Your search keyword '"Vijavan, Jaikumar"' showing total 38 results

1. Feds See Slight Gain On Security Marks.

Author

Vijavan, Jaikumar

Subjects

*FEDERAL government, *INFORMATION technology, *COMPUTER security, *DATA protection, *COMPUTER systems, *INFORMATION resources management, *INFORMATION services, *COMPUTER industry, *SECURITY systems

Abstract

The article reports on the C rating received by the federal government based on the 2006 annual information technology (IT) security report provided by U.S. Representative Tom Davis. The rating has showed better performance concerning the government's compliance to security measures as compared to the D grade it received in 2005. However, it reveals that other sectors still got the failing grade of D and F, which did not present any improvement on their security practices. The Federal Information Security Management Act (FISMA) has recorded a growth in non-compliance to security standards from among agencies. It was inferred that observing software and hardware configuration standards can help agencies comply to the security measures established by FISMA.

Published

2007

2. Microsoft Defends Effort to Patch Flaw.

Author

Keizer, Gregg and Vijavan, Jaikumar

Subjects

*INFORMATION resources, *INFORMATION resources management, *COMPUTER operating systems

Abstract

The article reports that Microsoft Corp. defends its effort to investigate and developed a patch for the animated cursor flaw in Windows operating systems. According to director Hugh McArthur of information systems security at Online Resources Corp. in Chantilly, Virginia, Microsoft's 100 day turnaround time for patching the flaw is not that unusual and he thinks that Microsoft hoped they could get the fix tested before exploits are being written. However, According to director Oliver Friedrichs of Symantec Corp., the 100 days turnaround time for patching the ANI flaw in today's environment is not acceptable.

Published

2007

3. Theft of 45.6M Card Numbers Largest Heist Yet.

Author

Vijavan, Jaikumar

Subjects

*WAGE payment systems, *CLEARINGHOUSES (Banking), *CREDIT cards, *DEBIT cards, *LARCENY, *ROBBERY, *COMPUTER crimes, *COMPUTER hackers

Abstract

The article reports that TJX Cos. Inc. announced that its 45.6 million credit and debit card numbers were stolen by an unknown number of intruders from two of its systems for more than 18 months in the U.S. Such incident is considered the worst revealed compromise involving the loss of the company's personal card data. The personal data involving the return of merchandise without receipts by about 451,000 people in 2003 were also stolen. It is inferred that the number of stolen records has made such incident the biggest card robbery ever happened, which is believed to prove that there are highly sophisticated cybercriminals at large who have the potential to create such violence on pure-payment systems.

Published

2007

4. VA Pushed To Pursue IT Overhaul.

Author

Vijavan, Jaikumar

Subjects

*INFORMATION technology, *DATA protection, *PERSONAL information management, *VETERANS, *LEGISLATIVE hearings

Abstract

The article reports on the call for restructuring of the information technology (IT) operations at the U.S. Department of Veteran Affairs (DVA). The main objective is to prevent the occurrence of data breaches. The problems became evident when two additional breaches that potentially compromised the personal information of more than 16,500 veterans were disclosed. At a hearing by the House Committee on Veterans' Affairs, DVA Secretary R. James Nicholson announced that the agency has signed on IBM Corp. to help in implementing the projected IT reorganization that was approved in the previous year in an effort to cut internal costs and improve efficiencies. INSET: Laptop Recovery Clouded by Other Breaches.

Published

2006

5. VA Takes Initial Steps to Address Security Woes.

Author

Vijavan, Jaikumar

Subjects

*ORGANIZATIONAL change, *DELEGATION of authority, *PERSONNEL changes, *EMPLOYEE training, *RECORDS management, *COMPUTER security, *DISMISSAL of employees, *DATA protection

Abstract

The article reports on the changes at the U.S. Department of Veterans Affairs (VA) following massive data breach. The agency appointed a special adviser for information security and announced the termination of the data analysts who improperly took personal information of about 26.5 million veterans at home. In addition, VA Secretary R. James Nicholson made some management changes in the Office of Policy and Planning and ordered all VA employees to complete annual data privacy and cybersecurity awareness training courses by the end of June 2006. Also, Nicholson instructed senior officials to create a compilation of master list of all workers and contractors who are gaining access to sensitive data. INSET: Loan Firm, University Report Security Breaches.

Published

2006

6. Securing Card Data Isn't An Easy Sell.

Author

Vijavan, Jaikumar

Subjects

*DATA protection, *CREDIT cards, *CREDIT unions, *DEBIT cards, *COMPUTER security, *CONSUMER credit

Abstract

The article highlights challenges that credit card companies face in enforcing the security standards that went into effect last July for all businesses processing credit transactions. Sam's Club, a division of Wal-Mart Stores Inc., was investigating a security breach that had exposed credit card data belonging to an unspecified number of customers who purchased gas at the company's stations between September 21 and October 2. According to Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association in Harrisburg, Sam's Club appears to have been storing customer and account information from both tracks of the magnetic stripe on the back of cards. Ann Davidson, payment systems risk manager at CUNA Mutual Group, a Madison, Wisconsin-based company that provides insurance and financial services to credit unions, said that troubling is the fact that a very large number of merchants still appear to be capturing and storing the full magnetic stripe information off of credit and debit cards although they know while doing so they violate the new Payment Card Industry security standards.

Published

2005

7. Search Engines Give Hackers a New Tool.

Author

Vijavan, Jaikumar

Subjects

*SEARCH engines, *DATA protection, *INTERNET searching, *COMPUTER viruses, *COMPUTER crimes, *INFORMATION retrieval

Abstract

The article reports that the growing use of search engines to spread worms or find vulnerable IT targets poses a threat to companies that aren't careful about the data they make available on the Web, according to IT managers and analysts. The cautionary note follows the February 17, 2005 release of a new variant of the MyDoom mass-mailing worm, which was programmed to spread itself by harvesting e-mail addresses from search engines such as Google, Alta-Vista and Lycos. The latest worm was similar to MyDoom-O, an earlier variant that flooded search engines with automated e-mail address search requests last July--briefly disrupting the availability of Google Inc.'s Web site. In addition, in December a worm called Sanity used Google to identify and attack vulnerable systems by looking for specific text on Web sites powered by an opensource bulletin board application. The appearance of such worms indicates that "Google hacking"--a term coined to describe attacks involving the use of search engines--is becoming a potent threat to IT security.

Published

2005

8. Hack Exposes Lax Security In Academia.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER security, *INFORMATION services, *FINANCIAL disclosure, *COMPUTER hackers, *DATA protection, *UNIVERSITIES & colleges, *COMPUTER files

Abstract

The article informs that George Mason University said last week that information about more than 30,000 of its students and employees had been compromised, a disclosure that served as yet another reminder of the difficulty of securing university networks. Officials at George Mason said unidentified hackers had breached the Fairfax, Virginia-based school's main ID server and gained access to the names, photos and Social Security numbers of about 28,000 students and 4,000 staffers. The intrusion was discovered during a routine review of system files on January 2 and may have occurred as far back as November, according to a spokesman for George Mason. The breach at George Mason is the latest in a list of incidents involving academic institutions, including separate ones that took place last year at the University of California's campuses in Berkeley and Los Angeles. The need for academic institutions to provide relatively unfettered access to data, combined with the highly decentralized nature of university operations, contributes to the potential for security breaches, said Stan Gatewood, chief information security officer at the University of Georgia in Athens.

Published

2005

9. Jinx Walton.

Author

VIJAVAN, JAIKUMAR

Subjects

*COMPUTER security, *EMAIL, *WEB services

Abstract

The article profiles Jinx Walton, director of computing services at the University of Pittsburgh in Pennsylvania. It states that Walton is heading a major initiative to centralize the university's e-mail and Web services, as well as network firewall operations. Walton said that the centralization will make it easier to manage and secure crucial services.

Published

2009

10. Banks, Customers Feel the Fallout of Heartland Breach.

Author

Vijavan, Jaikumar

Subjects

*DATA security failures, *MALWARE, *DATA protection laws, *BANK credit cards, *COMPUTER security, *SAFETY

Abstract

The article reports that banks and credit unions from Maine to Washington states have started reissuing credit and debit cards to customers following the disclosure of data breach at Heartland Payment Systems Inc., a large payment processing firm. Heartland states that intruders broke into its systems and planted malware that were used to steal the data. It suggests to revive a bill mandating specific data protection controls for all merchants and third parties that process card transactions.

Published

2009

11. DBA Admits To Theft Of 8.5M Records.

Author

Vijavan, Jaikumar

Subjects

*FRAUD, *FELONIES, *COMPUTER crimes, *DATA security, *FINES (Penalties), *CIVIL restitution, *IMPRISONMENT

Abstract

The article reports that William G. Sullivan, senior database administrator at subsidiary of Fidelity National Information Services Inc., has pleaded guilty of stealing 8.5 million customer records in Tampa, Florida. According to court documents, the customer records have been sold to data brokers for about $580,000. Sullivan has admitted the felony fraud charges in federal court and agreed to pay restitution to the victims. Accordingly, the plea agreement has called for a term that is less than the maximum of five-year prison sentence for the crime.

Published

2007

12. Déjà Vu: Another PC Theft at VA.

Author

Vijavan, Jaikumar

Subjects

*THEFT, *DATA protection, *DATA security failures, *SOCIAL security numbers, *GOVERNMENTAL investigations, *PERSONAL computers

Abstract

The article reports on the data breach case at the U.S. Department of Veterans Affairs (VA). The department is investigating the crime which stems from the theft of three personal computers containing the Social Security numbers and personal data of about 12,000 medical patients. Representative Steve Buyer disclosed two desktop systems and one laptop were stolen from the department's Indianapolis medical center. VA officials failed to return calls seeking information about the incident. Buyer stresses his plan to determine the official's failure to follow VA policies.

Published

2007

13. Problem-Driver DB Ticketed for Security Flaws.

Author

Vijavan, Jaikumar

Subjects

*PERSONAL information management, *DATA protection, *AUTOMOBILE drivers, *SECURITY management, *DATA encryption, *COMPUTER network resources

Abstract

The article reports on the problems regarding the inadequate protection of a driver's identification system in the U.S. According to the Department of Transportation's (DOT) inspector general, the agency is not protecting adequately the personal information in the database regarding the problem drivers. The National Driver Register (NDR) contains data such as names, dates of birth and sex. In addition, similar controls are not being applied when the data is transmitted to users via an external network. Further, the National Highway Traffic Safety Administration has responded with a statement that states DOT officials are reviewing a draft interconnection security management which requires the organization to encrypt data.

Published

2007

14. Update: TJX Victim Tally Rises to 94M.

Author

Vijavan, Jaikumar

Subjects

*CREDIT cards, *BUSINESS losses, *COMPUTER crimes, *DATA security failures

Abstract

The article reports that the data breach tally of TJX Companies Inc. in the U.S. has now reached to 94 million payment cards. The figure filed in a federal court in Boston, more than doubled the retailer's initial estimates. The payment cards affected included 65 million Visa cards at a disclosed amount of $68 to $58 million, and 29 million MasterCards. The firm's initial disclosure to the U.S. Securities and Exchange Commission in March 2007 only reached a figure of 45 million cards. Moreover, the latest estimates was made by a group of banks looking for approval to file a class-action lawsuit to recompense the losses.

Published

2007

15. VA Report Spreads Blame for Data Loss.

Author

Vijavan, Jaikumar

Subjects

*DATA protection, *DATA security failures, *DATA security, *ACCESS to information, *INFORMATION technology, *HARD disks

Abstract

The article reports on the paper issue by the U.S. Department of Veterans Affairs' inspector general which claims that an information technology worker at the department did not secure data stored on an external hard drive which lost or stolen in January 2007. It blamed officials at the agency's medical center in Alabama for letting the worker access large amounts of information that was beyond the scope of the projects he process. Directors of the center are also liable for not ensuring which proper safeguards were put in place for securing data on external drives.

Published

2007

16. Restaurant Chain Beefs Up Payment Card Protections.

Author

Vijavan, Jaikumar

Subjects

*STRATEGIC planning, *COMPUTER security standards, *CREDIT cards, *DEBIT cards, *DATA security, *CHAIN restaurants, *FINANCIAL institutions, *COMPUTER software

Abstract

The article reports that credit and debit card security has been a top priority for the information technology (IT) organization, The Steak n Shake Co., since August 2006, when the number of card transactions that Steak n Shake processes annually surpassed the 6 million mark. This puts the chain into the category of businesses that are subjected to the most rigorous requirements of a data security standard mandated by the major credit card companies. Some of the biggest changes at Steak n Shake's security menu had to be made at the restaurant level. The company had to straighten tools for centrally managing the IT assets in its restaurants and pushing out computer software patches and anti-virus updates to the systems.

Published

2007

17. Privacy Advocate Pushes to Protect Data in Public Records.

Author

Vijavan, Jaikumar

Subjects

*DATA protection, *WEBSITES, *GOVERNMENT information, *DATA security

Abstract

An interview with Betty Ostergren, a former insurance claims supervisor in the U.S. is presented. When asked if there are many counties that are still posting public records with personal data, she assesses that the acts are still occurring. Ostergen differentiates the posting of court records online with the posting of public records on county and state government web sites. She asserts that everybody can access these data who lives outside the country or even in the neighborhood.

Published

2007

18. Malware Outfits Put Business Gloss on Illicit IT Activities.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER crimes, *MALWARE, *COMPUTER hackers, *COMPUTER security, *WEBSITE security, *COMPUTER hacking, *WEB development

Abstract

The article reports on the growth of managed exploit providers, which offer cybercrime support services in the Internet around the world. According to security researchers, web site owners who promise for clean installs of malicious code on end-user systems represent the new face of malware development and distribution. They assert that new breed of malware writers hawk its wares in a more professional manner. Gunter Ollmann of International Business Machines Corp. assesses that the available exploit code uses a range of morphing technologies to evade detection from security software and can exploit various vulnerabilities, and that some exploit providers wait for the monthly patches of Microsoft Corp. in an effort to create new code in taking advantage of the disclosed vulnerabilities.

Published

2007

19. Black Hat Demos Reveal Major Flaws in Cisco's NAC.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER network security, *COMPUTER security, *COMPUTER network architectures, *CLIENT/SERVER computing, *COMPUTER network monitoring, *PEER-to-peer architecture (Computer networks)

Abstract

The article reports on the discovery of the two flaws of Network Admission Control (NAC) architecture from Cisco Systems Inc. in the U.S. According to German security researchers, the flaws of NAC architecture allow unauthorized personal computers to be viewed as legitimate devices on a network. The flaws are demonstrated during the Black Hat security conference in March 2007. Senior security consultant Dror-John Roecher of ERNW GmbH asserts that the fundamental design failure of NAC makes it possible to trick the policy server to allow any device to access a network. Roecher cites that the second flaw prevents the policy server from confirming whether the information it gets from trust agent is accurate.

Published

2007

20. SANS Program Aims to Boost Secure IT Coding Skills.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER adaptive testing, *ABILITY testing, *COMPUTER programmers, *SECURITY management, *INFORMATION services, *COMPUTER security, *HIGH technology industries personnel, *INFORMATION technology

Abstract

The article focuses on the National Secure Programming Skills Assessment (NSPSA) examination, an information security skills assessment and certification program for corporate and government software programmers launched by a group of 360 users and vendors led the SANS Institute in March 2007 in the U.S. It provides the information technology (IT) managers with a process for assessing the secure coding skills of their internal programmers. Also, it offers companies a reliable way to measure the security skills of individuals working for their software vendors and service providers. The program is found to be useful because it is believed to provide a better picture of what the programmers' skills really are. However, assessments need to be topical and relevant to give accurate security.

Published

2007

21. Failled VA Contract 'an Open Checkbook'.

Author

Vijavan, Jaikumar

Subjects

*ELECTRONIC contracts, *CONTRACTS & economics, *FINANCIAL management, *AUDITING, *SERVICES for veterans, *SECURITY management, *SECURITY Assistance Program, *AMERICAN military assistance, *SECURITY systems

Abstract

The article reports that a 10-year $103 million contract for security incident response center at the U.S. Department of Veterans Affairs (VA) has been aborted before its expiration due to funding problems resulting from inadequate planning and poor administration. The contract was found to have become an open check-book leading to almost two-dozen noncompetitive task orders, overpayments, and unaccounted $35 million for equipment purposes. According to an audit report, the VA have spent about $91.8 million by 2005. Moreover, the Veterans Affairs Security Team LLC (VAST) has reportedly obtained several million dollars in liability following the contract's expiration due to equipment purchases and other expenses.

Published

2007

22. IT Needs to Take Proper Precautions, Says IBM Exec.

Author

Vijavan, Jaikumar

Subjects

*EXECUTIVES, *ELECTRONIC office machines, *OFFICE equipment & supplies, *OFFICE practice automation

Abstract

The article presents an interview with Ian Jarman, the System i product manager of International Business Machines Corp. Jarman talks about the annual security study conducted by The PowerTech Group. When ask about the responsibility of people towards managing System i machines, he refers to the efficiency and reliability of these innovations. Jarman explained that System i has possessed a strong reputation for security and availability.

Published

2006

23. Undisclosed Flaws Undermine IT Defenses.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER software development, *COMPUTER network security, *REMOTE access networks, *INFORMATION technology, *COMPUTER programming, *DATA protection, *SECURITY systems industry, *COMPUTER industry

Abstract

The article reports on the issues regarding computer software vulnerabilities that had been publicly disclosed in the U.S. Its impact in the corporate information technology leads to a series of threats that had also been largely misguided due to misconceptions as distinguished by some analysts and security vendors. Alan Shimel, chief strategy officer at StillSecure, gave a remark about the danger posed by this exploitation. StillSecure is a vendor of network security software in Superior, Colorado. Shimel added that it is essential for companies to be prepared in dealing with undisclosed vulnerabilities.

Published

2006

24. Users of IBM's Midrange Line Fall Short on Security Controls.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER software industry, *ELECTRONIC office machines, *DATA protection, *COMPUTER security software, *BACK up systems, *COMPUTER users, *TECHNOLOGICAL innovations

Abstract

The article reports on issues concerning the lack of security controls for International Business Machines Corp.'s System i. The result of PowerTech Group Inc.'s audit on 188 System i machines at more than 175 user sites has showed that many of the midrange systems were not supported by internal controls that adequately protect their data. It has added that more than 90% of the audited systems had no controls in place for preventing or auditing changes to the underlying data from an external personal computer. The result has also showed that 95% of the systems had al least ten users with complete root-access authority, and 77% of them had more than 20 users with passwords that were the same as their usernames.

Published

2006

25. Microsoft Releases Record Number of Security Fixes.

Author

Vijavan, Jaikumar

Subjects

*SECURITY systems, *COMPUTER security, *COMPUTER systems, *COMPUTER network security, *COMPUTER software industry, *TECHNOLOGICAL innovations laws

Abstract

The article reports that Microsoft Corp. has received an unusual volume of monthly security services requests. Also reported is the temporary delay in the availability of the fixes through the company's automatic update services. According to the report, some of the disclosed records were used as subjects of proof-of-concept exploit code. Matt Kesner, chief technology officer at Mountain View law firm in California, commented that the presence of active exploits heightened the urgency to apply the latest patches to Windows systems at Fenwick & West LLP.

Published

2006

26. Oracle to Provide More Flaw Info.

Author

Vijavan, Jaikumar

Subjects

*HIGH technology industries, *DATABASE management, *COMPUTER security, *COMPUTER engineering, *INFORMATION technology, *COMPUTER software industry, *COMPUTER systems, *INFORMATION storage & retrieval systems

Abstract

The article reports on the Oracle Corp.'s series of steps designed to ease up the assessment of their information technology department regarding the security flaws in the company's databases, business application, and other products. The company will also include new information on system vulnerabilities in the next quarterly batch of security fixes. This move aims to help information technology managers and systems and database administrators to better prioritize their patching plans. The planned additions include a severity rating method based on the Common Vulnerability Scoring System.

Published

2006

27. List of Data Breach Notices Lengthening.

Author

Vijavan, Jaikumar

Subjects

*DATA protection, *COMPUTER hackers, *CREDIT cards, *COMPUTER crimes, *COMPUTER security, *DIGITAL subscriber lines, *DIGITAL communications

Abstract

The article reports on the disclosure of several high technology services companies concerning security breaches in the U.S. According to the report, AT&T Corp. has reported that the malicious hackers had made off with credit card information and other personal data belonging to about 19,000 customers of the company's online store for Digital Subscriber Line equipment. It has added that the unauthorized persons had illegally hacked into one of its computer systems and has gained access to the customer data. Ron Ben-Natan, chief technology officer at Guardium Inc., has stressed that the companies must pay more attention to measures such as activity monitoring and auditing, encryption, data classification and policy enforcement.

Published

2006

28. Security Vendors Say Merger Will Give Them More Financial Heft.

Author

Vijavan, Jaikumar

Subjects

*CHIEF executive officers, *MERGERS & acquisitions

Abstract

The article presents an interview with Secure Computing Corp. CEO John McNulty and CipherTrust Inc. CEO Jay Chaudhry. According to McNulty, Secure Computing and CipherTrust had joined forces to establish an enterprise gateway security company. Chaudhry has stated that with their focus and innovation, they have moved forward with some leading-edge solutions. McNulty has also stated that the threats that the users face had changed by defacing a Web site to organized crime.

Published

2006

29. Inspector General Calls VA on Carpet Over Data Theft.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER theft, *COMPUTER input-output equipment, *COMPUTER files, *VETERANS, *ELECTRONIC data processing department security measures, *INFORMATION storage & retrieval systems -- Securities, *INFORMATION technology

Abstract

The article reports on the U.S. Department of Veterans Affairs' (DVA) loss of computer hardware that contains personal data of millions of veterans in the U.S. After revealing this issue, the department's information security officers and other officials had reacted with indifference and a lack of urgency. Moreover, the process and policy failures, a lack of supervision and personal squabbles contributed to the security breach and the DVA's response to the incident. In this regard, several steps for addressing the shortcomings were recommended, including the adoption of a "clear,concise" policy for safe-guarding sensitive data.

Published

2006

30. Federal Breaches Spark Security Review Push.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER security, *GOVERNMENT agencies, *DATA protection, *INFORMATION retrieval, *INDUSTRIAL management, *INFORMATION services, *COMPUTER networks

Abstract

The article reports on the need to review U.S. Department of Veterans Affairs (VA) and other government agencies' process of collecting and storing data and controlling access after the massive data breach disclosed in May 2006. These agencies need ensure their compliance to the Federal Information Security Management Act and at the same time train the employees to work with tough security measures. Also, VA plans to require laptop users to submit their systems for a monthly review as well as banning of the use of personal computers and laptops into the agency's networks. INSETS: GAO Official Charges That VA Ignored Security Warnings;Federal Security Snafus.

Published

2006

31. MySQL Mistakenly Shares Customer E-mail Addresses.

Author

Vijavan, Jaikumar

Subjects

*EMAIL systems, *DATABASE industry, *DATABASE management, *CUSTOMER relations, *DATA transmission systems, *COMPUTER networks, *CUSTOMER services, *DATABASES

Abstract

The article reports on the erroneous contents of the mass e-mail sent out by database vendor MySQL AB for its customers. The mails contain the addresses of about 9,300 customers instead of the information on a series of software-support special offers that the company needs to publicize. Meanwhile, the company had sent follow-up e-mail apologizing to the affected users. Also, the company is making a statement regarding the assurance of the prevention of the incident to happen again in the future.

Published

2006

32. Best-of-Breed Security Tools May Be on Way Out.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER security, *COMPUTER software, *INFORMATION technology, *SECURITY systems, *DATA protection, *SECURITY management, *PRICE regulation

Abstract

The article reports on the advice given by analyst Neil MacDonald of Gartner Inc. regarding computer security tools, which may no longer justify the premium pricing on specialized technologies. According to MacDonald, antivirus, antispam, and anti-spyware tools become commodities so fast. Thus, he suggests that IT managers should start looking for integrated products or services combining security functions, without necessarily being best-in-class. MacDonald also recommends that IT security groups should evaluate the possibility of handling over some security tasks to the IT operations staffs within their companies.

Published

2006

33. Disclosure Laws Driving Data Privacy Efforts, Says IBM Exec.

Author

Vijavan, Jaikumar

Subjects

*DISCLOSURE laws, *PRIVACY, *SECURITY systems, *INFORMATION technology

Abstract

The article presents questions and answers related to disclosure laws. One reader asked about what is driving the privacy agenda. Another person asked about the challenge encountered to do the requirements posed for information technology. And finally, one person asked about how corporate privacy officers get the recognition they deserve compared with security managers.

Published

2006

34. Study Finds Sharp Rise in Mac OS X Flaws.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER operating systems, *APPLE operating systems, *COMPUTER reliability, *COMPUTER security, *WINDOWS (Graphical user interfaces), *WEB browsers

Abstract

The article reports on the results of a study conducted by the SANS Institute, security training and research firm in a Bethesda, Maryland. The study has found out that there is a significant increase in the number of flaws discovered in the Apple Computer Inc.'s operating system Mac OS X. The Mac OS X may soon be as prone to malicious attacks as the Microsoft Corp.'s Windows because of insufficient computer security it provide to users. But the study has also reveled that the Mac OS X is still safer compared to Windows because of its smaller installed base which makes it less prone to hackers. It also showed that there are 52 vulnerabilities found in Mac OS X in 2005 and 17 this 2006. Moreover, Firefox Communications Ltd.'s browser is still safer than Microsoft Corp.'s Internet explorer.

Published

2006

35. Fingerprint Tool Guards Multimedia Content.

Author

Vijavan, Jaikumar

Subjects

*TECHNOLOGICAL innovations, *HUMAN fingerprints, *PIRACY (Copyright), *UNAUTHORIZED use, *BOOK piracy, *PREVENTION

Abstract

The article reports that researchers at the University of Maryland have developed a digital fingerprinting technology that can better protect multimedia content from unauthorized reproduction and distribution. The technology embeds a fingerprint on copies of multimedia content. It includes special codes that resist the attacks, which generally involve the theft of multiple copies of copyrighted materials. According to researcher Min Wu, the digital fingerprinting technology is intended to withstand the attempts at dilution.

Published

2006

36. Lack of Candor Heightens Public Concern About Debit Card Fraud.

Author

Vijavan, Jaikumar

Subjects

*FRAUD, *DEBIT cards, *COMMERCIAL crimes, *BANKING industry, *FINANCIAL services industry

Abstract

The article reports on issues related to debit card fraud. Citibank Corp. has announced that its had put on hold a number of its MasterCard debit cards due to several fraudulent cash withdrawals in a number of cities worldwide. According to the company, the fraud was the result of a third-party business information breach. A source involved with the investigation states that a California store of retailer OfficeMax Inc. were somehow involved in the compromise. Furthermore, Citibank is the latest in the list of financial institutions that have reissued or blocked access to transactions in several countries.

Published

2006

37. NIST Preps Compliance Testing Guidelines.

Author

Vijavan, Jaikumar

Subjects

*SECURITY systems, *COMPUTER security, *GOVERNMENT agencies, *INFORMATION services

Abstract

This article reports that the National Institute of Standards and Technology (NIST) will soon begin releasing guidelines that federal agencies can use to assess their compliance with a set of mandatory information, security rules due to take effect early 2006. The guidelines will be spelled out in a document that NIST plans to issue in draft form early next month. They are designed to enable periodic testing and evaluation of the effectiveness of the security controls that federal agencies need to put in place, Ron Ross, leader of NIST's Federal Information Security Management Act Implementation Project. The new security rules were detailed in Special Publication 800-53, which NIST published in February 2005. The rules cover 17 areas, such as access control, incident response, business continuity and disaster recovery capabilities. They will become a non-waivable Federal Information Processing Standard for all federal systems except those related to national security. The effectiveness of 800-53A will depend on the level of detail it provides.

Published

2005

38. McAfee Shifts Its Focus To Intrusion Prevention.

Author

Vijavan, Jaikumar

Subjects

*COMPUTER security, *ECONOMIC competition, *SECURITY systems

Abstract

This article presents an interview with Gene Hodges, president of McAfee Inc. he says that at the heart of our strategy has been a shift towards behavioral detection and intrusion prevention. They saw several years ago that the threat profile and the speed of propagation would outstrip what most companies would be able to handle in terms of incident response times. He further says that people will see the first real marriage of the risk management technology which McAfee acquired when it bought Foundstone Inc. last August with their intrusion prevention technology early in 2006, with network access control products. they are going to call it the McAfee Policy Enforcer, and it will consist of a series of system software that does near-real-time vulnerability analysis on managed devices, plus network scanners from the Foundstone product line. He says that Microsoft Corp. will clearly be a significant competitor. But their belief is that they will be most effective in the consumer arena. Luckily, their channel strategy is focusing on two areas where they have less muscle.

Published

2005