Less than three months after the Treasury Inspector General for Tax Administration reported that there were major security vulnerabilities in two crucial Internal Revenue Service systems, the IRS’s security practices have been panned by another government entity.
Vietnam’s government has issued several decrees in recent months to curtail blogging, as the number of Internet users soars in the communist country. The campaign started in August, when the government published an edict giving police broad authority to move against online critics who “undermine the national security and social order”.
CurtMonash writes “The New York Times reports on President-Elect Obama’s continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That’s where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that’s not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What’s more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I’ve provided some ideas as to how and why that could work well.”
Read more of this story at Slashdot.
Indiscriminate kidnappings. Nearly daily beheadings. Gangs that mock and kill government agents.This isn’t Iraq or Pakistan. It’s Mexico, which the U.S. government and a growing number of experts say is becoming one of the world’s biggest security risks.
As the multitudes arrive for the historic inauguration of Barack Obama, the most high-tech security bubble ever created is in place to protect the him from any foreseeable act of God, nature or man. Officials say that a lone wolf could still slip through protective measures and cause chaos but that contingency plans would keep Obama safe.
wiedzmin writes “Great entry in today’s SANS Internet Storm Center Handler’s Diary — How to suck at Information Security. Some of my favorite points include: ‘Assume the users will read the security policy because you’ve asked them to. Assume that policies don’t apply to executives. Make someone responsible for managing risk, but don’t give the person any power to make decisions. Expect end-users to forgo convenience in place of security. Hire somebody just because he or she has a lot of certifications. Expect your users to remember passwords without writing them down.’ Very entertaining and informative read with total of about 4 dozen points. Now if I could only find a way to get management to read it.” There’s also a one-page PDF on the author’s site.
Read more of this story at Slashdot.
An anonymous reader writes to tell us that a company has demonstrated a new form of wireless communication that uses light instead of radio waves. “Its inventor, St. Cloud resident John Pederson, says visible-light embedded wireless data communication is the next step in the evolution of wireless communications, one that will expand the possibilities in phone and computer use. The connection provides Web access with almost no wiring, better security and with speeds more than eight times faster than cable.”
Read more of this story at Slashdot.
CWmike writes “The worm that has infected several million Windows PCs, Downadup or ‘Conficker,’ is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, security firm Qualys said. Downadup surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003, and Server 2008. Qualys’ CTO said, ‘These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'” This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out.
Read more of this story at Slashdot.
The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft Corp. rolled out an emergency fix, a security expert said today.
Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a “proprietary GPU acceleration technology,” which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance.
