According to the human resources association World at Work, 17.2 million Americans worked from home or remotely at least one day per month for their employer last year (See also: 4 Telecommuting Security Mistakes). And the 2007 book 'Microtrends' estimates that 4.2 million Americans work full-time from home.
Good security is a key to good productivity. CSO spoke with two home office security experts about security mistakes home office workers often make (and how to avoid those errors).
A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists could attack America. If our inability to prevent 9/11 marked a failure of imagination, as some said at the time, then who better than science fiction writers to inject a little imagination into counterterrorism planning?
Here's a great general security article that reinforces a handful of helpful tips for improving security awareness. We all forget occasionally that security is pervasive and needs constant reinforcement.
It is widely agreed that the single most effective security measure is staff awareness. So how does leadership create and maintain a security-conscious mindset within the organization? Constant reinforcement; remember the average person needs to hear the message seven times before it sinks in. So here are seven ideas to help you get the message integrated into the culture of your company.
I could add quite a few to this list, including periodic penetration testing of your local internal network, password cracking of your NTLM and other systems, and better education of users in training classes. Do you have others?
In this month's Crypto-Gram Bruce covers Perverse Security Incentives, Privacy in the Age of Persistence, Three Security Anecdotes from the Insect World, The Kindness of Strangers, New eBay Fraud, and Balancing Security and Usability in Authentication.
Source: Zero Day ZDNet Blog - Posted by Ryan W. Maple
A pretty interesting read on "other" uses for DDoS attacks and botnets:
During his presentation, Nazario covered the major political DDoS events from the past 10 years, starting with DDoS attacks focused on NATO during the Kosovo campaign through the recent past’s events in Georgia. One can conclude from the presentation that the attacks are either being enacted by non-regular militias and citizen armies that are being motivated by central governments or by grassroots groups protesting a significant geopolitical touchstone, such as the outcome of certain events in the Olympics. The story that was the most surprising to me was the ease of use of the tools used to wage the attacks.
Clickthru to see the rest.
It's that time of the month again: Bruce has put out his latest CRYPTO-GRAM:
A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. In this issue: Impersonation, News, Forging SSL Certificates, Schneier News, Biometrics, and Comments from Readers.
If you follow his blog then most of this is old new, but if you don't then this is a must-read for everybody. Enjoy!
Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Brothers supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't necessarily becoming more sophisticated.
Check out this list of top 5 cybersecurity news stories of of the year. Did they miss any that you think should be on the list?
A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system.
Chroot is great security practice to isolate an attack to only one part of ones system. If you are interested in using chroot check out this article it that will show you all the commands that you need.
Like other Unix-like computer operating systems, Linux is widely considered as secured and well-guarded against computer viruses. Its multi-user environment makes it extremely hard for malware to gain root access to the system files. Though malicious programs that are specifically written for Linux are really small in number, there is still a possibility for them to cause some harm. So, it's necessary to take some precautionary measures.
Have you ever used an virus scanner on your Linux machine? This article looks at 5 different anti-virus software for Linux.
Welcome to the Nipper Open Source project web site. Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.
The report can include a detailed security audit of the device settings or be a configuration report, the output is customisable. Nipper supports a wide variety of devices from different manufacturers such as Cisco, Nokia, Juniper, HP, CheckPoint, Nortel, 3Com, SonicWALL and Bay Networks.
Do you need detailed reports of your networks traffic? You might about to check out the Open Source project called Nipper. Read on for more information....
