Henetz, P. (2012, April 6). Medicaid data breach far worse than reported. Salt Lake City Tribune. Retrieved from http://www.sltrib.com/sltrib/news/53868568-78/security-information-health-clients.html.csp
A huge proportion of [Utah’s] Medicaid clients — two-thirds of them children — are victims of hackers who broke into an inadequately protected computer server at the Utah Department of Health, officials said Friday.
The cyber invasion started a week ago, with most of the data stolen from 181,604 Medicaid and Children’s Health Insurance Program recipients between Sunday night and Monday morning. Of those clients, 25,096 appear to have had their Social Security numbers compromised. More from the New York Times.
Gallagher, S. (2012, April 11). Bad bots: DDos attacks spike in first quarter, outdoing all of 2011. Ars Technica. Retrieved from http://arstechnica.com/business/news/2012/04/bad-bots-ddos-attacks-spike-in-first-quarter-outdoing-all-of-2011.ars
The number of denial-of-service attacks in the first quarter of 2012 grew 25 percent compared with the same period of 2011, and was nearly equal to the number in the last three months of last year. Not only has the number of DDoS attacks not dropped from its seasonal high, but the volume of junk traffic being created by them has spiked dramatically—the company reports that it has fended off more malicious traffic in the first three months of 2012 than it did in all of 2011—9.5 petabytes of raw data, and 408 trillion network packets.
[NEW WEBCAST] Georgetown Institute for Law, Science, and Global Security. Second Annual International Engagement on Cyber. (2011, March 29). Retrieved from http://www.acus.org/event/international-engagement-cyber-establishing-international-norms-improved-cyber-security
Transcripts and video of all presentations, including panels chaired by Michael Hayden and Melissa Hathaway.
Lowensohn, J. (2012, April 11). Symantic cuts Flashback infection estimates in half. CNET. Retrieved from http://news.cnet.com/8301-1009_3-57412598-83/symantec-cuts-flashback-infection-estimates-in-half/?tag=txt;title
The high-profile piece of malware that’s been estimated to have infected more than 600,000 users of Apple’s Mac OSX worldwide, is in considerably fewer machines now, according to a major security firm.
In a blog post today, software maker and security firm Symantec said that there are now fewer than half that number of machines with the infection, and that the number of active infections is on a downward trend.
More, and a removal tool from Kaspersky Labs.
Musil, S. (2012, April 10). Court narrows prosecutors’ use of anti-hacking law. CNET. Retrieved from http://news.cnet.com/8301-1009_3-57412137-83/court-narrows-prosecutors-use-of-anti-hacking-law
Warning that checking sports scores or updating Facebook could be considered a crime, a U.S. appeals court rejected the government’s broad interpretation of a nearly 30-year-old anti-hacking law in trying to prosecute a man for misappropriation of trade secrets.
In a 9-2 decision (PDF), the 9th U.S. Circuit Court of Appeals in San Francisco rejected the broad reading of the 1984 federal Computer Fraud and Abuse Act, warning that millions of Americans could be subjected to prosecution for harmless Web surfing at work.
Peck, M. (2012, April 2). Spy games. Foreign Policy. Retrieved from http://www.foreignpolicy.com/articles/2012/04/02/spy_games?page=full
Recent years have brought reports of the U.S. government eavesdropping on phone conversations, e-mails, even tweets — all in the name of fighting terrorism. But surely your Xbox must be safe from the prying eyes of Big Brother?
Not for long. You might not immediately think that slaying dragons or driving like a maniac through virtual streets is all that interesting to intelligence agents, but the U.S. government believes there might be law enforcement gold on your Xbox. Government researchers say that hacking into consoles will allow police to catch pedophiles and terrorists. Meanwhile, privacy advocates worry that gamers may leave sensitive data — and not just credit card information — on their Nintendos without knowing it.
Pellerin, S. (2012, April 11). DOD expands international cyber cooperation, official says. Armed Forces News Service. Retrieved http://www.defense.gov/news/newsarticle.aspx?id=67889
The Defense Department is moving beyond its traditional treaty allies to expand partnerships in cyberspace, a senior defense office said today. Steven Schleien, DOD’s principal director for cyber policy, said DOD officials are working toward long-term goals of collective cyber self-defense and deterrence.
Schleien spoke at Georgetown University’s second annual International Engagement on Cyber here where experts from Washington, the Netherlands and Russia spoke about national security and diplomatic efforts in cyberspace before several hundred students and experts in the field.
Ragan, S. (2012, April 11). Anonymous launches attacks against trade associations and Boeing. SecurityWeek. Retrieved from http://www.securityweek.com/anonymous-launches-attacks-against-trade-associations-and-boeing
Two technology trade associations, TechAmerica and USTelecom, and one of the world’s largest defense contractors, Boeing, had their web sites knocked offline by Anonymous for their support and connections to the controversial CISPA bill. They are the latest in a string of targets selected by those supporting Anonymous’ Operation Defense (OpDefense). Anonymous strongly opposes the Cyber Intelligence Sharing and Protection Act (CISPA). Their outrage over CISPA mirrors the sentiment put on display when they rallied behind those who stood against SOPA, ACTA, and PIPA.
Wheatman, V. (2012, April 11). Secure B2B and electronic data interchange [Gartner]. Retrieved from http://my.gartner.com.ezproxy.umuc.edu/portal/server.pt?open=512&objID=260&mode=2&PageID=3460702&resId=1980427&ref=QuickSearch&sthkw=security
EDI is a document format for official B2B correspondence used for business transactions such as purchase orders, invoices, shipping notices, financial transactions and health information. Security is often an afterthought in B2B processes. Organizations must determine how much security is enough.
Zetter, K. (2012, April 10). Board urges feds to prevent medical device hacking. Wired. Retrieved from http://www.wired.com/threatlevel/2012/04/security-of-medical-devices/
In the wake of increasing concern about the security of wireless medical devices, a privacy and security advisory board is calling on the government to grant the FDA or other federal entity the authority to assess the security of devices before they’re released for sale to the market. The group also wants the government to establish a clear channel through the United States Computer Emergency Readiness Team for reporting security problems with medical devices — including pacemakers, defibrillators, and insulin pumps – so vulnerabilities can be easily tracked and addressed.
CALLS FOR PAPERS
8th Conference on Security and Cryptography for Networks [Amalfi, Italy, Sept. 5-7, 2012]
17th European Symposium on Research in Computer Security [Pisa, Italy, Sept. 10-12, 2012]
15th Information Security Conference [Passau, Germany, Sept. 19-20, 2012]
17th Nordic Conference in Secure IT Systems [Karlskrona, Sweden, Oct 31 – Nov. 2, 2012]
3rd Conference on Decision and Game Theory for Security [Budapest, Hungary, Nov. 5-6, 2012]
28th Annual Computer Security Applications Conference [Orlando, FL, Dec. 3-7, 2012]
8th International Conference on Information Systems Security [Guwahati, India, Dec.15-19, 2012]