It was 9:30 on the morning of March 4, 2002, and something was terribly wrong at the offices of PaineWebber UBS. Computers in branches all over the country began showing disc errors. A logic bomb buried deep within the machines had wiped their hard drives clean, preventing 17,000 brokers from making trades.
Last week I criticized Yahoo for their insecure password recovery mechanism that allowed an intruder to take control of Sarah Palin’s email account. Several readers asked me the obvious follow-up question: What should Yahoo have done instead?
There’s a famous saying by John Gilmore that “the Internet interprets censorship as damage and routes around it.” However, that saying may apply equally to other “damage” beyond censorship–and that includes spying, slow connections and many other things. In fact, with it being considered somewhat common knowledge that U.S. intelligence agencies frequently tap into Internet traffic coming through the U.S. from elsewhere, more and more countries are working hard to make sure their Internet traffic need not travel through the U.S. at all.
A member of the Massachusetts Bay Transportation Authority’s board seized a report by three MIT students about flaws with the Boston subway’s fare collection system and delivered a scathing indictment of the subway system and its general manager, calling the system “a mess” and saying she had “lost all confidence” in the system’s general manager, Daniel A. Grabauskas.
The students, who were set to deliver a presentation last Sunday at the DefCon hacker conference about security vulnerabilities in the MBTA’s CharlieTicket and CharlieCard payment cards, were barred from speaking about the vulnerabilities at a hacker conference after the MBTA obtained a temporary restraining order last Saturday, gagging them for 10 days.
The security issues we face today in cyberspace are the same ones the country faced during the American Civil War when Abe Lincoln was relying on telegraph transmissions to help keep the country united, a top U.S. cybersecurity official said in a keynote speech at the Black Hat security conference here Thursday.
Lincoln was obsessed with reading telegrams that delivered updates from the battlefield, using them to learn about the military strategies and to offer feedback, said Rod Beckstrom, director of the National Cyber Security Center in the Department of Homeland Security.
A researcher performing social-engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100% success rate. Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, says organizations typically are focused on online identity theft from their data resources, and don’t think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman.
Want to know how well a company protects its customers’ data? Don’t talk to its security and compliance officers. Instead, try its marketing department.
Aren’t fax signatures the weirdest thing? It’s trivial to cut and paste–with real scissors and glue–anyone’s signature onto a document so that it’ll look real when faxed. There is so little security in fax signatures that it’s mind-boggling that anyone accepts them. Yet people do, all the time.
While IT budgets are being squeezed, spending on security software and hardware remains strong, Pacific Crest’s Rob Owens asserted in a research note today. He notes that “the vast majority” of companies in the sector met or beat Q1 expectations. And he says checks on the quarter to date finds “continued demand for security solutions,” though he warns of some “air pockets,” in particular for the small-and medium-sized business segment and in the U.S. government sector.
Last week was the RSA Conference, easily the largest information-security conference in the world. More than 17,000 people descended on San Francisco’s Moscone Center to hear some of the more than 250 talks, attend I-didn’t-try-to-count parties, and try to evade over 350 exhibitors vying to sell them stuff. Talk to the exhibitors, though, and the most common complaint is that the attendees aren’t buying. It’s not the quality of the wares. … The problem is that most of the people attending the RSA Conference can’t understand what the products do or why they should buy them. So they don’t.
When you visit a Web page, you might expect that the code and images from the page will make their journey through the tubes unmolested and unaltered, but according to security researchers, you would also be wrong 1.3% of the time.
Secretary of Homeland Security Michael Chertoff says the U.S. government is working on the equivalent of the “Manhattan Project” to defend federal networks and national-security interests from large-scale cyber attacks. During a keynote presentation at RSA Conference, Chertoff painted a gloomy picture of the government’s readiness for a determined attack on critical communication networks and said the recent creation of a new National Cyber Security Center would be crucial to finding early signs of hacker activity.
Hackers have turned their attention to Facebook’s hundreds of independent applications. The results are not terribly surprising, but do not tell a good tale: App developers don’t seem to know a thing about basic security, and are putting private user information at risk. As a result, malicious hackers are able to access and change what should be private user data managed by the application providers.
After reviewing the Google proxy, Henry Blodget asks a reasonable question: How did Eric Schmidt spend $474,662 on security last year? One answer: By spending $58,093 less than he did the year before.
The Associated Press reported yesterday that it was able to use an undisclosed method to access private photos on Facebook, including some from Paris Hilton at the Emmys and others from Facebook founding CEO Mark Zuckerberg’s vacation in November of 2005.
All content for Voices is selected by, and/or solicited by, the editors of All Things Digital. We do not publish unsolicited or over-the-transom submissions.
Because the site is wholly owned by Dow Jones, publisher of The Wall Street Journal, we aim to adhere to the journalistic standards of the best of the mainstream media. But, because it is run autonomously as a small online startup, we aim to exhibit the fresh thinking and nimbleness of the best of the new media. We want to be first, and sassy, but also well sourced and accurate. We will offer lots of opinion and analysis, but plenty of fact as well.
