washingtonpost.com: Cutbacks Threaten Work Of Homeland Security Unit::
It is an amalgam of parts of the old Customs Service, the former Immigration and But it has become clear that ICE will overspend its current budget of $3.8
http://www.washingtonpost.com/ac2/wp-dyn/A12489-2004Oct30?language=printerHOME |
In the wake of the dot-com crash and numerous financial scandals that have rudely ushered in the new millennium, we've become accustomed to seeing corporate executives sentenced to prison.
Martha Stewart, of course, just completed her stay in a federal facility, while former WorldCom CEO Bernie
Ebbers may soon trade pinstripes for a different kind of striped attire.
But, for me at least, it was a little jarring last Wednesday to read this headline: IT Manager Sentenced to Prison in Hacking Case
The case involves a network professional, Mark Erfurt, who pleaded guilty to breaking into the IT system of his former employer, Manufacturing Electronic Sales Corp. (MESC) of Santa Clara, Calif., in January 2003, eight months after MESC terminated its contract with him.
Former Microsoft manager offers free fix for XP SP3 endless reboot::
Jesper Johansson, a one-time Microsoft security manager, has released a tool designed to fix PCs for communicating with current and prospective customers.
http://computerworld.com/action/article.do?command=viewArticleBasId=9085978&intsrc=hm_listHOME |
Dept. of Homeland Security Adjusts Threat Level from Red to Orange For ::
Security Administration (TSA) announced slight modifications to its current Former Countrywide Home Loan Employee, Second Man Arrested For Downloading And
http://communitydispatch.com/artman/publish/article_6009.shtmlHOME |
Erfurt, 39, admitted in a plea agreement to using Symantec's pcAnywhere remote software to breach the MESC network. Once in, Erfurt confessed, he deleted data, perused the company president's e-mail and downloaded a proprietary database. He also tried to cover his tracks by overwriting backup tapes documenting the hack. This earned Erfurt an obstruction of justice charge, to which he also pleaded guilty.
Watch out for overkill on Web services security::
Home > Security Tips > Risk Management Strategies > Watch out for overkill on Web security gateways meet rising malware threats
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci834000,00.htmlHOME |
Sham school a security threat::
TOPICS: Crime/Corruption; News/Current Events PDT by PBRSTREETGANG (Apparently my former party considers me an ugly nativist
http://www.freerepublic.com/focus/f-news/1875811/postsHOME |
Erfurt now faces five months in prison, plus five more months of home detention and three years of probation, along with $45,000 in restitution. Given that he could have gotten up to 20 years for the obstruction of justice charge alone, Erfurt should feel relieved.
At the time of the break-in -- and even now -- Erfurt was employed by Irvine, Calif.-based Centaur, another manufacturing company and a MESC competitor. Centaur's CEO has stressed that Erfurt's hack was a solo effort (even though he used Centaur equipment to perpetrate the attack) and not a case of corporate espionage. But it easily could have been.
USATODAY.com - Lax security blamed for U.N. casualties::
Former Finnish President Martti Ahtisaari, who chaired the panel, of threats, and concluded that the current security management system is dysfunctional.
http://www.usatoday.com/news/world/2003-10-22-un-iraq-security_x.htmHOME |
Former cybersecurity czar suggests patch clearinghouse::
INFORMATION SECURITY MAGAZINE. Current Issue. Features. Columns Identity Management and Access Control. Information Security Threats. Platform Security
http://searchsecurity.techtarget.com/siteIndex/0,294352,sid14_gci902392,00.htmlHOME |
Indeed, this case underscores the near-universal mantra of network security experts -- the biggest threat to an enterprise comes from within. And "within" doesn't necessarily mean the guy in the cubicle down the hall -- it also can include former employees who have the means of access and motivation to break into a network. Like Erfurt.
That's why smart companies, when terminating a person's employment, will immediately shut down the departing worker's access to the network, from e-mail to IM to VPNs. It may seem callous to empathizing colleagues ("he didn't even get to say goodbye"), but there's no other responsible choice.
And though usually the worst that might happen is the boss will get flamed
in a company-wide e-mail, it would be foolish to allow an angry, and perhaps vengeful, fired worker even temporary access to important documents.
Those measures may not have stopped Erfurt, who in his plea agreement said he had "administrative-level access" to MESC's password-protected system. That, however, raises another important point: MESC apparently wasn't fully utilizing the security features of pcAnywhere. In this
article, a Symantec product manager says pcAnywhere can be configured to restrict network access to specific computers.
MESC went out of business last June. Erfurt's attack -- which obliterated sales records, non-disclosure agreements, proprietary technical information and back-up data, according to the company's former CEO -- may have ensured the company's demise. And all because its network wasn't as secure as it could have been.
That's a tough way to learn a lesson.
Pre-Article:Quiet Progress at CTIA
Next-Article:Are Your Visitors Seeing What You Think?
|
Former IT Manager, Current Security Threat?