 |
Security News Shootout!
At the end of each month, two consultants from Matta put forward three of their favourite stories
in information security and invite a guest judge to pick the best story.
There's no prizes, only fame or shame.
This month, January, Rob Connolly will be seeing if he can come up trumps again against the
dethroned ex-champion Nick Baskett.
 Nick
First story
Nuclear dirty bombs are the stuff of nightmares for those in charge of homeland security, but if this
research department of Purdue University gets its way, a solution might be at hand - literally! Mobile
phones will be used as mini geiger counters, capitalising on the ubiquitousness of the mobile phone -
perhaps there really can be 'wisdom in crowds'.
http://news.uns.purdue.edu/x/2008a/080122FischbachNuclear.html
Second Story
I'm sure I'm not the only one who finds this story highly alarming. In the past, I've refused
to give my laptop over to Apple for repairs without being able to remove the hard drive first -
even though I use strong crypto. But what would happen if security personnel, lawyers or other
people who may have sensitive data properly protected on their laptop be forced to un-encrypt their
data and hand it over to customers officials.
http://www.washingtonpost.com/wp-dyn/content/article/2008/02/06/AR2008020604763_2.html
Third Story
Finally, on a lighter note and since we're on the theme of airport security. Why not teach your
kids early with this airport toy X-Ray scanner! If it wasn't so sad, it would be funny.
http://lifesinventions.com/index.cfm?fuseaction=product.display&Product_ID=2385&CFID=17420493&CFTOKEN=53095688
Rob
First story
Home Office laptop with a CD hidden under the keyboard was found after being sold on Ebay.
The ramifications of this, in light of 'lost' data discs, are staggering:
http://news.zdnet.co.uk/security/0,1000000189,39352977,00.htm
Second Story
Computer scientists from the University of Cambridge announced this week
that debit- and credit-card readers in the U.K. do not encrypt data to
the PIN pad, allowing sensitive information to be stolen
http://www.securityfocus.com/brief/692
Third Story
Pakistan drops the BGP bomb and shuts off YouTube for large parts of the Internet. Far more far-reaching
than just the Youtube story, this incident is an early warning on the Internet itself - and a good reminder
of the real root cause of all security problems - the problem of trusting trust.
http://www.eweek.com/c/a/Security/Pakistan-Drops-the-BGP-Bomb/
The Result!
This month the judging was done by Alan Paris, Group ICT Manager at Pentlands Science and Research Park.
After much consideration, Alana arrived at the decision to opt for the Chip & Pin card reader vulnerability story. It was a tough one but this story won out in the end due to the use of the ubiquitous paper clip. Not only a handy way to keep bits of paper together, but also the most useful tool in any toolkit when bent just right and now a way to steal money!!
Hopefully this wont lead to security consultants being arrested for possession of hacking tools when handing in expenses.....
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/11/AR2008011103785.html
|
|
