IT Security


Anonymous comments: Some NY lawmakers say no; what say you?

A bill in the New York legislature would eliminate anonymous comments posted online. Aside from First Amendment concerns for the general public, what would such a law mean to government employees?

Android, Mac malware on rise, and beware mom-and-pop websites

PCs are still the biggest target for cyber criminals, and legitimate but small-time, seldom-updated websites are becoming a common vector, McAfee’s threat report says.

Analysis of social site hack: Are risks too great for gov workers?

Imperva's reconstruction of the MilitarySingles hack shows the inherent risks of user-generated content and asks if government needs a "higher standard" for social networking.

NORAD, Northcom launch joint cyber division

The new Joint Cyber Center includes members from the intelligence, operations, and command and control divisions, and a team from the U.S. Cyber Command.

After 6 weeks offline, ICANN reopens TLD application system

Applicants have an eight-day window to review and finalize applications for new generic top-level domain names.

Anonymous claims theft of 1.7 G of data from DOJ

The hacker collective says it has made data taken from the Bureau of Justice Statistics available for public download as part of its ongoing anti-government campaign.

Critical industries don't grasp IT risks, study shows

A Carnegie Mellon study shows that energy companies and utilities lag behind the more highly regulated financial services industry in cybersecurity and privacy protection.

If software patches are important, why do so many ignore them?

The continued presence -- and exploitation -- of known vulnerabilities suggests that some executives have decided that installing software patches is not worth the effort.

The 5 most common online swindles

Cyber criminals took people for $485 million in 2011 through a variety of scams, the Internet Crime Complaint Center reports. Here are common tactics to watch out for.

City's mobile method: Central management, full-disk encryption and no BYOD (yet)

Fresno, Calif., automates the task of tracking and controlling its network endpoints, both stationary and mobile.

Android malware growing at 'staggering' pace, report states

Families of Android malware quadrupled in the past year, while the files used to distribute the malware skyrocketed from 139 to 3,063, according to a report from F-Secure.

Tool provides out-of-the box FedRAMP compliance

Agilance's Federal Risk and Authorization Management Program Content Pack includes the baseline security controls required of cloud service providers.

Smart-grid security could benefit from Microsoft's SDL framework

A major vendor of energy system control and smart metering systems is adopting Microsoft's Security Development Lifecycle to help ensure better security.

10 recommendations for securing the IT supply chain

NIST's streamlined guidance on risk management focuses on a set of key recommendations for ensuring the security and reliability of information and communications systems.

Medicine's mobile mania raises the threat level, DHS warns

Mobile devices are ideal for many medical uses, but they also can put patient records, and sometimes even patients themselves, at risk, according to a DHS report.