Commentaries and Analyses – Page 645

DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System: GAO

Posted on January 28, 2016 by Dissent

From a GAO report released today: The Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives: Intrusion detection: NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies. Specifically, NCPS compares network traffic to known…

NYS Comptroller’s audit of Haldane Central School District reveals IT weaknesses

Posted on January 27, 2016 by Dissent

It’s been a while since the NYS Comptroller’s Office has released any school district audits on information technology, but they’ve released one this week on Haldane Central School District. They summarize the findings of their audit, which covered the period July 1, 2014 — August 19, 2015 this way: We also found that the District…

The Data Breach You Haven’t Heard About: Hurd

Posted on January 27, 2016 by Dissent

Rep. Will Hurd writes that Congress and officials still don’t have answers about the discovery in December by software developer Juniper Networks of a backdoor in its ScreenOS software that could have allowed foreign entities to decrypt and read government communications. The backdoor is thought to have been inserted in 2013. And while the OPM breach…

Confidentiality language may not throw you into the breach!

Posted on January 26, 2016 by Dissent

Lisa A. Carroll, Martin B. Robins, David G. Kern and James M. Fisher II of Fisher Broyles write: A recent 11th Circuit case may – if followed elsewhere and not reversed by the US Supreme Court – reduce a company’s potential exposure under conventional contract language requiring sensitive materials to be held in confidence. Many…

Amazon accused of handing out its users’ personal data

Posted on January 25, 2016 by Dissent

Daniel Cooper reports: Eric Springer is not happy, mostly because he believes that Amazon let a nefarious type get at his account. In a blog over at Medium, Springer revealed that he was the victim of a “social engineering” hack that exposed his details to an unnamed third party. With just a rough idea of Springer’s…

John Matherly on Check Point Blacklisting Shodan

Posted on January 22, 2016 by Dissent

In today’s installment of “let’s hide our security failures from search engines,” Check Point is reportedly advising its clients to ban Shodan.io search engine from indexing their sites. Read more on Softpedia. It’s somewhat reassuring to think that many of the same firms who failed to adequately secure their databases will likely neither read nor act…