INFORMATION

Site Map - IT Security

Government report card.

- It's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.

Worth a Look.

- One of the most ballyhooed differences is security; IE has been famously prone to flaws, while Firefox has remained largely outside of the virus and worm threatscape in part because it has fewer flaws and in part because it has fewer users and is not yet attracting the attention of hackers. That's subject to change, of course, as more people adopt it. Firefox has some differences that truly make it more secure, however. For example, it doesn't automatically load ActiveX controls, tiny programs that have been the cause of many of IE's security holes. Pros. Better security and the ability to precisely customize it to your wants and needs make Firefox a pleasure to use. Cons. Since Firefox doesn't automatically load ActiveX controls, there are some pages that simply won't load in the browser, or won't work properly. For these pages, you'll have to open IE. Where to get one? The browser is available for free from Mozilla's Web site.

DEFINING MOMENTS

- It might seem odd to dedicate network resources to actually try to attract hackers, but that’s exactly what these servers, attached to the Internet, do.

Worth a Look

- A new portable storage device called Outbacker by Memory Expert International (MXI) is a bit bigger than a flash drive—it’s about the size of a deck of cards—but it makes up for its size with an incredible 20 GB of storage space (a model with twice as much storage is also available).

Making a Federal Case of IT Security

- The federal government needs to play a greater role in protecting the IT infrastructure of the United States, according to two recent reports. The first report, from the President’s Information Technology Advisory Committee (PITAC), a group of independent experts appointed by the president to provide advice on IT issues, warns that the nation’s IT infrastructure “is highly vulnerable to attack.”

When Good Software Goes Bad

- Why it’s so hard to create secure software, how to hack Google, Sarbanes Oxley costs, a secure and portable storage device, and more from the digital world

Making a Federal Case of IT Security

- The federal government needs to play a greater role in protecting the IT infrastructure of the United States, according to two recent reports. The first report, from the President’s Information Technology Advisory Committee (PITAC), a group of independent experts appointed by the president to provide advice on IT issues, warns that the nation’s IT infrastructure “is highly vulnerable to attack.” Read the The PITAC report, Cyber Security: A Crisis of Prioritization, and the CRS report, Creating a National Framework for Cybersecurity.

Worth a Look

- Rom viruses to spyware to Trojan horses, there’s an abundance of ways for your computer to be rendered unusable or for its data to be corrupted. If you’re lucky enough to have the help of IT professionals, you might be able to get things back to normal without too much trouble. But if you’re on your own, you might wish that you could somehow turn back the clock to the days when the computer was working properly.

The Race to Deface

- Defacements of Web sites hit a new peak in December 2004, according to statistics compiled by zone-h.org, which has a database of what it calls “Web server cybercrimes.”

Spot the Bot

- “bot” is a small software program that is often used on Internet Relay Chat (IRC) channels to gather information or interact with human users. Some bots on IRC are used by hackers to control “botnets,” or a series of tens of thousands of compromised computers, according to Know Your Enemy: Tracking Botnets, a paper from The Honeynet Project & Research Alliance.

Quick Bytes: A new NOC.

- The Cyber Incident Detection Data Analysis Center (CIDDAC), a service to share real-time cyberthreat information, recently launched its National Operations Center at the University of Pennsylvania.

Quick Bytes: Grading the graders

- Each year, federal agencies receive “grades” on a computer security report card, issued by the House Government Reform Committee. It’s based largely on each agency’s compliance with the Federal Information Security Management Act (FISMA).

Trouble in the Blogosphere

- The problem with blogs, the threat posed by bots, and a system backup tool.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.