Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Cybersecurity
Feds get D+ on 2005 Cybersecurity
| Title: | Feds get D+ on 2005 Cybersecurity (ID: CSD4329) | | Author(s): | Michael Arnone (The Chronicle of Higher Education) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | In a report card released by the Cyber Security Industry Alliance (CSIA), the federal government received a grade of D+ for cybersecurity. CISA gave credit to the Department of Homeland Security for establishing a new position, the assistant secretary for cybersecurity. Six months after that job was created, however, it remains unfilled. Paul Kurtz, executive director of CSIA, commented that "Cybersecurity research is in a crisis." CSIA also launched what it calls a Digital Confidence Index, a measure of public confidence in efforts to protect computers and systems. The initial rating for the index is 58 out of 100. CSIA issued a set of 13 recommendations, called the National Agenda for Information Security in 2006, designed to improve the nation's cybersecurity. Among the recommendations are calls to increase funding for cybersecurity research and to promote cooperation among federal agencies. | | View this resource: | |
Sony Numbers Add Up to Trouble
| Title: | Sony Numbers Add Up to Trouble (ID: CSD4290) | | Author(s): | Quinn Norton (Wired News) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | "More than half a million networks, including military and government sites, were likely infected by copy restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts recently. Each installation of Sony's rootkit not only hides itself and rewrites systems drivers, it also communicates back out to Sony." | | View this resource: | |
DNS Servers: An Internet Achilles' Heel
| Title: | DNS Servers: An Internet Achilles' Heel (ID: CSD4141) | | Author(s): | Joris Evers (CNET News.com) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | In a presentation at the Black Hat conference last week, security researcher Dan Kaminsky argued that domain name system (DNS) servers represent a broad vulnerability in the Internet. Kaminsky said that of2.5 million DNS servers he tested, nearly 10 percent could be susceptible to so-called DNS cache poisoning. In total, about 9 million DNS servers are operating globally. DNS servers translate typed URLs into numbers necessary to locate Web sites. In cache poisoning, legitimate numeric Web addresses are replaced, causing users to be redirected to sites of the hacker's choosing. Often, users are sent to Web sites that install malware or that deceive users into disclosing personal information, which can then be used in identity theft.Incidents of cache poisoning have disrupted Internet service in the past, including this March, when users trying to access CNN.com and MSN.com were sent to sites that installed spyware. Security experts advise operators of DNS servers to audit their machines and make sure they configure them in the safest manner possible. | | View this resource: | |
Emerging Cybersecurity Issues Threaten Federal
Information Systems
| Title: | Emerging Cybersecurity Issues Threaten Federal
Information Systems (ID: CSD4119) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors user activity without user knowledge or consent). To address these issues, GAO was asked to determine (1) the potential risks to federal systems from these emerging cybersecurity threats, (2) the federal agencies' perceptions of risk and their actions to mitigate them, (3) federal and private-sector actions to address the threats on a national level, and (4) governmentwide challenges to protecting federal systems from these threats. | | View this resource: | |
Your ISP as Net watchdog
| Title: | Your ISP as Net watchdog (ID: CSD3915) | | Author(s): | Declan McCullagh (CNET News.com) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | This article reports on the U.S. Department of Justice exploration of data retention rules that could permit police to obtain records of e-mail, browsing or chat-room activity months after ISPs ordinarily would have deleted the logs. Data retention could aid criminal and terrorism prosecutions, but privacy worries and questions about the practicality of assembling massive databases of customer behavior could engender stiff opposition to the proposal. | | View this resource: | |
|
