I am seeing (noticing?) an increase in the number of articles that discuss poor security in organizations as if the reporters had actually spent a few minutes looking up “best practices.” Bravo!
http://www.sbpost.ie/post/pages/p/story.aspx-qqqt=IRELAND-qqqm=news-qqqid=34731-qqqx=1.asp
Government laptops not encrypted
27 July 2008 By Dick O’Brien
Seven government departments do not use encryption technology on officially-issued laptop computers and USB memory keys, The Sunday Business Post has learned.
Four other departments use encryption only on selected machines or are still obtaining the technology. A spokesman for the Department of the Environment said that data held on its laptops and USB keys was not encrypted.
He said that the department regularly conducted security reviews and that encryption technology might be introduced in the future. ‘‘Generally, though, laptops would not hold any personal details or sensitive material,” he said. [This is like asking, “Which petard will you be hoist on?” Bob
Toward ubiquitous surveillance...
http://www.killerstartups.com/Web-App-Tools/docmetrics-com-track-statistics-for-your-pdfs
DocMetrics.com - Track Statistics for Your PDFs
DocMetrics is a Canadian startup which offers its customers the ability to better track how their PDF files are being used. E-book publishers and companies that use PDF documents to distribute their marketing collateral are able to track how many people have read the document, the number of pages they’ve read, and even the number of times its been printed. DocMetrics also works as a lead-generation tool by allowing companies to embed forms and surveys directly into the documents and thereby capture pertinent data. If you regularly publish PDF documents and you want to be able to maximize the data garnered from this distribution, DocMetrics could be the way to go.
The emperor has no clothes...
http://www.pogowasright.org/article.php?story=20080727064021607
CDT Policy Post: Security and Privacy Issues Associated With Federal RFID-Enabled Documents
Sunday, July 27 2008 @ 06:40 AM EDT Contributed by: PrivacyNews
From CDT:
CDT issued a policy post today addressing security and privacy issues associated with federal RFID-enabled border crossing documents. CDT traces the troubling history of the U.S. government's adoption of this flawed technology despite warnings from internal government watchdogs. DHS response to security and privacy concerns has been inadequate, CDT said. RFID-enabled border crossing documents could fall victim to "mission creep," like the Social Security Number before them, and become a target for identity thieves, CDT said, noting there is still time for the Congress and public to act, forcing the State Department and DHS to reconsider the using this flawed technology.
Source - Policy Post 14.11
Do they hold a Copyright or a Patent?
http://science.slashdot.org/article.pl?sid=08/07/26/1710254&from=rss
NOAA Requires License For Photos of the Earth
Posted by timothy on Saturday July 26, @02:40PM from the agressive-product-placement dept. Space United States Science
Teancum writes
"In an interesting show of the level of regulations private spacecraft designers have to go through, the National Oceanic and Atmospheric Administration (NOAA) has demanded that American participants of the Google Lunar X Prize obtain a license if their spacecraft are 'capable of actively or passively sensing the Earth's surface, including bodies of water, from space by making use of the properties of the electromagnetic waves emitted, reflected, or diffracted by the sensed objects.' What prompted NOAA to ask for this license came from a visit by the XPrize staff to the NOAA offices in Maryland. What is going to happen when 'space tourists' bring their private cameras along for the ride?"
[From the comments:
...this is pursuent to the Land Remote Sensing Policy Act of 1992 [ http://geo.arc.nasa.gov/sge/landsat/15USCch82.html ]
For my security students to debate. (Comments are interesting, but no clear philosophy emerges. -- suggesting we need to write an article.)
http://ask.slashdot.org/article.pl?sid=08/07/26/2219246&from=rss
Are There Any Smart E-mail Retention Policies?
Posted by timothy on Saturday July 26, @07:30PM from the don't-use-email-any-more dept. Communications Data Storage
An anonymous reader writes
"In an age of litigation and costly discovery obligations, many organizations are embracing policies which call for the forced purging of e-mail in an attempt to limit the organization's exposure to legal risk. I work for a large organization which is about to begin destroying all e-mail older than 180 days. Normally, I would just duck the house-cleaning by archiving my own e-mail to hard-drive or a network folder, but we are a Microsoft shop and the Exchange e-mail server is configured to deny all attempts to copy data to an off-line personal folder (.PST file). The organization's policy unhelpfully recommends that 'really important' e-mails be saved as Word documents. Is anybody doing this right? What do Slashdot readers suggest for a large company that needs to balance legal risks against the daily information and communication needs of its staff?"
Implications for the cloud? Sacrificing “absolute” failure protection for speed?
http://news.slashdot.org/article.pl?sid=08/07/26/2113243&from=rss
Amazon Explains Why S3 Went Down
Posted by timothy on Saturday July 26, @05:33PM from the not-mere-sluttiness dept. Bug The Internet IT News
Angostura writes
"Amazon has provided a decent write-up of the problems that caused its S3 storage service to fail for around 8 hours last Sunday. It providers a timeline of events, the immediate action take to fix it (they pulled the big red switch) and what the company is doing to prevent re-occurrence. In summary: A random bit got flipped in one of the server state messages that the S3 machines continuously pass back and forth. There was no checksum on these messages, and the erroneous information was propagated across the cloud, causing so much inter-server chatter that no customer work got done."
No comments:
Post a Comment