Information Tatum - Joel Rakow, Ed.D. - December 2005
Here's a first. A prominent computer security expert claims that the proceeds derived from electronic crime exceeded, for the first time this year, the proceeds derived from illegal drug trafficking: $105B. This statement could simply be a case of an expert with a self interest is making a dramatic statement to draw attention to himself. Nonetheless, it shows how rampant eCrime has become in the ten years since the Internet became a mainstream tool.
The holiday season inspired me to select my three favorite news bites as Hot Topics. One illustrates how companies are attacking their competitors web properties, using regulatory acts. The second presents new progress in blocking SPAM, and the third discusses the new strategy and sensitivities regarding protecting the corporate network the point of user workstations through the new "lockdown" technologies. I hope you enjoy this month's selection. Best wishes for the
****************************************
Joel's Activities:
1. At the Conference Board in New York, Joel Presented to approximately 120 security executives of America's top corporations including WalMart, FedEx, Bell South, Genetech, Cisco, etc.
2. Tatum's Denver office and Joel will prepare a global security plan for that area's largest beverage company. 3. As part of the World Shoe Association's relocation of corporate headquarters, Joel lead the relocation and re-staffing of the IT operations, including the implementation of a new tradeshow production system and back office system. 4. Joel chaired the first three IT Steering Committee meetings after developing and obtaining approvals on the charter and operating plan for Bidz.com's governance program.
***************************************
HOT TOPICS
WEB ATTACKS USING REGULATIONS
--Study of Take-Down Notices Under DMCA Section 512 Finds Potential for Abuse (28 November 2005) Researchers at the University of California at Berkeley and the University of Southern California looked at 876 takedown requests made to web sites and search engines under the section 512 Digital Millennium Copyright Act (DMCA). Section 512 requires that hosting and search providers take down content and links to content to be exempt from copyright lawsuits. The notice needs no judicial review of whether or not a copyright has been infringed upon. The researchers found that more than half of the requests were made by companies against competitors, and that 30 percent of the requests were the ones in which it was questionable as to whether or not copyright had been infringed upon. There were only seven cases among those studied in which the questioned content was reinstated on web sites. http://www.vnunet.com/vnunet/news/2146807/dmca-hindrance-help
http://www.securityfocus.com/brief/62
http://lawweb.usc.edu/news/dmca.html
http://mylaw.usc.edu/documents/512Rep-ExecSum_out.pdf
[Editor's Note (Pescatore):The DMCA is a pretty good example of how legislation aimed at technology usually has more wacky side effects than any actual positive effect. That said, it is pretty straightforward to file a counter-notification if someone has used DMCA improperly to cause legitimate content to be removed - the Electronic Frontier Foundation and a number of universities sponsor a site that provides information and templates on how to do so: http://www.chillingeffects.org/
(Schultz): The DMCA has been a proverbial can of worms ever since the day it went into law. Studies such as the ones at UC Berkeley and USC provide empirical evidence of some of the DMCA-related abuses that occur. The big question, however, is whether legislators will respond appropriately or whether they will continue to blindly support the industries that so strongly lobbied for this legislation.
(Hoepman): A similar study in the Netherlands found that the vast majority of ISP's, when presented with a take-down notice, prefer to err on the safe side and comply without checking the validity of the claim at all.]
SPAM BLOCKS
--FTC: Spam Blocking Technology is Getting Better
(28 November 2005)
A study conducted by the US Federal Trade Commission (FTC) indicates that Internet service providers (ISPs) are improving their spam blocking techniques. In a test, the FTC found that two unnamed web-based email service providers effectively blocked 96 percent of spam messages. However, the onus of filtering the bad messages from the good still falls to the ISPs. Spammers collect email addresses by "scraping," or using automated programs that look for the "@" sign present in all email addresses. The FTC recommends that if people need to post their email addresses on the Internet, they do so in an alternate syntax in order to avoid having their addresses added to spammers' lists. http://today.reuters.com/news/NewsArticle.aspx?type=internetNews Note (Schmidt): From a personal perspective, using ISP tools with a "near free" toolbar, I have not had a single SPAM or Phising email in any of my 7 different email inboxes in going on 10 months. Progress is being made and the tools are there if people would just use them.
(Honan): Filtering Spam at the ISP level makes good business sense for the ISPs. It reduces the network overhead on their links while at the same time making for happier customers. A win win solution, except for the spammers.]
LOCKING IT DOWN
System Lockdown an Effective Tool Against Malware
(28 November 2005)
IT managers should look not only at products to protect their systems from malware, but also at the possibility of locking down end-user computers. With system lockdown, users have limited abilities to compromise their systems. Most malware comes in the form of applications, most of which require some user interaction to gain a foothold within systems. http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp
[Editor's Note (Schmidt): There once was a time where this would create huge push back but given the wide use of broadband at home and use of mobile devices to stay connected there are many other options then using work machines. This may be more palatable as many that are successful at enterprise security have used configuration management around security to get there.]
Hot Topics is adapted from SANS Newsbites for Tatum Partners.
The holiday season inspired me to select my three favorite news bites as Hot Topics. One illustrates how companies are attacking their competitors web properties, using regulatory acts. The second presents new progress in blocking SPAM, and the third discusses the new strategy and sensitivities regarding protecting the corporate network the point of user workstations through the new "lockdown" technologies. I hope you enjoy this month's selection. Best wishes for the
****************************************
Joel's Activities:
1. At the Conference Board in New York, Joel Presented to approximately 120 security executives of America's top corporations including WalMart, FedEx, Bell South, Genetech, Cisco, etc.
2. Tatum's Denver office and Joel will prepare a global security plan for that area's largest beverage company. 3. As part of the World Shoe Association's relocation of corporate headquarters, Joel lead the relocation and re-staffing of the IT operations, including the implementation of a new tradeshow production system and back office system. 4. Joel chaired the first three IT Steering Committee meetings after developing and obtaining approvals on the charter and operating plan for Bidz.com's governance program.
***************************************
HOT TOPICS
WEB ATTACKS USING REGULATIONS
--Study of Take-Down Notices Under DMCA Section 512 Finds Potential for Abuse (28 November 2005) Researchers at the University of California at Berkeley and the University of Southern California looked at 876 takedown requests made to web sites and search engines under the section 512 Digital Millennium Copyright Act (DMCA). Section 512 requires that hosting and search providers take down content and links to content to be exempt from copyright lawsuits. The notice needs no judicial review of whether or not a copyright has been infringed upon. The researchers found that more than half of the requests were made by companies against competitors, and that 30 percent of the requests were the ones in which it was questionable as to whether or not copyright had been infringed upon. There were only seven cases among those studied in which the questioned content was reinstated on web sites. http://www.vnunet.com/vnunet/news/2146807/dmca-hindrance-help
http://www.securityfocus.com/brief/62
http://lawweb.usc.edu/news/dmca.html
http://mylaw.usc.edu/documents/512Rep-ExecSum_out.pdf
[Editor's Note (Pescatore):The DMCA is a pretty good example of how legislation aimed at technology usually has more wacky side effects than any actual positive effect. That said, it is pretty straightforward to file a counter-notification if someone has used DMCA improperly to cause legitimate content to be removed - the Electronic Frontier Foundation and a number of universities sponsor a site that provides information and templates on how to do so: http://www.chillingeffects.org/
(Schultz): The DMCA has been a proverbial can of worms ever since the day it went into law. Studies such as the ones at UC Berkeley and USC provide empirical evidence of some of the DMCA-related abuses that occur. The big question, however, is whether legislators will respond appropriately or whether they will continue to blindly support the industries that so strongly lobbied for this legislation.
(Hoepman): A similar study in the Netherlands found that the vast majority of ISP's, when presented with a take-down notice, prefer to err on the safe side and comply without checking the validity of the claim at all.]
SPAM BLOCKS
--FTC: Spam Blocking Technology is Getting Better
(28 November 2005)
A study conducted by the US Federal Trade Commission (FTC) indicates that Internet service providers (ISPs) are improving their spam blocking techniques. In a test, the FTC found that two unnamed web-based email service providers effectively blocked 96 percent of spam messages. However, the onus of filtering the bad messages from the good still falls to the ISPs. Spammers collect email addresses by "scraping," or using automated programs that look for the "@" sign present in all email addresses. The FTC recommends that if people need to post their email addresses on the Internet, they do so in an alternate syntax in order to avoid having their addresses added to spammers' lists. http://today.reuters.com/news/NewsArticle.aspx?type=internetNews Note (Schmidt): From a personal perspective, using ISP tools with a "near free" toolbar, I have not had a single SPAM or Phising email in any of my 7 different email inboxes in going on 10 months. Progress is being made and the tools are there if people would just use them.
(Honan): Filtering Spam at the ISP level makes good business sense for the ISPs. It reduces the network overhead on their links while at the same time making for happier customers. A win win solution, except for the spammers.]
LOCKING IT DOWN
System Lockdown an Effective Tool Against Malware
(28 November 2005)
IT managers should look not only at products to protect their systems from malware, but also at the possibility of locking down end-user computers. With system lockdown, users have limited abilities to compromise their systems. Most malware comes in the form of applications, most of which require some user interaction to gain a foothold within systems. http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp
[Editor's Note (Schmidt): There once was a time where this would create huge push back but given the wide use of broadband at home and use of mobile devices to stay connected there are many other options then using work machines. This may be more palatable as many that are successful at enterprise security have used configuration management around security to get there.]
Hot Topics is adapted from SANS Newsbites for Tatum Partners.
posted by Joel Rakow, Ed.D. at 10:07 PM
<< Home