Vincent Arnold

Separation of Duties and IT Security

admin — Wed, 27 Aug 2008 00:29:47 +0000

Muddied responsibilities create unwanted risk. Kevin Coleman says auditors may start labeling poorly defined IT duties as a material deficiency.

By Kevin Coleman, Technolytics Institute

August 26, 2008 — CSO — Separation of duties is a key concept of internal controls and is the most difficult and sometimes the most costly one to achieve. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people.

The term SoD is already well-known in financial accounting systems. Companies in all sizes understand not to combine roles such as receiving checks (payment on account) and approving write-offs, depositing cash and reconciling bank statements, approving time cards and have custody of pay checks, etc. However, SoD is fairly new to the IT organization…

Source

Superstar 9 year old pitcher throws too hard: Opposing team forfeits game, packs gear and bails.

admin — Tue, 26 Aug 2008 23:33:03 +0000

Commentary: Whaaaaaa!!!!! Are you kidding me? We’re gettin’ our arses kicked so let’s bail to stop the pwnage and have a good cry while we are at it…This is absolutely ridiculous. Nice way to teach values New Haven.

NEW HAVEN, Conn. — Nine-year-old Jericho Scott is a good baseball player — too good, it turns out.

The right-hander has a fastball that tops out at about 40 mph. He throws so hard that the Youth Baseball League of New Haven told his coach that the boy could not pitch any more. When Jericho took the mound anyway last week, the opposing team forfeited the game, packed its gear and left, his coach said.

Source

Local councils accused of spying on residents’ sex lives

Vince — Sun, 24 Aug 2008 20:10:48 +0000

Commentary: Never saw this comin’…Who’s watchin’ the watchers?

Council have been accused of using surveillance powers to pry into residents sex lives.

By James Kirkup
Last Updated: 5:35PM BST 24 Aug 2008

The Conservatives say local government officials are monitoring couples’ sleeping arrangements for council tax purposes.

They have released documents they say shows that councils are invading households’ privacy to check on claims for council tax discounts.

More than 7.5 million people claim a 25 per cent discount on their council tax bill because they live alone

Councils are responsible for verifying that people who claim to live alone really do so.

A “surveillance dossier” used by Rotherham Council and released under freedom of information laws has shown how claims are checked.

The document suggests officials undertake “surveillance” of cars registered to addresses “to substantiate the allegation of living together”.

Source

White House missing as many as 225 days of e-mail

Vince — Thu, 21 Aug 2008 01:06:43 +0000

Commentary: I don’t know…maybe it’s me but I think this is a serious problem.

By PETE YOST

The Associated Press
Wednesday, August 20, 2008; 6:27 PM

WASHINGTON — The White House is missing as many as 225 days of e-mail dating back to 2003 and there is little if any likelihood a recovery effort will be completed by the time the Bush administration leaves office, according to an internal White House draft document obtained by The Associated Press.

The nine-page outline of the White House’s e-mail problems invites companies to bid on a project to recover the missing electronic messages.

The work would be carried out through April 19, 2009, according to the Office of Administration request for contractors’ proposals, which was dated June 20.

Last week, the White House declined to comment on the document.

Source

Ok, it’s done…I have an iPhone 3G.

admin — Mon, 11 Aug 2008 03:50:10 +0000

Coming from Windows Mobile from way back in the day, this should be interesting. Folks that know me know that I wouldn’t touch an Apple product if it was the last device of it’s kind on the planet. I’m a staunch Windows guys (early 1990’s) and plan to stay that way. So, this move to the iPhone was not taken lightly considering I passed on the first gen iPhone because it lacked 3G. Today I also have an HTC TyTN II which is a good phone but some of it’s quirks really bugged like the 2.8 inch screen. Sorry, but that is too small for an all around media device imho. Not to say that the iPhone doesn’t have it’s own quirks. Haven’t had it long enough to get a good feel for it’s capabilities but right of the bat I noticed there isn’t a lot of customization that can be done with the home screen. Also as noted, no cut and past which is kinda nuts because you have retype everything. My biggest concern though as you might have guessed is security. Stay tuned.

Note to France’s Men’s 4×100m Swimming Relay Team…Oh, nm.

admin — Mon, 11 Aug 2008 03:40:27 +0000

Russian Gang Hijacking PCs in Vast Scheme

admin — Wed, 06 Aug 2008 03:54:13 +0000

By JOHN MARKOFF
Published: August 5, 2008

A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found.

The new form of attack indicates that little progress has been made in defusing the threat of botnets, networks of infected computers that criminals use to send spam, steal passwords and do other forms of damage, according to computer security investigators.

Source

S.F. officials locked out of computer network

admin — Wed, 16 Jul 2008 00:29:32 +0000

(07-14) 19:23 PDT SAN FRANCISCO — A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Source

Inside NSA Red Team Secret Ops With Government’s Top Hackers

admin — Tue, 01 Jul 2008 13:58:27 +0000

By Glenn Derene
Published on: June 30, 2008

When it comes to the U.S. government’s computer security, we in the tech press have a habit of reporting only the bad news—for instance, last year’s hacks into Oak Ridge and Los Alamos National Labs, a break-in to an e-mail server used by Defense Secretary Robert Gates … the list goes on and on. Frankly that’s because the good news is usually a bunch of nonevents: “Hackers deterred by diligent software patching at the Army Corps of Engineers.” Not too exciting.

So, in the world of IT security, it must seem that the villains outnumber the heroes—but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, “Yes.”

Source: Popular Mechanics

British hacker faces extradition hearing

Vince — Fri, 13 Jun 2008 15:21:12 +0000

By Jeremy Kirk, IDG News Service
June 13, 2008

Gary McKinnon could become the first British hacker extradited to the U.S. for allegedly deleting data and accessing information on U.S. military and NASA computers

A British hacker fighting extradition to the U.S. on computer hacking charges is preparing for his final U.K. appeal on Monday in London.

If Gary McKinnon loses this appeal, he would be the first British hacker extradited to the U.S. He could face up to 60 years in prison.

McKinnon, of London, is accused of deleting data and illegally accessing information on 97 U.S. military and NASA computers between February 2001 and March 2002. He’s been charged in U.S. District Court for the Eastern District of Virginia.

McKinnon admitted to using a program called “RemotelyAnywhere” to hack into PCs late at night when employees were gone. His hacking exploits started to unravel after McKinnon miscalculated the time difference between the U.S. and U.K., and one employee noticed their PC was acting oddly.