Tuesday, September 28, 2010

The article seems strangely edited, but it does touch on many typical failures in security...


Lessons From A Security Breach

The hospital believed it had the standard security systems in place to protect its medical records. But for 16 long days that stretched into August, the hospital struggled to get its systems operational and isolate the problem from its patient care.

… The first thing that happened was people called us saying their printers were printing long jobs gibberish until it would run out of paper. When we asked what they were doing about it, they told us they were adding more paper to the printers. [Typical users Bob]

… Systems began to get slower and slower to the point where they were crawling along. Then it began to download large quantities of pornographic images.

Did you believe your security was sufficient?

Yes. The hospital is one department in the county. We have about 35 departments in the county and the other 34 departments were not hit. We later traced it to why. It was a very small mistake by an employee. [...and no manager checked? Bob] But we did have antivirus software for the entire county. We also had an e-mail appliance and all the county departments were behind that appliance except the hospital. After the situation was corrected, we've put everything behind the appliance.

How did the virus come into your organization in the first place?

It came in as an e-mail attachment.

Did you find out when it came in?

We had begun so much of the cleanup process that we lost the specifics of where it came in. [...and we don't log anything? Bob]

(Related) Should the US adopt this policy? Or should we plan to “bail out” anyone who can't secure their data and systems? Think of this as “cyber Darwinism” – survival of the fittest.


Aussie Gov't Won't Help Fight Cyber Attacks

Posted by Soulskill on Tuesday September 28, @02:07AM

"Days after the Pentagon's #2 called for a NATO cyber-shield, the Australian government has announced it won't lift a finger to help the country's businesses to defend themselves against cyber attacks unless it presents a high risk to national security. Instead, Australia's security agencies will forge a response based on the 'pathology of the problem,' incorporating the risk the attack poses to government and the community. A senior security official said the government 'struggles to defend its own systems from the current threats,' let alone that of other industries. He went on to rubbish claims that existing military force strategies can be applied to cyber warfare, noting that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry. Former US counter-terrorism advisor Richard Clarke said the US government has taken a similar line."

If you've got nothing to hide... Isn't this how Big Brother started?


Designing an Insecure Internet

September 27, 2010 by Dissent

Julian Sanchez also responds to the morning’s biggest story:

If there were any doubt that the 90s are back in style, witness the Obama administration’s attempt to reignite the Crypto Wars by seeking legislation that would force Internet services to redesign their networks and products to provide a centralized mechanism for decrypting user communications. It cannot be stressed enough what a radical—and terrible—idea this is. I’ll be writing on this at greater length this week, but a few quick points.


Second, they are basically demanding that providers design their systems for breach. This is massively stupid from a security perspective. In the summer of 2004, still unknown hackers exploited surveillance software built in to one of Greece’s major cell networks to eavesdrop on high government officials, including the prime ministers. The recent hack of Google believed to originate in China may have used a law-enforcement portal to acquire information about dissidents. More recently, we learned of a Google engineer abusing his access to the systemto spy on minors.

Read more on Cato@Liberty.

(Related) Perhaps all communications systems should use this model?


BlackBerry CEO suggests route to eavesdropping

September 27, 2010 by Dissent

Andrew Vanacore of The Associated Press reports:

BlackBerry maker Research in Motion Ltd. says it has no way of providing government officials with the text of encrypted corporate e-mails its devices serve up. But if the companies that employ BlackBerry phones want to hand over the encryption keys to their e-mail, it won’t object.

Read more on the Denver Post.

I expected no less, but how do we inform the police and everyone with cameras in their cell phones?


Motorcyclist wins taping case against state police

September 27, 2010 by Dissent

Score one for the citizenry! Peter Hermann of the Baltimore Sun reports:

A Harford County Circuit Court judge ruled this afternoon that a motorcyclist who was arrested for videotaping his traffic stop by a Maryland State Trooper was within his rights to record the confrontation.

Judge Emory A Pitt Jr. tossed all the charges filed against Anthony Graber, leaving only speeding and other traffic violations, and most likely sparing him a trial that had been scheduled for Oct. 12. The judge ruled that Maryland’s wire tap law allows recording of both voice and sound in areas where privacy cannot be expected. He ruled that a police officer on a traffic stop has no expectation of privacy.

Read more in the Baltimore Sun. Via @Marshallyoum

What is the opposite of Facebook?


N Korea propaganda gears up for younger Kim

Teachers in North Korea had already been telling their pupils that a brilliant young general was waiting in the wings to succeed Kim Jong-il, the country’s dictator.

But few people inside the hermit kingdom actually knew anything about Kim Jong-eun, the third son of the ailing dictator who was unveiled on Tuesday as the heir apparent.

That will change now that the Pyongyang propagandists can broadcast a full mythology for the younger Kim, who was appointed as a general in the first concrete sign that he is being groomed for the top job. North Korean state media has never before mentioned any of Mr Kim’s three known sons.

… If an unravelling state were not challenge enough for Kim Jong-eun, succeeding his father may not be straightforward. Choi Choon-heum, senior research fellow at the Korea institute of National Unification, stressed that loyalty from the million-man army could not be taken for granted.

For this reason, Kim Jong-il gave a four-star generalship to both his son and his sister Kim Kyong-hui who is his closest confidante.

… Very few North Koreans have even seen an image of the heir apparent. Once the official propaganda engines crank into life this week, however, his poster is likely to be on every street corner. At that stage, it would indeed be unthinkable for any rival to challenge the official state mythology.

I know some folks who have a website AND have published books. Perhaps this is useful?


Amazon Debuts “Kindle for the Web”, Which Is Pretty Much What It Sounds Like

Amazon.com today introduced the beta version of “Kindle for the Web”, which enables people to read and share digital book samples in their browsers without the need to install or download anything.

The company says it aims to lure bloggers and website publishers who participate in the Amazon Associates Program to embed samples of Kindle books on their websites (here’s how).

It seems like a win: these website owners will earn referral fees from Amazon when customers complete book purchases using the links on their websites.

Website visitors can simply click the “Read first chapter FREE” button on a book product page on Amazon or on other websites, and the first chapter will open within the web page.

For my Business and website students...


HeadStartup.com - Apps &Tools For Startups

Head Startup is a website wholly devoted to the listing of tools and web applications that startup companies could find interesting. The idea is to let entrepreneurs have access to quality tools that are either inexpensive, or that can be used at a cost that is negligible.

On the site, visitors can look for applications by browsing through the available categories or by launching a search by keyword.


No comments: