InfoSec News

Mark Papermaster, Apple's senior vice president of engineering for the iPhone and iPod, is leaving the firm, according to reports by The New York Times.
 
A City of San Francisco administrator who refused to hand over administrative passwords to the city's network was sentenced to four years in state prison Friday.
 
Research in Motion (RIM) and Saudi Arabia have arrived at a preliminary agreement that will involve the company setting up its server there and providing the government access to the data, according to media reports on Saturday from Saudi Arabia.
 

GovInfoSecurity.com

August 6, 2010 - Eric Chabrow, Executive Editor, GovInfoSecurity.com
GovInfoSecurity.com
... there is no such occupational classification as an information security professional; most infosec specialists are classified as IT pros. ...

 
Two of our readers (thanksJason and Mike!) have written in to highlight the ongoing DDOS againstDNS Made Easy.
You can read the ongoing reports via their twitter page. The DDOS is reported to be circa 50Gb/sec in size. If you have any details on the type of attack we'd love to know.
Steve Hall
ISCHandler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Seb dropped me a note today to ask to remind our readers that we are on countdown to a bumper crop of patches being released by Microsoft on Tuesday.
On Microsofts Advanced Notification website they are reporting 14 bulletins, with 8 criticals and 6 importants. Given that all the criticals are all remote code executing in classification it's time to dust off your monthly patching process and get it all ship shape ready for the fun to start.
Given we have a few days between Seb's timely reminder, and when we need to push the patch button, how good do you think your patching processes are. How to you measure their effectiveness, how to you measure their maturity?
Maybe you consider scoring them against a scale such as COBIT? There is a nice table which explains the ratings within COBIT (taken from SEI Capability Maturity Model (CMM)) on the ISACA site which i've taken and reproduced below:


Level 0: Non-existent
Level 1: Initial/ad hoc
Level 2: Repeatable but Intuitive
Level 3: Defined Process
Level 4: Managed and Measurable
Level 5: Optimized

Given the frequency which suppliers, including Microsoft, release such patches, where would you score yourself?
If you score somewhere between 3, and 4 in that you have a process, but you dont measure your success, what would you do to get you up towards a 4, or maybe even a 5.
Let me know before you get busy patching those systems, and i'll update with the best suggestions.
Steve Hall

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system's kernel driver.
 
One of the alleged masterminds of a 2008 precision strike on payment processor RBS WorldPay has been extradited from Estonia to face U.S. justice.
 
A City of San Francisco administrator who refused to hand over administrative passwords to the city's network was sentenced to four years in state prison Friday.
 
Augmented reality will become life-changing when it can be combined with object recognition and face recognition, but it's got a ways to go, write columnist Mike Elgan.
 
Whether you're in the market for an insanely high-end rig or you just feel like doing a little high-tech window shopping, these pricey PCs deliver serious bang for a whole lot of bucks.
 
SAP's admission of some liability in a lawsuit brought against it by Oracle over third-party support services will likely speed resolution of the dispute between the two companies.
 

Internet Storm Center Infocon Status