27 May 2011

Japan orders Sony to improve data security

” Sony was told by the Japanese government on Friday to strengthen its data security as the electronics and entertainment giant reels from a series of attacks by hackers. The industry ministry officially instructed Sony to implement its own plan to improve management and protection of key information. ‘This is a serious case, considering the nature of the information and the scope of the data leak,’ the ministry said in a statement.” Source: AFP: Japan orders Sony to improve data security

Read More
26 May 2011

PLA establishes ‘Online Blue Army’ to protect network security

“Considering the requirements of training, the People’s Liberation Army (PLA) established an ‘Online Blue Army’ in order to enhance Chinese troops’ network protection level, said Senior Colonel Geng Yansheng, spokesperson for the Ministry of National Defense as well as director-general of the Information Office of the Ministry of National Defense, at a press held on May 25, 2011.” Source: PLA establishes ‘Online Blue Army’ to protect network security – People’s Daily Online

Read More
19 May 2011

Military fends off major cyber attack

“Norwegian military personnel were the targets of what’s being described as a ‘massive’ cyber attack this spring, one day after Norway started bombing Libya with other UN- and NATO-backed forces. Newspaper VG reported Thursday that they fended off the attack, which was considered the most serious ever experienced. It came in the form of an e-mail written in what was said to be ‘good Norwegian’ that looked like it had been sent by another Norwegian government agency. It contained an attachment, however, that when opened unleashed a computer virus that could have opened up military PCs to the attackers. Several hundred defense ministry employees received the same e-mail, reported VG. One employee opened the attachment, allowing the unknown attackers to gain access to that employee’s PC, but the virus was then quickly discovered and warnings issued.” Source: Military fends off major cyber attack : Views and News from Norway

Read More
19 May 2011

Fearing Destruction, Researcher Cancels Disclosure of New Siemens SCADA Holes

“A security researcher has discovered multiple security vulnerabilities in Siemens industrial control systems that he says would allow hackers with remote access to the systems to cause physical destruction. Dillon Beresford canceled a planned demonstration of the vulnerabilities on Wednesday at the Takedown security conference in Texas after Siemens and the Department of Homeland Security expressed concern over the phone and at the conference about disclosing information before Siemens could patch the vulnerabilities.” Source: Fearing Destruction, Researcher Cancels Disclosure of New Siemens SCADA Holes | Threat Level | Wired.com

Read More
18 May 2011

Virus Causes Data Breach at Massachusetts Unemployment Agency

“As many as 1,500 computers in the Departments of Unemployment Assistance and Career Services were infected with a virus beginning April 20, the Massachusetts Executive Office of Labor and Workforce Development said on May 17. Computers in the mobile One Stop Career Centers that work with claimants were also infected.” Source: Virus Causes Data Breach at Massachusetts Unemployment Agency – Security – News & Reviews – eWeek.com

Read More
16 May 2011

Launching the U.S. International Strategy for Cyberspace

“Today, I am proud to announce the United States’ first, comprehensive International Strategy for Cyberspace (pdf). The International Strategy is a historic policy document for the 21st Century — one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world. Today, Homeland Security Advisor John Brennan and I were joined by Secretary of State Hillary Clinton, Attorney General Eric Holder, Secretary of Commerce Gary Locke, Secretary of Homeland Security Janet Napolitano and Deputy Secretary of Defense Bill Lynn in announcing this landmark document’s release, here at the White House. The event was streamed live on WhiteHouse.gov, and you can view it here starting this evening. The International Strategy lays out the President’s vision for the future of the Internet, and sets an agenda for partnering with other nations and peoples to achieve that vision. It begins by recognizing the successes networked technologies have brought us, in large part due to the spirit of freedom and innovation that has characterized the Internet from its early days as a research project. While the strategy is realistic about the challenges we face, it nonetheless emphasizes that our policies must continue to be grounded in our core principles of fundamental freedoms, privacy, and the free flow of information. To achieve our vision, the United States will build an international environment that ensures global networks are open to new innovations, interoperable the world over, secure enough to support people’s work, and reliable enough to earn their trust. To achieve it, we will build and sustain an environment in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law. The International Strategy is larger than any one department or agency. It is a strong foundation for the diverse activities we will carry out across our entire government. It is about the principles that unite our nation, the vision that unites our policy, and the priorities that unite our government. With our partners around the world, we will work to create a future for cyberspace that builds prosperity, enhances security, and safeguards openness in our networked world. This is the future we seek, and we invite all nations, and peoples, to join us in that effort. Source: Launching the U.S. International Strategy for Cyberspace | The White House

Read More
26 Apr 2011

Texas Spends $1.8 Million on Data Breach As Lawsuits Loom

“The Texas state comptroller’s office has already spent $1.8 million to mitigate the yearlong data breach in which names and Social Security numbers were exposed. The total cost is expected to be even higher as the lawsuits start rolling in. Personal information belonging to approximately 3.5 million people in Texas was accidentally exposed on a publicly accessible FTP server for a full year before it was detected, Texas comptroller Susan Combs disclosed on March 31. Since then, the comptroller’s office has spent $1.2 million to mail letters to those affected and $393,000 for a call center to handle calls from people looking for information and assistance. Another $290,000 went to Deloitte Consulting and Gartner for services related to assessing the damage and improving IT security in the comptroller’s office.” (Texas Spends $1.8 Million on Data Breach As Lawsuits Loom – Security – News & Reviews – eWeek.com)

Read More
26 Apr 2011

Sony: Hacker stole PlayStation users’ personal info

“A hacker has obtained the personal information of PlayStation Network account holders and subscribers of the Qriocity streaming service, Sony said in a message to customers Tuesday. Sony’s investigations over the past week determined that an ‘unauthorized person’ had obtained users’ names, home addresses, e-mail addresses, birth dates and passwords, according to a statement being sent to all account holders. The attack also has crippled Sony’s PlayStation Network, which has some 70 million subscribers and has been down since April 20. The network lets customers download video games from the Web and play against each other online.” (Sony: Hacker stole PlayStation users’ personal info – CNN.com)

Read More
23 Apr 2011

Hack Attack: Sony Confirms PlayStation Network Outage Caused By ‘External Intrusion’

“Unfortunately for PlayStation Network and Qriocity services users, it looks like the widespread network outages will continue. Since Sony’s PlayStation and music networks went down two days ago, there has been a fair amount of public speculation over the cause of the outage. (Largely due to Sony’s tight-lipped handling of public relations.) Many blamed vengeful gremlins loose in Sony’s server clusters and datacenters, while others immediately pointed the finger at Anonymous, the merry band of hackers that metastasized out of 4chan.” Source: Hack Attack: Sony Confirms PlayStation Network Outage Caused By ‘External Intrusion’

Read More
22 Apr 2011

Flaws Found in Air Traffic Systems

“Though auditors’ attempts to gain access to two computer systems that control air traffic in the United States failed, they discovered during their assessments vulnerabilities that could lead to the seizure of the IT systems. The Department of Transportation’s inspector general hired auditors from the accounting firm Clifton Gunderson to conduct the audit earlier this year, and they identified an information disclosure exposure, inadequate system patch levels, unsupported operating systems, improper network configurations and communication system vulnerabilities. “ Source: Flaws Found in Air Traffic Systems

Read More