what we're reading, week of 2/23

From around the blogosphere… In recent months security breaches and PCI compliance have been blogged about all over the Internet …still. Here are three more we thought were insightful. P.S. check out our PCI-DSS Resource tab ZDNet Will the real [Breach X] please stand up? Mike Rothman did a guest post for Zero Day this week. We all remember the Heartland breach (who could forget)…well another breach has occurred, allegedly on the same scale. Mike refers to this breach as breach X, because no information has been released. There is a high likelihood that your credit card data has been compromised as a result of either Heartland or Breach X. Emergent Chaos Security Breach Notification Symposium A Security Breach Notification Symposium will be held next Friday, March 5th. Our friend from Emergent Chaos will be speaking at it. The symposium begins with a session on California’s security breach law and continues with a look at current research and proposed reforms by the state’s top policy makers and scholars. Network Security Blog Evaluating the cost of PCI The cost of implanting PCI requirements add up pretty quick. Martin McKeay points us to two articles on how to implant these requirements reasonably—What are PCI “Best” practices: Saving Money or Improving Security? And Cost of PCI Compliance. Let us know what you...

what we’re reading, week of 2/23

From around the blogosphere… In recent months security breaches and PCI compliance have been blogged about all over the Internet …still. Here are three more we thought were insightful. P.S. check out our PCI-DSS Resource tab ZDNet Will the real [Breach X] please stand up? Mike Rothman did a guest post for Zero Day this week. We all remember the Heartland breach (who could forget)…well another breach has occurred, allegedly on the same scale. Mike refers to this breach as breach X, because no information has been released. There is a high likelihood that your credit card data has been compromised as a result of either Heartland or Breach X. Emergent Chaos Security Breach Notification Symposium A Security Breach Notification Symposium will be held next Friday, March 5th. Our friend from Emergent Chaos will be speaking at it. The symposium begins with a session on California’s security breach law and continues with a look at current research and proposed reforms by the state’s top policy makers and scholars. Network Security Blog Evaluating the cost of PCI The cost of implanting PCI requirements add up pretty quick. Martin McKeay points us to two articles on how to implant these requirements reasonably—What are PCI “Best” practices: Saving Money or Improving Security? And Cost of PCI Compliance. Let us know what you...

Security, privacy, and taxes

As if paying taxes wasn’t bad enough… Recently, the Washington Post reported that the IRS expects an increase in tax-related scams and viruses leading up to the April 15 filing deadline: The most common type of scam arrives via e-mails claiming to come from the IRS or Treasury Department. They typically try to either scare consumers into thinking there is an error with their tax filing, or that they are eligible for a tax rebate or benefit from the government economic stimulus package that just passed on Capitol Hill. These so-called “phishing” e-mails typically arrive in an e-mail that urges users to visit a site, which in turn prompts visitors to enter their personal and financial data, information that is then sent off to identity thieves. Though experienced users may be skeptical of their own susceptibility to a phishing scam, the IRS reiterates that they will never communicate with taxpayers via unsolicited email, and Treasury Inspector General J. Russell George explains: “Some of these bogus e-mails are so sophisticated that people who are uninformed can and do fall prey to this type of scam. That is why it is so imperative that we continue to get this message out to people.” The IRS urges anyone receiving a suspicious email to forward it to phishing@irs.gov. Meanwhile, Bruce Schneier has a great post up right now about how companies and government agencies can mitigate insider threats… just in case the real security risk during tax season lies inside the...

what we're reading, week of 2/16

Security networking issues were light this week; here are two conversation starters we think are a sign of things to come. From Rational Survivability… Microsoft’s Windows Mobile moves: Too little, too late Microsoft announced its My Phone at Mobile World Congress earlier this week (with more than 20,000 applications!). We see this, combined with the iPhone App Store and RIM’s soon-to-be-launched version, as the turning point for the ubiquitous adoption of mobile devices by the enterprise – more importantly, being driven by the user. Policy alone won’t be able to prevent the potential security issues network admin’s will soon have to grapple with en mass. From ZDNet… New Symbian-based mobile worm circulating in the wild And what kind of security threats will mass adoption bring? VPN, portable drives and growing virus issues. It has been reported that “Sexy View” malware has a valid certificate signed by Symbian tricking the user into thinking it’s a legitimate application. Granted, these types of malicious code are not new, however what is interesting is the certificate piece. Combine this with the increasing efforts to solve the mass replication barriers, and you can see the potential headaches that are sure to...

what we’re reading, week of 2/16

Security networking issues were light this week; here are two conversation starters we think are a sign of things to come. From Rational Survivability… Microsoft’s Windows Mobile moves: Too little, too late Microsoft announced its My Phone at Mobile World Congress earlier this week (with more than 20,000 applications!). We see this, combined with the iPhone App Store and RIM’s soon-to-be-launched version, as the turning point for the ubiquitous adoption of mobile devices by the enterprise – more importantly, being driven by the user. Policy alone won’t be able to prevent the potential security issues network admin’s will soon have to grapple with en mass. From ZDNet… New Symbian-based mobile worm circulating in the wild And what kind of security threats will mass adoption bring? VPN, portable drives and growing virus issues. It has been reported that “Sexy View” malware has a valid certificate signed by Symbian tricking the user into thinking it’s a legitimate application. Granted, these types of malicious code are not new, however what is interesting is the certificate piece. Combine this with the increasing efforts to solve the mass replication barriers, and you can see the potential headaches that are sure to...