Significant Work
Home Up Reports

Informatics Research Institute

Up

Crystal Webb is a Scholarship for Service candidate.  Candidates work in the National Information Assurance Training and Education Center (NIATEC) labs.  They support the activities of the SFS students as well as other NIATEC projects.

 

Crystal brings a wealth of industry experience to the Information Assurance Program. has is the editor of the NIATEC and SFS newsletter.  In addition she has built a general awareness lesson for use in many organizations.

Samples

Awareness Lesson

General Orientation PowerPoint

Study Guide

 

News Letter Content

The criminal element

Extortionists attack Paddypower.com

http://theregister.co.uk/content/55/35412.html
Irish on-line betting site Paddypower.com is the latest high-profile Web property to suffer a denial of service attack from malicious users bent on extortion.  The company confirmed that its Web site was temporarily off line for a number of hours on Wednesday evening (Feb 4) as a result of interference from a distributed denial of service (DDoS) attack. ... Several US bookmakers were forced offline due to denial of service attacks during the recent Super Bowl weekend. Furthermore, a report from IDG claims that several on-line betting sites were forced to pay protection money to keep their gambling operations on-line and pressure from criminal elements was stepped up during the run in to the Super Bowl.


**(Extortion is a growing problem for the cyber-realm. Not only are websites being hit with demands, but there are a growing number of individual users being hit with extortion demands.)**

 

Doh!

Clueless office workers help spread computer viruses

 http://theregister.co.uk/content/55/35393.html

Busy or apathetic employees are accelerating the spread of viruses and potentially costing UK businesses millions in clean-up charges, according to a survey out today.  Two-thirds of the 1,000 people quizzed by market researchers TNS in January admit they are not aware of even the most basic virus prevention measures. Meanwhile a third of those polled in the Novell-sponsored study said they are too busy to check their emails before opening them.

**(Even though this is listed as being a UK problem, it is a wider problem.)**

 

Government agency exposes day-care data

http://www.msnbc.msn.com/id/4186130/

A government subcontractor posted the names, birthdays and daily whereabouts of hundreds of upstate New York children to the Internet, where the information remained publicly available for weeks until MSNBC.com notified authorities.

**(This data leak is one of the more serious ones in recent history.)**

 

Vulnerable

RealPlayer flaws open PCs up to hijackers

http://www.msnbc.msn.com/id/4185013/ 

RealNetworks acknowledged on Wednesday that three flaws affecting different versions of its media player could allow attackers to create corrupt music or video files that, when played, take control of a victim's PC.  ... The vulnerabilities may affect a large portion of the 350 million unique registered users of the media player software, but RealNetworks wouldn't say how many of those people use the vulnerable versions.

 

Security flaw found in firewall software

http://www.msnbc.msn.com/id/4185896/

Two dangerous software flaws that could become attractive targets for hackers have been discovered in widely used computer-security software made by Check Point Software Technologies Ltd. ... Ingevaldson said X-Force found one vulnerability in Check Point's Firewall-1 HTTP Security Server product and one in its VPN-1 Server and Securemote/SecureClient product. Both could provide a hacker with a way to gain full control of the programs.

 

Opinions

The first fallout from Cybergate

http://securityfocus.com/columnists/219

 Did Republican staffers commit a crime by clicking on the "My Network Places" icon to access Democratic memos? ... caught with their hand in the cookie jar, Senate Republicans employed the tactic of blaming the victim: they said, in essence, It's your fault that we got and used your information. If successful, this tactic does not bode well for the government's ability to prosecute computer crimes, and to protect critical infrastructures.
**(As far as our purposes, this is not a political question. It is a very interesting essay on the subject and brings up some very interesting points. The author of the article is a lawyer, and his take is fascinating. )**
 

Smartcards

Government releases guidelines for government wide smart cards

 http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=24919 

 The Federal Identity and Credentialing Committee has released guidelines for developing interoperable federal identification systems based on smart cards.  The government has adopted a policy for establishing a common Federal ID Card, which could be used for both physical and logical access control. Individual agencies would issue and manage the cards, but the cards would interoperable across agencies.

All material on this site is copyright unless otherwise noted.
Please respect the authors rights by requesting permission for use and ensuring proper attribution and credit.