Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: PC Security

Congress Tells DoD to Report on Leaks

Secrecy News – Steven Aftergood: For the next two years, Congress wants to receive quarterly reports from the Department of Defense on how the Pentagon is responding to leaks of classified information. The reporting requirement was included in the pending National Defense Authorization Act for FY 2015 (Sec. 1052).
“Compromises of classified information cause indiscriminate and long-lasting damage to United States national security and often have a direct impact on the safety of warfighters,” the Act states. “In 2010, hundreds of thousands of classified documents were illegally copied and disclosed across the Internet,” it says, presumably referring to the WikiLeaks disclosures of that year. “In 2013, nearly 1,700,000 files were downloaded from United States Government information systems, threatening the national security of the United States and placing the lives of United States personnel at extreme risk,” the Act states, in a presumed reference to the Snowden disclosures. “The majority of the information compromised relates to the capabilities, operations, tactics, techniques, and procedures of the Armed Forces of the United States, and is the single greatest quantitative compromise in the history of the United States.” The Secretary of Defense will be required to report on changes in policy and resource allocations that are adopted in response to significant compromises of classified information. The defense authorization act does not address irregularities in the classification system, such as overclassification or failure to timely declassify information. It does call for additional reporting on the Department of Defense “insider threat” program (Sec. 1628), and on “the adoption of an interim capability to continuously evaluate the security status of the employees and contractors of the Department who have been determined eligible for and granted access to classified information.” By definition, this continuous evaluation approach does not focus on suspicious individuals or activities, but rather is designed to monitor all security-cleared personnel.”

Regin: Top-tier espionage tool enables stealthy surveillance

Symantec Security Response: ” An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.  An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since atContinue Reading

Understand the Cost of Cyber Security Crime

HP Report – Cyber Crime Costs Continue to Grow: “Cyber crimes are growing more common, more costly, and taking longer to resolve. Those are among the findings of the fifth annualCost of Cyber Crime Study conducted by the respected Ponemon Institute on behalf of HP Enterprise Security. The 2014 global study of U.S.-based companies, which spannedContinue Reading

Security in the New Mobile Ecosystem – Report

“Ponemon Institute and Raytheon are pleased to present the findings of Security in the New Mobile Ecosystem (reg. req’d). The purpose of this research is to examine the impact of mobile devices, mobile apps and the mobile workforce (a.k.a. mobile ecosystem) on the overall security posture of organizations in the United States. Security is sacrificed for productivity.Continue Reading

Is Your Company Ready for a Big Data Breach?

The Second Annual Study on Data Breach Preparedness – Ponemon Institute© Research Report – Sponsored by Experian® Data Breach Resolution – Independently conducted by Ponemon Institute LLC. Publication Date: September 2014. “Data breaches are increasing in frequency. Forty-three percent of respondents say their companies had a data breach involving the loss or theft of more than 1,000 records, anContinue Reading

Taking Steps to Improve Federal Information Security

Beth Cobert, Deputy Director for Management at the Office of Management and Budget  “In a rapidly changing technological environment, we must have robust procedures, policies, and systems in place to protect our nation’s most sensitive information. Growing cybersecurity threats make it ever more important for the Federal government to maintain comprehensive information security controls to assessContinue Reading

National Cyber Security Awareness Month 2014

DHS: “The Internet is part of everyone’s life, every day. We use the Internet at work, home, for enjoyment, and to connect with those close to us. However, being constantly connected brings increased risk of theft, fraud, and abuse. No country, industry, community, or individual is immune to cyber risks. As a nation, we face constantContinue Reading

New on LLRX – Four Part Series on Privacy and Data Security Violations

Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches. Privacy and Data Security Violations: What’s the Harm? – Daniel J. Solove is a Law professor at George Washington University Law School, an expert in information privacy law, and founder of TeachPrivacy, a privacy and securityContinue Reading

Backoff: New Point of Sale Malware

“This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharingand Analysis Center (FS-ISAC), and Trustwave Spiderlabs, acting under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense. Recent investigations revealedContinue Reading

Report: British spy agency scanned for vulnerable systems in 32 countries

PCWorld via Mikael Ricknäs: “British intelligence agency GCHQ used port scanning as part of the “Hacienda” program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed. The use of so-called port scanning has long been a trusty tool used by hackers to find systems theyContinue Reading

The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities

Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities,  by Clark, Fry, Blaze and Smith “Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate ofContinue Reading

DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret

EPIC – “The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act noticeContinue Reading