Yahoo Search Blog: "Today, we're announcing the beta release of SearchScan, a new feature from Yahoo! Search that helps protect users from viruses, spyware and spam. We've heard from users that security and privacy continue to be major concerns when they are online. We've also learned that solutions that require downloads and constant updating are less than ideal. To tackle the problem, we partnered with McAfee to build a feature that provides a safer and hassle-free search experience to all users...How does it work? SearchScan leverages McAfee's SiteAdvisor technology to alert users if risky websites appear in Yahoo! Search results. Starting today, SearchScan will be turned on by default for all users in the U.S., Canada, UK, France, Italy, Germany, Australia, New Zealand, and Spain..."

Jeff Stein, CQ National Security Editor - excerpt: "Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found.

As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings.

The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces.

Ironically, the Anti-Terrorism Assistance Program is administered by the State Department’s Bureau of Diplomatic Security (DS), which is responsible for the security of the department’s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here.

Freedom of the Cyber Seas - "How lessons from the U.S. government's response to pirates in the early 1800s can help the next president of the United States improve information security," Aaron Turner & Michael Assante, April 10, 2008.

"With stories surfacing on news channels regularly about lost or stolen data or the ability to recover data from discarded or resold computers and their hard drives, Computerworld decided to look at some cheap methods of removing that sensitive data from your hard drive permanently. And, what better place to look than YouTube?"

Inadequate Security Controls Over Routers and Switches Jeopardize Sensitive Taxpayer Information, March 26, 2008. Reference Number: 2008-20-071

DOE OIG Inspection Report: Office of Intelligence and Counterintelligence Internal Controls Over the Department of Energy's Sensitive Compartmented Information Access Program, March 2008 - "We concluded that Office of Intelligence and Counterintelligence did not have adequate internal controls over its Sensitive Compartmented Information (SCI) access program."

Lest We Remember: Cold Boot Attacks on Encryption Keys, J. Alex Haldermany, Seth D. Schoenz, Nadia Heningery, William Clarksony, William Paulx, Joseph A. Calandrinoy, Ariel J. Feldmany, Jacob Appelbaum, and Edward W. Felteny. Princeton University, Electronic Frontier Foundation, Wind River Systems. February 21, 2008.

• Introductory blog post


• Frequently asked questions


• Experiment guide


• Videos and images


• Abstract: "Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at room temperature and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them."

CODENOMICON White Paper - Wireless Security: Past, Present and Future, by Sami Petäjäsoja, Tommi Mäkilä, Mikko Varpiola, Miikka Saukko and Ari Takanen, Version 1.0, February 1st, 2008

Educational Security Incidents (ESI) Year in Review - 2007: "By Adam Dodge - Posted on February 10, 2008: "The ESI Year in Review - 2007 examines all of the information security incidents occurring at colleges and universities around the world as reported in the news during 2007. 2007 marked a significant change for information security incidents reported in the news. Among the changes are an increase in both the number of incidents reported and the number of institutions reporting a breach as well as the addition to new categories such as incident type "Employee Fraud" and information type "Username and Password".

Press release: "In connection with the 5th Safer Internet Day1 on 12 February 2008, Eurostat, the Statistical Office of the European Communities, presents a selection of statistics concerning internet activities, security concerns and virus attacks. The Safer Internet Day is part of a global drive to promote a safer Internet for all users, in particular younger people, and is organised by Insafe, a European internet safety network co-funded by the European Commission...In the EU27 in 2007, nearly a quarter of internet users had had a computer virus in the preceding 12 months, which resulted in a loss of information or time. Virus attacks were most frequent in Lithuania (41% of users), Slovenia (35%) and Malta (34%) and least common in the Czech Republic (7%), Estonia (15%) and Sweden (16%)."

Department of Commerce OIG - Census Has Improved Accountability for Laptops and Other Personal Property, But Additional Improvements Are Needed -- Audit: Census-18387-1 [PDF] Report

"Cisco® today announced key findings from its annual global study on remote workers' security awareness and online behavior, indicating how they can inadvertently heighten risks for themselves and the companies they work for. The study's findings are prompting Cisco security executives to offer recommendations to information technology (IT) professionals on how to protect their companies against threats and maximize the business benefits of distributed and mobile workforces."

"Criminals are hard at work thinking up creative ways to get malware on your computer, warns the Federal Trade Commission. With appealing Web sites, desirable downloads, and compelling stories, these criminals try to lure consumers to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware – malicious software – to steal personal information, send spam, and commit fraud. A new publication from the FTC has information that could help consumers protect their computers against malware and reclaim their computer and electronic information if malware is already on their computer. The publication, Minimizing the Effects of Malware, provides tips on spotting malware, and urges consumers to act immediately if they suspect their computer is affected by malware."

Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

Department of Commerce Breach Notification Response Plan, September 28, 2007 (21 pages, PDF)

SP 800-53 A - DRAFT Guide for Assessing the Security Controls in Federal Information Systems: "NIST announces the release of Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. This final public draft provides comprehensive assessment procedures for all security controls in NIST Special Publication 800-53 (as amended) and important guidance for federal agencies in building effective security assessment plans. Comments will be accepted until January 31, 2008...Final publication of NIST Special Publication 800-53A is expected in March 2008."

Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, Updated November 15, 2007. "Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could
secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security...This report discusses options now open to nation states, extremists, or terrorist groups for obtaining malicious technical services from cybercriminals to meet political or military objectives, and describes the possible effects of a coordinated cyberattack against the U.S. critical infrastructure."

"...the Identity Theft Resource Center (ITRC) has been tracking security breaches for the past three years, looking for patterns, new trends and any information that may help us better protect data and assist companies in their activities...In 2006, there were in excess of 315 publicized breaches affecting nearly 20 million individuals. Based on ITRC’s categorization, the breaches break down as follows: 29% government/military agencies; 28% from educational institutions; 22% from general businesses; 13% from health care facilities / companies; and 8% from banking / credit / financial services entities. In 2005, there were 158 incidents affecting more than 64.8 million people."

101 Best Web Freebies - BusinessWeek.com scoured the Internet for the most useful free products and services available online that you probably don't know about, by Douglas MacMillan. This 45 screen slideshow includes graphics and links to recommended products by category - tech tools, personal finance, career, entertainment, print media, research, health, online learning, PC security.

McAfee Avert Labs Top 10 Threat Predictions for 2008, Authors: McAfee Avert Labs, USA November 16, 2007.

Press release, November 15, 2007: "IT security and control firm Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research, carried out by Sophos on behalf of The Times, shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission. According to Sophos, many internet-enabled homes fail to properly secure their wireless connection with passwords and encryption, allowing freeloading passers-by and neighbours to steal internet access rather than paying an Internet Service Provide (ISP) for their own. In addition, while businesses often have security measures in place to protect the Wi-Fi networks within their offices from attack, Sophos experts note that remote users working from home could prove to be a weak link in corporate defenses."

Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets, by Jonathan Caulkins and Nancy R. Mead, September/October 2007 edition of IEEE Security and Privacy Magazine. "In the article, the team presents a tool and methodology they developed for software engineers and their clients to help them make security decisions when resources are limited."

CDT: "As it seeks models to address the mounting issues surrounding online behavioral targeting, the Federal Trade Commission (FTC) should begin by applying the principles it developed to guide its anti-spyware enforcement efforts, CDT said today. In comments submitted to the FTC in advance of its upcoming "town hall" meeting on behavioral advertising, CDT pointed out that the FTC's principles -- which center around the core concept that consumers should have ultimate control over their computers -- are directly applicable to behavioral advertising. In addition to filing its own comments, CDT also joined with other public interest advocates in offering a list of important questions the FTC must address over the course of the two-day meeting."

National Institute of Standards and Technology, Computer Security Division: "SP 800-44 version 2, Guidelines on Securing Public Web Servers, is published as final. It is intended to aid organizations in the installation, configuration, and maintenance of secure public Web servers. It presents recommendations for securing Web server operating systems, applications, and content; protecting Web servers through the supporting network infrastructure; and administering Web servers securely. SP 800-44 version 2 also provides guidance on using authentication and encryption technologies to protect information on Web servers."

"Two of the key findings from this year’s Global Security Survey revolve around an organization’s people and a paradox that has been around for years. The weakest link in an organization’s security is its people. An organization’s people include employees, customers, third parties and business partners. And of those people, the highest number of breaches are perpetrated via the customer. Even though information security incidents are grabbing the attention of business executives and boards, these individuals do not yet feel that they “own” the problem. In their estimation, the execution of solutions is the mandate of IT. This information security paradox has been alive and well for years; the 2007 security survey confirms just how widespread it is."

Press release: "The FTC today told the Senate Committee on Commerce, Science & Transportation Subcommittee on Interstate Commerce, Trade and Tourism that it has a robust record in protecting consumers and preserving competition in the marketplace...Speaking for the Commission, Chairman Deborah Platt Majoras said that much of the work of the FTC’s Bureau of Consumer Protection has been devoted to data security and identity theft, technology risks to consumers, fraud in the marketing of health care products, financial practices, telemarketing fraud, and enforcement of the National Do Not Call Rule."

August 31, 2007: Draft Special Publication 800-28 Revision 2 Guidelines on Active Content and Mobile Code (60 pages, PDF)

Analysis of Loss of Control Over Sensitive Personally Identifiable Information and Follow-up Actions to Strengthen its Protection, August 28, 2007. Correspondence (23 pages, PDF)

August 29, 2007: "NIST announces the publication of Special Publication (SP) 800-95, Guide to Secure Web Services (128 pages, PDF). SP 800-95 seeks to assist organizations in understanding the challenges in integrating information security practices into Service Oriented Architecture (SOA) design and development based on Web services. The publication also provides practical, real-world guidance on current and emerging standards applicable to Web services, as well as background information on the most common security threats to SOAs based on Web services. SP 800-95 presents information that is largely independent of particular hardware platforms, operating systems, and applications. Supplementary security devices (i.e., perimeter security appliances) are considered outside the scope of this publication. Interfaces between Web services components and supplementary controls are noted as such throughout this publication on a case-by-case basis."

Erickson, K., & Howard, P. (2007). A case of mistaken identity? News accounts of hacker, consumer, and organizational responsibility for compromised digital records. Journal of Computer-Mediated Communication, 12(4), article 5.

"Consumers can take many measures to make their laptop secure from hackers, viruses, and other potential threats, such as installing firewalls, updating antivirus software, and using strong passwords. Now, the Federal Trade Commission is offering tips for protecting laptops from theft."

"The risk associated with using the Internet remains high. Our State of the Net assesses the likelihood and impact of four leading online hazards, listed in order of incidence, based on the survey by the Consumer Reports National Research Center and our follow-up investigation."

Press release: "If Assistant Professor of Communication at the University of Washington Phil Howard's calculations prove true, by year's end the 2 billionth personal record -- some American's social-security or credit-card number, academic grades or medical history -- will become compromised, and it's corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year."

Press release: "The FBI’s Internet Crime Complaint Center (IC3) today released its annual Internet Fraud Crime Report. From January 1 through December 31, 2006, the center received 207,492 complaint submissions. These filings were composed of fraudulent and non-fraudulent complaints primarily related to the Internet and included many different fraud types to include auction fraud, non-delivery, and credit/debit card fraud, as well as non-fraudulent complaints, such as computer intrusions, spam/unsolicited email..."

Press release: "...the Department of Commerce's United States Patent and Trademark Office (USPTO) released a report that concludes that the distributors of five popular filesharing programs repeatedly deployed features that they knew or should have known could cause users to share files inadvertently. The report, Filesharing Programs and "Technological Features to Induce Users to Share, identifies five features in recent versions of five popular filesharing programs that could cause users to inadvertently distribute to others downloaded files or their own proprietary or sensitive files. "Computer programs that can cause unintended filesharing contribute to copyright infringement, and they threaten the security of personal, corporate, and governmental data," noted Jon Dudas, under secretary of commerce for intellectual property-the Bush Administration's point person on copyright policy."

E-Commerce Times:

Follow up to February 19, 2007 posting, Google Publishes Study on Failure Rates of Hard Disk Drives, from the 5th USENIX Conference on File and Storage Technologies and Awarded Best Paper, Disk Failures in the Real World: What Does an MTTF of 1,000,000 Hours Mean to You?

A Comprehensive Emergency Management Program - A Model for State and Territorial Courts 2007 , February 2007 (187 pages, PDF).

Failure Trends in a Large Disk Drive Population, Eduardo Pinheiro, Wolf-Dietrich Weber, Luiz André Barroso, 5th USENIX Conference on File and Storage Technologies (FAST 2007), 2007

The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit, Audit Report 07-18, February 2007

2007-P-00008 EPA Could Improve Controls Over Mainframe System Software [Report PDF - 35 pages] [At a Glance -PDF] January 29, 2007.

Convergence of Physical and Cyber Technologies and Related Security Management Challenges Working Group Final Report and Recommendations (PDF, 42 pages), January 19, 2007 and Transmittal Letter (PDF, 2 pages), January 19, 2007.

Federal Chief Information Officer Council Strategic Plan FY 2007-2009 (28 pages, PDF), January 17, 2007.

LexisNexis press release: "Most office workers use workplace technology for personal reasons; many may be ignoring employer policies, new research shows...Despite the fact that nearly one-half (45%) of office workers have been explicitly informed their at-work technology usage is monitored, a majority still use their employers’ technology resources for personal reasons, according to a new survey conducted by Harris Interactive®..."

Covers PDF creation, security, Bates numbering, redaction, eFiling and more. Sign Up Here.

Press release, January 4, 2007: "Cisco today announced a definitive agreement to acquire the privately held company, IronPort Systems, Inc. of San Bruno, Calif. IronPort is a leading provider of messaging security appliances, focusing on enterprise spam and spyware protection."
Related news:

Improved Administration Can Enhance U.S. Customs and Border Protection Laptop Computer Security (Redacted), OIG-07-16 (PDF, 37 pages), January 4, 2007.

2006: The Year in Security -Online attacks, spam, and sneaky cybercrime top list of year's most common security issues.

Federal Computer Week reported that the Department of Defense has banned the use of Outlook and receipt of HTML email due to threats posed by spyware and viruses.

Press release: "Consumer Reports' environmental website has
launched an online Electronics Reuse and Recycling Center. The Center features thoroughly researched, unbiased, expert advice to help de-clutter your home and solve the huge and growing problem of electronics waste. It also features the results of a March 2006 nationwide, online survey including information about why people replace their electronics and what they did with their old equipment."

From Bank System and Technology:

Press release: "The Commission today called on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software. Despite existing EU legislation to outlaw spam in Europe, Europe continues to suffer from illegal online activities from inside the EU and from third countries, the Commission underlines in a new Communication. The Communication stresses that although internet safety is on the political agenda for some time, national authorities should step up their actions to prosecute illegal online activities."

Status Report on OIG Data Security via the Data Security Portal: "Our November 21, 2006, status report notes several important developments, including the fact that as a result of our investigation in cooperation with the Federal Bureau of Investigation and the Miami-Dade County Police Department, two individuals have been arrested for their alleged roles in a small Miami-area laptop theft ring. While the OIG's laptops have not been recovered, there has been no credit fraud resulting from the laptop thefts and we believe that the risk of credit fraud in the future is very low. A firm hired to perform data breach analysis has failed to find any misuse of information on the laptops, and will continue to analyze the information..."

Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing. Full text, GAO-07-65, and Highlights, October 20, 2006.

Press release: "Symantec Corp...announced the opening of the Symantec Phish Report Network to consumers worldwide. As one of the world's leading antifraud communities, the Symantec Phish Report Network, launched in May 2006, allows member companies to contribute and receive fraudulent Web site addresses that they can use in their antiphishing solutions to help protect users from online fraud. Consumer input further helps the Symantec Phish Report Network's fight against online fraud and will aid in preventing other computers users from becoming victims."

Press release: "A U.S. district court has shut down an operation that secretly downloaded multiple malevolent software programs, including spyware, onto millions of computers without consumers’ consent, degrading their computers' performance, spying on them, and exposing them to a barrage of disruptive advertisements. The Federal Trade Commission has asked the court to order a permanent halt to these deceptive and unfair downloads, and to order the outfit to give up its ill-gotten gains."
Federal Trade Commission, Plaintiff, v. ERG Ventures

Follow-up to previous postings on e-waste, see this New York Times article, Clearing a path from desktop to the recycler, by Paul Vitello. "The Environmental Protection Agency estimates that people threw away 2.5 million tons of electronic equipment, known as e-waste, last year, about 10 percent of which was recycled."

"The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam, security risks, and future trends. The tenth version of the report, released September 25, is now available."

Press release: "In a report released today, Reps. Davis and Waxman summarize information provided to the Committee by 19 federal departments and agencies regarding the loss or compromise of personal information since January 2003. The report finds that every agency has experienced at least one such breach and that the agencies do not always know what information has been lost or how many individuals could be affected."

Key Conclusions:

Press release, October 4, 2006: "As information security concerns among consumers and other customer constituencies rise, just 29 percent of marketers say that their firm has a crisis containment plan in case of a security breach, according to findings of a major research initiative by the Chief Marketing Officer (CMO) Council. Without such a plan and other security strategies in place, companies are at risk of losing hundreds of million of dollars in market value and loss of reputation and brand trust, according to the study's findings."

Launched today, the Take a Byte Out of Cybercrime website: "Led by the beloved McGruff character, the National Crime Prevention Council, the CMO Council and FAME have joined forces to bring together one of the largest and most influential coalitions of private and public companies whose primary goal is to teach millions of consumers how to identify, report and protect themselves against cyber crime." [download the tip sheets]

(U) Office of Inspector General Laptop Computers are Susceptible to Compromise (Unclassified and Redacted) OIG-06-58 (PDF, 48 pages), released October 2, 2006.

Department of Defense Office of the Inspector General -- Audit Summary of Information Assurance Weaknesses Found in Audit Reports Issued from August 1, 2005, through July 31, 2006 - Report No. D-2006-110 (PDF) - Date: September 14, 2006.

Press release: "The U.S. Department of Homeland Security (DHS) announced today the release of the Cyber Storm Public Exercise Report. The report details key findings from Cyber Storm which was the largest and most complex multi-national, government-led cyber exercise to examine response, coordination, and recovery mechanisms to a simulated cyber event within international, federal, state, and local governments and in conjunction with the private sector."

SEARCH, The National Consortium for Justice Information and Statistics - Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community, August 2006.

Government Computer News: "China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network)," said Maj. Gen. William Lord, director of information, services and integration in the Air Force's Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala."

Repercussions continue from AOL release of user data -- from News.com: Three workers depart AOL after privacy uproar and commentary by Anita Ramastry, Privacy and Search Engine Data: A Recent AOL Research Project Has Perilous Consequences for Subscribers.

Press release, August 14, 2006: "Washington State Attorney General Rob McKenna... announced the filing of Washington's second lawsuit under the state's computer spyware act. The state's suit accuses four California-based corporations of installing software that takes control of a consumer's computer by launching aggressive and persistent pop-ups that demand payment for a movie download service."

Ponemon Institute Releases National Survey on Confidential Data at Risk

Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks, July 31, 2006, Reference Number: 2006-20-110 (20 pages, PDF). "We found e-mail messages that violated the IRS' personal use policy in the electronic mailboxes of 71 (74 percent) of 96 employees."

StopBadware.org Blog: "We're entering a new phase here at StopBadware.org. Google—which is one of our partners—will present people with a warning before they visit websites that have been reported to StopBadware.org as sites that distribute badware. These warnings currently link to a general page on StopBadware.org, but as we finish researching sites, we'll replace the general page with one of our individual website reports (see an example here). Hopefully this next step will bring us that much closer to fulfilling our mission of providing people with reliable, objective information about downloadable applications in order to help them make better choices."

Special Report | Computer forensics: The new DNA

Improved Administration Can Enhance Science and Technology Laptop Computer Security (Redacted), OIG-06-42 (PDF, 36 Pages), July 27, 2006.

"CDT launched PolicyBeta, a new blog dedicated to expanding the dialogue about technology policy, civil liberties and preserving democratic values in the digital age. PolicyBeta will feature regular posts on issues ranging from domestic surveillance to spyware, and will provide CDT experts an opportunity to discuss in detail the latest trends and developments affecting the technology policy debate. CDT is encouraging journalists, technologists, academics and interested individuals to visit the blog regularly and participate in the discussion."

The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus (AL), held a hearing today entitled "ICANN and the Whois Database: Providing Access to Protect Consumers from Phishing." Government officials contend that access to Whois data is essential in the effort to combat cybercrimes, while privacy advocates maintain that access to data on domain name holders facilitates phishing, spam and other types of fraud.

AP: "Computer break-ins at the State Department that caused broad disruptions in recent weeks apparently originated in the East Asia-Pacific region, a department spokesman said Wednesday."

Press release: "CA today announced a new security survey of 642 large North American organizations which shows that more than 84% experienced a security incident over the past 12 months and that the number of breaches continues to rise. According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security."

Press release: "CDT's report charts the important cases against spyware distributors and identifies the statutes applied, June 26, 2006."

WSJ free feature: Laptop Lockdown - Companies Start Holding Employees Responsible for Security Of Portable Devices They Use for Work

M-06-16, Protection of Sensitive Agency Information, June 23, 2006 (10 pages, PDF)

The 2006 Technology, Media and Telecommunications Security Survey (16 pages, PDF), Deloitte Touche Tohmatsu: "Security has long been neglected in the Technology, Media & Telecommunications (TMT) industry and the problem continues today. The frequency and sophistication of the attacks are growing, yet many surveyed companies tend to treat security as a relatively minor issue. So where are TMT companies falling behind? More importantly, what can they do to address this increasingly significant problem?"

Yet another report today about the theft of a laptop from the home of a government employee, this time involving info on D.C. government personnel. The issue of why so many institutions have not implemented proper security measures, such as encryption on digital media removed from the office, remains baffling.

Researchers Find Technique to Quickly Erase Hard Drives: "Scientists at the Georgia Institute of Technology (Atlanta), working with L-3 Communications Corp. (New York), said they have developed a technique for quickly erasing hard-disk drives...The researchers concluded that permanent magnets are the best solution." [Slashdot]

Microsoft Security Response Center Blog

Hearing, Cyber Security Challenges at the Department of Energy, June 9, 2006. [note: links to member statements and witness testimony not yet available - after an open session, there was a closed session to discuss security issues related to a previously unreported data breach.]

"Active Security Monitor is a software program that helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection. And if you have more than one PC in your home network, you can use Active Security Monitor to check the security status of your entire home network.' [Link]

Outbound Email and Content Security in Today's Enterprise, 2006 (free reg. reg'd): "Enterprises are becoming increasingly concerned about creating, managing and enforcing outbound email policies that ensure that messages leaving the organization comply with both internal rules as well as external regulations."

Press release: "A new cyber security study released today highlights the difference between perception and reality of consumers' awareness of online scams and their actual online behavior. While 87 percent of consumers polled said they were confident they could recognize fraudulent e-mails, 61 percent failed to identify a legitimate e-mail. Most respondents categorized all e-mails in the study as fake, even though one of them was legitimate. The Online Fraud Report has been sponsored by the National Cyber Security Alliance (NCSA), a central clearinghouse for cyber security awareness and education for home users, small businesses and the education community, and Bank of America."

Press release: "Wireless Internet access can free you from the confines of cords, but not from the need for security. Without taking the proper precautions, it's easy for others to use your wireless network connection to access the Internet, or even to access the information on your own computer. The Federal Trade Commission is introducing a new section of OnGuard Online to teach computer users how to protect their personal wireless network connections – and the computers on them – from unauthorized use. The information also is available in Spanish."

The Safety of Internet Search Engines (Google, Yahoo, MSN, AOL, Ask), May 12, 2006, by Ben Edelman and Hannah Rosenbaum.

"The Committee on Energy and Commerce, to whom was referred the bill (H.R. 4127) to protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass." [House Report 109-453 - Part 1 - Data Accountability and Trust Act (DATA), Ordered to be printed May 6, 2006]

FTC press release: "A title company that promised consumers it maintained "physical, electronic and procedural safeguards" to protect their confidential financial information, but tossed consumer home loan applications in an open dumpster, agreed to settle Federal Trade Commission charges that its inadequate storage and disposal procedures for sensitive consumer information violated federal laws. The settlement with Nations Title Agency, Inc., Nations Holding Company, and Christopher M. Likens bars deceptive claims about privacy and security policies, and requires that they implement a comprehensive information security program and obtain audits by an independent third-party security professional every other year for 20 years."

Building and Implmenting a Successful Information Security Policy, by John J. Pak, May 8, 2006 (25 pages, PDF).

PCWorld: Never Call Tech Support Again! "Why suffer though hours on hold when you can solve the problem yourself? Whether your PC won't boot, keeps crashing, is infested with adware, or can't get to the Net, we'll help you fix it."

The Ins and Outs of Spyware [15 pages, PDF] April 24, 2006: "Lesley Herring discusses what spyware is, categories of spyware, types of spyware, symptoms of spyware, research sites to find out more information, prevention techniques, and removal tools in this contribution."

Following up on previous e-waste postings, Apple announced on April 21, 2006 a Free Computer Take-Back Program "...offering free computer take-back and recycling with the purchase of a new Macintosh® system beginning in June. US customers who buy a new Mac® through the Apple Store® or Apple's retail stores will receive free shipping and environmentally friendly disposal of their old computer as part of the Apple Recycling program. Equipment received by the program in the US is recycled domestically and no hazardous material is shipped overseas."

EPA Needs to Better Implement Plan for Protecting Critical Infrastructure and Key Resources Used to Respond to Terrorist Attacks and Disasters. Information on the initiatives in the full report is sensitive homeland security information and is not available to the [At a Glance - 1 page, PDF]

Those Pesky Passwords - Too many and too complicated to remember, passwords make users crazy and incur help desk expense. What should you do about it? by Larry Ponemon:

From Viviane Reding, Member of the European Commission responsible for Information Society and Media, "Safety on the Net" (7 pages, PDF), (09/02/06).

Symantec Internet Security Threat Report, Volume IX: March 2006 Highlights.

Outsmarting the Online Privacy Snoops - Internet privacy controversies drive interest in tools for anonymous Web surfing.

New York Times: Cyberthieves Silently Copy Your Passwords as You Type

New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

Managing Cybersecurity Resources: A Cost-Benefit Analysis "details guidelines for using sound and measurable principles of cost-benefit analysis, as a compliment to gut instinct, to efficiently allocate and manage cybersecurity resources within your organization. Written by two globally acknowledged leaders in the increasingly critical area of cybersecurity (Lawrence A. Gordon and Martin P. Loeb), this comprehensive exploration presents: