Site Map - Cybersecurity

A Close Eye on Iris Recognition

- The National Institute of Standards and Technology (NIST) has launched the Iris Challenge Evaluation (ICE) to gauge the state of this type of biometric technology.

A VoIP in the Wilderness

- Voice over IP (VoIP) is becoming increasingly popular as corporations learn they can use their broadband infrastructure to save money on phone bills. But the potential threats from VoIP are still unclear, and companies trying to save a buck could find that they’ve exposed themselves to far greater problems.

Copy,Scan, Fax, Steal

- You’ve spent countless dollars securing your company’s intellectual property in safes and on servers, and you’re sure that sensitive customer or patient information is not being made public, as required by legislation. But meanwhile, your copy machine could be exposing this data to the world.

Theft From Afar: Hacking into RFID

- Radio frequency identification (RFID) technology is used in everything from retail antitheft devices to inventory tracking and access control. It’s gaining in popularity as a security solution, but companies should be aware of its vulnerabilities, say experts.

Debating Losses

- Research firm Gartner has estimated that ATM and debit-card fraud resulted in $2.75 billion in losses in the 12 months ending in May 2005. Most, it says, resulted from phishing and keystroke-logging attacks that capture account information and PINs. However, research from TowerGroup, a global financial-services advisor, estimates these losses to be much lower, with less than one percent of fraud losses coming from phishing. Most losses, it says, are from stolen cards and card skimming.@ Criminals Exploit Consumer Bank Account and ATM System Weaknesses is $95 through the Gartner Web site. Turning Phishing into Cash: Criminal Convenience at the ATM? is available from TowerGroup for $1,750; a summary is at SM Online.

A Site to See

- The wireless protocol named Bluetooth is enjoying growing popularity in part due to regulations around the world that require drivers to use hands-free headsets when they’re on the phone. Automobile manufacturers have begun building these units into new models, and do-it-yourself kits abound; but unfortunately, they’re not always configured securely. The result? The Car Whisperer, an auditing tool from security researchers at the Trifinite Group, which includes several noted Bluetooth researchers. The Car Whisperer tool makes it possible to “inject audio data” into a poorly configured Bluetooth device and also to eavesdrop on conversations held inside the car. @ The group’s blog contains this and many other tools designed to compromise poorly protected Bluetooth systems. The Trifinite associates are passionate about spreading the word on Bluetooth security, making it A Site to See.

A Site to See

- The site also provides a location for saving personal bookmarks that can be accessed from any computer so that if you’re on the road and want to visit a bookmarked page but don’t have your regular computer, you can find the links easily nonetheless. Best of all, the site is completely free.

Quick Bytes: Zero-day approaches

- The time between the disclosure of a computer vulnerability that can allow infection by a worm or virus and the release of an exploit that can attack that vulnerability has dropped from 6.4 days to 6.0 days.

Quick Bytes: RFID planning

- The Department of Defense (DoD) is using radio frequency ID (RFID) tags throughout its supply-chain operations; by January 2007, all DoD commodities will have these tags.

Quick Bytes: Password frustration

- How many passwords do you need to remember? A survey by RSA Security Inc. of 1,700 enterprise technology end users found that 71 percent had as many as 12, and almost one-quarter had more than 15.

DOT’s Security Off Track

- When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy.

Worth a Look: Fencing Out Malicious Code

- Wayward wireless networks, a quarantine for malicious code, and infosec troubles at the Department of Transportation.

The Perils of Wireless Networking

- Wayward wireless networks, a quarantine for malicious code, and infosec troubles at the Department of Transportation.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.