From our friends at Citadel Information Group
Symantec's warning this week to users to disable PCAnywhere following the theft of its source code stands in contrast to the company's assurances a few weeks ago that the theft of its source code posed little risk to users. [See Cyber Security News of the Week, January 8, 2012.]
At issue is the responsibility information security vendors have to their customers when the vendor's products may be exposing customers to risk. It's common for a company to circle the wagons and fall into a protective mode when bad news comes out. The strategy is usually a losing one as the bad news comes out eventually and the company ends up with egg on its face. So, from the company's own perspective, the right strategy is often to own up to the problem from the start.
In cases of security the situation also carries moral and ethical implications. Twenty years ago when Tylenol was confronted with the death of several people after someone put poison in it products, Tylenol immediately removed the product from stores across the country and launched a public relations campaign to warn users.
The loss of information is not the same as the loss of lives, but don't those of us in the business of protecting the sensitive information of our clients and customers have the same ethical and moral obligation to warn our users immediately?
Vulnerability Alert
Symantec: Anonymous stole source code, users should disable pcAnywhere: Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. ars technica, January 26, 2012Cyber Crime - Online Bank Theft
Hackers tap Salem Co. account for $19,000: Computer hackers have broken in and stolen approximately $19,000 by way of an illegal wire transfer from a Salem County bank account that held more than $13 million in funds. nj.com, January 22, 2012
Internet Badlands
Hackers-for-Hire Are Easy to Find: Sitting in his Los Angeles home, Kuwaiti billionaire Bassam Alghanim received an alarming call from a business associate: Hundreds of his personal emails were posted online for anyone to see. The Wall Street Journal, January 23, 2012
Cyber Security Management
Cameras May Open Up the Board Room to Hackers: One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. The New York Times, January 23, 2012
Healthcare Privacy - National Dialogue
Should Every Patient Have a Unique ID Number for All Medical Records?: As the U.S. invests billions of dollars to convert from paper-based medical records to electronic ones, has the time come to offer everyone a unique health-care identification number? The Wall Street Journal, January 23, 2012
Cyber War - The Middle East
Pro-Palestinian hackers bring down Haaretz Hebrew website: Pro-Palestinian hackers brought down Haaretz's Hebrew website on Wednesday, after several Israeli websites were targeted earlier in the day. January 25, 2012
Privacy Rights - European Union
EU Data-Privacy Overhaul Gives Consumers More Control: The European Commission on Wednesday proposed an overhaul to its data protection laws, which will provide users with more control over their data and make the process of monitoring data security less complex for agencies across the EU. PC Magazine, January 25, 2012
Ray of Sunshine
FileSonic disables file sharing in wake of MegaUpload arrests: Following the MegaUpload shutdown and indictments last week, FileSonic, one of the Internet's most popular file-sharing services, has disabled its sharing functionality. Cnet, January 22, 2012
New Web Piracy Arrest as Site Founder Is Denied Bail: THE HAGUE, Netherlands - An Estonian citizen was arrested by Dutch police at the request of American authorities investigating the file-sharing Web site Megaupload, a prosecutor's office spokeswoman said Wednesday. January 25, 2012
Posts
0 comments:
Post a Comment