Wednesday, October 20, 2010

The 10 Most Dangerous Places For Your SSN

As we know the Internet can be a scary place filled with all kinds of dangers. Be careful out there in Cyberspace.
Article from DarkReading 
By Kelly Jackson Higgins
College students' SSNs most at risk, followed by banking/financial customers'
Oct 19, 2010 | 12:04 PM


Getting your credit card number stolen is one thing, but when your Social Security number (SSN) is lifted, identity theft really hits home. And as it turns out, some places are more risky than others for storing your SSNs.  Identity theft expert Robert Siciliano, commissioned by McAfee, analyzed reported data breaches during the past year-and-a-half to determine the most dangerous places to give out your SSN: The No. 1 location is universities and colleges, which experienced 108 data breaches involving SSNs between January 2009 and October of this month. Banking and financial institutions were close behind, with 96 such breaches.

Siciliano's pulled his data from breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse, and the Open Security Foundation during that period.

More than 30 percent of all identity theft victims have had their SSN exposed, according to Javelin Research.
The rest of the top 10:

  • Hospitals, with 71 breaches
  • State governments, with 57 breaches
  • Local governments, with 44 breaches
  • Federal Governments, with 33 breaches
  • Medical businesses (products and services for the medical field), with 27 breaches
  • Nonprofits, with 23 breaches
  • Technology companies, with 22 breaches
  • Medical insurance and medical offices/clinics, with 21 breaches


    The only requirements for showing your SSN, according to the Social Security Administration, are when you provide it to your employer when you first start a new job and to your financial institution for tax reporting, according to McAfee. The SSA recommends keeping your SSN card or any documentation with it in a safe place, and not to carry them around.A federal law requires that SSNs be used for professional licenses, driver's licenses, occupational licenses, recreational licenses, and marriage licenses, as well as by creditors and the Department of Motor Vehicles. And with any cash transaction more than $10,000, an SSN is required, as well as for military business.Siciliano cites ways to guard your SSN, including refusing to provide it, checking your credit report every few months, investing in an ID protection service, trashing mail securely, opting out of junkmail and preapproved credit card offers, and locking down your PC.
    Posted by at No comments:

    Thursday, October 7, 2010

    Aavnal Version 6 - Update

    The highly anticipated general release of Aanval Version 6 is drawing near! The Tactical FLEX developers said today that version 6 will be completed in the next couple of weeks (by October 21st) As soon as it is ready, Aanval users and prospects will receive an e-mail announcing the general availability of Aanval Version 6. A press release will also be distributed.


    In the past few months Aanval customers were encouraged to submit their suggestions and requests for version 6.  We value our customers and invite you to submit any ideas or feature requests to support.group@aanval.com


    If you wish to receive the press release announcing Aanval Version 6, send an e-mail to kbitz@aanval.com with "Press Release Distribution Request" in the Subject line.  


    Aanval is the industry's leading web-based gui for snort and syslog intrusion detection and correlation. Over 5,500 organizations in 95 countries rely upon Aanval as a part of their security infrastructure. For more information about Aanval go to www.aanval.com
    Posted by at No comments:

    Can Cybersecurity be a Catalyst for Economic Growth?


    Eric Chabrow, Executive Editor, GovInfoSecurity.com in his article on October 6, 2010 argues that indeed it CAN. He points to the "Lessons from Sputnik: Producing Benefits Beyond Safeguarding IT."

    Below is the introduction to his article which you will find at http://www.govinfosecurity.com/articles.php?art_id=2982&rf=2010-10-07-eg

    Fear is a great motivator. Fear helped the United States overtake the Soviet Union in the space race after the launch of Sputnik in the late 1950s. Americans feared our Cold War adversaries would conquer space, so the United States invested heavily, not only in technology, but in educating our young citizens in math and science to challenge the Soviets.

    "We were really pretty far behind and we were kind of surprised that the Soviet Union was so far ahead in science and technology," Patrick Gorman, former associate director of the Office of the Director of National Intelligence, said in an interview with GovInfoSecurity.com (transcript below).

    The return on that investment, just over a decade later, resulted in the United States landing men on the moon. And, the investments produced additional benefits such as the creation of the IT industry and other technological advancements unrelated to space.

    Check out this article and the interview, then go share it with some bright youngsters who will be inspired to become our next generation of Information Security Officers. 
    Posted by at No comments:

    Monday, October 4, 2010

    Colleges Face Greater Challenges in Stopping Data Breaches


  1. By Dian Schaffhauser


  2. 10/04/10



    3. Colleges and universities face greater challenges in stopping data breaches than other kinds of organizations and are on track to experience the same number of data breaches in 2010 as they did in 2009, according to a company that sells security applications for protecting databases. According to a report from Application Security's research arm, for the first seven months of this year 32 breaches have been reported, compared to a total of 57 in 2009. Three quarters of those breaches involve unauthorized access to databases maintained on institutional servers.
    AppSec's Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research) said the proliferation of data breaches in higher ed can be attributed to several factors.
    Although campus database breaches face the same exploitation techniques as companies, such as SQL injections on public-facing Web sites and unencrypted data on lost laptops, there are several risks unique to higher ed. (View this list and the complete article of this report at http://bit.ly/bQmqlY.
    Also, because of the number of students, staff, faculty, and parents in campus business, institutions maintain numerous databases with names, addresses, financial information, credit card numbers, Social Security numbers, and healthcare records.
    On top of that, reported AppSec, students and faculty members "frequently log in and out of personal and public computers, accounts are left open, computers are left logged on, and data can be easily lost amid the day-to-day shuffle."  
    Posted by at No comments:

    National Cyber Security Awareness Month

    National Cyber Security Alliance Marks Beginning of National Cyber Security Awareness Month

    7th Annual National Effort Educates Digital Citizenry

    WASHINGTON,  Oct. 1 /PRNewswire-USNewswire/ -- The National Cyber Security Alliance (NCSA), a public-private partnership focused on educating a digital citizenry to stay safe and secure online, reminds all Americans that today marks the beginning of the 7th Annual National Cyber Security Awareness Month.  National Cyber Security Awareness Month is a coordinated effort of the NCSA, the U.S. Department of Homeland Security, and The Multi-State Information Sharing and Analysis Center (MSISAC) and a myriad of companies, educational institutions, nonprofit organizations and individuals throughout the nation focused on improving online safety and security awareness and education for U.S. citizens and businesses.

    From a personal, business and governmental perspective, our nation's reliance on the Internet continues to grow.  The NCSA is focused on helping American citizens, businesses and students understand how to protect themselves, their families, customers and communities with universal safe and secure online behaviors.  

    "Our nation's online health is critical to our economic prosperity and national security," said Michael Kaiser, executive director of the NCSA.  "The highest levels of government and industry have recognized the role that cybersecurity and cyber safety play in our nation's ability to stay competitive and innovative. National Cyber Security Awareness Month provides a cyber education foundation that all Americans can use throughout the year."

    The NCSA urges all Americans to employ a handful of simple online safety behaviors:
    • Employ comprehensive security suites that include anti-virus, firewall, anti-Spyware and anti-Spam software.  Most importantly, set your security software to automatically update.
    • Back up your files and data on a regular basis to mitigate any losses in the event of a security failure.
    • Only use secure wireless connections that require passwords or other forms of security.

    "In this digital age, we are all connected, and each of us plays an important role in securing cyber space," said William Pelgrin, MS-ISAC chair and president and CEO of the Center for Internet Security.  "We are pleased to once again join our partners in co-sponsoring National Cyber Security Awareness Month to help raise awareness across government, businesses, educators and citizens about cyber safety. Working together, we can improve our nation's cyber security preparedness."

    Anyone - families, employers, consumers, teachers, and students - interested in online safety is encouraged to access the National Cyber Security Awareness Month Web portal. The Web site hosts an abundance of online safety resources and information including tip sheets, ideas for how to get involved, events, and additional awareness resources to help organizations and individuals participate in National Cyber Security Awareness Month.

    The portal offers printable materials for schools, businesses, government agencies, law enforcement and consumers as well as electronic materials for organizations to incorporate on their own websites. All NCSA materials are free to the public and there is no cost for endorsements or event listings.  Of the many resources on the site you will find:
    • Tip Sheets: For online gaming, mobile devices, social networking and general Internet safety tips for parents and kids.
    • Customizable Posters: A National Cyber Security Awareness Month poster that can be customized with a company or association logo or a message to help promote local activities.
    • Endorsement Forms: Organizations, companies, and government agencies are encouraged to endorse National Cyber Security Awareness Month, which is made easy through an online endorsement form. Endorsers can be featured with their logo and web link on NCSA's website.
    • Event Calendar: The NCSA keeps a calendar of events taking place during October that focus on cybersecurity awareness and education. Organizations are welcome to submit events through NCSA's online form to be included on the October calendar.

    "We have offered a wide variety of opportunities to learn more about cybersecurity and cybersafety," said Shannon Kellogg, senior director of public policy at EMC and chairman of the NCSA Board of Directors.  "All of us need to make a personal investment to continually learn how to keep ourselves and our nation's online defenses safe and secure."

    About The National Cyber Security Alliance
    The National Cyber Security Alliance is a nonprofit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA works to create a culture of cyber security and safety through education and awareness activities. Visit www.staysafeonline.org for more information.  NCSA board members include: ADP, AT&T, EMC Corporation, Cisco Systems, General Dynamics Advanced Information Systems, Google, Lockheed Martin Information Systems & Global Services, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Verizon and Visa.

    About National Cyber Security Awareness Month
    National Cyber Security Awareness month now in its seventh year is a coordinated effort of the National Cyber Security Alliance, The Department of Homeland Security (DHS), and The Multi-State Information Sharing and Analysis Center (MSISAC).                     SOURCE National Cyber Security Alliance
    Posted by at No comments:
    Labels:

    Friday, October 1, 2010

    How Stuxnet Worm Works

    Stuxnet looks for industrial control systems and then changes the code in them to allow the attackers to take control of these systems without the operators knowing. In other words, this threat is designed to allow hackers to manipulate real-world equipment, which makes it very dangerous.
    It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems.
    The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.
    "We've definitely never seen anything like this before," said Liam O’Murchu, Researcher, Symantec Security Response. "The fact that it can control the way physical machines work is quite disturbing."
    Also, for an interesting definition and description of the Stuxnet Worm go to Wikipedia http://en.wikipedia.org/wiki/Stuxnet
    A Google search on the Stuxnet Worm produced many news stories around the Globe. 
    As a result of the Stuxnet Worm the safest approach online is to "Trust No One, Monitor Everyone?" - DarkReading http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=227501127&cid=RSSfeed
    'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say.

    Posted by at No comments:
    Labels:
    Subscribe to: Posts (Atom)