SPAM is an never ending problem that continues to evolve.  Disaster plans need to take this into account.  Once the recovery starts, one to the common things that are lost are user spam filters.

 

 The first record of e-mail spam dates back as far as 1978 and, although spam began in earnest in 1994, the recent history of the spam "problem" actually began about 2002. In early 2002, spam represented about 16% of all e-mail sent over the Internet; by early 2008, spam represents between 87% and 95% of all e-mail.

 

Clearly, the key to stopping spam will be technology-based solutions, not legislation or legal prosecution of spammers. However, not all anti-spam technologies are created equal. Some are better than others either in spam capture efficiency and/or in generating a minimal number of false positives. While conventional spam-filtering technologies can stop a large proportion of spam, spammers continue to battle against even the cutting edge of these technologies, necessitating newer and better techniques to stop the problem.

more info

Electronic Frontier Foundation and Asian Law Caucus, two civil liberties groups in San Francisco, filed a lawsuit to force the government to disclose its policies on border searches, including which rules govern the seizing and copying of the contents of electronic devices. They also want to know the boundaries for asking travelers about their political views, religious practices and other activities potentially protected by the First Amendment. The question of whether border agents have a right to search electronic devices at all without suspicion of a crime is already under review in the federal courts.

The lawsuit was inspired by some two dozen cases, 15 of which involved searches of cellphones, laptops, MP3 players and other electronics. Almost all involved travelers of Muslim, Middle Eastern or South Asian background, many of whom… said they are concerned they were singled out because of racial or religious profiling.

more info

Inside security breaches create more security violations than those of outsiders say a security breach analysis study published by a major telephone carries.

• External breaches pose the greatest threat (73%), but achieved the least impact (30,000 compromised records

• Insiders breaches pose the least threat (18%), and achieved the greatest impact (375,000 compromised records - plus 50% of these are as a result of IT Administrators

• Business partner breaches posed a mid-sized threat (39%) but compromised 187,500

While these are rudimentary numbers, the relative risk scores are reasonable and discernable. It is also worth noting that the business partner numbers rose over the duration of the study, making partner crime the leading factor in breaches. This is likely due to the ever increasing number of partner connections businesses are establishing, while doing little to nothing to increase their ability to monitor or control their partner's security posture.

more info

Data breaches are a fact of life with the advance of Wi-Fi, 3G, and remote computing as it is done in today’s flexible business environment.

Data breaches and network intrusions occur because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches do not expose such sensitive information; however, they still expose individuals to identity theft and business to a compromise of their electronic assets and that must be disclosed under Sarbanes-Oxley and various state laws.

According to Verizon, nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place.

 The Verizon "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported.

They found that 73 percent of breaches resulted from external sources versus 18 percent from insider threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.

Recommendations for Enterprises

Simple actions, when done diligently and continually, can reap big benefits, the study notes. Key recommendations include:

• Align process with policy. In 59 percent of data breaches, the organization had security policies and procedures established for the system, but these measures were never implemented. Implement, implement, implement.
• Create a data retention plan. With 66 percent of all breaches involving data that a company did not even know was on their system, it’s critical that an organization knows were data flows and where it resides. Identify data and prioritize its risk to the organization.
• Control data with transaction zones. Investigators concluded that network segmentation can help prevent, or at least partially mitigate, an attack. In other words, wall off data when and where appropriate.
• Monitor event logs. Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise. Data logs should be continually and systemically monitored and responded to when events are discovered.
• Create an incident response plan. If and when a breach is suspected, the organization must be ready to respond, not only to stop the data compromise but to collect evidence that enables the business to pursue prosecution when necessary.
• Increase awareness. Only 14 percent of data breaches were discovered by employees of the victimized organization, even though employees are the first line of defense in safeguarding data. Educate them to be aware.
• Engage in mock-incident testing: Making sure employees are well-trained to respond to a breach. Run drills and test people’s abilities, judgements and actions during a mock crisis.

A complete copy of the "2008 Data Breach Investigations Report" is available at http://www.verizonbusiness.com/resources/security/databreachreport.pdf.

more info

ID Theft is not just by strangers in Eastern European countries.  A recent arrest shows how an Ivy League economics graduate and his girl friend who looked like the Mr. and Mrs. American couple stole the identities of friends, co-workers and neighbors. 

They enjoyed an luxurious life style that included trips to the Caribbean, Hawaii, and Europe.  In a very brief period they stole over $115,000 and were in process of trying to steal over $120,000 when they were arrested.

They used simple techniques like breaking into apartment to get information on neighbors, dumpster diving, and getting mail box keys for their apartment complex. They applied for credit cards and then intercepting the cards when they arrived via the mail.  They also had fake driver’s licenses and an industrial machine that made identity cards.

more info

The U.S. Federal Communications Commission (FCC) plans to vote on a program to auction a "Free  WiFi" spectrum.

The winner of the 25Mhz piece of spectrum in the 2155MHz band would be required to deliver free wifi Internet access. The operator could choose to use any technology, but in that range, WiMax or many of the mobile technologies would make sense.

The FCC believes this is a good idea and demonstrates the FCC's commitment to supporting initiatives that have a positive impact on the next phase of broadband innovation. This will give consumers greater choices to access the Internet said a FCC spokesperson.

The FCC has developed the plan based on proposals from several companies. In 2006 one company proposed that the FCC give the company the spectrum so that it could offer free wireless Internet access to users. The company planned to fund the network through advertising and said that it would give the FCC 5 percent of its gross revenue. The FCC's current proposal would simply auction the spectrum to the highest bidder and require the free services.

The current proposal also includes a requirement for a content filter that would aim to prevent minors from accessing adult content over the free network. The final plan could also include specified data rates for the free service.

more info

Data breaches and network intrusions occur because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches do not expose such sensitive information; however, they still expose individuals to identity theft and business to a compromise of their electronic assets and that must be disclosed under Sarbanes-Oxley and various state laws.

Janco has defined a set of tools which enterprises of all sizes can use to be prepared to protect against breaches and intrusion, know when it occurs, and provides the ability to respond quickly when it does happen.

The Data Breach and Network Intrusion Detection Tools  are the tools that are needed and contain:

• Security Manual Template

• Security Audit Program

• Network Event Viewer

• Smart Disk Monitor

• Text Log Monitor

• Internet Service Monitor

more info

The US Tax Court has posted a warning on its site about a Spear Phishing attack.  The site says:

The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court's practitioner bar.  This message is an example of Spear Phishing, which is an e-mail spoofing attempt that targets a specific organization.  The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court. If you receive an e-mail with a subject line that includes the text, Notice of Deficiency # followed by a series of numbers or US Tax Petition, along with a malformed docket number following the format #000-000, and a sender address of noreply@ustaxcourt.org, complaints@ustaxcourt.org, or notice@ustaxcourt.org, please ignore/delete the e-mail and do not click any link within the e-mail message.

more info

With the acquisition of EDS by HP there will be a reduction in the number of IT service jobs.  That will have a large impact on Outsources.  There are over 137,000 EDS jobs, with almost 25,000 in India, and many of those jobs will be eliminated in a consolidation and automation of the combined companies data centers. 

 

   

 

The elimination of jobs will put more pressure on outsource providers as there will be a surplus of employees who will be out of work.

 

In the 1970s that occurred in the US and that drove a recession.  The question is will that be good for the US job market or not.  Only time will tell.

more info

The California privacy protection act, SB 1386, which is a model for many states including New York, exempts companies that can prove lost data was encrypted from the requirement that they notify consumers. When mobile data is encrypted, thieves hoping for gold bars of valuable data are left instead with a solid, impenetrable and useless brick.

 

 When protecting data on mobile computers, companies have two primary choices:

• File and Folder Encryption: This type of technology allows users to encrypt sensitive files themselves.
• Whole-Disk Encryption (Full-Disk Encryption): Centrally managed, this process relies on software and hardware products.

more info