|
News for
100100
contributed by weld pond
A British surfer reported that he was able to obtain access to other user
accounts at BT's free Talk121 email service. Another day another
privacy/security vulnerability in a web application. Yet another case of
poor web application design. At this point users should expect this type of
insecurity unless a site has gone way beyond the industry standard in web
security.
BBC
|
contributed by weld pond
Mudge, VP of R&D for @stake (the operator of Hackernews) recently discussed
trends in security research and advisory policies. Mudge contended that the
best way to help companies protect themselves is to have detailed knowledge
of product flaws, combined with a "war college" mentality that enables
attack models to be understood and defended against. Legal analyst Michael
Scher of the University of Chicago agreed, saying also that software makers
should consider partial indemnification of company losses due to security
breaches.
Inter@ctive
Week
|
contributed by andrew jaquith
Is 2000 the Year of PKI? (Wasn't the Year of PKI supposed to be 1997, then
1998, then 1999…?) On Sunday, the recently-passed US Electronic Signatures
in Global and National Commerce Act goes into effect, giving digital
signatures the same legal validity as their paper equivalents. The law is
"neutral" in that it does not favor particular technologies, although
digital certificates appear to be favored.
Upside
Thomas
|
contributed by pyle
As if further evidence were needed, an recent posting paints a grim portrait
of the state of web security. While one might question the science behind
it, the FBI estimates that computer-related crime will cost the US $266
million, a more than 100% increase over last year's statistic. And the
number of incidents reported to CERT reported in the first half of this year
totaled 8,800, versus 9,800 for all of 1999.
USA Today via
AZCentral
|
contributed by iron river
More information continues to dribble out regarding the alleged White House
email cover-up. Democrats noted that 130,000 of 150,000 missing emails are
now accounted for. Republicans continue to press forward with hearings, to
determine the relevance to ongoing campaign finance investigations.
Federal
Computer Week
|
contributed by andrew jaquith
The Council of Europe has published Draft 19 of its proposed Convention on
Crime in Cyberspace. The document proposes aligning member countries'
criminal codes in the areas of computer hacking, interception of data,
computer fraud, and child pornography. The treaty is expected to be finished
in December, pending public comment. The question is, how does it square
with the EU's privacy directive?
Council
of Europe
Synopsis of EU
Privacy Directive
|
|
|