Friday, April 30, 2010

US Air Force phishing test transforms into a problem

The World's Fair and Technology: 8 Amazing Highlights | Cisco, others dance around 40G Ethernet for data centers

Network World Daily News PM

Forward this to a Friend >>>


US Air Force phishing test transforms into a problem
Sorry Airman Supershaggy, "Transformers 3" is not coming to Andersen Air Force Base. And by the way, you've been phished. Read More


WHITE PAPER: Sophos

Best practices for implementing Windows 7
If you're planning to roll out Windows 7, now is the time to review your endpoint and data protection strategies to make sure that you're taking full advantage of the new security features as well as enhancing your overall security for enterprise deployments. Read Now.

WEBCAST: HyTrust

8 Tips for Virtualization Under Control
Examine 8 tips that will show you how to virtualize more critical workloads with confidence. From security planning and policy management to automation and access controls, get expert advice on how to build a more secure virtual infrastructure to accelerate the virtualization of business-critical applications. Learn More!

The World's Fair and Technology: 8 Amazing Highlights
Ahead of next month's 2010 World Expo in Shanghai, we explore tech innovations--from the telephone to touchscreens--that premiered during the Fair's sprawling 159-year history. Read More

Cisco, others dance around 40G Ethernet for data centers
Notwithstanding an aggressive first strike by Extreme Networks, switching vendors are largely mum on when and in what configurations they will ship 40G Ethernet products. Read More

Final thoughts on Interop -- and Las Vegas
Okay, I'm back in sunny Boston after four days at Interop. I'm now convinced that no normal person should be subject to Las Vegas for more than this amount of time. Everyone I ran into yesterday was looking forward to leaving. I flew out at 2:15 and found that people with later flights were jealous. This says it all. Read More


E-GUIDE: BlackBerry

Expert Guide: Crafting a Secure Mobility Strategy
Securing mobile data in transit and at rest is a top IT concern. This eGuide offers expert advice on simplifying management and security of smartphones, improved fail-over for DR and control of enterprise application downloads and permissions. Read now and download a free license of BlackBerry Enterprise Express to manage up to 75 users. Read Now.

Computer contractor gets five years for $2M credit union theft
For the second time this week, companies are getting a stark reminder of the danger posed to enterprise networks and assets by insiders with privileged access. Read More

Facebook: Network problem that slowed site is fixed
Facebook this morning said that network issues that had slowed the social network yesterday have been resolved. Read More

News podcast: Network World 360
Microsoft confirmed it has canceled further development and production on its tablet project, codenamed Courier, which industry watchers speculated could help drive down costs of Apple's popular iPad. Also, a 21-year-old California man was identified by his lawyer Thursday as the person who sold a prototype iPhone to the Gizmodo technology site, which published photos and other information about the unreleased device. (5:05) Read More


WHITE PAPER: NetApp

Top 5 Hyper-V Best Practices
Read this whitepaper to get advice on everything from making sure you configure enough network connections, especially in iSCSI, to specifying the specific initiator groups and the correct LUN type when provisioning the NetApp LUN for use with Hyper-V. Learn More!

iPad Killer? We Can't Even get an iPad Challenger
HP has conceded the tablet war before it even engaged in battle by terminating the HP Slate project. Since Steve Ballmer unveiled the HP Slate prototype at CES -- an attempt to steal the thunder from the impending announcement of the Apple iPad -- the Slate has been the poster child and champion for everything the iPad isn't. Read More

Tips for using Twitter, Facebook and other "anti-social networks"
Corporations should institute daily one-minute Internet safety lessons that users must complete before they are allowed online, a security expert told Interop attendees this week, but he said even that might not work because attackers pay more attention to the advice than those it is intended to protect. Read More

No IT company is greener than Cisco
Cisco is the greenest IT company out there, according to the latest "Cool IT Leaderboard" from environmental activist and awareness group Greenpeace. Cisco doubled its score from the previous Greenpeace Leaderboard "by demonstrating the effectiveness of its greenhouse emissions-saving solutions," the group said. Read More

New Cisco CCNP exam track
I was up thinking that I would like to pursue the new CCNP track from Cisco. I do believe the newer exams will for sure be more of a challenge since you only have the three exams now. Read More



Join us on LinkedIn

Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today!
- Jeff Caruso, Executive Online Editor

Today from the Subnet communities

15 copies of CompTIA A+ study kits (book, video, flash cards) are available from Cisco Subnet.Deadline April 30. 15 books on Microsoft Systems Center Enterprise suite are available, too.

SLIDESHOWS

Confessions of tech hoarders
How much hardware do you have hidden in your home's nooks and crannies? One tech hoarder shares pictures of his stash, as well as those of some readers.

Interop history quiz
The venerable networking tradeshow Interop convenes this month in Las Vegas. Answer the following 10 questions about Interop, keep score and see how you stack up at the end.

MOST-READ STORIES

  1. Microsoft kills Courier tablet project
  2. U.S. Air Force phishing test transforms into a problem
  3. Terry Childs juror explains why he voted to convict
  4. Apple comes down hard on iPhone leakers
  5. Jon Stewart assails Apple for becoming "big brother"
  6. Apple iTunes 9.1.1 software update released
  7. Eight signs you are an Apple addict
  8. 7 Android devices that aren't phones
  9. Interop: Avaya breathes new life into Nortel enterprise
  10. Texas man to plead guilty to building botnet-for-hire

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


Security Management Weekly - April 30, 2010

header

  Learn more! ->   sm professional  

April 30, 2010
 
 
Corporate Security

Sponsored By:
  1. "Man Says He Sold Prototype iPhone, Will Cooperate With Police"
  2. "Costs of Data Breaches Much Higher in U.S. Than in Other Countries, Study Says" Ponemon Institute
  3. "As Patrols Increase, Somali Pirates Widen Their Reach"
  4. "U.S. Seizes Big Batches of Fake Goods"
  5. "Understanding the Relative Cost of Crime to Business"
Homeland Security

  1. "China Reports Another School Attack"
  2. "E.U. Will Let Air Travelers Carry Liquids in 3 Years"
  3. "Administration Continues to Defy Senate Subpoena for Fort Hood Documents"
  4. "Terror Threat Shadows Johannesburg Games"
  5. "Police Let Terrorist Slip Through"
Cyber Security

  1. "Encryption High-Priority for Massachusetts"
  2. "Federal Agencies Wrestle With Cybersecurity's Harsh Realities"
  3. "Microsoft's Security Report Finds Enterprises Vulnerable to Worms"
  4. "Spammers Pay Others to Answer Security Tests"
  5. "The Top Threats to Government Systems, and Where They're Coming From"

   

 
 
 

 


Man Says He Sold Prototype iPhone, Will Cooperate With Police
San Jose Mercury News (04/30/10) Carey, Pete

The man who found a prototype iPhone in a Redwood City, Calif., bar issued a statement through his lawyer on Thursday saying that he will cooperate with the investigation into the matter. According to the statement, the man, 21-year-old Brian Hogan of Redwood City, was at the bar when another customer handed him the phone, which he said he found on a nearby barstool. Hogan then asked other customers at the bar if the phone--which was a camouflaged prototype of the next version of the iPhone--belonged to them. After failing to find the owner, Hogan then left the bar with the phone, which had been left behind by an Apple engineer who had been out celebrating with friends. Hogan then sold the phone to the tech Web site Gizmodo for $5,000 cash so they could "review the phone." A short time later, Gizmodo editor Jason Chen posted an entry on his blog about the phone and its new features. The phone was eventually returned to Apple after a lawyer for the company sent a written request for the device to Gizmodo.


Costs of Data Breaches Much Higher in U.S. Than in Other Countries, Study Says
Dark Reading (04/28/10) Wilson, Tim

Data breaches in the United States could cost companies twice as much as they do countries with less stringent disclosure and notification laws, reports a Ponemon Institute study. "The overarching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach," says Ponemon chairman Larry Ponemon. The study examined breach costs in the United States, the United Kingdom, Germany, France, and Australia. In the U.S., the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed in July 2009, costs were the second highest at 25 percent above the worldwide average. Australia, France, and the U.K., where data breach notification laws have yet to be introduced, all had costs below the world average. The study's report says that a major reason for the high cost "is that U.S. companies are required to notify customers of their breaches, even if they only suspect that the customers' records might be affected." The notification requirements could be forcing some companies to disclose too much information too soon, Ponemon says.


As Patrols Increase, Somali Pirates Widen Their Reach
Time (04/27/10) Tharoor, Ishaan

Although the presence of the international naval force in the Gulf of Aden and the waters off the coast of Somalia has succeeded in reducing the number of pirate attacks in the region between the first quarter of 2009 and the first quarter of 2010, Somali pirates have yet to be completely defeated. Instead, Somali pirates are simply moving further out into the Indian Ocean to avoid the international naval coalition that is trying to protect ships moving through the Gulf of Aden. The recent hijacking of three Thai fishing trawlers, for example, took place 1,200 miles away from the Somali coast, which was further than any other attack launched by Somali pirates. According to Roger Middleton, an expert on the Horn of Africa at the London-based think tank Chatham House, such attacks are likely to become more common as Somali pirates scatter out further away from the Somali coast in order to avoid being caught by the international naval force in the region. He added that the international naval force off the Horn of Africa would have to grow from the current force of 35 to 40 warships to between 700 and 800 ships in order to eradicate the threat from pirates in the region--a mobilization that would be virtually impossible, given the limited capabilities of most countries' navies. Meanwhile, ship owners are being urged to take steps to protect their vessels and crew members from the threat of piracy, including creating safe rooms that crew members can hide in in the event of a pirate attack. Others say that ship owners may want to consider arming their crew members or hiring private security guards. But experts say that having armed crew members or security guards on board ships could provoke a violent response from pirates, who have generally been non-violent up to this point.


U.S. Seizes Big Batches of Fake Goods
Wall Street Journal (04/26/10) Johnson, Keith

More than $240 million in counterfeit goods were seized in two separate operations earlier this month, U.S. officials say. Roughly $40 million worth of items--including counterfeit Rolex watches, Coach handbags, and Nike shoes--were seized by the federal, state, and local law enforcement officials that comprise the National Intellectual Property Rights Coordination Center as part of a 30-city sweep called "Spring Cleaning." The remaining $200 million worth of items were confiscated in the Port of Baltimore after being shipped to the U.S. from Asia. According to John Morton, the assistant secretary for U.S. Immigration and Customs Enforcement, the goods that were seized in the operations appear to be linked to organized crime. However, terrorist organizations such as Hezbollah have also been known to deal in counterfeit goods in order to raise money, the FBI says. As a result, the U.S. government plans to continue fighting the sale of counterfeit goods. The U.S. General Services Administration, for example, will target fraudulent goods that make their way into the federal civilian supply chain, while federal, state, and local officials will work together to establish 20 "IP theft enforcement teams" to stop the sale of fake products to consumers nationwide.


Understanding the Relative Cost of Crime to Business
Security Director's Report (04/10) Vol. 2010, No. 4,

To stop senior managers from unnecessarily absorbing the losses from crime -- and to encourage them to see a lack of security spending as penny wise and pound foolish -- security executives must be able to communicate the costs of crime. A security leader who wants to be a truly trusted advisor should also understand how significant crime-related losses are compared to other business costs. The average vandalism incident sets a small business back $3,370, according to the U.S. Small Business Administration. "Put another way," says Dr. Martin Bressler, a Houston Baptist University professor and author of a new study on business crimes, "a small business with revenues of $500,000 per year and a net margin of 5 percent would lose approximately 13.5 percent of [its] annual net profit." The lesson for small businesses is that while vandalism is not frequently seen as critical compared to other business costs, it sometimes makes the difference between profit and loss.




China Reports Another School Attack
Associated Press (04/30/10)

Five kindergarten students in Weifang, China, were injured Friday when an assailant attacked them with a hammer. The incident began when the assailant, a local farmer named Wang Yonglai, broke down the gate of the school with a motorcycle. Wang then struck a teacher who tried to block him and attacked the children with his hammer. He then grabbed two of the children, doused himself with gasoline, and lit himself on fire. Teachers at the school were able to pull the children away, though Wang burned to death. None of the children suffered any serious injuries. The attack at the school was the third in as many days in China. On Thursday, a 47-year-old man named Xu Yuyuan made his way into a kindergarten in Taixing with an eight-inch knife. Nearly 30 students were wounded in that attack. Another knife attack took place in a primary school in Leizhou the day before. One teacher and 15 students were injured in that incident, none of them seriously. The attacks have taken place despite increased security measures at Chinese schools. Under those security measures, which were adopted in 2006, schools are required to register or inspect visitors and prevent unauthorized individuals from entering.


E.U. Will Let Air Travelers Carry Liquids in 3 Years
New York Times (04/29/10) Clark, Nicola

The European Union announced Thursday that it is planning to make a number of changes to its airport security measures, including ending the four-year-old ban on liquids in airline passengers' hand luggage. Under the plan to end the ban, which was put in place in 2006 after British authorities discovered a plot to bomb airplanes with liquid explosives, liquids purchased at duty-free shops outside the E.U. or onboard non-E.U. airlines would be allowed in hand luggage beginning in 2011. The E.U. currently allows passengers to carry such liquids in hand luggage if they are purchased at airports in the U.S., Canada, Croatia, and Singapore. However, passengers would be required to seal the liquids in tamper-proof bags and put them through screening before boarding their flight. The ban on other liquids would be lifted by 2013. In addition, the new guidelines call for European airports to install new technology at security checkpoints that would be capable of detecting liquid explosives. Other countries, including the U.S., are also moving towards ending the ban on liquids in airline passengers' hand luggage. As part of that effort, the U.S. Transportation Security Administration has entered into talks with software companies about upgrading airport security screening equipment so that it can detect liquid explosives.


Administration Continues to Defy Senate Subpoena for Fort Hood Documents
Washington Post (04/28/10) P. A06; Whitlock, Craig

The departments of Defense and Justice said on April 27 that they will provide some of the information the U.S. Senate Committee on Homeland Security and Governmental Affairs requested about the Fort Hood shooting and suspected gunman Maj. Nidal Malik Hasan. For example, the Department of Defense said it would provide the panel with access to Hasan's personnel file and portions of an Army report that examined why Hasan's superiors did not act on warnings that the Army psychiatrist was becoming a radical Muslim. However, neither the Pentagon or the Department of Justice will comply with a subpoena for witness statements and other documents related to the investigation of the Fort Hood shooting, saying that doing so could hurt their chances of prosecuting Hasan. The decision not to comply with the subpoena was criticized by Leslie Phillips, a spokeswoman for the Homeland Security and Governmental Affairs Committee, who said that it hurt Congress's ability to conduct independent oversight of the executive branch.


Terror Threat Shadows Johannesburg Games
Jerusalem Post (04/27/10) Slier, Lionel

Security for the soccer World Cup, which is scheduled to begin in Johannesburg, South Africa, on June 11, is expected to be extremely high to prevent terrorists from capitalizing on the publicity of such a high profile international target. Anneli Botha, a senior researcher in terrorism at the Institute of Security Studies in Pretoria, says that despite the precautions being taken to protect athletes and fans, terrorist activity cannot be ruled out. In addition to local Islamic militants, Botha says that right-wing Afrikaans extremists could pose a possible threat. South Africa also has a history of providing a haven to international terrorists. For example, Khalfan Khamis Muhammad was arrested in Cape Town in 2004 for his involvement in the U.S. Embassy bombing in Dar es-Salaam. The country's borders remain porous and corruption is common. It is estimated that more than 6,000 South African passports have been purchased illegally from officials and used to gain entry into the United Kingdom. These incidents raise serious concerns for international terrorist threats to the games, but officials say they have taken every precaution in order to ensure that threat remains as low as possible.


Police Let Terrorist Slip Through
Wall Street Journal (04/26/10) Gardiner, Sean

Public revelations that the Port Authority of New York and New Jersey failed to find explosives hidden inside Najibullah Zazi's car last September are worsening tensions between the agency and the New York Police Department. According to the NYPD, the Port Authority's inability to find the explosives during a search of Zazi's car and its subsequent decision to allow him to enter the city despite warnings from the FBI was a potentially catastrophic mistake. However, officials with the Port Authority and the FBI--who told the Port Authority to search Zazi's car as he prepared to cross the George Washington Bridge and enter the city--said that searching the terrorist suspect's vehicle may not have been the best thing to do. Since the Port Authority did not have a warrant, any evidence that would have been uncovered in a search would have been inadmissible in court, a Port Authority officer said. In addition, a thorough search of Zazi's car without a warrant would have made him suspicious. Zazi subsequently disposed of the explosives because he believed that he was under surveillance. He flew back home to Colorado and was arrested shortly thereafter. Zazi has pleaded guilty in the case and will be sentenced on June 25.




Encryption High-Priority for Massachusetts
Network World (04/28/10) Messmer, Ellen

Massachusetts state government departments are deploying encryption technologies as part of an effort to comply with a new data-privacy law and an executive order issued by Gov. Deval Patrick that requires sensitive data to be encrypted. For example, the Executive Office of Housing and Economic Development is installing encryption hardware that connects to department's Ethernet and edge switches and encrypts all data, not just sensitive information, that travels between roughly 70 locations on the network. The data is automatically decrypted once it reaches its sub-net destination point. Dana Racine, the department's director of infrastructure, says the process of installing the hardware has not been too difficult so far since it has been similar to the process of implementing a firewall rules set, but it is expensive. Racine says the department decided to encrypt all data instead of trying to determine what specific data might fall under the state's guidelines.


Federal Agencies Wrestle With Cybersecurity's Harsh Realities
Dark Reading (04/28/10) Wilson, Tim

Attendees at the April 28 FedScoop Cybersecurity Leadership Summit, which included IT executives of federal agencies, federal business unit executives, and major IT security vendors, agreed that cybersecurity strategies should not focus entirely on creating impenetrable perimeters around sensitive data. Instead, participants in a cybersecurity panel said that agencies must take a more practical, risk-based approach, which includes developing ways to detect attacks and recover from them. The risk-based approach also focuses on identifying the most sensitive information and the information most likely to be targeted in a cyberattack. As National Institute of Standards and Technology (NIST) computer scientists Ron Ross points out, "We've developed a structure for enterprise-wide risk management. How do you monitor risk over time? How much risk can you tolerate? Once you've answered these questions, then you can set up your missions and business procedures." Another important aspect of cybersecurity is attack attribution. While it may be difficult to determine exactly where an attack came from, agencies should make decisions much the way a court would- using standards like "a preponderance of evidence" or "beyond reasonable doubt," panelists said.


Microsoft's Security Report Finds Enterprises Vulnerable to Worms
eWeek (04/26/10) Kolakowski, Nicholas

Volume 8 of Microsoft's Security Intelligence Report compiled information gathered from roughly 500 million computers globally to develop a picture of the worldwide IT security situation for the last six months of 2009. Although some of the findings came as no surprise—more service packs on more recent operating systems resulted in fewer weaknesses—there were conspicuous differences between the vulnerability profiles of business and consumer IT. Meanwhile, total vulnerability disclosure figures in software continued to drop. Older operating systems were hit hardest by the attacks, Microsoft says, with Windows XP reporting higher overall infection rates than either Windows 7 or Windows Vista. As an overarching trend, succeeding service packs for operating systems mitigated the rates of infection. According to the report, "Microsoft security products cleaned rogue security software-related malware on 7.8 million computers in [the second half of] 2009, up from 5.3 million computers in [the first half of 2009]—an increase of 46.5 percent."


Spammers Pay Others to Answer Security Tests
New York Times (04/25/10) Bajaj, Vikas

Spammers are paying people in countries such as India, Bangladesh, and China to pass Web security tests known as CAPTCHAS, which ask Web users to type in a string of semi-distorted characters to prove they are humans and not spam-generating robots, according to Carnegie Mellon University professor Luis von Ahn. He says thousands of people in developing countries, primarily in Asia, are solving these puzzles for pay. The completed CAPTCHAS help spammers open new online accounts to send junk emails. However, Internet company executives say the threat of spammers paying people to decode CAPTCHAS is not a major concern. They note that Web sites use several tools to verify accounts and maintain security. Some sites may send confirmation codes as text messages, which then must be entered into a separate verification page before new email accounts are activated. "Our goal is to make mass account creation less attractive to spammers, and the fact that spammers have to pay people to solve CAPTCHAS proves that the tool is working," says Google's Macduff Hughes.


The Top Threats to Government Systems, and Where They're Coming From
Federal Computer Week (04/23/10) Jackson, William

Fourteen percent of cyberattacks against U.S. government agencies last year originated in China, according to Symantec's Government Internet Security Threat Report. The report says that last year's global government threat landscape was dominated by Internet-based attacks and targeted, persistent threats designed to secretly steal valuable data. The report also says that 46 percent of the top 10 cyberattacks last year were Web server attacks. Meanwhile, advanced persistent threats—in which cybercriminals subtly look for data such as software source code and steal it over a long period of time—became increasingly common last year, Symantec found. These attacks are effective because they use social engineering techniques to deliver malicious code to the victim, which means that government agencies cannot rely on traditional network and perimeter defenses to defend against this threat. Symantec also found that more and more malware is circulating on the Internet. However, the company noted that government agencies cannot simply rely on signatures to protect themselves from malware, since malicious code can be quickly altered in order to avoid detection.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

Tips for using "anti-social" networks; US Air Force caught in own phishing net

US Air Force phishing test transforms into a problem | Security pros, meet your new best friend: the CFO

Network World Compliance

Forward this to a Friend >>>


Tips for using Twitter, Facebook and other "anti-social networks"
Corporations should institute daily one-minute Internet safety lessons that users must complete before they are allowed online, a security expert told Interop attendees this week, but he said even that might not work because attackers pay more attention to the advice than those it is intended to protect. Read More


WHITE PAPER: ArcSight

Building a Successful Security Operations Center
This paper outlines industry best practices for building and maturing a security operations center (SOC). For those organizations planning to build a SOC or those organizations hoping to improve their existing SOC this paper will outline the typical mission parameters, the business case, people considerations, processes and procedures, as well as, the technology involved. Building a Successful Security Operations Center

In this Issue


WHITE PAPER: Microsoft

Extended Security Features of Windows 7
Microsoft has added significant security enhancement to Windows 7. This Gartner research note details the capabilities available (many are only available to EA/SA subscribers), which features should be activated and where some security holes still remain. Read More.

US Air Force phishing test transforms into a problem
Sorry Airman Supershaggy, "Transformers 3" is not coming to Andersen Air Force Base. And by the way, you've been phished. Read More

Security pros, meet your new best friend: the CFO
Executives in charge of information security should make friends with the CFO, who can give them a broad overview of corporate priorities and see to funding the most important IT projects that protect corporate data. Read More

Symantec encryption buyouts raise open source, overlap questions
Symantec's announced acquisitions Thursday of data encryption specialists PGP Corp. and GuardianEdge Technologies have industry watchers wondering which products will stay and go, and how open source PGP will fare in the wake of the buyouts. Read More

Diary of a mad McAfee antivirus victim
As if McAfee's bad antivirus update last week wasn't bad enough, some customers were none too happy with how the security vendor's tech support handled the situation either. Read More

Symantec buying PGP Corp., GuardianEdge for $370 million
Symantec Thursday announced plans to acquire PGP Corp. and GuardianEdge Technologies for approximately $370 million, a move that will give Symantec a firm foothold in the encryption technology market. Read More


WHITE PAPER: ManageEngine

5 Keys to Preventing Application Delay
Examine the 6 challenges organizations face from application delays, as well as the 5 capabilities needed to effectively address and overcome problems. Read More

New tool makes end users responsible for data loss prevention
When there is a real-time alert, someone in IT has to make a decision: let the action go or quarantine the data. This is too time-consuming, and it requires IT to inspect the data. Check Point Software Technologies just introduced a DLP solution that puts the onus for remediating the alert onto the worker who triggered it. Read More

Inside Oracle's security assurance program
Oracle CSO Mary Ann Davidson walks SOURCE Boston attendees through her company's evolving secure coding effort. Read More

Terry Childs juror explains why he voted to convict
Terry Childs' guilty conviction struck a nerve with IT staffers this week. Read More

PDF exploits explode, continue climb in 2010
Exploits of Adobe's PDF format jumped dramatically last year, and continue to climb during 2010, a McAfee security researcher said. Read More

What's wrong with the PCI security standard
The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week. Read More


WHITE PAPER: Fluke Networks

Ethernet Performance Metrics
Ethernet performance measurement can help. Various metrics can quantify and characterize performance. Test plans can be written to satisfy varying organizational objectives. This white paper will describe advancements in field measurement of end-to-end Ethernet performance. Read More!

Encryption high-priority for Massachusetts
The Massachusetts data-privacy law that kicked in this March requires, among other things, the encryption of personally identifiable information when sent over the Internet. Government agencies have also been given their own guidelines by the state's governor, which has prompted new encryption technology deployments. Read More

Smartphone management becoming a nightmare
A survey of 475 Interop attendees pegged mobile device management as the biggest mobile concern, with 200 people saying that is their top worry. Read More

Computer contractor gets five years for $2M credit union theft
For the second time this week, companies are getting a stark reminder of the danger posed to enterprise networks and assets by insiders with privileged access. Read More

Glype 'anonymous' proxy may not cloak your identity
A widely used proxy service thought to provide anonymous Web surfing and used to skirt network administrator bans on access to sites like Facebook frequently reveals sensitive information about its users, according to a Swiss security researcher. Read More

Researcher: Social networks shouldn't reuse private info
A Microsoft researcher argues that user data should not be reused by social networks Read More

Opt-in ISP-level Internet filter wasn't feasible: Academics
An opt-in/opt-out ISP-level filter, first suggested in the February 2008 Feasibility Study into ISP Level Content Filtering, was never a feasible alternative to the current ACMA blacklist, according to academics and industry experts. Read More

Google patches Chrome for second time this month
Google patched three vulnerabilities in the Windows version of Chrome earlier in the week, marking the second time that it's plugged security holes this month. Read More



Join us on LinkedIn

Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today!
- Jeff Caruso, Executive Online Editor

Today from the Subnet communities

15 copies of CompTIA A+ study kits (book, video, flash cards) are available from Cisco Subnet.Deadline April 30. 15 books on Microsoft Systems Center Enterprise suite are available, too.

SLIDESHOWS

Confessions of tech hoarders
How much hardware do you have hidden in your home's nooks and crannies? One tech hoarder shares pictures of his stash, as well as those of some readers.

Interop history quiz
The venerable networking tradeshow Interop convenes this month in Las Vegas. Answer the following 10 questions about Interop, keep score and see how you stack up at the end.

MOST-READ STORIES

  1. Apple comes down hard on iPhone leakers
  2. Jon Stewart assails Apple for becoming "big brother"
  3. Texas man to plead guilty to building botnet-for-hire
  4. Admin who kept SF network passwords found guilty
  5. Is Sprint finally rebounding?
  6. Google Apps vs. Microsoft Office
  7. IPv6 tutorial
  8. FAQ: HP-Palm buy
  9. Microsoft patch causes hiccup in Cisco WAAS
  10. How to fix anything

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_compliance_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **