Compliance Is Wasted Money, Study Finds
Posted by Soulskill on Monday April 05, @04:12PM
Trailrunner7 writes
"Enterprises are spending huge amounts of money on compliance programs related to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected in light of the priorities of most information security programs, a new study has found. A paper by Forrester Research, commissioned by Microsoft and RSA, the security division of EMC, found that even though corporate intellectual property comprises 62 percent of a given company's data assets, most of the focus of their security programs is on compliance with various regulations. The study found that enterprise security managers know what their companies' true data assets are, but find that their security programs are driven mainly by compliance, rather than protection (PDF)."
Following up on one of the “big” attacks.
http://www.bespacific.com/mt/archives/023944.html
April 05, 2010
Shadows in the Cloud: Investigating Cyber Espionage 2.0
Information Warfare Monitor: "The Information Warfare Monitor/ (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) and the Shadowserver Foundation announce the release of Shadows in the Cloud: An investigation into cyber espionage 2.0. The report documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries."
New York Times: Researchers Trace Data Theft to Intruders in China
I wonder if something like this will spread to other law schools?
Naming and Shaming Toxic Web Apps
Posted by Soulskill on Monday April 05, @02:55PM
itwbennett writes
"Stanford Law School has released a wiki called WhatApp?, where users can rate all manner of web apps, browsers, mobile platforms, mobile apps, and social network apps on their security, privacy, and openness. Currently, the wiki 'lists some 200+ apps, but most of them have not been reviewed yet. So they need a lot of help,' writes blogger Dan Tynan. 'To review an app you select it from the list, then fill out a 9-question form rating its privacy, security, and openness, ranging from 5 (very private, secure, and open) to 1 (a steaming pile of vulnerabilities and violations).'"
For my Hacking students...
http://news.cnet.com/8301-27080_3-20001792-245.html
Exploits not needed to attack via PDF files
by Elinor Mills April 5, 2010 3:32 PM PDT
Portable Document Format (PDF) files could be used to spread malware to clean PDF files stored on a target computer running Adobe Acrobat Reader or Foxit Reader PDF software, a security researcher warned on Monday.
… The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway.
Turning off JavaScript would not prevent the attack. It also does not require that the attacker exploit a vulnerability in the PDF reader itself.
Hope is not the best strategy.
Colleges Dream of Paperless, iPad-centric Education
By Brian X. Chen April 5, 2010 6:28 pm
Three universities are getting pumped to hand out free iPads to students and faculty with hopes that Apple’s tablet will revolutionize education.
… One hitch in the universities’ plans is that Apple has not inked deals with any textbook publishers to bring their offerings to the iPad’s iBooks store. So far Apple and publishers have only formed partnerships around e-books for fiction and nonfiction titles, like those available for the Kindle.
For textbooks, students can currently access about 10,000 e-textbooks through a third-party company called CourseSmart, which includes titles from the five biggest textbook publishers. CourseSmart is a subscription-based service that charges a fee for students to access e-textbooks of their choice for a limited time. The company has already announced an iPad app (demonstrated below).
No comments:
Post a Comment