Saturday, November 29, 2008

I normally skip small breaches like this one, except I too would be interested in some research into the number of small breaches and what small business can/should do about it.

http://breachblog.com/2008/11/28/taxprep.aspx?ref=rss

Small N.C. tax preparation business break-in

Date Reported: 11/21/08

... New Bern police say a computer stolen from a tax-preparation business in the city this week contains identity information of about 70 people.

[Evan] This is a smaller breach in terms of the number of people involved, but a pretty significant breach in terms of the amount and quality of each person's information vulnerable to compromise.

The computer was stolen from B.J. Accessories and Tax Preparation on Neuse Boulevard.

Commentary:

We don't have much information about this breach. I have a feeling that these types of breaches happen fairly often, and are largely under-reported. I doubt that the stolen computer (or the data it contained) were encrypted. Do retailers and small businesses not think of information security? Do they think that they aren't a big enough target? Do they think they can't afford sound information security? What do small businesses think when it comes to protecting information assets entrusted to them?

Maybe I should fund a small business information security survey. I'm interested in knowing more.



CyberWar: It's not a simple as it was in the “good old days.” Was it really Russia? Perhaps it was China using hijacked servers to make it look like Russia! (Perhaps it was one of my Hacking students making a point.)

http://it.slashdot.org/article.pl?sid=08/11/28/1442246&from=rss

Significant Russian Attack On US Military Networks

Posted by kdawson on Friday November 28, @10:21AM from the my-agent.btz-will-call-you dept.

killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it.

"The 'malware' strike, thought to be from inside Russia, hit combat zone computers [It takes time and effort to identify computers in a specific geographic area/command structure. Bob] and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. ' This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"



No doubt the ADA will require this type of “Interface Optimization” for all workers. Just watch for anything that tries to force everyone to be equal.

http://tech.slashdot.org/article.pl?sid=08/11/29/0430230&from=rss

An Optimized GUI Based On Users' Abilities

Posted by Soulskill on Saturday November 29, @05:11AM from the how-about-a-difficulty-slider dept. GUI Software Technology

Ostracus writes

"Researchers at the University of Washington have recently developed a system, which, for the first time, offers an instantly customizable approach to user interfaces. Each participant in the program is placed through a brief skills test, and then a mathematically-based version of the user interface optimized for his or her vision and motor abilities is generated. The current off-the-shelf designs are especially discouraging for the disabled, the elderly and others who have trouble controlling a mouse, because most computer programs have standardized button sizes, fonts, and layouts, which are designed for typical users."



Think of a similar service to do basic forensics – tell you what meta data is available (e.g. Prior drafts in PDF format) or even as simple as “What program created this file?”

http://www.killerstartups.com/Web-App-Tools/filterbit-com-scan-suspicious-files-online

Filterbit.com - Scan Suspicious Files Online

http://www.filterbit.com

Just got a file you have been searching high and low via a channel that is not exactly trustworthy? If that ever happens to be the case, it goes without saying that you must check it out beforehand. If you are unsure how to best do that, this site will provide you with a viable alternative.

Broadly speaking, through the site you will be able to upload any file you deem as suspicious and scan it online. Bear in mind that there is a file size limitation at play, namely 20 MB. A nice touch is that individual files that are contained within file archives such as Winzip and WinRar can also be scanned

The scanning service itself is powered by many antivirus engines, and it will let you detect malware of every denomination, such as viruses, trojans and worms.

This solution is not only completely web-based, but it is also provided at no cost. Make sure to add it to your collection of bookmarks, it might come in more than handy when least expected.



Always good to have one of these in your Swiss Army folder.

http://www.killerstartups.com/Web-App-Tools/newzie-com-a-news-aggregator-of-its-own

Newzie.com - A News Aggregator Of Its Own

http://www.newzie.com

Newzie is a news aggregator that has the distinct advantage of monitoring both pages that are syndicated and those that are not, and keeping you abreast of the latest developments right away.

This aggregator works in the usual way, IE it periodically checks your subscriptions, and retrieves new contents that are automatically presented to you. A tutorial is provided online just in case you are new to the concept and need some guidance.

Newzie comes free of charge, and so far only Windows is supported. It will be interesting to see if other operating systems are taken into account in future updates or not.



It is good to have a long list of tutorial sites, both for my students and for me.

http://www.killerstartups.com/Video-Music-Photo/woopid-com-free-video-tutorials

Woopid.com - Free Video Tutorials

http://www.woopid.com

... In general terms, all you have to do is supply specific search queries in order to watch an all-encompassing collection of video tutorials. These deal with issues such as how to upload files to Google Docs and how to create slide shows and movies using Windows Movie Maker.

The featured database can be looked up in a plethora of ways, and you can see the tutorials which are most popular right away. The videos that have been just added are spotlighted in a similar fashion, and it is also possible to request a new video tutorial if you can’t dispel your doubts using any of the existing ones, or if your query is not already covered.



Since they are doing the research every day anyway, why not make the electronic equivalent of those little booklets you see at the checkout stand (How to Name Your Puppy or Your Child, Raising Broccoli for Fun and Profit)

http://www.schneier.com/blog/archives/2008/11/terrorism_survi.html

November 28, 2008

Terrorism Survival Bundle for Windows Mobile

Seems not to be a joke.

[Product Description: http://www.pocketdirectory.com/software/product.aspx?idProduct=32026

No comments: