Monday, July 31, 2006

Wow! This works on so many levels... (1) The promise of the Internet (reliable communications even during nuclear war) has been realized! (2) We ain't afeared o' no North Korean nuke-missile! (3) Space is becoming busy again, we need more space for the monitors.

http://politics.slashdot.org/article.pl?sid=06/07/30/174236&from=rss

Cheyenne Mountain Shutting Down

Posted by Zonk on Sunday July 30, @01:32PM from the stargate-shut-down dept. Space United States Politics Technology

WilliamSChips writes "The United States military has announced that they are shutting down the facility at Cheyenne Mountain, home to the high-tech NORAD which tracks every object in the sky. NORAD's operations will be moved to the nearby Peterson Air Force base. The mountain facility is being placed on standby in case they need it again." From the article: "The Cheyenne Mountain center, at the eastern foot of the Rockies near the base of Pikes Peak, was constructed underground in the mid-1960s. Fearing nuclear attacks at the time, the United States built sites such as the Cheyenne Mountain complex. The Navy prepared a floating White House aboard the communications cruiser USS Northampton, in case the president needed to be evacuated from U.S. soil. Another protective bunker was created near White Sulphur Springs, W.Va., for members of Congress."



Most users would not be into the whole “Learn everything about your attacker” scene. They only want, “Stop it! Go away!” Is there an outsource market for this?

http://it.slashdot.org/article.pl?sid=06/07/30/179220&from=rss

Fun Things To Do With Your Honeypot System

Posted by Zonk on Sunday July 30, @02:27PM from the more-than-just-keeping-bees dept. Security IT

An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."



http://hardware.slashdot.org/article.pl?sid=06/07/30/2124225&from=rss

50th Anniversary of the First Hard Drive

Posted by Zonk on Sunday July 30, @06:33PM from the whirrr-click dept. IBM Data Storage

ennuiner writes "Over at Newsweek Steven Levy has a column commemorating IBM's introduction of the first hard drive 50 years ago. The drive was the size of two refrigerators, weighed a ton, and had a vast 5MB capacity. They also discuss the future of data storage." From the article: "Experts agree that the amazing gains in storage density at low cost will continue for at least the next couple of decades, allowing cheap peta-bytes (millions of gigabytes) of storage to corporations and terabytes (thousands of gigs) to the home. Meanwhile, drives with mere hundreds of gigabytes will be small enough to wear as jewelry."



Think of it like those recoverable document revisions (or not quite redacted passages) in Word. Another technique the e-discovery people will need to perfect and automate.

http://yro.slashdot.org/article.pl?sid=06/07/31/0044201&from=rss

Microsoft Adds Risky System-Wide Undelete to Vista

Posted by Zonk on Sunday July 30, @09:43PM from the choose-wisely dept. Windows Privacy Microsoft IT

douder writes "Windows Vista will have a new 'previous versions' feature when it ships next year. According to Ars Technica, the feature is built off of the volume shadow copy technology from Windows XP and Windows Server 2003. Now turned on by default, the service stores the modified versions of a user's documents, even after they are deleted. They also report that you can browse folders from within Explorer to see snapshots of what they contained over time. It can be disabled, but this seems like a privacy concern." From the article: "Some users will find the feature objectionable because it could give the bossman a new way to check up on employees, or perhaps it could be exploited in some nefarious way by some nefarious person. Previous versions of Windows were still susceptible to undelete utilities, of course, but this new functionality makes browsing quite, quite simple. On the other hand, it should be noted that 'Previous Versions' does not store its data in the files themselves. That is, unlike Microsoft Office's 'track changes,' files protected with 'Previous Versions' will not carry their documentary history with them."



Convergence

http://hosted.ap.org/dynamic/stories/V/VERIZON_WIRELESS_MUSIC?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Verizon Wireless to End Music Download Fee

By BRUCE MEYERSON AP Business Writer Jul 31, 1:39 AM EDT

NEW YORK (AP) -- Verizon Wireless is eliminating the monthly $15 fee for its music download service in conjunction with the launch of a cell phone featuring an iPod-like click wheel and a memory card that can hold up to 1,000 songs.



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=112499&source=rss_news50

Learn the Science of Compliance to Survive

Douglas Schweitzer July 31, 2006 (Computerworld)

... Not only is data required to be retained for a specific time period, but it is also to be done in a secure fashion, as per legislation like the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, the Federal Information Security Management Act and California's SB 1386.

... New accountability regulations are forcing businesses (and their executives) to ensure that not only is company data accurate, but also that consumer data is adequately secured. [Except on laptops? Bob]

With the growing number of regulations, those in charge of privacy and security compliance need comprehensive and practical information about the issues they must address -- and it's often up to them to find that information. [Guidelines would be useful! Bob] Compliance with regulatory requirements means that businesses have to dedicate personnel to the task, in effect maintaining a staff just for that purpose. The extent of the hours to be committed is especially evident, for instance, in the portion of the Sarbanes-Oxley Act that requires that records of electronic communications be tamperproof and that electronic storage media be kept in nonrewritable, nonerasable formats. Here, electronic communications includes not only e-mail, but instant messaging and some phone communications as well.

... The National Institute of Standards and Technology offers an introductory resource guide for implementing HIPAA, which can be found at http://csrc.nist.gov/publications/nistpubs/800-66/SP800-66.pdf. The Federal Trade Commission offers advice for complying with the financial privacy requirements of Gramm-Leach-Bliley at www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm. A growing number of consultancies have arisen that do nothing but guide companies through the thicket of compliance.



If you were managing this, rather than reacting to the unexpected, you would plan to make theft of a laptop a trivial event. Why would you plan to put all the company's data on every laptop? (see the story above)

http://www.eweek.com/article2/0,1759,1996020,00.asp?kc=EWRSS03119TX1K0000594

Preparation Eases the Pain of Stolen Laptops

July 30, 2006 By Matt Hines

... Before the end of the current session, the U.S. House of Representatives is expected to vote on the passage of the Financial Data Protection Act of 2005, which aims for more stringent reporting requirements for businesses that lose or mishandle sensitive customer data.

Much as similar laws passed by individual states have pushed the problem into the spotlight, the bill, if passed, is likely to force companies to be even more open about their technology-related missteps.

... "Nobody wants to be on the 6 o'clock news, and the reality is that we do lose equipment every year," said Bill Jenkins, director of IT for Unicco, a provider of facility management services in Newton, Mass.

"And no matter how hard you try to educate your users, some people will always do stupid things and walk around with data they shouldn't, even when you've told them not to do so." [Manage it! You can always prevent or at least detect employees (anyone) moving thousands of records to their laptop. Bob]

... According to a report issued by the FBI, roughly one in 10 laptops will eventually be lost or stolen. [Can this be true? Bob]

... Executives at Pointsec Mobile Technologies, which markets endpoint device encryption applications, said enterprises must start with an internal policy that dictates how sensitive every piece of information is and how that specific data and the device it resides on must be protected.



“I can do that heart transplant for $19.95!” Dr. Earl Scheib

http://www.latimes.com/business/la-fi-outsource30jul30,0,2330630.story?coll=la-home-headlines

U.S. Employers Look Offshore for Healthcare

As costs rise, workers are being sent abroad to get operations that cost tens of thousands more in the U.S.

By Daniel Yi Times Staff Writer July 30, 2006

... Carl Garrett of Leicester, N.C., will fly to a state-of-the-art New Delhi hospital in September for surgeries to remove gallstones and to fix an overworn rotator cuff. His employer, Blue Ridge Paper Products Inc. of Canton, N.C., will pay for it all, including airfare for Garrett and his fiancee. The company also will give Garrett a share of the expected savings, up to $10,000, when he returns.

... Blue Ridge, which employs 2,000 and funds its own health plan, began studying the idea out of frustration with rising rates at local hospitals, company officials said. Blue Ridge's healthcare costs have doubled in the last five years, to about $9,500 a year per employee.

"The hospitals have a monopoly. They don't care, because where else are patients going to go?" said benefits director Bonnie Blackley. "Well, we are going to go to India."

Every year, tens of thousands of Americans travel abroad for cheaper tummy tucks and angioplasties. This "medical tourism" has typically been reserved for uninsured procedures or uninsured patients.

... A coronary artery bypass surgery costs about $6,500 at Apollo Hospitals in India, Milstein estimated.

The average price in California is $60,400.

No comments: