Security

Overheard - FACTA Red Flags Rule

Compliance with the Red Flag rules must take a risk-based approach. Organizations are not given a specific set of items to implement; there is no detailed checklist. Compliance is principle-based focused on the outcome — avoiding identity theft — and not on specific requirements. Michael Rasmussen, Red Flag Rules compliance demands a risk-based approach

Today’s WhatIs.com Word of the Day is Red Flags Rule.

Overheard - Organizational change management

The foremost principle of risk communication is that ‘perception equals reality.’  In other words, what is perceived as real is real in its consequences. Employees react to perceived threats, rather than to ‘reality.’ Their level of stress during times of change is proportional to their perception of threat. Joseph G. Wojtecki, Jr., and Richard G. Peters, Communication Organizational Change: Information Technology Meets the Carbon-Based Employee Unit

Today’s WhatIs.com Word of the Day is organizational change management.

Overheard - Operation Phish Phry

“Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.” FBI Los Angeles acting assistant director Keith Bolcar,  Operation Phish Phry: FBI Arrests 33 for Internet Scam

Today’s WhatIs.com Word of the Day is Operation Phish Phry.

Overheard - Kill a Zombie Day

“IT security and data protection company, Sophos, has called on computer users around the world to participate in “Kill-A-Zombie Day” on Saturday 31st October, also known as Halloween. Billions of spam messages are sent every day, with over 99% determined to be relayed from innocent users’ computers that have been hijacked and turned into a zombie.” Kansas City InfoZine, International Kill-a-Zombie Day Will be a Thriller for Halloween

Today’s WhatIs.com Word of the Day is pulsing zombie.  Happy Halloween!

Overheard - Baby botnet

I suspect that a sizable percentage of small botnets are those developed by people who understand or are operating inside a business as employees who want to gain remote access to corporate systems, or by criminal entities that have dug deep and gotten insider information on the environment…We’ve seen a growth in the number of sites that offer the sale of corporate documents that were extracted from the bots. Gunter Ollmann, as quoted in Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected

Today’s WhatIs.com  Word of the Day is micro-botnet, also known as baby botnet.

Overheard - Remote Access Trojan (RAT)

“In an even more sophisticated ploy, the Trojan altered the victim’s online banking page to change the amount of the transfer to a smaller number. In one transaction, the cybercriminals stole more than $8,000, but to the victim, it appeared like a $53 transaction.” Angela Moscaritolo, URLZone touted as most sophisticated banking Trojan yet

Today’s WhatIs.com Word of the Day is RAT.  It’s a type of malware horse.

Overheard - VoIPSA

“Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type.  Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.” Jordan Robertson, Wiretapping Skype calls: virus eavesdrops on VoIP

Today’s WhatIs.com Word of the Day is VoIPSA.

Overheard - FISMA and ICE

“The new FISMA requirements call for government agencies and DoD contractors to comply with a set of prioritized controls that reflect their ability to detect and stop cyberattacks.” Alexander B. Howard, ICE Act would restructure cybersecurity rule, create White House post

Today’s WhatIs.com Word of the Day is FISMA.

Overheard - RealDVD and the power of the MPAA

“It’s perfectly legal to rip music from a CD and upload it onto an iPod for personal use; why can’t a person do the same with their own copies of movies?” Brennon Slattery, Why Pick on RealDVD?

It’s sad that RealDVD, with its sophisticated and lawful approach to DVD-copying, had to swallow the wrath of the MPAA. It’s also clear that the DMCA [Digital Millenium Copyright Act of 1998] needs to be updated to reflect the changes in media distribution 11 years later.

Overheard - BIOS attack

“Until now, common wisdom has been that the large variety of BIOS implementations means it is unfeasible for attackers to create portable, widespread BIOS malware. Core’s researchers proved this wrong.” Sherri Davidoff, BIOS can become a source of malware

According to Core’s CTO, Ivan Arce, the researchers identified a specific section of BIOS code — a decompression routine — used in the majority of motherboards. BIOS code is stored compressed so that it takes up less space, and code must be decompressed before it runs. The decompression routine is exactly the same in many different motherboards. This gives attackers a single snippet of code that they can target in order to compromise many different BIOSes. The result? For the first time, researchers showed that BIOS-level malware can practically infect a wide variety of hardware.