82


Now undoubtedly there is more to this than is discussed here in Computerworld, but no matter what else is there and unknown, this is troubling. A student found confidential information on a colleges publicly accessible server, brings it to the school paper and to the attention of the college. The paper writes an article about the issue – without revealing any of the information – and the school goes after the paper, the student and the adult adviser. What a confusing time for whistle blowers.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9042098&pageNumber=1


Dark Reading editor, Tim Wilson, brings up a number of very good points in his article Hackers Prey on User Weaknesses. He contends the innate human desire to communicate and be accepted in a social context is being exploited in many hacking efforts and this cannot be mitigated through technical means alone. There have been at least one previous post on this blog about the need to watch employees and staff for suspicious behavior. Consider yourself warned.

http://www.darkreading.com/document.asp?doc_id=136090&f_src=drweekly


Morningstar News has a very interesting quote: “’The most effective ways to become more secure while reducing security spending are to avoid vulnerabilities — to ensure that security is a top requirement for every new application, process or product, whether built in-house or acquired from a vendor,’ said Ray Wagner, managing vice president for Gartner.” Gartner goes on to say there is no correlation between those enterprises that spend the most money and those that are most secure.

http://news.morningstar.com/news/ViewNews.asp?article=/BW/20071008005946_univ.xml


As if you did not know that have a good Intrusion Prevention System (IPS), word from Secureworks.com should confirm the obvious. It seems this managed security services provider is tracking a significant increase in attacks on utilities. Most of these attacks are being mitigated by well-monitored IPSs.

http://www.secureworks.com/media/press_releases/20071005-utilitiesincrease


I have a bunch of other articles, but I’m going to close up now and get these in… coming soon… the danger of internal attacks!

Posted by at No comments:
Subscribe to: Comments (Atom)