Archive for April, 2009

A new National cybersecurity bill is currently being introduced to legislation by Senator Rockefeller (Chairman for the Committee on Commerce, Science, and Transportation) and Senator Snowe. The bill would create the Office of the National Cybersecurity Advisor within the Executive Office of the President, an advisory position that would report directly to the President and serve as lead on all cyber matters. This position would co-ordinate with the intelligence community as well as civilian agencies.

The new cybersecurity legislation proposes additional changes to address issues of cyber crime, global cyber espionage and cyber attacks.

“I believe Congress must bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cybersecurity efforts in the 21st century.” – Senator Rockefeller

The Rockefeller-Snow initiative would include provisions for:

• Raising the profile of cybersecurity within the Federal government, including the aforementioned Office plus a comprehensive national strategy, a quadrennial cybersecurity review and a threat and vulnerability assessment
• Promoting public awareness and protecting civil liberties, including a legal review of the statutory and regulatory framework applicable, changes required, and a report on identity management and civil liberties
• Remaking the relationship between government and the private sector on cybersecurity, including a public-private clearinghouse for cyber threat and vulnerability information sharing, an Advisory Panel, enforceable cybersecurity standards, licensing for cybersecurity professionals, State and regional cybersecurity centers for small and medium-sized businesses, and more
• Fostering innovation and creativity in cybersecurity to develop long-term solutions, including increased recruitment for students into cybersecurity, increased funding for R&D, and an attempt to place a dollar value on cybersecurity risk

Read more about the new cybersecurity legislation being proposed here.

Via SecurityFocus ; Image: clipart

In a clear oversight of security protocols, Britain’s most senior counterterrorism officer, Bob Quick, took Top Secret documents out of the office. The documents, in clear view in his arms, were then photographed by the press as he carried the documents up Downing Street. Bob Quick has resigned as a result of the incident.

The documents outline a Metropolitan Police Service and MI5 counterterrorist operation against al-Qaeda suspects. The document revealed details for a planned arrest of terrorist suspects following a long covert surveillance operation. Steps were made to censor the photographs (only successful in Britain) and Mr. Quick’s location fearing that information would tip off the suspects. The operation was able to continue, with arrests made sooner than was planned, but it is still a major security blunder.

Bob Quick says he “deeply regretted” revealing the documents to photographers, and some people seem willing to forgive him for simply holding the paper the wrong way. However, the secret documents should not have been carried outside of secure areas in printed format – at the very least, they could have been transported in an encrypted drive. This is not the first incident where a government official has accidentally shown secret notes to the journalists who often wait outside of Downing Street.

Bob Quick resigned soon after the incidence, following a meeting with the home secretary and the Metropolitan Police commissioner.

“I have today offered my resignation in the knowledge that my action could have compromised a major counterterrorism operation.

I deeply regret the disruption caused to colleagues undertaking the operation, and remain grateful for the way in which they adapted quickly and professionally to a revised timescale.”

It is a pity that the breach was made, but the repercussions are already wide-ranging. Not only has the public outcry damaged the trust in government security, but the MPS has lost its most senior, and experienced, counterterrorism specialist. This should underscore the importance of having a clear security policy and ongoing employee training – at all levels – to ensure compliance to basic security measures.

Via Schneier

Microsoft just released the 6th volume of its Security Intelligence Report (SIR), which provides perspective on the changing threat landscape in terms of software vulnerability, malware, and the changing face of threats and countermeasures.

The SIR indicates that malicious software infected different versions of Windows at different rates. Vista was less infected than other service packs, all versions of Windows XP having higher infection rates. The data, which is based on millions of Windows users, indicates that total vulnerability disclosures was on the decline while the number of high severity disclosures was increasing each quarter. More than 90% of vulnerabilities disclosed affected applications or browsers (vs the Operating System).

In the second half of 2008, there was a rise in rogue security software, which is software that poses as being anti-malware or anti-spyware, when indeed may do nothing or be malware itself. Be sure to download your software just from trusted sources!

The report looks at data breach incidents from the OSF Data Loss database, indicating that the second half of 2008 could blame 33.5% of all data loss incidents on equipment theft, including that of laptops. Adding in equipment loss, and that total goes up to 50%. Be sure to secure your laptops and be able to see if computers have the latest software updates with our Computrace laptop security solution.

SIR Volume 6, which tracks data between July and December 2008, can be downloaded here.

Via technet

Absolute Software has released a list of the Top Five Healthcare Practices for Keeping Data Secure. These best practices will be valuable as healthcare moves forward with technology, particularly since the American Recovery and REinvestment Act (ARRA) was signed in February.

1. Know the consequences of a data breach
2. Assess your organization’s situation
3. Implement a comprehensive data security plan
4. Secure data on mobile computers
5. Create a data breach policy

Learn more about these 5 steps and ARRA here.

Considering the most recent hospital data breach in Miami has affected 200,000, and that data breaches in healthcare data breaches are more costly than breaches in other sectors, it’s a good idea to take all the steps you can to protect the data of your patients, clients and employees in this sector. A data breach is costly in any sector, but it’s important you understand how a data breach can impact, and be prevented, in yours.

Image: clipart

Three new reports on malware caught my attention today. The first report is out of Google’s Postini division, which indicates that spam has risen to levels not seen since before the McColo incident, the biggest takedown on record. As seen here, the 7-day average spam record at the end of March returned to the pre-November, 2008 levels:

Viruses in email attachments made a come-back, with emails becoming even more geographically customized to increase the click rates. The economy, financial markets, job cuts, and resume help are the most prominent topics spammers use.

The second study from Symantec indicates that the number of websites spreading malicious programs tripled in the last month, reaching the highest levels since June 2008. Almost 3,000 potentially harmful websites are being intercepted daily, with nearly that same number of new websites harboring malware each day.

The last study, out of PandaLabs, indicates that 1.1% of the worldwide population of Internet users has been actively exposed to identity theft malware, with that rate increasing very quickly through 2009. This study, based on 67 million computers worldwide, also showed that only 25% of infected PCs had up-to-date antivirus software.

As a reality check, researchers in Canada uncovered an electronic spying operation that had infiltrated computers from government and private offices around the world. Read more here.

The laptop of a LoJack for Laptops customer was stolen in a car burglary. Within days of receiving the customer’s theft report, the Absolute Theft Recovery Team had determined the laptop’s user, whom the police soon contacted.

Extremely cooperative, the user returned the laptop to police before explaining how he had recently purchased it for $100. He was able to clearly identify the laptop’s original seller, along with the seller’s residence. He also claimed to have noticed a number of suspicious items at the residence – many of which he suspected to be stolen. Working off this evidence, police obtained a search warrant for the identified home.

The search proved to be advantageous – police recovered two handguns, several thousand dollars worth of stolen property (mostly electronics), and an established marijuana grow operation. As a result of these finds, several additional burglary cases were solved. The owner of the residence, already a convicted felon, was arrested at the scene and faces multiple charges and jail time.

The involved deputy offered the following comment on LoJack for Laptops: “This software is the greatest thing to come down the line in a long, long time.”

Within days of receiving a theft report from a LoJack for Laptops customer, Absolute had identified the stolen laptop’s user and location. They passed this information on to police, who paid a visit to the identified suspect.

When confronted by the detective, the suspect alleged that the laptop was in his possession at one point; however, it did not belong to him. He had simply borrowed it from a friend to complete some work. Shifting focus off himself, the suspect provided police with contact information for said friend. Police contacted the friend on April 1st.

Believing the police call to be an April Fool’s prank, the friend’s phone manners were less than polite, and he refused to respond to questioning. Realizing that the phone call was far from successful, the detective decided to pay a personal visit to the friend’s home.

When questioned of theft, the friend adamantly denied possession of the computer. He quickly pointed the finger back to the original suspect, claiming that he was responsible for the theft. The original suspect then pointed the finger back to his friend – and the blame game continued. Impatient, the detective reminded the men that he was just as happy to charge two suspects as he was to charge one. He gave the men 24 hours to produce the laptop.

Viola – that laptop appeared at the police bureau later that day. It has since been returned to its rightful owner. No word on the friendship…

Absolute Software’s Computrace Mobile has been nominated for a Stevie Award!

The Stevie Awards were created to honor and generate public recognition of the achievements and positive contributions of organizations and people worldwide. This is the 7th year of the Awards. Last year Absolute Software’s sales team won the 2008 “Best Sales Team” award, and this year we’re being nominated for “Favorite New Product.”

This new category for the American Business Awards, known as The Stevies, recognizes favorite new products in 12 different business categories. Computrace Mobile is nominated under “Favorite Software as a Service.”

Click here to vote for Computrace Mobile for the People’s Choice Stevie Award for Favorite New Product. You can alternatively go here and enter Short Code I402T to vote. Voting will close on June 1, 2009.

Absolute Software recently announced that Getac computers now support Computrace at the firmware level.

The Getac Rugged Notebook (model A790) and Rugged Tablet (V100) are the latest laptops with embedded Computrace support. The B300, E100, M230 & P470 models will be phased in over the coming months, making it so all Getac rugged laptop and tablet computers will feature Computrace.

The Computrace BIOS support module is shipped disabled and turned off from the manufacturer. Once the customer installs the Computrace Agent, pays for the Absolute Tracking and Recovery service and activates the Computrace BIOS support module, then the extra level of security and firmware persistence will be activated.

Embedding support for the Computrace Agent into the BIOS provides customers the highest level of persistence and allows the Computrace agent to survive operating system re-installations, hard drive reformats and even hard drive replacements. Getac president, Jim Rimay, says:

“Having Computrace embedded in the firmware of our computers gives our customers the additional security and satisfaction of knowing they can track and manage computers as well as delete sensitive data even if the hard drive is replaced or reformatted. Absolute’s services are an ideal complement to our world-class rugged notebook computers and tablets.”

For a full list of firmware-supported computers (from Dell to Fujitsu to Toshiba and more), see here.

Also check out Daily DIY’s “Top 10 Ways to Lock Down Your Data“, which encapsulates many of the tips we’ve talked about here on the blog before. The list includes tips such as encryption, using KeePass for password security, using smarter security questions and protecting your laptop (something we can help with).

Absolute Software announces today that it’s consumer product, LoJack for Laptops, will now be available for purchase at the McAfee online store for US customers.

The addition of LoJack for Laptops to the store offers McAfee customers a more comprehensive computer security package, all purchased at once. LoJack for Laptops tracks and recovers stolen computers. If your computer goes missing, the Absolute Theft Recovery Team will work with law enforcement to get it back.

“When consumers purchase McAfee security suites as well as Absolute’s LoJack for Laptops it gives them the protection from two common headaches that computer owners face: rampant computer and Internet threats and computer thieves,” – Todd Gebhart, executive vice president and general manager of McAfee Consumer, Mobile and Small Business

You can buy Computrace LoJack for Laptops from McAfee for $39.99 (Standard) or $59.99 (Premium). The premium version includes our service guarantee and the data delete functionality.

Absolute Software’s Computrace LoJack for Laptops is meant for home and home office computer users. You can learn more about it here, or learn more about our corporate solutions here. Mac users, don’t forget that both LoJack for Laptops and Computrace are also available for you!