Network Technology and Security Blog

The Transportation Security Administration (TSA) is seeking software
that it can use to snoop on its employees. Specifically, TSA wants to
be able to detect inside threats. It is looking for technology capable
of monitoring and logging keystrokes, chat activity, email, attachments,
websites, network activity, files transferred, and documents. It must
be able to perform these functions without revealing itself to the
employees being monitored.
http://www.nextgov.com/cio-briefing/2012/06/tsa-wants-spyware-screen-employees-digital-activities-leaks/56393/?oref=ng-HPtopstory

The Pacific Northwest National Laboratory and McAfee report that
whitelisting and related technologies are the best solution for securing
computers in the critical infrastructure. New types of attacks using
zero-day vulnerabilities cannot be stopped by traditional AV technology.
The researchers conclude that it is time to switch from blocking bad
code to allowing only good code.
http://www.infosecurity-magazine.com/view/26475/whitelisting-is-the-solution-for-the-national-infrastructure/
http://www.dsd.gov.au/publications/Implementing_Top_4_for_Windows.pdf

Apple plans to add a privacy control panel to iOS 6, the next version
of its operating system for mobile devices, which is scheduled
for release this fall. iOS 6 will ask users if they want to allow
particular applications access to their information; the controls
will allow users to specify which data are approved for access and
which are not. Presently, applications only need to get permission
to access geographical location data.

http://news.cnet.com/8301-1009_3-57453473-83/apples-ios-6-to-add-privacy-controls-for-user-contacts/

According to a survey released by the Financial Services Information
Sharing and Analysis Center (FS-ISAC), large banks in the US suffered
314 attacks trying to break into and transfer funds out of customer
accounts; nearly one-third of the attempts were successful. The survey
was conducted by the American Bankers Association using responses
from 95 financial institutions and five service providers. Banks
participating in the survey said they are taking steps to improve
security through customer education, multi-factor authentication,
and cutting off customers’ access to commercial systems if they detect
anomalous behavior.
http://www.computerworld.com/s/article/9228139/Banks_Hackers_more_aggressive_in_attacking_customer_accounts?taxonomyId=17

A new National Security Agency (NSA) initiative will track the
life-cycle of data, a practice known as data provenance or data
pedigree. The goal is to be able to determine the origin of every piece
of data the NSA collects and to identify the permissions associated
with those data. The practice also helps organizations establish
whether or not the data have been altered.
http://gcn.com/articles/2012/06/14/nsa-tracking-data-life-cycle.aspx

US Senator Ron Wyden (D-Oregon) has blocked the reauthorization of the
FISA Amendment Act, legislation that allows the government to conduct
warrantless wiretaps. Although the Obama administration expected the
reauthorization to sail through the legislature, Wyden has taken a
stand to block the bill because the government refuses to disclose
how often the wiretap powers are being used. Wyden has placed a hold
on the legislation, the same type of action he took last year when
he opposed the Protect IP Act (PIPA).
http://www.wired.com/threatlevel/2012/06/fisa-amendments-act-fate/

According to a Reuters report, some companies in the US have become
frustrated with available security measures and have taken steps to
strike back at cyber attackers. In a few cases, the companies have
hired people to attack the attackers’ systems; others have taken
steps to slow down the cyber intruders’ activity. Companies that
launch retaliatory attacks run the risk of violating laws. Some have
suggested that companies can seed their systems with phony data to
trick intruders.
http://news.cnet.com/8301-1009_3-57455030-83/post-hack-companies-fire-back-with-their-own-attacks/

A judge in Britain has granted a court order that compels Facebook to
reveal the identity of users who harassed a woman on the social
networking site. British Justice Secretary Ken Clarke said that “it will
be very important to ensure that these measures do not inadvertently
expose genuine whistleblowers.” Facebook will provide the IP addresses
of the users who posted the defamatory content; the associated names
will be obtained through Internet service providers. Once the woman has
the information, she can file a private lawsuit against the individuals.

The US Federal Trade Commission (FTC) has fined data broker Spokeo US
$800,000 for marketing information to human resources departments for
background screenings without first ensuring that the data were correct
and without abiding by the Fair Credit Reporting Act. According to the
FTC, Spokeo also allegedly posted what it claimed were customer
endorsements on various websites and blogs, but the endorsements were
actually written by Spokeo employees. Spokeo aggregates personal data
from a variety of sources.