Friday, October 24, 2008

Another TJX connection?

http://www.pogowasright.org/article.php?story=20081024023735559

US agents helped unmask Swedish credit card swindler

Friday, October 24 2008 @ 02:37 AM EDT Contributed by: PrivacyNews

Assistance from the US Secret Service led to the indictment on Thursday of a Swedish man suspected of involvement in the ShadowCrew cybercrime network.

Known by the online alias “Kafka”, the 27-year-old resident of Mjölby in central Sweden has been under investigation for four years, reports the Östgöta Correspondenten newspaper.

He is suspected of taking part in a sophisticated international criminal network accused of stealing millions of credit card numbers form major US-based retail chains.

Source - The Local



Nothing earthshaking, but Guides are always useful.

http://www.schneier.com/blog/archives/2008/10/ansi_cyberrisk.html

ANSI Cyberrisk Calculation Guide

Interesting:

In a nutshell, the guide advocates that organizations calculate cyber security risks and costs by asking questions of every organizational discipline that might be affected: legal, compliance, business operations, IT, external communications, crisis management, and risk management/insurance. The idea is to involve everyone who might be affected by a security breach and collect data on the potential risks and costs.

Once all of the involved parties have weighed in, the guide offers a mathematical formula for calculating financial risk: Essentially, it is a product of the frequency of an event multiplied by its severity, multiplied by the likelihood of its occurrence. If risk can be transferred to other organizations, that part of the risk can be subtracted from the net financial risk.

Guide is here.



Cloud Computing is coming. My students will be pleased to see these additions, but they still have a few more items on their “want list”

http://tech.slashdot.org/article.pl?sid=08/10/24/1322239&from=rss

Amazon Beefs Up Its Cloud Ahead of MS Announcement

Posted by kdawson on Friday October 24, @09:40AM from the hey-you-get-offa-my dept.

Amazon has announced several major improvements to its EC2 service for cloud computing. The service is now in production (no longer beta); it offers a service-level agreement; and Windows and SQL Server are available in beta form. ZDNet points out that all this news is intended to take some wind out of Microsoft's sails as MS is expected to introduce its own cloud services next week at its Professional Developers Conference.



Ignorance is (a hacker's) bliss

http://www.cio.com/article/451092/Why_Technology_Isn_t_The_Answer_To_Better_Security

Why Technology Isn't The Answer To Better Security

You've beefed up your IT security arsenal, and you're focused on compliance. But you're still vulnerable. Here's why.

By Kim S. Nash

October 15, 2008 — CIO — Not to be alarmist, but WAKE UP, PEOPLE! Our information security is, in many ways, failing.

… In this, our sixth year of conducting the "Global State of Information Security" survey with PricewaterhouseCoopers, we got an earful about the challenges, worries and wins in security technology, process and personnel.

… However—and this is serious, folks—too many organizations still lack coherent, enforced and forward-thinking security processes, our survey shows.

… For instance, 56 percent of respondents employ a security executive at the C level, down 4 percent from last year. You comb network logs for fishy activity, but just 43 percent of you audit or monitor user compliance with your security policies (if you have them).



It's not security, it's security theater...

http://yro.slashdot.org/article.pl?sid=08/10/24/0428245&from=rss

Researchers Find Problems With RFID Passport Cards

Posted by timothy on Friday October 24, @05:11AM from the clearly-unpossible dept. Privacy United States

An anonymous reader writes

"Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card."

You can also read the summary of the researchers' report.

[From the article:

... Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected.

... Another danger is that hackers could cause EDLs to self-destruct by sending out a certain number, they said.



Not much detail, but you get the idea. Very clever!

http://it.slashdot.org/article.pl?sid=08/10/24/0034202&from=rss

Exchanging Pictures To Generate Passwords

Posted by timothy on Thursday October 23, @08:59PM from the worth-a-thousand-words dept. Security Encryption

Roland Piquepaille writes

"Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"



So is the market for Stanley Steamer repairmen...

http://developers.slashdot.org/article.pl?sid=08/10/23/1746254&from=rss

Cobol Job Market Heating Up

Posted by timothy on Thursday October 23, @02:12PM from the dress-the-part-at-the-interview dept. Businesses The Almighty Buck

snydeq writes

"Developers seeking job security in the years ahead could find an unlikely edge in Cobol. According to an InfoWorld report, demand for Cobol skills is surging, with salaries on the rise. More importantly, the short supply of offshore Cobol programmers and the fact that mainframes aren't going away anytime soon are spurring longevity for big-iron skills, with many companies looking to hire in-house Cobol pros to bridge mainframe Cobol apps to the rest of the enterprise. The report provides further evidence that Cobol may indeed be primed for a comeback, with new kinds of Cobol integration jobs emerging to prove old-guard skills are critical to some of the hottest areas of software development today."



Tools & Techniques. This is the kind of link I keep in the “Swiss Army Knife” folder on my thumbdrive for those odd occasions when I'm not at my desk and need a tool.

http://www.killerstartups.com/Web-App-Tools/pdfundo-net-free-pdf-to-word-conversion

PDFUndo.net - Free PDF To Word Conversion

Simply put it, PDFUndo is a nifty little tool that will allow you to quickly convert any PDF file into a word document. The emphasis is on ease of use, as this solution is wholly web-based and there is no need for software installs of any kind. Moreover, you don’t need to register or provide any information or particulars whatsoever.

The system is implemented as follows: you upload your document to the site and then hit the “Convert to Word” button. Once this has been dealt with, you can download the Word document that has been created by following the provided link.

On the other hand, a desktop version of PDFUndo can be downloaded for free in the event you wish to work offline. Other than that, it works in almost the same manner – you choose the PDF file and it is duly converted and ready to use and edit at will.

http://pdfundo.net/convert/



Die, Microsoft dog!

http://news.slashdot.org/article.pl?sid=08/10/23/1627250&from=rss

Russia Mandates Free Software For Public Schools

Posted by CmdrTaco on Thursday October 23, @12:36PM from the in-soviet-russia-joke-makes-you dept. Education Software IT

Glyn Moody writes

"After running some successful pilots, the Russian government has decided to make open source the standard for all schools. If a school doesn't want to use the free software supplied by the government, it has to buy commercial licenses using its own funds. What's the betting Microsoft starts slashing its prices in Russia?"



I've said it before, we need virtual lawyers! (Gamers take things too seriously...)

http://news.slashdot.org/article.pl?sid=08/10/23/2020223&from=rss

Dutch Court Punishes Theft of Virtual Property

Posted by timothy on Thursday October 23, @05:04PM from the pick-a-fight-your-first-day-with-the-toughest-avatar dept. The Courts Real Time Strategy (Games) The Almighty Buck

tsa writes

"Last week, the Dutch court subjected two kids of ages 15 and 14 to 160 hours of unpaid work or 80 days in jail, because they stole virtual property from a 13-year-old boy. The boy was kicked and beaten and threatened with a knife while forced to log into Runescape and giving his assets to the two perpetrators. This ruling is the first of its kind for the Netherlands. Ars Technica has some more background information."

In Japan, meanwhile, a woman has been arrested for "illegally accessing a computer and manipulating electronic data" after (virtually) killing her (virtual) husband.


Perhaps a virtual lawyer will deffend her in virtual court?

http://blog.wired.com/27bstroke6/2008/10/woman-arrested.html

Woman Arrested After Killing Virtual Ex-Husband

By David Kravets October 23, 2008 | 7:32:20 PM

A 43-year-old Japanese woman, angry over a sudden divorce in the virtual online game Maple Story, has been arrested on suspicion of hacking into the game where she killed her once-virtual husband, authorities said.

Authorities said the Miyazaki woman illegally accessed the game with a password she hijacked from a colleague. That made it appear as if her coworker committed the online murder.

According to The Associated Press, the woman told police: "I was suddenly divorced, without a word of warning. That made me so angry."

The hacking allegation carries a maximum five-year prison term.

No comments: