Data Security

The operators of The Pirate Bay will allow users to delete their accounts on the torrent-tracking site, a feature many users have requested since a deal to sell the site was announced Tuesday.

The owners of The Pirate Bay have agreed to sell the site to a Swedish Internet cafe operator for 60 million Swedish kronor (US$7.8 million), the company said on Tuesday.Global Gaming Factory X (GGF) said it wants to find ways to pay content providers and copyright holders when their content is downloaded via The Pirate Bay, which tracks who is sharing files over the BitTorrent peer-to-peer service.

A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.

Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.

Symantec has taken a relatively hands-off approach with its integration of hosted messaging provider MessageLabs since its acquisition of the company in November 2008, according to MessageLabs' former CEO.

The European Commission took a big step toward creating an enhanced pan-European system of security and surveillance Wednesday when it launched a proposal to set up a new independent agency to manage massive IT systems used by border control authorities.

The Pirate Bay is the target of yet another legal case -- the Dutch antipiracy organization BREIN wants to close the file-sharing site in the Netherlands, and wants to see its founders appear in the Amsterdam district court on July 21, it said Tuesday.

Microsoft's free security software passed a preliminary antivirus exam with flying colors, an independent testing company said today.

Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.

When security expert Bruce Schneier tried to sell a used laptop on eBay, he thought it would be easy. Instead, a sale was aborted twice -- first by a scammer using a hacked eBay account and then by a buyer who tried to trick Schneier into sending her the laptop after she cancelled payment.

The NSW Department of Corrective Services will implement mandatory iris scanning and fingerprinting across its 32 prisons to help verify visitor identities.

Microsoft has taken aim at a rogue antivirus program called Internet Antivirus Pro.

Businesses in North America and Europe remain broadly worried about the security of open-source software, according to new data from Forrester Research.

Network administrators and security specialists have long had tools and software for analyzing the streams of traffic that course through company systems, but now a Marlborough, Massachusetts, startup wants to make the process a lot easier.

The Australian Federal Police (AFP) claims to have struck a major blow to a multi-million identity fraud syndicate.

CIOs in Australia and New Zealand are increasingly getting involved in the disaster recovery planning of their organisations, according to a new survey from Symantec.

The U.S. White House is determined to follow through on its efforts to make cybersecurity a top priority, despite earlier government efforts that have fallen flat, a top official said Wednesday.

Admit it: You are currently addicted to social networking. Your drug of choice might be Facebook or Twitter, or maybe Myspace or LinkedIn. Some of you are using all of the above, and using them hard, even IT security practitioners who know better.

A common misconception is that a shiny new computer is more or less secure because it hasn't yet been exposed to the Internet's sinister underbelly. But the truth is, these machines come out of the box needing scores of patches, some basic security software downloads and the disabling or replacing of items security pros don't typically trust.

Gaining attention for advocating a practical shift in how IT leaders think about security, the Consensus Audit Guidelines offer 20 controls to measure and monitor IT-system and network security. Though worries about increased cost often accompany any notion of improving security, John Gilligan, a consultant who developed the guidelines, says he implemented a subset of the controls when he was the Air Force CIO (from 2001 to 2005) and saved money on IT and risk management.

Sweden's Pirate Party won 7.13 percent of the vote in elections earlier this month. Its campaign for the respect of privacy, the reform of copyright law and the abolition of the patent system earned it a seat in the European Parliament, and it may yet gain another seat there, if planned changes to the number of seats attributed to each country win approval.

An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.

Firewalls are a mature technology, right? Most companies have at least one, if not several. And since an established knowledge base exists to tap for issues and PCI DSS 1.1 and 1.2 are pretty clear cut, firewall management shouldn't be much of an issue, right? No one is going to suffer the brunt of managing the significant infrastructure change these regulations are bound to bring more than the security operations team, correct?

As German banks layer more security into their online banking procedures, security vendor Gemalto has launched a device it says makes completing transactions easier.

A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.

A new product from Phoenix Technologies, called Freeze, lets you use BlackBerry or iPhone Bluetooth to tell a PC that you're leaving the area and want it to lock up. When you return, Phoenix Freeze can also automatically unlock the machine so it's ready for you. However, it only works on Windows PCs, doesn't support 64-bit platforms, disables all other Bluetooth peripherals and seems to be a bit buggy for an official release. Phoenix Freeze for BlackBerry and iPhone

To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous. After all, weren't we all told in IT Security 101 that everyone needs AV to keep the malware and data thieves at bay?

The heads of seven business organizations sent PCI Security Standards Council General Manager Bob Russo a cry for help earlier this month, saying the recession is making it "increasingly difficult" for merchants to meet the requirements of the Payment Card Industry's Data Security Standard (PCI DSS).

The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.

Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats.

GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.

A new Symantec report reveals just how large and sophisticated the online underground economy has grown.

Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly.

A jewellery store chain is having much better luck catching burglars in real time, thanks to a little help from the IT side of the house. Loss Prevention Manager Dennis Thomas explains how the company built its high-tech command center from scratch.

John Stewart doesn't talk like your typical corporate executive. He said that his company, Cisco Systems, has been lucky when it comes to security and that his company's Self-Defending Network marketing push has painted "a big bull's-eye" on its products.

The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.

The PCI Security Standards Council was established in the US by the major credit card companies in September 2006 as an independent organization to manage the Payment Card Industry Data Security Standard. In an interview, general manager Bob Russo talks about the council's efforts to administer the PCI standard amid continuing concerns about credit and debit card security. And he defends the standard, despite the recent data breaches at Hannaford Bros. and Okemo Mountain Resort.

Key considerations include scalability and references at comparable organizations, says ArcSight's Ansh Patnaik.

A couple security bloggers suggest Bill Brenner spreads FUD in a column that's supposed to be anti-FUD. Why he agrees -- to a point.

In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.

A Symantec/Ponemon report points to an ominous byproduct of the economic crisis: laid-off employees stealing data in acts of vengeance. Bill Brenner is skeptical of this report's news value.

Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes.

Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson.

Does my company need to be more proactive about insiders during hard times?

Security expert Gadi Evron has plenty of experience helping governments fight cyber attacks. In this column, he offers a roadmap companies can use to prevent computer espionage.

Thirty-one percent of customers--nearly one-third of a company's client base and revenue source--are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute.

If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's gov.palin@yahoo.com Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address, gov.sarah@yahoo.com, have been suspended.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.

The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?

Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable.

When the US Transportation Security Administration (TSA) was first created, it created a sudden need for tens of thousands of screeners. Getting a job as an airport screener was a pretty easy process. It seemed as though if you had a pulse, you were in. Jump forward to 2008 and becoming a screener is a bit harder as the TSA has instituted background checks, has upped the educational requirement to include a high school diploma or GED, and added other significant requirements.