Information Security

Slate’s Farhad Manjoo argues that IT departments are arbitrary and capricious in their restrictions on software.  For the most part, I agree.

Article from ComputerWorld gives some details on the Heartland payment processor breach.  Note that the CEO calls PCI compliance the “lowest common denominator.”

http://www.nytimes.com/2009/06/14/magazine/14search-t.html

As they have for the last five years, Verizon released a report on data breaches. Some quick and interesting facts from the report:

• Most breaches result from external attacks.
• Most of the attacks were simple
• Most of the attacks could have been prevented using simple, low-cost defenses
• Most attacks were facilitated by mistakes
• Most of the breaches involved financial data

To me, this says that the problem isn’t technical–it’s managerial.  We need to have better ways to ensure that basic security measures are actually implemented and maintained.

No word on how they got in, but they used coordinated withdrawals across the world during a 30 minute window to withdraw the money.  This is a great illustration of the sophistication of attacks today.

 Link

Very true.

oops.

A road sign in Austin Texas was hacked, probably using a default password.

CNN and Marc Ambinder are claiming that Obama will get to have some sort of PDA/Smartphone with the ability to handle classified information. Neither are clear on which device it will be, but this one from General Dynamics (although it runs Windows Mobile instead of BlackBerry software) seems to fit the bill.