Archive for September, 2009

National Journal Magazine – The Cyber Defense Perimeter

September 30, 2009

National Journal Magazine – The Cyber Defense Perimeter: ”


Court Allows Woman to Sue Bank for Lax Security After $26,000 Stolen by Hacker | Threat Level |

September 30, 2009

Court Allows Woman to Sue Bank for Lax Security After $26,000 Stolen by Hacker | Threat Level | ”

Sign In | RSS Feeds

Court Allows Woman to Sue Bank for Lax Security After $26,000 Stolen by Hacker
By Kim Zetter September 4, 2009  |  2:58 pm  |  Categories: Cybersecurity, The Courts
An Illinois district court has allowed a couple to sue their bank on the novel grounds that it may have failed to sufficiently secure their account, after an unidentified hacker obtained a $26,500 loan on the account using the customers’ user name and password.

As initially reported by legal blogger, David Johnson, Marsha and Michael Shames-Yeakel sued Citizens Financial Bank in 2007 in the northern district of Illinois on several grounds, including a claim that the bank failed to provide state-of-the-art security measures to protect their account.

U.S. District Judge Rebecca Pallmeyer refused last week to grant a summary judgment in favor of Citizens Financial, stating in her ruling (.pdf) that ‘assuming that Citizens employed inadequate security meas”

(Via .)

Banking Via Twitter?

September 30, 2009

Banking Via Twitter?: “In the latest example of how just because you can do something doesn’t mean you should, one credit union has decided to offer a new feature, dubbed ‘tweetMyMoney,’ that allows members to interact with their accounts via Twitter. Can’t wait for the next version, ‘tweetSomeoneElsesMoney.’ ‘tweetMyMoney, available exclusively to Vantage members! With tweetMyMoney, you can monitor your account balance, deposits, withdrawals, holds and cleared checks with simple commands. And, you can even transfer funds within your account. It’s all available on Twitter, 24/7!’

Read more of this story at Slashdot.

(Via Slashdot.)

IT Security Breaches Soar In 2009

September 30, 2009

IT Security Breaches Soar In 2009: “slak11 quotes from a Globe and Mail article on the jump in corporate and government secutiry breaches year-over-year. (The reporting is from Canada but the picture is probably much the same in the US.) ‘This does not seem to be all that newsworthy these days, since stories like this are appearing on a regular basis. The one detail I did like — that seems to break from the traditional hackers cause all the bad stuff reporting — is the mention that everyday employees are a major cause of breaches. The recent Rocky Mountain Bank/Google story is a perfect example. As stated in the article: But lower security budgets arent the only reason breaches tend to soar during tough economic times — employees themselves can often be the cause of such problems. I figure this will be an ongoing problem until company management and employees accept their role in keeping company information safe. And IT people need to understand that regular employees are not propeller-heads like Slashdot readers, and to begin to implement technology and processes that average people can understand and use.’

Read more of this story at Slashdot.

(Via Slashdot: IT.)

University Research Exposes Potential Vulnerabilities In Cloud Computing

September 30, 2009

University Research Exposes Potential Vulnerabilities In Cloud Computing: “‘Cross-VM attacks’ could threaten sensitive data in cloud computing environments, researchers say”

(Via Dark Reading – The Business of IT Security.)

Security challenges with cloud computing services

September 30, 2009

Security challenges with cloud computing services: “Panel discusses cloud computing security issues including encryption and user authentication.

(Via SearchSecurity: Security Wire Daily News.)

Breach Analysis Portal

September 30, 2009

The U.S. Patriot Act has an impact on cloud security

September 30, 2009

The U.S. Patriot Act has an impact on cloud security: “Cloud security includes the obligation to meet regulations about where data is actually stored, something that is having unforeseen consequences for U.S. firms trying to do business in Canada.”

(Via Network World Security Feed.)

DuPont Alleges Second Insider Breach In Two Years

September 30, 2009

DuPont Alleges Second Insider Breach In Two Years: “DuPont claims former employee was headed to China with company secrets”

(Via Dark Reading: Dark Reading News Analysis.)

StripMyRights – Based on DropMyRights

September 30, 2009

StripMyRights – Based on DropMyRights: “StripMyRights.exe

Copyright (C) 2005 Kåre Smith, Systemintegrasjon AS


StripMyRights.exe [/D] [/DW] [/L N|C|U] {exefile} [arguments]

The program is made for Windows XP, Windows Server 2003 and newer.

Purpose of the utility:

If you are using a Windows computer logged on as an administrator, you are taking a risk. Especially if running Web browsers like Internet Explorer or email clients like Outlook. To lower the risk, it would be nice to be able to start Internet Explorer, Outlook and other potential risk-exposing applications in an ordinary user context. With Windows 2000 you had to use the RunAs command, which is cumbersome. With Windows XP Microsoft introduced the API calls SaferCreateLevel and SaferComputeTokenFromLevel, which allows one to create a token with reduced rights to be used when starting new processes. Michael Howard, Microsoft Security Engineering, released a utility, DropMyRights to take advantage of this new feature”

(Via .)