Defense in Depth

Sometime on October 14, a wide array of furniture and electronics were stolen from a commercial storage facility outside Phoenix. The building was used by the Arizona Early Intervention Program, which helps families of disabled children.

Two weeks ago, the state informed the parents of the nearly 40,000 children in the program that their personal information was potentially at risk for ID fraud. According to the Arizona Department of Economic Security (DES), a backup computer hard drive stolen from the facility was password protected. What happened next is where the controversy arises.

The DES and others in the media … Read more

White lists will be on every desktop within the next five years, according to Patrick Morley, CEO of Massachusetts-based Bit9. Morley was in town to address the Dow Jones VentureWire Technology Showcase in Redwood City, Calif., on Tuesday. He stopped by CNET News afterward to discuss why he believes white listing will be important in the next few years.

The basic idea behind "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is … Read more

Since its introduction in 2006, Microsoft's Windows Live OneCare has altered the antivirus landscape. With Tuesday's announcement that Microsoft will no longer be selling the product in retail outlets but offering a new free version, code-named Morro, starting in the second half of 2009, it's sure to change the field once again.

Since Microsoft bought Romania-based antivirus firm GeCad five years ago, there has been fear among the commercial antivirus vendors that the software giant would simply bundle its malware protection within the next version of Windows. While that didn't happen--and it's unlikely to happen… Read more

One week after a breached corporate health care company refused to pay extortionists, the criminals now are seeking money from the corporate clients whose employee data might have been exposed.

St. Louis-based Express Scripts said on Tuesday that a limited number of its clients--which include government agencies, unions, and employers--have received letters threatening to expose the personal information of its members. The company said the letters sent to its clients were similar to the original extortion threat it received in October.

The company also said it was establishing a reward totaling $1 million to anyone providing information that results in … Read more

Internet service providers now spend most of their IT security resources detecting and mitigating distributed denial-of-service attacks, concludes a report from Arbor Networks.

The fourth edition of the Worldwide Infrastructure Security Report, released Tuesday, was based on how 70 lead security engineers responded to 90 questions. As in the previous three reports, ISPs reported attacks where their networks were overloaded with packets, what's called a distributed denial-of-service (DDoS) attack. However, this year, the ISPs indicated the attacks were not only larger in size but that most of them were stretching the upper limits of their security resources in order … Read more

In February of 2005, a Miami man sued Bank of America for not adequately protecting him against a $90,000 fraudulent wire transfer to the Parex Bank in Latvia. Joe Lopez was the first online user to sue his financial institution for not protecting his assets from a computer hacker.

Lopez, owner of a computer and copier supply business, accused Bank of America of negligence and breach of contract for not alerting him in advance to the existence of a piece of malware known as "Coreflood" prior to April 6, 2004, when the alleged theft took place.

Shortly … Read more

The customer database of Express Scripts, a company used by employer health care services to provide prescription medicine by mail, has been breached. In a twist, the company said it learned of the breach in "a letter from an unknown person or persons trying to extort money from the company."

The company posted details on its Web site Thursday. The letter, received in October, threatened to reveal millions of customer records--including Social Security numbers, addresses, dates of birth, and in some cases, prescription information--on the Internet if the extortion demands were not paid. The company did not disclose … Read more

Researchers have found a method of cracking a key encryption feature used in securing wireless systems that doesn't require trying a large number of possibilities. Details will be discussed at the sixth annual PacSec conference in Tokyo next week.

According to PCWorld, researchers Erik Tews and Martin Beck have found a way to crack the Temporal Key Integrity Protocol (TKIP) key, used by Wi-Fi Protected Access (WPA). Moreover, they can do so in about 15 minutes. The crack apparently only works for data aimed at a Wi-Fi adapter; they have not cracked the encryption keys used to secure data … Read more

Last summer, Sen. Barack Obama's presidential-campaign computers came under cyberattack from an "unknown entity." His machines weren't alone; John McCain's computers were also attacked, according to a report appearing Wednesday on the site of Newsweek magazine.

The Obama attack was initially thought to be a piece of malware downloaded from a phishing site. Newsweek reports that "the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: 'You have a problem way bigger than what you understand,' an agent told them. 'You have been compromised, and a … Read more