-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Cyber Security News of the Week, October 30, 2011
Cyber Security Story of the Week
They sky is not falling. But cyber crime is real and it’s a serious financial problem for its victims. That’s why our story of the week is a warning from Business News Daily with the provocative headline Small Businesses Don’t Take Cybersecurity Seriously.
Citadel works with small business leaders every day and — based on our experience — the reason small businesses don’t take cybercrime seriously is that they see it primarily as something their IT people are managing, not yet realizing the critical importance of their own leadership. This includes establishing clear policies and standards for information use, explicitly assigning cyber security management responsibility to a member of the senior management team, providing cyber security awareness training and education to all information users, and ensuring that IT personnel are effectively managing the security of the IT infrastructure.
Information at Risk
Chasing APT: Persistence Pays Off: The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure about the credibility of the caller, the IT director fired off an email to a reporter. KrebsOnSecurity, October 27, 2011
Cybersecurity Management
Small Businesses Don’t Take Cybersecurity Seriously: Small business owners have a false sense of security when it comes to protecting their business from cyberthreats, new research shows. BusinessNews Daily, October 26, 2011
FCC Creating Small Biz Cybersecurity Planner: FCC Chairman Julius Genachowski Monday plugged an online tool — the Small Biz Cyber Planner — which will help small businesses protect against cybersecurity attacks. October is National Cybersecurity Month. Broadcasting & Cable, October 24, 2011 [The tool is scheduled to be available in November. Citadel will alert readers when it is released.]
National Cyber Defense
Balancing act: Cybersecurity vs. cuts: While Defense Secretary Leon Panetta recently warned of “a cyberattack that could be the equivalent of Pearl Harbor,” some worry that cuts being mulled over by Congress and the White House could sink the nation’s nascent cyberdefenses. Politico, October 23, 2011
From power plants to prison gates, electronic equipment opens holes for computer hackers: SAN JOSE, Calif. – When a computer attack hobbled Iran’s unfinished nuclear power plant last year, it was assumed to be a military-grade strike, the handiwork of elite hacking professionals with nation-state backing. Canadian Business, October 24, 2011
A Cybersecurity Nightmare: The world of cybersecurity is starting to resemble a paranoid thriller. Shadowy figures plant malicious software, or “malware,” in our computers. They slip it into e-mails. They transmit it over the Internet. They infect us with it through corrupted Web sites. They plant it in other programs. They design it to migrate from device to device—laptops, flash drives, smartphones, servers, copy machines, iPods, gaming consoles—until it’s inside our critical systems. As even the most isolated systems periodically need new instructions, new data or some kind of maintenance, any system can be infected. Scientific American, November 8, 2011
Internet Badlands
Hackers Release DoS Attack Tool Targeting SSL Servers: A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers. eWeek, October 25, 2011
Decrypting History
How Revolutionary Tools Cracked a 1700s Code: It has been more than six decades since Warren Weaver, a pioneer in automated language translation, suggested applying code-breaking techniques to the challenge of interpreting a foreign language. In an oft-cited letter in 1947 to the mathematician Norbert Wiener, he wrote: “One naturally wonders if the problem of translation could conceivably be treated as a problem in cryptography. When I look at an article in Russian, I say: ‘This is really written in English, but it has been coded in some strange symbols. I will now proceed to decode.’” That insight led to a generation of statistics-based language programs like Google Translate — and, not so incidentally, to new tools for breaking codes that go back to the Middle Ages. The New York Times, October 24, 2011
