Welcome to Exaprotect's monthly online bulletin – the culmination of our merger with Solsoft – bringing you news, views and opinion on issues that matter to you.
Security Management News is unique in that it is compiled and edited by leading industry journalists. Our aim is to deliver fresh and informative content, plus industry comment from experts. We want this to be a tool that helps you in your job and gives you a better understanding of security.
Please tell us what you think - and what else you'd like us to cover in this bulletin.
The fall-out continues from the UK’s HM Revenue and Customs data loss debacle. During parliamentary questions the government was forced to admit that the loss of two CDs containing the personal details of 25 million citizens was merely the latest episode in a catalogue of mishaps.
» Read more
There’s a backdoor into many large networks which few organisations seem to recognise or understand – Simple Network Management Protocol (SNMP). This is the internet standard protocol developed to manage nodes (servers, workstations, routers, switches and hubs etc.) on an IP network. It’s also one of the easiest ways for someone to control your network, steal information and eavesdrop on traffic!
» Read more
A security flaw in Passport Canada’s website has been discovered by an Ontario man completing his own passport application. The issue came to light when Jamie Laning, a 47-year-old IT worker, found that by changing a single letter in the URL contained in the address bar of his browser he was able to view details of other people’s applications for new passports. The details revealed included social insurance numbers, dates of birth and driver licence numbers, all offering major opportunities for identity theft.
» Read more
A new report warns that the rise in international cyber spying will pose the single biggest security threat in 2008. The McAfee Virtual Criminology Report claims that more than 120 countries are developing ways to use the internet as a weapon to target critical national infrastructure network systems such as electricity, air traffic control, financial markets and government computer networks.
» Read more
Section 404 of Sarbanes-Oxley requires the CEO and CFO of US-listed companies each year to certify the adequacy of the company’s internal control over financial reporting, and for this certification to be attested by an independent accountant.
» Read more
A US database administrator has pleaded guilty to the theft and illegal sale of customer information from Fidelity National Information Services subsidiaries in St. Petersburg, Florida. He faces up to 10 years in jail and a $500,000 fine.
» Read more
Two Swiss security researchers, Max Moser and Philipp Schrodel, have revealed how they managed to crack the encryption employed by Microsoft’s wireless keyboards in a matter of minutes.
» Read more
This is the second in a series of short articles on the theme of “security measurement”, all based on a presentation given by Dan Geer at the recent Usenix Security Symposium in Boston. This article will focus on the lessons that the security professional can learn from the workings of the public health sector.
» Read more
The SANS Institute has released its Top 20 Internet Security Risks of 2007. This is an annual list of vulnerabilities identified by dozens of leading security experts that require immediate remediation.
» Read more
As if the recent HMRC data loss wasn’t bad enough, the UK government has now had to face up to two further embarrassing data breaches.
» Read more
