- Email: [email protected]
NIST tackles Web Services
NEWS software. The report says in the short term this would apply if negligence could be demonstrated. Vendors, ISPs, the Government, police and the private sector should all do more according to the authors. “The Government have insisted in evidence to this inquiry that the responsibility for personal Internet security ultimately rests with the individual,” said the report. “This is no longer realistic, and compounds the perception that the Internet is a lawless “wild west”. It is clear to us that many organizations with a stake in the Internet could do more to promote personal Internet security.” ISPs should monitor and detect outgoing traffic from customers. They should lose their ‘mere conduit’ defense for carrying illegal traffic when they have been told they are transiting spam or malicious code – giving affected parties the chance to win damages. The UK Science and Technology Committee, which is made up of parliamentarians, also recommended that steps be taken to improve the knowledge of e-crime in the court system. Other recommendations include: • Criminalise the sale or purchase of the services of a botnet, regardless of the use to which it is put. • The Government in partnership with the Association of Chief Police Officers and the Serious Organized Crime Agency, develop a unified, Web-based reporting system for e-crime. • Establish network of computer forensic laboratories. • Establish police central e-crime unit.
4
Computer Fraud & Security
• Ratify the Council of Europe Cybercrime Convention. • Allocate more resources to the Information Commissioners Office, which is handicapped by a lack of funds and powers.
Man pleads guilty to illegally posting US hit show 24
A
man has pleaded guilty of posting the first four episodes of popular US TV show 24 on the Internet before the episodes were aired on the Fox television network.
Jorge Romero, (25), who lives in Chicago, has admitted uploading two episodes of 24 to the LiveDigital.com website on 6 January – eight days before the show was broadcast on Fox. He has also admitted uploading a further two episodes to the same website on 7 January. Romero also said he publicised the available episodes by posting links to them on other sites such as Digg.com. Fox discovered the yet-to-be-aired versions on LiveDigital.com before the official release date. Law enforcement agents obtained a warrant to search Romero’s home after the accounts used to upload the episodes were linked to him. Romero’s computer provided evidence of his uploads and he also acknowledged the scheme. Fox says it has lost US$4 million because of the early postings of 24. Romero pleaded guilty to uploading copyrighted material to a publicly accessible computer network knowing the work was intended for commercial distribution, a felony that carries a
statutory maximum sentence of three years in federal prison
NIST tackles Web Services
T
he US National Institute of Standards and Technology (NIST) has issued guidelines on how to secure Web services.
NIST points out that Web service security standards do not make Web services robust, secure and reliable enough on their own. Denial-ofservice attacks in particular, are not dealt with thoroughly according to the SP-800 Guide to Secure Web Services. Ensuring the availability of Web services is a constant problem, but load balancing and clustering can help protect against downtime said the guide. Defense-in-depth, through security engineering, secure software development and risk management can contribute to making the applications more secure. “The security challenges presented by the Web services approach are formidable and unavoidable,” says NIST. The top threats facing Web services according to WS-I are: • • • • • • • • •
Message alteration. Loss of confidentiality. Falsified messages. Man in the middle. Principal spoofing. Forged claims. Replay of message. Replay of message parts. Denial-of-service.
For more information visit: http://csrc.nist.gov/publicatons/ nistpubs/800-95/SP80095.pdf
September 2007
4
Computer Fraud & Security
• Ratify the Council of Europe Cybercrime Convention. • Allocate more resources to the Information Commissioners Office, which is handicapped by a lack of funds and powers.
Man pleads guilty to illegally posting US hit show 24
A
man has pleaded guilty of posting the first four episodes of popular US TV show 24 on the Internet before the episodes were aired on the Fox television network.
Jorge Romero, (25), who lives in Chicago, has admitted uploading two episodes of 24 to the LiveDigital.com website on 6 January – eight days before the show was broadcast on Fox. He has also admitted uploading a further two episodes to the same website on 7 January. Romero also said he publicised the available episodes by posting links to them on other sites such as Digg.com. Fox discovered the yet-to-be-aired versions on LiveDigital.com before the official release date. Law enforcement agents obtained a warrant to search Romero’s home after the accounts used to upload the episodes were linked to him. Romero’s computer provided evidence of his uploads and he also acknowledged the scheme. Fox says it has lost US$4 million because of the early postings of 24. Romero pleaded guilty to uploading copyrighted material to a publicly accessible computer network knowing the work was intended for commercial distribution, a felony that carries a
statutory maximum sentence of three years in federal prison
NIST tackles Web Services
T
he US National Institute of Standards and Technology (NIST) has issued guidelines on how to secure Web services.
NIST points out that Web service security standards do not make Web services robust, secure and reliable enough on their own. Denial-ofservice attacks in particular, are not dealt with thoroughly according to the SP-800 Guide to Secure Web Services. Ensuring the availability of Web services is a constant problem, but load balancing and clustering can help protect against downtime said the guide. Defense-in-depth, through security engineering, secure software development and risk management can contribute to making the applications more secure. “The security challenges presented by the Web services approach are formidable and unavoidable,” says NIST. The top threats facing Web services according to WS-I are: • • • • • • • • •
Message alteration. Loss of confidentiality. Falsified messages. Man in the middle. Principal spoofing. Forged claims. Replay of message. Replay of message parts. Denial-of-service.
For more information visit: http://csrc.nist.gov/publicatons/ nistpubs/800-95/SP80095.pdf
September 2007