The Obama administration has declassified and published part of its cybersecurity plan. Saying that Obama has “identified cybersecurity as one of the most serious economic and national security challenges” faced in the US, appointing Howard A. Schmidt as cybersecurity coordinator last year. Schmidt made the declassification announcement at the RSA Security Conference.

Schmidt says there are about 40 legal questions surrounding the cybersecurity initiative that the government is working on. The initiative was set to protect US networks – military, civilian and government networks as well as infrastructure systems – and to combat cyberwarfare.

The declassified plan includes information on Einstein 2 and 3, intrusion detection systems on federal networks that would detect potential threats. Wired does a great job discussing the privacy and civil liberty issues surrounding these deployments. The plan outlines several initiatives that are a part of the Comprehensive National Cybersecurity Initiative (CNCI) – see the outline here.

SANS has put together a great blog featuring a security awareness tip of the day. The tips are brief and to-the-point, so a great easy format to read each day.

Some of the tips are ones I would highlight in individual posts, but I figured it’s best just to send you on over there to also add it to your RSS feed. Some of my favorite posts from their recent coverage are:

• A password should be used by only one person
• Avoid default installations
• Email isn’t the only online communication that has security risks
• Use Google’s cached mode to avoid spyware
• Take time to explore security settings

Not all the posts have a lot of information but, if they make you think, they are a good jumping point for you to continue your research.

The National Cyber Security Alliance (NCSA) released the 2010 State of Cyberethics, Cybersafety, and Cybersecurity Curriculum in the U.S., a report which looks at the state of cyberethics, cybersafety, and cybersecurity training in the nation’s schools.

The study polled teachers, school administrators, and technology coordinators. It indicates that the youth in the US aren’t receiving enough instruction on how to use technology and to navigate the cyber world in a safe and responsible manner. Despite the lack of past study, most of those polled strongly agreed that these topics should be taught in schools.

“The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance.

Data from the study:

• >75% of teachers have spent fewer than 6 hours on cyberethics, cybersafety and cybersecurity training in the last 12 months
• 35% of teachers taught online conduct
• 27% of teachers taught about the safe use of social networks
• 18% taught about scams, fraud and social engineering
• 19% taught about safe passwords
• 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible

Via Stay Safe Online

Our featured webinar for the month is on Worry-free Strategies for School Laptop Management, hosted by Absolute’s Geoff Glave and Joe Fives, Director of Technology and Information Services for the Kansas City Kansas Public School District.

This school district has learned how to use Computrace to track over 6,000 macbooks, successfully – and securely – implementing a laptop program that supports the education program. You will have a chance to learn about everything from grant approvals to theft rates and even recovery stories!

Head on over here to learn more and to register to watch.

Microsoft has issued a security advisory for Windows XP users that pressing the F1 key when prompted to online could put users at risk for a hack.

The F1 key vulnerability exists because of an un-patched vulnerability in Internet Explorer that would allow hackers to hijack the source PC.

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

Microsoft may supply a security patch for this vulnerability in an upcoming patch release. No date or confirmation of this patch is available.

Via network world

There’s been a lot of buzz about the website PleaseRobMe – so much, in fact, that the site has been down every time I went to see it in the last week! The site, by aggregating public location-based check-ins, highlights just how many people are asking for their homes to be robbed. How? By advertising just where they are – a restaurant, theatre, etc. Essentially, anywhere but at home.

Now, this type of information is not new. It’s the same thing as advertising in a newspaper about when you’re getting married or that a relative has died. However, these location-based services – Foursquare or even Twitter – have made the practice more prevalent and prolific.

What do you think about location-based services? I don’t use them, but I do admit that I often tweet things such as “out for coffee with my husband”, giving any potential robber the opportunity to rob me.

Luckily, the Computrace customer escaped with only minor scrapes and bruises after being attacked my two men on her walk home. However, her laptop wasn’t spared and was taken by the attackers.

The victim contacted police and Absolute immediately afterwards, spurring the Absolute Theft Recovery Team into action. Soon after, Absolute had identified the laptop’s location and provided police with the information necessary to serve a search warrant. The search resulted in the laptop’s recovery and a few additional clues.

The unauthorized user explained that she had recently purchased the laptop off the street, from a seller that she was able to positively identify. As said seller had a colorful criminal resume, the name rang a bell with police – enough motivation to bring the suspect into the station for further questioning. A quick line-up was all it took for the victim to connect the seller to the initial attack. Laptop returned, criminal charged, case closed.

 
Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

Over the past few days it’s come to light that one of our customers has been accused of using the legacy LANrev TheftTrack feature in a non-theft scenario.

When Absolute purchased LANrev in December 2009, it was for the product’s computer lifecycle management capabilities. Because Absolute believes both in protecting our customers and in our managed theft recovery approach, we do not actively promote the use of the TheftTrack feature. And we have slated the removal of the TheftTrack feature in an upcoming product update.

The TheftTrack feature allowed customers to track and manage lost client machines over the internet. By default this feature is off for each computer and the customer can completely disable the feature so that it can never be turned on by an IT administrator. After a theft or loss, a pre-authorized IT administrator must turn on TheftTrack for a specific computer. The actual tracking is not active until the next time the client machine calls into the server. When the feature is enabled, it takes screenshots every 15 minutes and does not give the IT administrator a live view.

There are a number of widely-available technologies that can be used in the same manner as the TheftTrack feature. But webcam pictures are not a useful tool in tracking down the location of a stolen computer. It’s one of the reasons why this feature is slated for removal from the product and why we fully support our managed theft recovery service.

The managed theft recovery services available with Computrace and LoJack for Laptops can be activated by a customer only after they have filed a criminal report with the police. Then, our Theft Recovery Team determines the location of the device through other forensic means and works with local law enforcement to get the stolen computer back. This helps protect both the customer and the unauthorized user from potential vigilantism or misuse that may occur with do-it-yourself solutions.

Ultimately, the responsibility for the use of these and all high-technology products lies with those who apply them in every day use.  The allegations against the school are just that, allegations, and it’s only through the court system now that we’ll find out the full story. In the meantime, Absolute is encouraging our LANrev legacy customers to permanently disable the TheftTrack feature in the LANrev solution.

It was happy ending to a home burglary that left a Computrace LoJack for Laptops customer without her laptop. Soon after the theft, Absolute was able to identify the laptop’s new user – a man who, thinking he was making a legitimate transaction, purchased the machine from an unknown male. The man had paid by check, allowing police to trace the transaction back to the original seller. The seller was then linked to the initial home burglary, as well as a violent robbery that had taken place just days prior. The laptop was recovered, and charges laid.

Upon hearing of the successful recovery, our customer relayed her experiences with the following kind words:

After the theft of my laptop, one thing is certain, “without Computrace LoJack for Laptops, I would have never seen my laptop again!” In the process of filing insurance which I thought initially would be my only restitution, I was surprised to find after my $500 deductible and one year’s worth depreciation I would receive approximately $76 to replace my new laptop.

While working with the Absolute Theft Recovery Team, from day one until my laptop was returned by the police, I was constantly informed of the status of the investigation and felt confident that my small case was important not only to Absolute but to the police as well.

When my laptop was returned, I was surprised to find the very suspect Absolute had identified had committed an armed robbery just 3 days prior to my recovery. He wouldn’t have been nabbed without the information Absolute provided, and thanks this added evidence, will be going to prison for up to 4 years.

Many, many thanks to Absolute for providing not only a computer theft recovery service but a restored a sense of security to me as well!

Susannah M.
Texas, USA
‘LoJack Client for Life’

Using a password manager program like can greatly help you keep your passwords safe and secure. Though no password or password program can guarantee that you will be 100% secure, you can definitely improve your security by a long shot.

One example is 1Password that comes from Agile Web Solutions. It provides password management as well as anti-phishing control using web form filling (including credit card info). 1Password creates strong unique passwords for all your web forms. And as we know, strong encryption helps keep your data safe. Once activated, you only need to remember a single password – your 1Password password. Not bad, hey?

If you’re an iPhone or iPod Touch user, they also have mobile solutions.

Image: Clipart