Friday | 19 March, 2010
CSO

Data Security

News
  • +

    Indian pleads guilty in overseas stock hacking scheme 08/02/2010 07:50:00

    The group of hackers compromised brokerage accounts, then pumped up the prices of stocks
    An Indian national pleaded guilty Friday to conspiracy and aggravated identity-theft charges related to an international fraud scheme to hack into online brokerage accounts in the U.S. and use them to manipulate stock prices, the U.S. Department of Justice said.
  • +

    Security researcher IDs China link in Google hack 21/01/2010 06:22:00

    Algorithm used in Aurora code is only found on Chinese Web sites
    The malicious software used to steal information from companies such as Google contains code that links it to China, a security researcher said Tuesday
  • +

    Study: Click fraud rate relatively low in 2009's Q4 20/01/2010 06:29:00

    The 15.3 percent click fraud rate represents a big improvement over the fourth quarter of 2008
    Click fraud, a practice that dilutes the efficacy of pay-per-click (PPC) advertising campaigns run in search engines like Google, stayed relatively low in the fourth quarter, according to a study.
  • +

    Attack code used to hack Google now public 16/01/2010 11:25:00

    IE 6 users on Windows XP are most at risk
    The dangerous Internet Explorer attack code used in last month's attack on Google's corporate networks is now public.
  • +

    Google hack raises serious concerns, US says 14/01/2010 07:34:00

    Secretary of State Hilary Clinton asks the Chinese government for an explanation
    A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday.
  • +

    ISP operators among 19 arrested in cyber-fraud case 13/01/2010 07:11:00

    Suspect initially claimed that his company and clients were victims of another's actions
    The owner of a Dallas-based Internet service provider that was raided last April has been charged with participating in a conspiracy to defraud more than US$15 million from companies such as Verizon, AT&T and XO Communications.
  • +

    Group behind Twitter hack takes down Baidu.com 13/01/2010 08:58:00

    Baidu's domain name records appear to have been tampered with, experts say
    The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com.
  • +

    Hacking takes lead as top cause of data breaches 09/01/2010 10:18:00

    Business sector was the most likely to suffer a breach
    Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center's 2009 Breach Report.
  • +

    Computer of alleged Sarah Palin hacker had spyware 10/12/2009 06:48:00

    David Kernell's lawyers said the program recorded and reported personal information
    The 21 year-old college student charged with hacking former Alaska Governor Sarah Palin's Yahoo e-mail account was using a compromised computer that was secretly logging and reporting information without his knowledge, his lawyers say.
  • +

    Symantec enhances Veritas Storage Foundation 08/12/2009 02:37:00

    Security upgrades to three of its flagship products
    Symantec has announced that it has enhanced three of its flagship products – Veritas Storage Foundation, Veritas Cluster File System and Veritas Cluster Server – with support for migrating data into and out of solid state drives and the ability to reclaim unused storage. In addition, the company has enhanced the failover capabilities of Veritas Cluster File System to work with structured data in Oracle, Sybase or IBM DB2 applications.
  • +

    Symantec upgrades for SSD, Hyper-V 08/12/2009 06:03:00

    Admins can now reclaim unused data blocks, return them to a pool
    Symantec Corp. today announced several enhancements to its storage management suite, its cluster file and cluster server system, including the ability to recognize solid state drives used in tiered storage as well as integration with Hyper-V.
  • +

    HSBC exposed sensitive bankruptcy data 07/12/2009 06:01:00

    The bank won't say exactly what the problem was, or how many were affected
    HSBC Bank says a bug in its imaging software inadvertently exposed sensitive data about some of its customers going through bankruptcy proceedings.
  • +

    Two sentenced to prison for online money laundering 04/12/2009 08:01:00

    The Bulgarian residents used eBay to sell expensive and nonexistent vehicles
    Two Bulgarians have been sentenced for their roles in an online money-laundering scheme that collected about US$1.2 million from U.S. residents and sent it to a criminal group in Eastern Europe, the U.S. Department of Justice said.
  • +

    Viviane Reding picked to re-write EU data protection laws 30/11/2009 06:02:00

    Her new role at the European Commission could also offer her law-making opportunities in the online advertising field
    Viviane Reding, the European Commissioner who for the past five years has championed consumer rights in the telecommunications and IT arenas, has been picked to take charge of a re-write of the European Union's 15-year-old data protection laws due to start next year.
  • +

    Sept. 11 pager messages published online 26/11/2009 07:10:00

    Wikileaks is posting messages showing a timeline of events following the U.S.'s worst terrorist attack
    The pager message is from a woman near a pay phone near 38th Street in New York City on Sept. 11, 2001. The woman says her children were evacuated, but she's trying to find them. She tells her husband she loves him.
Features
  • +

    Is Compliance in the Cloud Possible? 07/01/2010 06:47:00

    The type of cloud computing service and the deployment model have impacts beyond security and compliance
    There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.
  • +

    Secure USB Drives Not So Secure 07/01/2010 06:16:00

    Penetration testers uncovered a vulnerability that exploits the way the flash drives handle passwords
    Several hardware-encrypted USB memory sticks are now part of a worldwide recall and require security updates because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device.
  • +

    Best Practices For IT Availability 17/12/2009 04:40:00

    Technology decisions play a vital role in supporting your overall strategy
    Forrester often gets inquiries such as, "What requirements should we keep in mind while developing our disaster recovery plans and documents?" and, "Which strategies work best for managing our disaster recovery program once it's in place?"
  • +

    A Practical Approach to Protecting Trade Secrets 12/11/2009 05:22:00

    The company must understand the scope of the problem in order to mitigate its effects
    Trade secrets are increasingly becoming a company's most valuable assets, and not surprisingly, threats to those assets have increased concomitantly. The greatest threat to company data is, of course, not outsiders but a company's own employees A company's ability to protect against rogue employees (as well as against unintentional harm) is governed by both federal and state laws, which vary by jurisdiction and, worse, are in a state of flux in many of those jurisdictions.
  • +

    Facebook, Twitter provide sensitive info for criminals 28/08/2009 06:48:00

    Users share too much information and often vent on social networking services
    Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?
  • +

    Cloud security: time to smoke another one? 01/09/2009 04:19:00

    CSOonline embarks on a series about cloud computing risks and how to minimize them. Here's how you, the reader, can be part of the solution.
    Chris Hoff, one of the most respected voices on the topic of virtualization and cloud security, once told me in an interview that people should shut up about securing the cloud because, in his opinion, there's no such thing as cloud security.
  • +

    Internet Security Trends 2009: An Interim Update 03/09/2009 04:38:00

    Symantec's Zulfikar Ramzan checks in on last year's predictions and IDs emerging trends in malware, phishing, spam and more
    The effects of cybercrime are far reaching. It would be a difficult task to find someone who has never been affected by malicious Internet activity, or who does not at the very least know someone who has been negatively impacted by cybercriminals.
  • +

    5 more Facebook, Twitter scams to avoid 01/09/2009 02:48:00

    From get-rich-quick schemes to pornographic robots, the latest social networking scams reveal just how much more sophisticated the crooks are getting
    A recent survey released by AVG Technologies and the Chief Marketing Officers Council reveals that while most social network users are concerned about the security of the sites, the vast majority do not take the necessary precautions to protect themselves.
  • +

    Facebook to tighten privacy after Canadian investigation 28/08/2009 05:05:00

    The changes call for stricter access to user data by third-party applications
    Facebook will enhance its social-networking site's privacy features over the next 12 months as a result of a set of recommendations from the Canadian government.
  • +

    Facebook users to get more privacy; developers, less freedom 29/08/2009 03:50:00

    Facebook recently announced that it will make more changes to its privacy settings and set tighter control over what pieces of data third-party applications can access.
    On Facebook, the struggle to figure out who owns and accesses our data remains years away from any resolution - if we ever reach one. Yesterday, Facebook announced that it would act to shore up some privacy concerns that were voiced a month ago by Jennifer Stoddart, the privacy commissioner of Canada.
  • +

    CIO and CSO should take a follow the money approach to security: IBM X-Force 27/08/2009 10:15:00

    IBM X-Force report finds Web sites and Web applications were major vulnerability for enterprises in 2008
    CIOs and CSOs could do well to consider the monetisation cost and overall profitability of security risks when considering how to safe guard their organisations, according to the findings of a new report from IBM’s Internet Security Systems X-Force research and development team.
  • +

    Cloud hype peaks, but IT concerns increase 27/08/2009 06:51:00

    How big is the cloud marketing challenge? CIO.com's newest survey of IT professionals on cloud computing shows fears regarding security, data management, TCO, compliance and vendor lock-in have only spiked since one year ago.
    Apparently the everpresent cloud computing marketing messages aren't working quite well enough: Tech buyers still have major concerns regarding cloud-based benefits and security issues, many of which have not eased during the past year.
  • +

    Five lessons from Microsoft on cloud security 26/08/2009 05:00:00

    The software titan reviewed its security approach to cloud computing and developed new strategies. Here's what one Microsoft cloud expert says he's learned.
    While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft-with its 300 products and services delivered from its data centers-has a large cloud bank all its own.
  • +

    Is your PC bot-infested? here's how to tell 25/08/2009 02:32:00

    Bots have recently invaded cell phones, too
    As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.
  • +

    Disaster-proof virtualisation on a dime: how I did it 21/08/2009 03:18:00

    Most companies virtualize servers to save money, save space and save time for the business. HR outsourcing firm The Sullivan Group had another motivator: hurricanes. Here's their thrifty, successful formula for virtualization, using Citrix and Marathon Technologies products.
    Most companies virtualize servers to save money, save space and act faster on IT requests from the business. Human-resources outsourcing service The Sullivan Group virtualized its servers partially because company executives were worried about hurricanes.
Case Studies
  • +

    Uni fortifies Western Front with IDS 22/02/2008 20:11:00

    Nurtured NAC keeps malware out
    The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.
  • +

    Employment firm trains staff in compliance with network management kit 05/03/2008 12:03:13

    Console keeps 350 Windows machines in check
    Employment and training firm CVGT has installed a network management toolkit to enforce compliance and protect the financial and personal data of its 40,000-plus apprentices and trainees.
Interviews
  • +

    Five Ways To Survive a Data Breach Investigation 16/04/2009 09:11:00

    When the digital forensics crew comes in to investigate a possible data breach, company execs often make matters worse by not being prepared. Here are five ways to keep it from happening to you
    Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.
  • +

    Four Questions On Google App Security 18/12/2008 12:27:00

    Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats
    Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats.
  • +

    CPO & CISO: A Comprehensive Approach to Information 04/12/2008 08:42:00

    GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.
    GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.
  • +

    Why Cybercrime is Thriving 27/11/2008 11:52:00

    A new Symantec report reveals just how large and sophisticated the online underground economy has grown
    A new Symantec report reveals just how large and sophisticated the online underground economy has grown.
  • +

    Chris Hoff on Virtualization and Cloud Computing 20/11/2008 10:55:00

    Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly.
  • +

    How IT Helped Catch the Jewellery Thief 13/11/2008 11:52:00

    A jewellery store chain is having much better luck catching burglars in real time, thanks to a little help from the IT side of the house.
    A jewellery store chain is having much better luck catching burglars in real time, thanks to a little help from the IT side of the house. Loss Prevention Manager Dennis Thomas explains how the company built its high-tech command center from scratch.
  • +

    Cisco CSO says security is growing up 07/08/2008 07:51:10

    Interview: CSO John Stewart admits Cisco made mistakes in suing a researcher for exposing router flaws three years ago at Black Hat
    John Stewart doesn't talk like your typical corporate executive. He said that his company, Cisco Systems, has been lucky when it comes to security and that his company's Self-Defending Network marketing push has painted "a big bull's-eye" on its products.
  • +

    Cybercrime Convention will benefit Australia, says proponent 19/05/2008 09:36:30

    Countries that have complied with the Convention have considerably strengthened their cybercrime legislation.
    The Convention on Cybercrime is the work of the Council of Europe and is aimed at facilitating international cooperation in the investigation and prosecution of computer crimes. Since the Convention came into being in 2001, the COE has been working to address the growing international concern over the threats posed by hacking and other computer-related crimes.
  • +

    Head of PCI council sees security standard as solid 17/04/2008 10:40:46

    GM Bob Russo defends payment card rules but acknowledges that 'interpretation issues' remain
    The PCI Security Standards Council was established in the US by the major credit card companies in September 2006 as an independent organization to manage the Payment Card Industry Data Security Standard. In an interview, general manager Bob Russo talks about the council's efforts to administer the PCI standard amid continuing concerns about credit and debit card security. And he defends the standard, despite the recent data breaches at Hannaford Bros. and Okemo Mountain Resort.
Opinions
  • +

    Data Security: Whose Job Is It Really? 02/04/2009 08:35:00

    Forrester believes CISOs must revisit the need to centrally control data security.
    Forrester believes CISOs must revisit the need to centrally control data security.
  • +

    Avoiding Pitfalls in Log Management Planning 26/03/2009 10:25:00

    Key considerations include scalability and references at comparable organizations, says ArcSight's Ansh Patnaik.
    Key considerations include scalability and references at comparable organizations, says ArcSight's Ansh Patnaik.
  • +

    Good FUD Vs. Bad: Is There Really A Difference? 19/03/2009 09:12:00

    A couple security bloggers suggest Bill Brenner spreads FUD in a column that's supposed to be anti-FUD. Why he agrees -- to a point.
    A couple security bloggers suggest Bill Brenner spreads FUD in a column that's supposed to be anti-FUD. Why he agrees -- to a point.
  • +

    Effects of corporate social media on network security 13/03/2009 08:04:00

    Organizations must raise awareness of safe data handling practices their users
    In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.
  • +

    Laid-off Workers as Data Thieves? 25/02/2009 08:28:00

    A Symantec/Ponemon report points to an ominous byproduct of the economic crisis: laid-off employees stealing data in acts of vengeance. Bill Brenner is skeptical of this report's news value.
    A Symantec/Ponemon report points to an ominous byproduct of the economic crisis: laid-off employees stealing data in acts of vengeance. Bill Brenner is skeptical of this report's news value.
  • +

    Who Pushed Vendors Toward Better Security? 04/12/2008 09:38:00

    Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson
    Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson.
  • +

    SOA What? Why You Need SOA Governance Framework 04/12/2008 08:32:00

    Without a well-thought out governance plan SOA can seem like the lawless Wild West.
    Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes.
  • +

    Hard times mean more problems with insider security 05/11/2008 09:07:00

    Given stressful situations, people are more likely to partake in risky activity, malicious, criminal or otherwise.
    Does my company need to be more proactive about insiders during hard times?
  • +

    How to prevent cyber espionage 23/10/2008 12:06:00

    Security expert Gadi Evron has plenty of experience helping governments fight cyber attacks. In this column, he offers a roadmap companies can use to prevent computer espionage
    Security expert Gadi Evron has plenty of experience helping governments fight cyber attacks. In this column, he offers a roadmap companies can use to prevent computer espionage.
  • +

    How to minimize the impact of a data breach 01/10/2008 08:54:00

    ID Experts' Rick Kam describes a customer-centric action plan
    Thirty-one percent of customers--nearly one-third of a company's client base and revenue source--are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute.
  • +

    Sarah Palin demonstrates the peril of webmail 18/09/2008 12:35:00

    A hacked webmail account highlights the risk of trusting too much information to a service that may not be as secure as you.
    If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's gov.palin@yahoo.com Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address, gov.sarah@yahoo.com, have been suspended.
  • +

    'Whaling' threats target the big fish of the corporate world 10/09/2008 14:50:00

    Whaling has increasingly been in the news thanks to the ingenious ways a new breed of phishermen collect data to carry out scams and the move towards targeting business networking sites.
    The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.
  • +

    Information security governance: Centralized vs. distributed 05/09/2008 10:15:00

    Should security policies, procedures and processes be managed within a central body, or distributed at an individual level? You need to find the middle ground.
    The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground?
  • +

    Security ROI: Fact or Fiction? 03/09/2008 08:32:00

    Bruce Schneier says ROI is a big deal in business, but it's a misnomer in security. Make sure your financial calculations are based on good data and sound methodologies.
    Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable.
  • +

    Information Security and the Importance of Context 01/09/2008 10:00:00

    Those entrusted with information security must raise their contextual awareness
    When the US Transportation Security Administration (TSA) was first created, it created a sudden need for tens of thousands of screeners. Getting a job as an airport screener was a pretty easy process. It seemed as though if you had a pulse, you were in. Jump forward to 2008 and becoming a screener is a bit harder as the TSA has instituted background checks, has upped the educational requirement to include a high school diploma or GED, and added other significant requirements.
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
 
Get a job Careerone
Whitepaper


Read Whitepaper

Making the move to Ethernet | A DECISION GUIDE

While enterprises today need higher bandwidth, there is increasing demand for solutions that can provide scalability, performance, simplicity and control at lower costs. Get the best of both worlds - read about Ethernet adoption today.

Sponsored Links