Your right to know
Rich from Taosecurity sent this link. Business Week examines your right to know about computer break-ins.
This lapse sparked what may mark a dramatic shift in legal policy toward cybersecurity. Over strenuous objections from the business lobby, on Sept. 26 California enacted a sweeping measure that mandates public disclosure of computer-security breaches in which confidential information may have been compromised. The law covers not just state agencies but private enterprises doing business in California. Come July 1, 2003, those who fail to disclose that a breach has occurred could be liable for civil damages or face class actions (click here for more information on the legislation, bill number SB 1386).
MS gets tough
I'll believe it when I see it. But couldn't someone teach Mundie some PR skills?
Craig Mundie, who oversees the company's Trustworthy Computing initiative, told an audience Wednesday that in response to the threat of terrorist cyberattacks, Microsoft would deploy security fixes to its installed base of hundreds of millions of computers worldwide in the coming year -- even if those fixes break applications in use by customers.
I'm certain the legion of MS customers with custom apps ($$$) will be thrilled with that approach.
The English military cracker will attempt to fight extradition to the US.
McKinnon, known on the Internet as ``SOLO,'' remains free although he was briefly held by British authorities, U.S. Attorney Paul McNulty said. He said the Justice Department will seek to extradite McKinnon, a rare move in international hacking cases.
You are a suspect
Fantastic NYTimes editorial on the proposed Homeland Security Act. This is an important piece for everyone - privacy zealouts, computer security professionals, tech enthusiasts.
Every purchase you make with a credit card, every magazine subscription you buy and medical prescription you fill, every Web site you visit and e-mail you send or receive, every academic grade you receive, every bank deposit you make, every trip you book and every event you attend — all these transactions and communications will go into what the Defense Department describes as "a virtual, centralized grand database."
Email never dies
The Wall Street Journal discusses email - and how it can haunt you.
The e-mail-fueled investigations into Wall Street brokerage firms, including former Merrill Lynch analyst Henry Blodget and more recently, former Citigroup's Salomon Smith Barney analyst Jack Grubman, has prompted many office workers and consumers to wonder: How do you safely purge your electronic communications?
Eugene Spafford has an article in InfoSec mag on the future of computer security. Several interesting predictions - take a look.
Will the future really be as bleak as these predictions suggest? Perhaps. One of the ground rules of prediction is that we have choices to make that can change the future.
Some more info on the English cracker:
US investigators say one break-in shut down navy systems immediately after the September 11 terror attacks.
Military cracker caught
Slashdot referenced this story on an English cracker who hit more than 100 unclassified military networks. First that I've heard of this and the article is sketchy - but it sounds interesting.
Federal authorities have cracked the case of an international hacker who broke into roughly 100 unclassified U.S. military networks over the past year, officials said Monday.
And this snippet caught my eye, perhaps implying how serious/sophisticated the attacks were?
Officials said U.S. authorities were weighing whether to seek the hacker's extradition from England, a move that would be exceedingly rare among international computer crime investigations.
The Wall Street Journal has a fascinating piece on how al Qaeda used the Internet. Pick up a copy and take a look if you can. I can't post everything here, but a good excerpt follows.
Domestic data mining
From the NYTimes:
The Pentagon is constructing a computer system that could create a vast electronic dragnet, searching for personal information as part of the hunt for terrorists around the globe — including the United States.
Why is this significant - and scary?
Historically, military and intelligence agencies have not been permitted to spy on Americans without extraordinary legal authorization. But Admiral Poindexter, the former national security adviser in the Reagan administration, has argued that the government needs broad new powers to process, store and mine billions of minute details of electronic life in the United States.