Privacy

David Kernell is facing five years in prison for allegedly hacking into Alaska Governor Sarah Palin's Yahoo e-mail account, but lawyers watching the case say that the felony charge against him is a bit of a stretch.

A 20-year-old Tennessee man has been indicted for hacking into an e-mail account of U.S. vice presidential candidate Sarah Palin, according to court records.

Privacy and civil rights groups are welcoming legislation that proposes tough new standards for conducting searches of laptops and other electronic devices at US borders.

While VMware this week is holding its own VMworld party in Las Vegas, attendees at Interop New York were told about the potential security risks of virtual environments, not the least of which are people.

A glowing report on the government's national Internet content filtering scheme has again outraged telecommunications providers and privacy advocates who declared the results biased and worthless.

The researcher whose speculation led to an early disclosure of information about a critical flaw in the Domain Name System (DNS), the Internet's traffic cop, wasn't the first to come close to the truth, said the security expert who found the bug and organized a massive patching effort.

The Australian Federal Police is taking 10 Australian school children to London this week to participate in the International Youth Advisory Congress (IYAC), a world first congress giving kids a say in how they can be better protected online.

The American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) are asking a federal court to order the US Department of Justice to turn over records about the agency's tracking of mobile phone users.

Mozilla's big plan on Tuesday to set a world record for downloads with the Firefox 3 browser hit a snag when its Web site would not work properly.

A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers.

Microsoft's Windows XP Service Pack 3 (SP3) ships with an out-of-date version of Adobe's Flash Player that's vulnerable to recently-spotted attacks, according to Microsoft's support documentation.

The US CAN-SPAM law has chewed another alleged spam outfit, this time handing out a world record fine of US$234 million to two individuals.

Communications Minister Stephen Conroy has pushed ahead with the controversial [[artid:420013177|national content filtering scheme|ISP filtering]] with a $125.8 million budget allocation announced today.

Microsoft Tuesday patched six vulnerabilities, most marked "critical," in Windows, Word, Publisher and its anti-virus software.

International experts in Wellington for a conference on identity last week expressed admiration for the New Zealand government's igovt identity information management scheme and the policy behind it.

As Cyber Monday approaches, research suggests a majority of workers will use their work computer to shop this holiday season. But despite the continued growth in online shopping, employees and business still don't understand the risk.

Tips to thwart DNS cache-poisoning attacks

Business travelers will soon need to carry the name of their corporate lawyer in addition to their passport when traveling to the United States, and they may need to bring with them a different business laptop as well. This is because US Customs can search and confiscate your laptop without any prior cause, according to policies that have been posted online since a Ninth US Circuit Court ruling in April.

The final installment in a series of articles about generational differences and security. Part one looked at managing workers in different age groups. Part two examined the types of security concerns that are most commonly associated with different generations in the general workforce. This article provides recruiting and retention advice for security employees.

Whether you were born in the swinging sixties or are part of the slacker generation, some security experts say generational social influences can give you bad habits and make you an office liability.

A recent survey released by security software firm Symantec found 66 per cent of Millennial employees, those born after 1980, admit to using Web 2.0 technologies, such as Facebook and YouTube, while at work. The same poll found younger workers also regularly store corporate data on personal devices, such as PCs and USB drives.

Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.

A wiry young man with his head shaved and wearing a tank top points a handgun straight at the camera in a disturbing YouTube video. The man wears what appears to be a wedding ring, and he gazes vacantly away from the viewer.

An employee looking to steal confidential information from his employer sneaks into what should be a secure back room after hours. He pulls charts and files from a top-level financial meeting and slides them into his briefcase before heading back out.

Haven't encrypted your laptop fleet yet? There's no excuse for that choice anymore. Check out today's smart strategies for improving laptop security — before the next machine disappears

CSIRO says the preservation of privacy and data integrity will both be critical to the success of efforts to develop a new form of electronic service delivery for the Australian government.

The US is badly lagging the rest of the world on privacy legislation and apparently doesn't care

I'm a CISO who has worked in the US financial services industry both as a regulator and for a large services company. In this column I'm going to let you in on one of the biggest, dirtiest secrets in the industry: The companies that get the least amount of scrutiny from financial regulators actually present some of the greatest risks for systemic financial market manipulation and fraud. I'm talking about financial news and brokerage service companies.

A fierce and prominent opponent of the Hawke government's 1987 plans to introduce a national identity card says nothing has changed technologically in the intervening years that would make a smart card today any more secure than the Australia Card proposed then.

E-mail is mission-critical to your business - and its worst security nightmare

Employment and training firm CVGT has installed a network management toolkit to enforce compliance and protect the financial and personal data of its 40,000-plus apprentices and trainees.

McAfee is hunkering down to integrate the security technologies it has bought over the past several months into its varied line of security software and appliances. Two trends in the company's activities are developing parallel products for deployment as software on endpoints and as network-based appliances. This week, for instance, the company is announcing that NAC software can be installed on its IntruShield IPS appliance to give customers the option of enforcing NAC policies in the network, not just on the endpoint. The company is bringing management of these platforms under control of its ePolicy Orchestrator (ePO) in an effort to centralize control of network security. Network World Senior Editor Tim Greene spoke with McAfee CEO Dave DeWalt about these efforts as well as other issues facing the company.

The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.

Howard Schmidt today is the CEO of R&H Security Consulting. However, he's better known around the world for working in the White House for 31 years. A former White House security adviser, he was appointed by President Bush as Special Adviser for Cyberspace Security just three months after the terrorist attacks of September 11, 2001.

Internationally renowned security guru, Bruce Schneier, will be encouraging technologists at linux.conf.au to take a lesson from Luke Skywalker, and "feel the force" a little more when it comes to security.

David Holtsman, former CTO of Network Solutions, discusses September 11, the role of the Chief Privacy Officer and other hot-button privacy issues.

Security expert Gadi Evron has plenty of experience helping governments fight cyber attacks. In this column, he offers a roadmap companies can use to prevent computer espionage.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

Business isn't what it used to be.

Talk to anyone who attends Black Hat USA conferences and you'll hear about how boring the talks are, how nobody learned anything new, how the hacks were known last year -- not to mention the ridiculous posers. Ask those same attendees if they plan to attend next year, and they say "yeah" as fast as a poker player pushing all in with pocket aces.

Harrison Ford is ticked off again. But not because the bad guys have hijacked Air Force One or kidnapped his wife from a Paris hotel room; this time they've swiped his identity to break into the bank where he works and steal millions of dollars.

Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2 percent of companies responding to our survey say their organizations have an enterprisewide encryption plan.

Within the next 10 years the convergence of multiple technologies will thrust people into a world where nothing is secret

I spent a very interesting hour with Phil Libin, president of CoreStreet, learning about the company's method for providing "massively scalable validation products for identity management and access control" - that's how CoreStreet describes its business. First, though, we had to get over a couple of semantic hurdles which points up one of the things slowing down the convergence of pure security products with pure identity management tools.