Interesting Information Security Bits for 01/20/2009

by kriggins on January 20, 2009

Today's Bits has malware infections, data breach at a card processor, the need for requirements, deperimeterization and endpoint control, awareness campaign metrics, an update to an F-Secure malware removal tool, and a list of InfoSec bloggers in Australia. More details below. Have a great day.

  1. First they allowed computers used in surgery to be rebooted automatically upon being patched by Windows Update. Then they disabled Windows update, but didn't put any further controls in place to protect these systems. Remember, if you disable one control, you need to introduce a compensating control where elevated risk exists.
    Conficker seizes city's hospital network * The Register
    Tags: ( malware )
  2. This has the potential to be huge.
    Payment processor warns of network breach
    Tags: ( breach creditcard )
  3. "Tell me what you got and I'll pick what I think I need" never ends well. The need for requirements extends well beyond security controls. If you can't effectively articulate your needs, you are never going to be able to fulfill them.
    Requirements are required >> Andy ITGuy
    Tags: ( general )
  4. Yup, if you done control the endpoint, you have some really big problems.
    Deperimeterization without endpoint control? | Security Balance
    Tags: ( endpoint control infrosec deperimeterization )
  5. Julie has a good post up on Security Catalyst with some suggestions on how to measure the effectiveness of you security awareness program.
    Three Ways to Make Awareness Measurable : The Security Catalyst
    Tags: ( awareness metrics )
  6. F-Secure has an update available for their F-Downadup Removal Tool. With the number of machines being reported that are infected with this malware, we should probably all have this in our toolbox.
    ISTP and F-Downadup Removal Tool - F-Secure Weblog : News from the Lab
    Tags: ( malware tools removal )
  7. Drazen has started a list of Australian InfoSec bloggers. Check it out and make sure you are on it if you are a InfoSec blogger in Australia.
    Beast Or Buddha >> Australian IT Security Blog Directory
    Tags: ( general blogs )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

Tagged as: Awareness, breach, malware

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: