- Email: [email protected]
UK Government scheme axed due to security crisis
news Many computer security experts have vouched for obligatory crime reporting and stricter liability for a considerable time now. Now, because these views have been voiced from a NAS panel, it suggests that these opinions are becoming more acceptable and may as a result become more realistically achievable. The introduction of new liability laws would conflict with legislation designed to decrease liability over recent years. For example, in 1999 US legislation prevented companies from being sued regarding revelations of their preparation for the Y2K bug. Another viewpoint expressed by Mark Rasch from Predictive Systems states “Why punish someone for insecure products when there is a secure product [the customer] did not buy?” Rasch believes that a more educated market would considerably benefit security. NAS also reports that commercial businesses have failed to give security the attention it deserves, ordinary workers need to be trained in effective security and the government needs to fund more research while cleaning up its poor computer security record.
Is Oracle’s security ‘unbreakable’ Oracle has a new marketing campaign stating boldly that Oracle9i is ‘unbreakable.’ Oracle is claiming impenetrable protection against hackers but are the declarations true?
Here are some facts: A common programming error, a buffer overflow was detected in Oracle’s application server, as discovered by David Litchfield from NGSSoftware. If to them ‘unbreakable’ doesn’t even mean they eliminate buffer overflows, how can it possibly mean they’ve secured the hard stuff?,” advices Bruce Schneier, CTO of Counterpane Internet Security. “Fixing buffer overflows is the price of admission.” This vulnerability is just the beginning, even more holes have since been detected by Litchfeld. These revelations suddenly make the term ‘unbreakable’ seem farcical. The chief security officer, Davidson, from Oracle wrote in an email that Oracle is giving the reported holes the “highest priority” but suggested that everything depends on what your definition of ‘unbreakable’ is.
GOVERNMENT NEWS
US Government sets up cybercrime unit in Washington The US Justice Department has created a new cybercrime unit in northern Virginia to chase hackers, cyber-terrorists and software pirates. The unit will be comprised of six fulltime federal prosecutors and lead by Assistant US Attorney Jack Hanly. The aim is to investigate crimes in Virginia’s eastern federal district. The unit will also focus on cyber-terrorism as it “threatens
to disrupt the electronic systems of hospitals, utilities, banks, government and other key institutions” according to Hanly. The unit has been set up in Virginia because it is the home of the Pentagon, the US Patent and Trademark Office, many Internet service providers and numerous technology firms.
Cyber-Security needs Attention now and not later U.S. federal agencies must concentrate on cyber-security now according to a new National Research Council Report. The National Research Council is the research arm of the National Academy of Sciences in the U.S. The report detailed the effectivesness of cyber-attacks and how they have the strength to devastate U.S. critical infrastrastructure. The report stated that cyber-atacks “could compromise systems and networks in ways that could render communications and electric power distribution difficult or impossible, disrupt transportation and shipping, disable financial transactions and result in the theft of large amounts of money,”it said. To diminish such possible dire outcomes and improve information security, the report suggested that agencies should implement a set of guidelines which included: • Designate a security coordinator and give them the power and resources to ensure system administrators focus on security issues.
• Make sure adequate information security tools are available, that everyone can competently use them, that enough time is available to use them correctly and that staff are held responsible for their actions. • Run random, unannounced penetration testing and fix all discovered vulnerabilities. • A disaster recovery plan should be prepared in addition to a defensive strategy.
UK Government scheme axed due to security crisis A key factor in the closure of a government initiative in the UK was a security crisis. The government’s Individual Learning Accounts (ILA) training scheme was abruptly closed last November. The West Midland Police and National Audit Office have launched an enquiry after confidential data — that could have been used to make false claims — was exposed. The Financial Times was told by a spokesperson for Capita — the company in charge of the outsourced ILA systems — “A limited number of users may have abused their authorized access and acted in an inappropriate manner.” John Healey, the minister overseeing the ILA scheme, has confirmed that the government saw the breach as an immediate threat. The minister was presented with a floppy disk containing personal details of 1000 account holders. 5
Is Oracle’s security ‘unbreakable’ Oracle has a new marketing campaign stating boldly that Oracle9i is ‘unbreakable.’ Oracle is claiming impenetrable protection against hackers but are the declarations true?
Here are some facts: A common programming error, a buffer overflow was detected in Oracle’s application server, as discovered by David Litchfield from NGSSoftware. If to them ‘unbreakable’ doesn’t even mean they eliminate buffer overflows, how can it possibly mean they’ve secured the hard stuff?,” advices Bruce Schneier, CTO of Counterpane Internet Security. “Fixing buffer overflows is the price of admission.” This vulnerability is just the beginning, even more holes have since been detected by Litchfeld. These revelations suddenly make the term ‘unbreakable’ seem farcical. The chief security officer, Davidson, from Oracle wrote in an email that Oracle is giving the reported holes the “highest priority” but suggested that everything depends on what your definition of ‘unbreakable’ is.
GOVERNMENT NEWS
US Government sets up cybercrime unit in Washington The US Justice Department has created a new cybercrime unit in northern Virginia to chase hackers, cyber-terrorists and software pirates. The unit will be comprised of six fulltime federal prosecutors and lead by Assistant US Attorney Jack Hanly. The aim is to investigate crimes in Virginia’s eastern federal district. The unit will also focus on cyber-terrorism as it “threatens
to disrupt the electronic systems of hospitals, utilities, banks, government and other key institutions” according to Hanly. The unit has been set up in Virginia because it is the home of the Pentagon, the US Patent and Trademark Office, many Internet service providers and numerous technology firms.
Cyber-Security needs Attention now and not later U.S. federal agencies must concentrate on cyber-security now according to a new National Research Council Report. The National Research Council is the research arm of the National Academy of Sciences in the U.S. The report detailed the effectivesness of cyber-attacks and how they have the strength to devastate U.S. critical infrastrastructure. The report stated that cyber-atacks “could compromise systems and networks in ways that could render communications and electric power distribution difficult or impossible, disrupt transportation and shipping, disable financial transactions and result in the theft of large amounts of money,”it said. To diminish such possible dire outcomes and improve information security, the report suggested that agencies should implement a set of guidelines which included: • Designate a security coordinator and give them the power and resources to ensure system administrators focus on security issues.
• Make sure adequate information security tools are available, that everyone can competently use them, that enough time is available to use them correctly and that staff are held responsible for their actions. • Run random, unannounced penetration testing and fix all discovered vulnerabilities. • A disaster recovery plan should be prepared in addition to a defensive strategy.
UK Government scheme axed due to security crisis A key factor in the closure of a government initiative in the UK was a security crisis. The government’s Individual Learning Accounts (ILA) training scheme was abruptly closed last November. The West Midland Police and National Audit Office have launched an enquiry after confidential data — that could have been used to make false claims — was exposed. The Financial Times was told by a spokesperson for Capita — the company in charge of the outsourced ILA systems — “A limited number of users may have abused their authorized access and acted in an inappropriate manner.” John Healey, the minister overseeing the ILA scheme, has confirmed that the government saw the breach as an immediate threat. The minister was presented with a floppy disk containing personal details of 1000 account holders. 5