• Heartland CEO: QSAs Let Us Down
  In the review of what led to the Heartland credit card breach, Heartland’s CEO Robert Carr points to the PCI compliance auditors that passed the company before the breach – “PCI compliance doesn’t mean secure. We and others were declared PCI compliant shortly before the intrusions.”
• Opinion: Heartland CEO Must Accept Responsiblity
  A counter point to the previous article. Mike Rothman asserts that by attempting to blame the QSAs for the data breach they are learning nothing, and not addressing the root issue – “To be clear, you cannot outsource thinking. You cannot outsource security.”
• 8 Dirty Secrets of the IT Security Industry
  Are IT Security vendors really interested in improving your network’s security? Joshua Corman from IBM’s Internet Security Systems division details 8 trends in the IT Security market that help undermine a network’s security.
• Social Engineers’ 9 Favorite Pick-Up Lines
  Social Engineers leverage the trust people have in the familiar to gain access to facilities and networks. These 9 examples illustrate how easy it is for that trust to be abused. How many would you (or your employees fall for)?
• Hackers have Social Networking sites in their crosshairs
  In a recent study Breach Security, hackers are attacking Social Networking sites with increased frequency, accounting for 19% of online attacks in 2009.
• Twitter used to control botnet
  It was a matter of time, but Jose Nazario of Arbor Networks discovered a botnet that used Twitter for its command and control infastructure. While the account in question is obviously not a person, how long before a botnet writer creates an account that looks legitimate at first glance?

Related posts:

1. Do you know who your friends are? It sounds like a plot out of one of a...
2. Social Networking at Work Makes Employees MORE Productive A study conducted by Australian scientists found that employees who...
3. Quick Hits Here are a few quick computer and security news articles...

• Seesmic Desktop Beta available: Thanks to the great video podcast, Tekzilla, I found a great twitter client in the style of TweetDeck that improves on the original in several ways. You have to sign up for their mailing list to be added to the beta test, but it is completely worth it.
• Hack Twitter, Get a Job? The teenage hacker that recently published a few twitter worms was hired by exqSoft, a web application developer. Says the exqSoft CEO: “Any publicity is good publicity.”
• The Pirate Bay found guilty: In a decision that will likely have legal implications far outside their native Sweden, the admins of The Pirate Bay were found guilty of ‘assisting in making copyright content available’ and were fined $3.6 million and sentenced to 1 year in jail. Not so fast – this verdict will definitely be appealled.
• Stanford to offer free iPhone app development courses: If you have always wanted to learn how to make an app for the current hotness, Apple and Stanford want you!

Related posts:

1. Tech News – Internet Explorer 8 Edition Internet Explorer 8 Released. Improvements include: Smart Address Bar, Tab...

Related posts:

1. Links of the Week: Data Security Edition There were some great articles on CIO.com this week relating...

• Internet Explorer 8 Released. Improvements include: Smart Address Bar, Tab Groups, and Find in Page is now a task bar (finally).
• Microsoft Support Flooded with Complaints after IE 8 released. Top issues reported include: website printing, image positioning, slow boot times, and a bug dragging images into Facebook.
• Microsoft Released new security assesment tool. The new tool, dubbed !exploitable Crash Analyzer, is considered a “game changer” by Dan Kaminsky, a well-known security researcher.
• Insiders hacked Russian ATMs? Diebold released a software patch to Opteva line after it was discovered that several machines were infected by a card skimming trojan.
• Diebold admits flaw in voting machines that causes vote tallies to be lost. Admission called a “disturbing revelation” by security auditor.

Related posts:

1. Another Internet Explorer Vulnerability (…sigh) Well, here we are again. A few weeks after Microsoft...
2. Tech News: Seesmic Desktop Edition Seesmic Desktop Beta available: Thanks to the great video podcast,...
3. Microsoft asks users to abandon IE6, kinda Much has been written about the recent hack targeting Google,...

• Mother sues Apple over exploding iPod Touch Supposedly the iPod was in her child’s pocket in the off position. The kid felt a hotness from his pocket, looked down and was on fire. The mother is suing Apple and 10 Apple store employees for damages.
• Army database compromised The US Army discovered a possible security breach on a web application containing personal information of about 1600 soldiers
• Cyber crime goes SaaS Want to buy a toolkit for attacking computers? No problem? Don’t have the expertise to run it yourself? No Problem, they’ll host it for you! Seems like this would make it easier to shut the attackers down since they have a common source.
• Rigged podcasts can leak your iTunes username/password Hackers can create malicious podcasts to hijack usernames and passwords from Apple’s iTunes software. iTunes 8.1 fixes “feature”

No related posts.