archives  If you want an RSS feed try this xml rss V0.91 feed

Thursday, June 19, 2003

'Guess who's fault it is? Yours!'

Guess and FTC LogoWASHINGTON - The U.S. Federal Trade Commission (FTC) has settled a case with clothing and accessory vendor Guess, in which the agency accused the company of not taking appropriate measures to secure its Guess.com Web site. The judgment was all about the misleading claims made by the retailer about the security it afforded it's web site visitors. They, Guess, said they took all reasonable measures to protect the information given to them by their on-line customers but they did not, got hacked, then got caught! The company is now subject to several compliance orders imposed upon it by the FTC, including the requirement for it's security measures to be independently audited on a regular basis. Other provisions in the FTC's order include the requirement for the company to retain document relating to it's compliance for a period of 5 years. While this article relates to actions in the USA, we believe this kind of regulatory compliance is also appropriate here in the EU, and it would be hard for a company to defend itself from actions brought about by someone suffering from identity theft after using an e-commerce site. ®© Related Links The FTC's analysis of the ruling FTC settles with Guess on Web vulnerabilities, an article by Grant Gross IDG News USA - ID Theft UK the DTI's take on ID - Theft

posted by Robert Campbell 9:49 PM

IM and Legal Archive Trends

NASD logoRecent legislation, in the USA at least, would indicate that the need to archive ALL messaging content for extended periods may have to become commonplace over the next few ....well NOW! For example the NASD recently told all its members, and that means all US securities firms, that it must keep Instant Messaging logs for three years, i.e. treat it the same as email. The assured centralised policy enforcement issue also came up at the same time, which means companies can not just rely upon the individual user to set the standards or to make decisions as to what gets archived. This is critical as most IM systems don't allow for centralised control, they are seen as consumer/individual tools, and many of the email archiving solutions in the market today rely on the use of email-client plug-ins. e.g.KVS's KVault. This must bee seen to be a serious flaw in their offerings. Related links email archiving email as evidence, an article by Robert Campbell and Stephen Mason Archive-it News article in InfoWorld by Scarlet Pruitt, IDG News Service

posted by Robert Campbell 8:57 PM

2003 Global Security Survey

DTT Security Survey front cover2003 Global Security Survey from Deloitte Touche Tohmatsu published earlier this week includes the results from interviews with 80 senior IT executives of the 500 largest global institutions and an analysis based on their current practices. Over a third of those interviewed reported some form of security breach during the past year. The most interesting point for us was the fact that their were more reported external attacks than internal breaches. It is a widely held belief that most, often quoted as 90%+, of security breaches are said to come from within an organisation. Some interesting regional splits were uncovered too. EMEA seems to have "exposure and compliance to rules and laws" as top of their agenda while APAC sees "laws and regulations related to privacy compliance" as their main driving force. The report really does make interesting reading. ®© Related Links Download the report from DTT web site

posted by Robert Campbell 8:23 PM

Wednesday, June 18, 2003

Checkpoint NG - a right proxy

checkpoint logoCheckpoint the so-called firewall vendor is beginning to look more an more exposed with it's 'stateful packet inspection' strategy. With comments like "the ability to dive deeper into traffic flows" to provide better analysis tools, Nacht, Check Point's co-founder and CTO, seems to have made some moves to the 'other side'. What he really means he needs to do some upper level, (i.e. ISO 7 Layer Model), analysis to determine what the traffic is trying to so, the standard approach to proxy firewalls like the BorderWare Firewall Server Related Links Check Point bolsters apps security defences By John Leyden Software is king - Check Point By John Leyden

posted by Robert Campbell 9:36 PM

Apoyar

Person 16?David Hamilton of Apoyar Networks, aka 'person16' admits to reading ecommnet news feed. In a rare candid interview DH admitted to us that he actually read the ecommnet news column. Apparently for the ..amusement value... Related links Service descriptions deliberate error = 404 page!

posted by Robert Campbell 9:14 PM

Tuesday, June 17, 2003

SCO vs IBM

IBM SCO LogosIn an action likley to unsettle the corporate server marketplace and bolster the sales of Microsoft's OS SCO Claims UNIX ownership and goes after IBM with lawsuits and injunctions to prevent IBM shipping AIX, and from any IBM customer using the operating system. There are two conspiracy theories to cover this one, either it's a desparate attempt by the SCO management team to get IBM to buy it, considering the leagal bills to fight this lawsuit and the potential risks it would be the cheapest option for IBM. Or its a subversive attempt by Microsoft to unsettle the UNIX / Linux marketplace to such a degree that corporate buyers who may just have favoured moving to Linux now back off and stick with what appears to be a safe option Windows 2003. Related Links CBR Online article by Timothy Prickett Morgan IBM's news pages, nothing here though SCO Investor relations announcment and the other one

posted by Robert Campbell 9:02 AM

Monday, June 16, 2003

Spam with Everything

SpamAccording to Brightmail the messaging security firm, last months email traffic was at least 50% SPAM. If my mail box is anything to go by its a lot higher than that too. And now Messagelabs the Gloucester based firm claim to have hard evidence of the means by which the spammers are sending the email, by hijacking users computers using a Trojan contained in a virus. The "Trojan virus" involved attempted to exploit a vulnerability on Windows PCs known as an open proxy. It's not just the technical details that are important here but the fact that the Spammers are proven to have been using hacking techniques that would lay themselves open to computer misuse charges. Not that this will deter any of them! Related Links Messagelabs Trend ecommnet virus tracking centre Stuart Miller's article in the Guardian Online

posted by Robert Campbell 8:57 PM

Blair is Barking Mad

labour party logoTony Blair would have been justified in going barking mad this morning after the discovery that The labour party web site was hacked, reported first by the BBC and subsequently by The Register. The defacement in all its gory details are published in true urban fashion for all to see and he to brag about. If anyone wanted demonstration of the mindset of the average hacker this is a good example. Oh and for all you who like to analyse these things the site was Unix - Solaris.

posted by Robert Campbell 8:33 PM


Powered by Blogger Pro™