Archive for September, 2012

From: The Washington Post

By Catherine Ho

If there’s one buzz word Reed Smith attorney Tim Nagle hears a lot, it’s “BYOD.”

The acronym stands for “bring your own device,” the term businesses use when they have their employees use personal cellphones and tablets to access work-related e-mails, servers and data rather than using company-issued mobile devices.

OTTAWA (Reuters) – Canada said on Friday it was aware of an attempt by hackers to target a domestic energy company, the second time in 24 hours Ottawa had acknowledged a cyber security attack against a Canadian firm.
In both cases the Canadian government declined to comment on reports which suggested a Chinese connection.

The news comes at an awkward time for Canada’s Conservative government, which is deciding whether to approve a landmark $15.1 billion bid by China’s CNOOC Ltd to take over Canadian oil producer Nexen Inc.
Ottawa revealed the second case after being asked about a security report from computer manufacturer Dell Inc, which said it had tracked hackers who targeted a number of firms, including an unnamed energy company in Canada. Dell said on its website that the hackers had used a Chinese service provider based in Beijing Province.

From: CSO

By Taylor Armerding

CSO— The IEEE (Institute of Electrical and Electronics Engineers) describes itself on its website as “the world’s largest professional association for the advancement of technology.”

But after a data breach that left the usernames and passwords of 100,000 of its members exposed in plain text for a month, some security experts said it is clear both the organization and at least some of its members should also be in the business of the advancement of common sense security.

The breach discovered by an independent security researcher, demonstrates an almost inexplicable lack of basic security protocols, including some of the most vulnerable passwords possible.

From: Foreign Policy

Posted By John Reed

Rather than wait for Congress to pass legislation enabling private companies to send information about cyber attacks to the U.S. government, the Pentagon is expanding a little-known program allowing defense contractors to quickly share information with the government about cyber espionage and attacks against them.

In recent years, U.S. defense contractors have famously been hit by cyber attacks compromising information on high-profile weapons systems, such as the $1.5 trillion F-35 Joint Strike Fighter program. In the case of the F-35, the attacks have led to costly software redesigns and production delays.

From: Reuters

Uncontrolled security threats on the Internet could return much of the planet to  an era without electricity or automated transportation, top U.S. and Russian  experts said on Thursday.

Former National Security Agency Director Michael Hayden warned that the  United States had yet to resolve basic questions about how to police the  Internet, let alone how to defend critical infrastructure such as electric  generation plants.

And if recently discovered and government-sponsored intrusion software  proliferates in the same way that viruses have in the past, “somewhere in 2020,  maybe 2040, we’ll get back to a romantic time – no power, no cars, no trains,”  said Eugene Kaspersky, chief executive officer of Moscow-based Kaspersky Lab,  the largest privately held security vendor.