Landmark Leadership Conferences for IT Executives
 

The IT Blog



by Fred F. Farkel, Monday, May 26th, 2014

 

Guest editorial by Stan Stahl, Ph.D.

_________________________

I publish 6 or so essays a year in honor of the Fourth of July, Memorial Day, Thanksgiving, etc. My objective is to write in ways that bring us together around the ideals of America, rather than in ways that separate us. I am proud that readers often tell me they find my essays inspiring, for it means that I have captured that inspiration which is America.

My website The Agnostic Patriot provides a platform for my essays, which, as my readers know, are about America’s search for common ground as we the people continually co-create America’s more perfect union.

Why the name The Agnostic Patriot? My sole axiom is the Declaration’s self-evident assertion that we are all created equal. On all other matters, I strive to be politically agnostic.

America to me is not about “winning;” it is in steering that course of liberty between the tyranny of the King and the tyranny of the mob.

Like my essays,The Agnostic Patriot is a work in progress. In addition to holding all of my essays since 2005. I continue to populate a “Favorites” page, containing various writings and links that I find particularly meaningful. I also have a “News & Commentary” page which contain my “Let Freedom Ring” Twitter feeds broken into categories ranging from politics to philosophy. I have recently added a page to hold the writings of my son, Jonathan, as he thanks the veterans of the Vietnamese war, one soldier to another. His is a reminder that freedom is never free.

I have been writing these freedom essays for more than a dozen years. I wrote my first on the Thanksgiving after 9/11, giving thanks to the the fundamental principles of the American dream: freedom, liberty and a civil body politic.

I hope you find this essay of interest. If you do, I encourage you to forward this email to your friends and colleagues. If you don’t, please don’t hesitate to unsubscribe. (A link for doing so is located at the bottom of this email.)

Cheers –

Stan
LinkedIn: http://www.linkedin.com/in/stanstahl
@stanstahl
_________________________

If you want the truth to stand clear before you, never be for or against.
The struggle between “for” and “against” is the mind’s worst disease.
Sent ts’an, c. 700 C. E.

******

Memorial Day, 2014

… that these dead shall not have died in vain … Abraham Lincoln

Cheziray Pressley, War in Afghanistan … Aaron Elandt, Iraq War … Abraham Lincoln, President … Andrew Goodman, Civil Rights Worker … Anna Campos, Spanish American War … Antonio Francisco Abad, World War II … Charles Bent, Mexican Campaign … Chief Black Kettle, Indian Wars … Clem Moser, World War I … Brandon Kirton, War in Afghanistan … David Douglas, Union Army, Civil War … Donald McIntosh, Indian Wars … Edgar Hubert, Spanish-American War … Edmund Rice, Union Army, Civil War … Emily [unknown last name], Union Army, Civil War … George Cohen, World War II … Ivan Appleby, Vietnam War … James Newell, War of 1812 … John Dzeda, World War I … Joseph Freeman, World War I … Kurt Gruber, World War II … Nathan Hale, War for Independence … James Earl Chaney, Civil Rights Worker … Jesse Farley Dyer, Mexican Campaign … John Fitzgerald Kennedy, President … Justin Pollard, Iraq … Lars Larsen, World War I … Mary Hartso, World War II … Michael Schwerner, Civil Rights Worker … Mitchell Red Cloud Jr., Korean War … Mohammed Ali, World War II … Ramon C. Ojeda, Iraq … Reuben Smith Turman, Spanish-American War … Russell Smith, Jr, Persian Gulf War … Sitting Bull, Indian Wars … Stanley Bartusiak, Persian Gulf War … Taylor Maricle, Union Army, Civil War … Thomas H. Amos, Vietnam War … Walter Szeliga, World War II … William Dunkin, War of 1812 … Wilma Ledbetter, Korean War … Amaru Aguilar, War in Afghanistan

Eleven score and eighteen years ago our fathers brought forth on this continent, a new nation, conceived in Liberty, and dedicated to the proposition that all men are created equal.

Are we? Are we truly dedicated to the proposition that all of us are created equal? Do we truly share in our inalienable right to life, liberty and the pursuit of happiness?

Because if we don’t — and we don’t do something about it — then they died in vain.

And here’s where it gets tricky, incredibly tricky.

Take for example, Nevada rancher Cliven Bundy’s recent claim that blacks might have been better off as slaves. Or Duck Dynasty’s Phil Robertson’s rant against blacks and gays. Or Donald Sterling’s pathetic diatribe against blacks in general and Magic Johnson in particular. Not among America’s finest examples of our dedication to the proposition that all men are created equal!

And yet, aren’t they too created equal, entitled to the same inalienable right to life, liberty and the pursuit of happiness as the blacks, gays and others who they do not respect as equals? For if not, wouldn’t these dead have died in vain?

**********

Who were the 1,250,000 men and women who gave the last full measure of devotion in America’s wars? How dedicated were they to the proposition that all men are created equal?

Given the fact that 13,000 died during a time when slavery was legal in half of America and that those who died from the states of the Old South grew up in a legally segregated society until the 1960s, a reasonable guess is that at least 25% of the men and women who died in our wars would have agreed with the views of Bundy, Robertson and Sterling, that we are not all created equal.

That’s 250,000 men and women who gave their last full measure of devotion dedicated to a proposition — an ideal — that I believe in but they didn’t.

In other words … Racists died so I would have the opportunity to speak out against racism.

Humbling.

**********

The test of a first-rate intelligence is the ability to hold two opposing ideas in mind at the same time and still retain the ability to function … F. Scott Fitzgerald

Is this what dedicated to the proposition that all men are created equal means … holding our own ideas of equality while also considering the ideas of someone else, with different views?

Is this what Judge Learned Hand meant when he said the spirit of liberty is the spirit which seeks to understand the minds of other men and women?

Perhaps this is what St. Augustine and Gandhi meant when they encouraged us to love the sinner while hating the sin.

I can hate the racism but — if I am to be dedicated to the proposition that all men are created equal — then I must have respect … and compassion … for the person expressing the racism.

Perhaps this is what is required of us that these dead shall not have died in vain … that we honor their sacrifice by contemplating — seeking to understand — even their racist ideas.

**********

“If you would win a man to your cause, first convince him that you are his sincere friend. Therein is a drop of honey that catches his heart, which … is the great high-road to his reason, and which, when once gained, you will find but little trouble in convincing his judgment of the justice of your cause if, indeed, that cause be really a just one.” …  Abraham Lincoln

In a recent TED talk, Ariel Investment President Mellody Hobson — who happens to be African-American — encourages us to be “color brave” instead of “color blind,” embracing talk of race instead of shying away from it, understanding that it is by getting to know each other that we will come to better understand and respect each other … that here lies the drop of honey.

So let’s talk about race … and all the other things that divide us in America’s culture wars. Homosexuality. Freedom of choice. God. Atheism. Immigration. The environment. Health care. The wealth gap. All of it.

Let’s talk about these things with each other as we would if we knew the person we were talking with was going to die tomorrow on a battlefield fighting for our freedom.

For he did.

Let freedom ring.

Copyright © 2014. Stan Stahl, Ph.D. All Rights Reserved. Permission is granted to republish this essay provided the essay is reproduced unedited and in its entirety, its source is identified as The Agnostic Patriot at www.agnosticpatriot.org and this copyright NOTICE is included.

The post Memorial Day, 2014 appeared first on The Agnostic Patriot.

Read More | Comments Off on Memorial Day, 2014

by Fred F. Farkel, Monday, May 19th, 2014

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash Player: Adobe has released version 13.0.0.214 to fix at least 6 highly critical vulnerabilities in its Flash Player for the Windows, Mac, Linux and versions. Updates are available from Adobe’s website.

Adobe Reader: Adobe has released version 11.0.07 to fix at least 11 highly critical vulnerabilities reported in previous versions. Updates are available from Adobe’s website. Updates are also available for Acrobat and Illustrator.

Apple iTunes: Apple has released version 11.2 for iTunes versions in Windows 8, 7, Vista, and XP SP3 or later. Updates are available through the program or from Apple’s website.

Apple OS X: Apple has released updates for OS X to fix at least 22 vulnerabilities, some of which are highly critical. Update to version 10.9.3 or apply Security Update 2014-001. Updates are available through Apple’s website.

Foxit Reader: Foxit has released version 6.2.0.0429 to fix a moderately critical vulnerability. Updates are available through the program or from Foxit’s website.

Google Chrome: Google has released Google Chrome 34.0.1847.137 for Windows, Mac, Linux, and Chrome Frame to fix at least 9 highly critical vulnerabilities. Updates are available from within the browser or from Google Chrome’s website.

Microsoft Internet Explorer: Microsoft released updates to fix two extremely critical vulnerabilities in all versions of Internet Explorer. Apply updates.

Microsoft Patch Tuesday: Microsoft released several updates addressing at least 13 security vulnerabilities, some of which are highly critical, in Windows, Office, Internet Explorer, and more. Updates are available via Windows Update or from Automatic Update.

Opera: Opera has released version 21.0.1432.67. Updates are available from within the browser or from Opera’s website.

Skype: Skype has released Skype 6.16.0.105. Updates are available from the program or Skype’s website.

TechSmith Corporation SnagIt: TechSmith has released updates for SnagIt. Updates are available from TechSmith’s website.

Current Software Versions

Adobe Flash  13.0.0.214 [Windows 7: IE]

Adobe Flash  13.0.0.214 [Windows 7: Firefox, Mozilla]

Adobe Flash  13.0.0.214 [Windows 8: IE]

Adobe Flash  13.0.0.214 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.07

Dropbox 2.6.33 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 29.0.1

Google Chrome 34.0.1847.137

Internet Explorer 11.0.9600.17105

Java SE 8 Update 5 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.5

Safari 5.1.7

Safari 7.0.2 [Mac OS X]

Skype 6.16.0.105

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

BlackBerry OS: Secunia reports that BlackBerry has released updates for its OS to fix 17 vulnerabilities, some of which are highly critical, due to a bundled version of Adobe Flash Player. Update to version 10.2.0.1443.

Cisco Multiple Products: Secunia reports that Cisco has released updates for its IOS and IOS XE, , and others. Apply updates.

RSA NetWitness / Security Analytics: Secunia reports that RSA has released an update to fix a security issue in its NetWitness and Security Analytics. Update to a fixed version.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, May 18, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Weekend Vulnerability and Patch Report, May 18, 2014

by Fred F. Farkel, Monday, May 19th, 2014

 

Guest column by Citadel Information Group

Cyber Crime

Breach At Bit.ly Blamed On Offsite Backup Storage Provider: URL shortening service says user database may have been compromised through backup data. DarkReading, May 13, 2014

Cyber Attack

Iranian Hackers Targeted Defense Workers and Political Dissidents: There’s a new politically motivated hacker gang to keep track of, one that started out defacing websites but which has progressed more recently into conducting full-blown campaigns of cyber espionage abroad and political oppression at home. And it is based in Iran. Re/code, May 13, 2014

Cyber Privacy

NSA reform: lawmakers aim to bar agency from weakening encryption: Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment. The Guardian, May 13, 2014

Is the EU compelling Google to become about.me?: Today the EU’s highest court interpreted the EU’s 1995 Data Protection Directive to mean that individuals should have a shot at insisting that Google and other search engines remove certain search results found upon a search for their names, not because they are false, or infringe copyright, but because they violate a “respect for private life” or a “right to protection of personal data.” What does that mean specifically? Not easy to say. Neither the opinion nor the Court’s press release is clear on that. Among the many cases pending about it, the one that the Court heard involved a Spanish citizen who did not like that people could find the public records of a foreclosure sale of one of his properties. So that’s not personal, secret information that was somehow uncovered; it’s a public record or fact made more searchable. And it’s not in the narrow category of things like social security numbers that might be in public documents, but for which Google and other search engines have taken some steps to make them not work as search terms. (Same with credit card numbers.) Jonathan Zittrain, May 13, 2014

Europe’s Top Court Orders Google to Forget: Google and other search engine providers can be ordered to delete links to outdated information about a person published on the Internet, the Court of Justice of the European Union ruled Tuesday. CIO, May 13, 2014

Identity Theft

Here’s How You Protect Your Kids From Identity Theft: Child identity theft cases sometimes continue for years before they’re discovered. Adam Levin, of Identity Theft 911, explains how this happens, and what to do about it. NPR, May 13, 2014

Cyber Warning

Windows users warned over spammed-out gadget malware attack: Windows users are at risk of having their computers infected, after a malware attack posing as an “important company update” was spammed out. Graham Cluley, May 16, 2014

Hackers ramp up computer attacks, demand ‘ransom’: On a bitter cold Friday in January, an ominous warning popped up on a computer screen at the Chamber of Commerce in Bennington, Vt. Detroit Free Press, May 15, 2014

Postal Service: Beware Stamp Kiosk Skimmers: The United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at Post Office locations across the United States, KrebsOnSecurity has learned. KrebsOnSecurity, May 13, 2014

Cyber Security Management

Infographic: The Story Of A Phish: Are your employees like Troy, blissfully unaware of the dangers of spear phishing? DarkReading, May 13, 2014

Cybersecurity options lag behind hackers’ abilities: A computer hacker once told a congressional committee that he could take out the entire Internet in a half-hour. That was back when the World Wide Web was in its infancy and Google didn’t even exist yet. Stars and Stripes, May 13, 2014

Your Cybersecurity: Don’t Count On The Government: Last week I attended the United States Cybercrime conference outside of Washington, D.C. For the past eleven of twelve years, the Department of Defense organized this gathering, but this year it was privately funded due to budget constraints. This was a five-day event with six hundred cybersecurity experts, government agents, intelligence officers, and private sector IT professionals. There were more than 170 speakers, sixty exhibitors, and in-depth hands-on training courses in digital forensic investigations, decryption techniques, malware smartphone analysis, and covert exploration of digital services. Forbes, May 12, 2014

Cyber Security Management – Cyber Update

Adobe, Microsoft Issue Critical Security Fixes: Adobe and Microsoft today each released software updates to plug dangerous security holes in their products. Adobe pushed patches to fix holes in Adobe Acrobat/Reader as well as Flash Player. Microsoft issued eight update bundles to nix at least 13 security vulnerabilities in Windows and software that runs on top of the operating system. KrebsOnSecurity, May 13, 2014

Cyber Security Management – Cyber Defense

Rush to defend against Heartbleed leads to mistakes with certificates, patches: Despite taking prompt action to defend against the Heartbleed attack, some sites are no better off than before — and in some cases, they are much worse off. NetworkWorld, May 9, 2014


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, May 18, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Cyber Security News of the Week, May 18, 2014

by Fred F. Farkel, Monday, May 12th, 2014

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Dropbox: Dropbox has released version 2.6.33 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Foxit Reader: Foxit has released version 6.2.0.0429 to fix a moderately critical vulnerability. Updates are available through the program or from Foxit’s website.

Mozilla Firefox: Mozilla has released version 29.0.1. Updates are available within the browser or from Mozilla’s website.

Opera: Opera has released version 21.0.1432.57. Updates are available from within the browser or from Opera’s website.

Siber Systems RoboForm: Siber Systems has released version 7.9.6 of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.

WinZip: Winzip has released version 18.5. Updates are available from within the program, look for “Check for Updates” on the Help menu, or download from the WinZip website.

Current Software Versions

Adobe Flash  13.0.0.206 [Windows 7: IE]

Adobe Flash  13.0.0.206 [Windows 7: Firefox, Mozilla]

Adobe Flash  13.0.0.206 [Windows 8: IE]

Adobe Flash  13.0.0.206 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.33 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 29.0.1

Google Chrome 34.0.1847.131

Internet Explorer 11.0.9600.17105

Java SE 8 Update 5 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.5

Safari 5.1.7

Safari 7.0.2 [Mac OS X]

Skype 6.14.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released updates for its WebEx Meetings Server, WebEx Recording Format Player, WebEx Advanced Recording Format Player, Adaptive Security Appliance (ASA), Broadband Access Center Telco Wireless (BAC-TW), Nexus 1000V Series Switches, and others. Apply updates.

Citrix Multiple Products: Secunia reports that Citrix has released updates for its CloudPlatform, Licensing, Usage Collector, XenClient Enterprise, XenClient XT, Desktop Player for Mac, Receiver, Worx Home for iOS, XenClient Enterprise, XenMobile MDX Toolkit & SDK, NetScaler and others. Apply updates.

Kaspersky Internet Security: Secunia reports that Kasperksky has released updates for its Internet Security to fix a moderately critical vulnerability in previous versions. Apply patch G.

Kaspersky PURE: Secunia reports that Kasperksky has released updates for its PURE RPC Server to fix a moderately critical vulnerability in previous versions. Apply patch E.

McAfee Firewall Enterprise: Secunia reports that McAfee has released updates for its Firewall Enterprise to fix a highly critical vulnerability reported in previous versions. Update to version 7.0.1.02.E16, 7.0.1.03H07, 8.2.1P01, or 8.3.0.

Novell Open Enterprise Server: Secunia reports that Novell has released updates to fix a vulnerability in its Open Enterprise Server (OES) reported in 11 (OES 11) Linux Support Pack 2 prior to oes11sp2-March-2014-Scheduled-Maintenance-8934. Apply oes11sp2-March-2014-Scheduled-Maintenance-8934.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, May 4, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Weekend Vulnerability and Patch Report, May 11, 2014

by Fred F. Farkel, Monday, May 12th, 2014

 

Guest column by Citadel Information Group

Cyber Crime

The Target Breach, By the Numbers: News that Target’s CEO Gregg Steinhafle is stepping down has prompted a flurry of reports from media outlets trying to recap events since the company announced a data breach on Dec. 19, 2013. Sprinkled throughout those reports were lots of numbers, which got me to thinking about synthesizing them with some of the less-reported numbers associated with this epic breach. KrebsOnSecuriy, May 6, 2014

Target CEO Gregg Steinhafel Resigns In Data Breach Fallout: Target’s TGT +1.39% CEO is the latest casualty of the widespread data breach that saw hackers steal personal data and credit card information from millions of customers. Forbes, May 5, 2014

Cyber Privacy

My Experiment Opting Out of Big Data Made Me Look Like a Criminal: Here’s what happened when I tried to hide my pregnancy from the Internet and marketing companies. Time, May 1, 2014

Cyber Security Management

Are rogue employees the biggest threat to information security?: Rogue employees continue to be the biggest threat to information security, according to 37% of IT professionals polled by BSI at Infosecurity Europe 2014. Help Net Security, May 9, 2014

The rising strategic risks of cyberattacks: More and more business value and personal information worldwide are rapidly migrating into digital form on open and globally interconnected technology platforms. As that happens, the risks from cyberattacks become increasingly daunting. Criminals pursue financial gain through fraud and identity theft; competitors steal intellectual property or disrupt business to grab advantage; “hacktivists” pierce online firewalls to make political statements. McKinsey&Company, May 2014

Cyber Security Management – Cyber Defense

Accidental Heartbleed Vulnerabilities Undercut Recovery Effort: Scans find 300,000 affected servers, but a surprising number of newly vulnerable servers have surfaced since Heartbleed warning was first sounded. Dark Reading, May 9, 2014

Antivirus is Dead: Long Live Antivirus!: An article in The Wall Street Journal this week quoted executives from antivirus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle. KrebsOnSecurity, May 7, 2014

Cyber Warning

Google blocks filesharing website Demonoid over malware downloads: Google is warning users of its search engine that if they visit filesharing website Demonoid, they could find malicious software being downloaded and installed on their computers. The Guardian, May 9, 2014

Cyber Law

DOJ Asks for New Authority to Hack and Search Remote Computers: IDG News Service (Washington, D.C., Bureau) — The U.S. Department of Justice wants new authority to hack and search remote computers during investigations, saying the new rules are needed because of complex criminal schemes sometimes using millions of machines spread across the country. CIO, May 9, 2014

FTC Must Disclose Consumer Data Security Standards: A company accused by the FTC of failing to provide adequate data security has the right to know the required security standards, administrative judge rules. InformationWeek, May 8, 2014

Cyber Misc

When Hitting ‘Find My iPhone’ Takes You to a Thief’s Doorstep: WEST COVINA, Calif. — After a boozy Saturday night, Sarah Maguire awoke the next morning to find that her iPhone was gone. Her roommate’s phone was gone, too. Were they at the bar, she wondered, or in the cab? The New York Times, May 3, 2014

Can Hackers Really Manipulate Traffic Lights Like You’ve Seen in the Movies?: The hacker in The Italian Job did it spectacularly. So did the fire-sale team in Live Free or Die Hard. But can hackers really hijack traffic lights to cause gridlock and redirect cars? Yahoo, May 2, 2014

Bitcoin Vies with New Cryptocurrencies as Coin of the Cyber Realm: As hundreds of “altcoin” knockoffs are minted online, bitcoins no longer dominate as the principal form of digital currency. Scientific American, April 29, 2014

Cyber Calendar

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman,Founder & iCEO, WhiteHat SecurityMarcus RanumCSO, Tenable; Marc MaiffretCTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira WinklerISSA International PresidentAndrea HoyISSA International Vice-President. For more information and to register, visit ISSA-LA.

EFF at ISSA-LA Information Security Summit: Join EFF at the 6th annual ISSA-LA Information Security Summit! The Los Angeles Chapter Information Systems Security Association presents this event to provide a unique opportunity to learn from leading cyber security experts like Former White House cyber security czar Richard A. Clarke and Los Angeles County District Attorney Jackie Lacey. Electronic Frontier Foundation at ISSA-LA Information Security Summit, Event Date: May 16, 2014

BeyondTrust Chief Technology Officer Marc Maiffret to Speak at ISSA-LA Sixth Annual Information Security Summit on Cybercrime Solutions: Marc Maiffret, Chief Technology Officer of BeyondTrust, is one of the outstanding speakers at the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) Sixth Annual Information Security Summit on May 16, 2014, at Hilton Universal City Hotel in Los Angeles. The theme of the Summit, The Growing Cyber Threat: Protect Your Business, emphasizes the financial impact of cybercrime on all organizations, and it highlights finding solutions to protecting and securing private information on the Internet. MarketMen, April 4, 2014


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, May 11, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Cyber Security News of the Week, May 11, 2014

by Fred F. Farkel, Monday, May 5th, 2014

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash Player: Adobe has released version 13.0.0.206 for its Flash Player to fix an extremely critical vulnerability. Updates are available through the program or from Adobe’s Flash Web Site.

Check Point Technologies Zone Alarm: Check Point has released version 13.1.211.000 of the Free version of Zone Alarm. Updates are available from Check Point’s website.

Dropbox: Dropbox has released version 2.6.31 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Google Chrome: Google has released version 34.0.1847.131 of Chrome for Windows and Mac to fix 8 highly critical vulnerabilities. Updates are available through the program.

Microsoft Internet Explorer: Microsoft has released an emergency security update to fix a zero-day vulnerability that is present in all versions of its Internet Explorer Web browser and that is actively being exploited. The company says Windows XP users also will get the update, even though Microsoft officially ceased supporting XP last month. Updates are available from the Windows Control Panel.

Mozilla Firefox: Mozilla has released version 29.0 of Firefox to fix at least 13 highly critical vulnerabilities. Updates are available within the browser or from Mozilla’s website. There are also updates for Thunderbird and SeaMonkey.

Mozilla Firefox for Android: Mozilla has released version 29.0 of Firefox for Android to fix an unpatched vulnerability in previous versions. Updates are available through the device.

TechSmith Corporation SnagIt: TechSmith has released updates for SnagIt. Updates are available from TechSmith’s website.

Current Software Versions

Adobe Flash  13.0.0.206 [Windows 7: IE]

Adobe Flash  13.0.0.206 [Windows 7: Firefox, Mozilla]

Adobe Flash  13.0.0.206 [Windows 8: IE]

Adobe Flash  13.0.0.206 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.31 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 29.0

Google Chrome 34.0.1847.131

Internet Explorer 11.0.9600.17105

Java SE 8 Update 5 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.5

Safari 5.1.7

Safari 7.0.2 [Mac OS X]

Skype 6.14.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released updates for its TelePresence System MXP Series, Unified Communications Manager, IOS XE, Adaptive Security Appliance (ASA), and others. Apply updates.

Cisco TelePresence TC and TE: Secunia reports that Cisco has released a partial fix for its TelePresence TC and TE to address at least 11 moderately critical vulnerabilities. Update or upgrade to a fixed version.

Microsoft Windows Flash Player: Secunia reports that Microsoft has released updates to fix a highly critical vulnerability in Windows Flash Player for Windows 8 and 8.1, Windows RT 8.1, and Server 2012. Apply updates.

Novell Open Enterprise Server (OES): Secunia reports that Novell has released updates to fix a security issue in its Open Enterprise Server (OES) reported in Novell Client for Linux shipped within the Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2. Apply “April 2014 OES11SP2 Hot Patch for NCL”.

Novell Storage Manager: Secunia reports that Novell has released updates to fix two vulnerabilities in previous versions of its Storage Manager caused by a bundled vulnerable version of OpenSSL. Update to version 3.1.1.1.


If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Weekend Vulnerability and Patch Report, May 4, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Weekend Vulnerability and Patch Report, May 4, 2014

by Fred F. Farkel, Monday, May 5th, 2014

 

Guest column by Citadel Information Group

Cyber Crime

Tax Fraud Gang Targeted Healthcare Firms: Earlier this month, I wrote about an organized cybercrime gang that has been hacking into HR departments at organizations across the country and filing fraudulent tax refund requests with the IRS on employees of those victim firms. Today, we’ll look a bit closer at the activities of this crime gang, which appears to have targeted a large number of healthcare and senior living organizations that were all using the same third-party payroll and HR services provider. KrebsOnSecurity, April 30, 2014

Identity Theft

California Bills Would Address Consumer Financial Information Security: Two bills dealing with credit card security will be taken up over the next week in California legislative committees. Recent data security breaches at Target and other big retailers prompted the legislation. Capital Public Radio, May 2, 2014

Do Identity Theft Protection Services Work?: With more and more major retailers being hit by hackers and major security flaws on the Internet like Heartbleed, identity theft is becoming more and more of a threat. Huffington Post, May 1, 2014

Susan Tompor: Time to get a ‘little paranoid’ after credit, debit card breaches: Mike Rosinski, 51, doesn’t really know how a string of fraudulent charges ranging from as little as $3.19 for some odd outfit in Missouri to $434.10 at a Fry’s Electronics in another state ended up hitting his Visa credit card in mid-April. Detroit Free Press, May 1, 2014

AOL asking users to change passwords after discovering breach: AOL is asking potentially millions of its email users to change their passwords and security questions after discovering a cyber attack that potentially comprised the accounts of a small portion of its user base. ZDNet, April 28, 2014

Cyber Threat

Europol Cybercrime Chief Believes Cyber Threat Will ‘Change the World’: According to the man tasked with tackling online crime across the European Union, the continent’s reliance on the internet to do business makes it the perfect target for cybercriminals, who don’t even have to leave their armchairs to commit crimes. IBTimes, April 29, 2014

Cyber Warning

Homeland Security: Don’t use IE due to bug: SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend. USA Today, April 29, 2014

Officials Say Russian Hackers May Retaliate for Sanctions: U.S. officials and security specialists are warning that Russian hackers may respond to new sanctions by attacking the computer networks of U.S. banks and other companies. Bloomberg, April 27, 2014

Cyber Security Management

Microsoft sharpens encryption management tools: Microsoft is giving the IT admin crowd an updated toolset for managing encryption with the latest release of its Desktop Optimization Pack, better known as MDOP. PCWorld, May 2, 2014

How to protect your supply chain from cybercrime: As companies start to work with more clients, they run the risk of cybercrime through a whole network of collaborating businesses. Here’s tips on how to protect yourself from an online attack. The Guardian, April 28, 2014

Applying ‘big data’ principles reveals three main types of cyber crime per industry – Verizon report: The overwhelming majority of data breaches tracked by security researchers last year fell into one of nine categories, while three of those categories dominated recorded attacks in any given industry, according to a new report. Out-Law.com, April 24, 2014

Cyber Security Management – Cyber Defense

John Pescatore: BYOIT, IoT among top information security trends: BOSTON — There’s no board game that can help enterprise information security managers win in their jobs, but one of the industry’s most respected security analysts believes identifying key changes in IT and getting the resources to secure them can often seem like a game of “Chutes and Ladders.” SearchSecurity, May 2, 2014

Cyber Security Management – Cyber Update

Microsoft Issues Fix for IE Zero-Day, Includes XP Users: Microsoft has issued an emergency security update to fix a zer0-day vulnerability that is present in all versions of its Internet Explorer Web browser and that is actively being exploited. In an unexpected twist, the company says Windows XP users also will get the update, even though Microsoft officially ceased supporting XP last month. KrebsOnSecurity, May 1, 2014

Adobe Update Nixes Flash Player Zero Day: Adobe Systems Inc. has shipped an emergency security update to fix a critical flaw in its Flash Player software that is currently being exploited in active attacks. The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac and Linux versions of Flash. KrebsOnSecurity, April 28, 2014

Securing the Village

Good information security leadership demands focus on shared knowledge: BOSTON — One of information security’s most venerable thought leaders believes the evolution of leadership in the industry has reached a turning point and without a disciplined, holistic approach emphasizing shared knowledge, enterprise security programs will never achieve their desired results. SearchSecurity, May 1, 2014

Today on CLBR: The State of Cyber Security with Stan Stahl: Dr. Stan Stahl, President of Citadel Information Group, returns to discuss the latest Cyber Security issues and the upcoming ISSA-LA Information Security Summit VI which is the premier information security event in Los Angeles. CyberLawRadio, April 23, 2014

National Cyber Security

White House Details Thinking on Cybersecurity Flaws: WASHINGTON — In a rare insight into the government’s thinking on the use of cyberweapons, the White House on Monday published a series of questions it asks in deciding when to make public the discovery of major flaws in computer security or whether to keep them secret so that American intelligence agencies can use them to enable surveillance or an attack. The New York Times, April 28, 2014

Cyber Underworld

EU Cybercrime Officials Blame TOR for Difficulty in Catching Criminals: EU Cybercrime Officials Blame TOR for Difficulty in Catching Criminals: CoinReport, April 20, 2014

Cyber Espionage

F.B.I. Informant Is Tied to Cyberattacks Abroad: WASHINGTON — An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks. The New York Times, April 23, 2014

Cyber Calendar

ISSA-LA Sixth Annual Information Security Summit, May 16, Universal City Hilton. Speakers include Richard Clarke, former Assistant to the President; Jackie Lacey, Los Angeles County District Attorney;Jeremiah Grossman, Founder & iCEO, WhiteHat SecurityMarcus RanumCSO, Tenable; Marc MaiffretCTO, Beyond Trust; Jim Manico, Secure Coding Instructor and Author, Global OWASP Board of Directors; Ira WinklerISSA International PresidentAndrea HoyISSA International Vice-President. For more information and to register, visit ISSA-LA.


Copyright © 2014 Citadel Information Group. All rights reserved.

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you. The post Cyber Security News of the Week, May 4, 2014 appeared first on Citadel Information Group.

Read More | Comments Off on Cyber Security News of the Week, May 4, 2014