General discussion

Locked

Bill's Computer Crime Watch List

By Bill Detwiler Editor ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

155 total posts (Page 1 of 16)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Lock down your laptops

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

MCI is learning the hard way that laptops, and other portable devices, that story sensitive information should be carefully controlled and adequately secured. On Monday, <a href="http://news.com.com/MCI+says+laptop%2C+employee+data+was+stolen/2100-1029_3-5716534.html" target="_blank">News.com published a Reuters' story</a> about an MCI laptop stolen from an employee's car. According to the report, the laptop contained the "names and Social Security numbers of about 16,500 current and former employees of MCI ".<br><br>The MCI incident is just one in a string of laptop security leaks. In December, thieves made off with a laptop belonging to the Delta Blood Bank, which contained the personal information of 100,000 blood donors. UCLA's Blood and Platelet Center felt the sting in November 2003 and June 2004, when two laptops containing the combined personal information of 145,000 blood donors were stolen.<br><br>Unfortunately these thefts of private laptops pale in comparison to U.S. government laptop losses. A 2002 report from the Justice Department's inspector general reported at least <a href="http://news.com.com/Feds+balk+when+laptops+walk/2100-1001_3-948595.html" target="_blank">400 laptop computers were missing or stolen</a> from agencies such as the FBI, U.S. Marshals Service, and Drug Enforcement Administration.<br><br>If you're going to store sensitive information on portable devices, IT departments must take appropriate measure to lock down those machines, such as: using power-on, BIOS passwords, using password-protected user accounts, and encrypting all sensitive data. Above all else, IT departments should train laptop user how not to lose their laptop in the first place. <a href="http://techrepublic.com.com/5100-1035_11-1043761.html" target="_blank">Teach users these five laptop security musts</a>.

Collapse -

Toyota Prius immune to virus attack--for now

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

According to antivirus software developer F-Secure, the <a href="http://www.virusthreatcenter.com/virus.aspx?virus=87" target="_blank">Cabir mobile-phone worm</a> cannot infect a Bluetooth-enabled Toyota Prius. During a <a href="http://www.f-secure.com/weblog/archives/archive-052005.html#00000553" target="_blank>recent test,</a> F-Secure technicians tried to transmit the Cabir.B and Cabir.H worms to a Toyota Prius without success. This puts to rest rumors that Toyota and Lexus cars with Bluetooth capability are susceptible to Cabir infection.

Unfortunately, I doubt this trend of immunity will continue indefinitely. As more retail electronics and are controlled by virus-susceptible operating systems, malware miscreants will increasingly target those systems. Personally I'm waiting for the first toaster virus that burns my breakfast.

Collapse -

Toyota Prius immune to virus attack---for now

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

According to antivirus software developer F-Secure, the <a href="http://www.virusthreatcenter.com/virus.aspx?virus=87" target="_blank">Cabir mobile-phone worm</a> cannot infect a Bluetooth-enabled Toyota Prius. During a <a href="http://www.f-secure.com/weblog/archives/archive-052005.html#00000553" target="_blank>recent test,</a> F-Secure technicians tried to transmit the Cabir.B and Cabir.H worms to a Toyota Prius without success. This puts to rest rumors that Toyota and Lexus cars with Bluetooth capability are susceptible to Cabir infection.

Unfortunately, I doubt this trend of immunity will continue indefinitely. As more retail electronics and are controlled by virus-susceptible operating systems, malware miscreants will increasingly target those systems. Personally I'm waiting for the first toaster virus that burns my breakfast.

Collapse -

Toyota Prius immune to virus attack----for now

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

According to antivirus software developer F-Secure, the <a href="http://www.virusthreatcenter.com/virus.aspx?virus=87" target="_blank">Cabir mobile-phone worm</a> cannot infect a Bluetooth-enabled Toyota Prius. During a <a href="http://www.f-secure.com/weblog/archives/archive-052005.html#00000553" target="_blank">recent test,</a> F-Secure technicians tried to transmit the Cabir.B and Cabir.H worms to a Toyota Prius without success. This puts to rest rumors that Toyota and Lexus cars with Bluetooth capability are susceptible to Cabir infection.

Unfortunately, I doubt this trend of immunity will continue indefinitely. As more retail electronics and are controlled by virus-susceptible operating systems, malware miscreants will increasingly target those systems. Personally I'm waiting for the first toaster virus that burns my breakfast.

Collapse -

I'm ready for biometric authentication

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

While speaking at a conference sponsored by Australia's national Computer Emergency Response Team (AusCERT), Jesper Johansson, Microsoft's senior program manager for security policy, suggested IT departments change decades of common policy, and encourage users to write down their passwords. <a href="http://news.com.com/Microsoft+security+guru+Jot+down+your+passwords/2100-7355_3-5716590.html" target="_blank">According to Johansson</a>, users required to remember passwords on dozens of separate accounts will often use the same password for all--thus "reducing overall security".<br><br>As someone with at least 15 different accounts, I understand Johansson's suggestion, but feel it's just a temporary solution. Encrypted password files and RSA tokens (which I've used in the past) offer higher security than simple passwords, but are also vulnerable to forgetful users.<br><br>Personally I'm ready for biometric authentication--thumb prints, iris scans, hand geometry, what ever. Electronic manufacturers should settle on a highly-secure standard and implement that technology across the board--computers, automobiles, ATMs, doors, and so forth. I don't mind pairing my thumb print with a single password or pin. Having worked with end users for many years, I doubt most will have trouble remembering ONE alphanumeric key. Problems arise when we ask the average person to remember 20 different keys.

Collapse -

I'm ready for biometric authentication

by Rbencheikh In reply to I'm ready for biometric a ...

<p>I agree with you 100%, government agencies and other bodies are still experimenting with the different biometric authentication devices, I don't think it's 100% bullet proof, show me one system that is, you hear the bad publicity from time to time, like <a href="http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm ">http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm </a> . we have to educate users, there are many issues and implications we have to look at before starting using biometrics, saying that, i still think biometrics are the way forward to secure authentication.</p>
<p>R Bencheikh   <a href="http://www.thebiometrix.com">http://www.thebiometrix.com</a></p>

Collapse -

Computer criminals hold files for ransom

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

Cyberscofflaws are now using encryption to hijack and ransom users files, <a href="http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=194" target="_blank">according to Websense</a>, a California-based Web security firm. <a href="http://news.com.com/Miscreants+encrypt+files%2C+hold+them+for+ransom/2100-7349_3-5718678.html" target="_blank">News.com reports</a> that a Websense customer was victimized in early May, 2005. The victim visited a malicious Web site exploited a known vulnerability in Internet Explorer to surreptitiously install the PGPcoder/Gpcode Trojan. The malware selected 15 files from the victim's hard drive, encrypted the files, removed the originals, and then presented a message asking $200 for the encryption key. Fortunately, Websense was able to break the malware's simple encryption and decode the files.

Although not yet a common attack, this type of attack will only increase. Pranksters and academics no longer dominate the computer crime landscape. Organized criminal groups are following the money into cyberspace. Electronic ransom and blackmail through DoS and DDoS attacks offer the opportunity for significant gain with little, or no, chance of being caught and severely punished. Ransoming individual files or individual systems is unfortunately a natural progression.

Collapse -

Computer criminals hold files for ransom

by shekharriyat In reply to Computer criminals hold f ...

It's good. Nice blog. keep it up. Visit us at <a href="http://www.indiatimes.com">jack</a>

Collapse -

Bank of American fights phishers but malicious insiders pose greater threat

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

<strong>Bank of America</strong> is <a href="http://news.com.com/Bank+of+America+takes+on+cyberscams/2100-1029_3-5722035.html">rolling out a new security measure</a> to
fight phising scams. The new SiteKey system uses images and text to reassure
customer they are using a genuine Bank of America Web site.


<p>While I'm glad Bank of America is taking steps to protect
their customers from phishing attacks, I'm more concerned with insider data
theft. <a href="http://news.com.com/More+arrests+promised+in+bank+data+theft/2100-7348_3-5716710.html">In May</a> Bank of America notified at least
<strong>60,000 customers</strong> that their accounts <strong>might be at risk</strong>. Bank of America
employees gave or sold account information to DRL Associates, a company that
claimed to provide bank account, balance, and employment information to debt
collectors. The data was then sold to collection agencies and law firms, among
others. In February Bank of America lost backup tapes containing Social Security
numbers and credit card information of 1.2 million U.S. government employees.</p>
<p>Malicious employees and data handling mistakes pose a far
greater risk than phishing attacks. Recent security breaches illustrate that Bank
of America and other organizations could do better do protect the person data
customers entrust them with.</p>

Collapse -

Attending Tech-Ed 2005

by Bill Detwiler Editor In reply to Bill's Computer Crime Wat ...

I'll be attending Tech-Ed 2005 Monday 6/6 through mid-day
Wednesday 6/8. Last week I used Microsoft's Breakout Sessions Calendar to
organize my TechEd schedule. The tool worked well when using IE, but failed to
function using Firefox--imagine that.<br />
<br />
My schedule focuses heavily on the Security track. I'll be attending Gord
Mangione's, VP of Microsoft Security, strategic Security briefing on Monday
morning. According to <a href="http://www.microsoft.com/events/teched2005/default.mspx">Microsoft's Tech-Ed Web site</a>, Mangione will discuss "his
perspective on the state of security today, the importance of continued
innovation, and advances in Microsoft's platform, products, and technologies
designed to better protect customers". I'll be interested to hear what
Mangione says about Trustworthy Computing and Windows' support for two-factor
authentication.

Back to After Hours Forum
155 total posts (Page 1 of 16)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums