You are here: Home

Users don’t bother changing default passwords

February 22, 2012 By Leave a Comment

Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords.

To collect the responses, ElcomSoft was running a questionnaire during the last few months. After gathering a statistically significant sample, the company discovered interesting information about its customers’ habits and preferences in regards to IT security.

Less than 50% of all respondents come from Computer Law, Educational, Financial, Forensics, Government, Military and Scientific organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

via Users don’t bother changing default passwords.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

Conflicts Arise When Complying With U.S. and E.U. Laws | Corporate Counsel (Catherine Dunne)

February 22, 2012 By Leave a Comment

As companies in the U.S. work to comply with laws such as the Foreign Corrupt Practices Act (FCPA), they often conduct internal investigations that rely, in part, on collecting information from employees, such as documents and emails. It’s all perfectly legal in the U.S., but it can quickly lead to potential conflict when in-house lawyers also have to navigate European Union regulations on data protection—laws that guard employee privacy, even for information stored on company computers and servers.

Now imagine a scenario in which that information is even harder to obtain. Such appears to be the case under the E.U.’s new data-protection proposal.

“Currently, one of the ways that in-house counsel manage this potential conflict of laws is obtaining genuinely voluntary employee consent,” says Jim Halpert, a partner in DLA Piper’s communications, e-commerce, and privacy practice in Washington, D.C. “The proposed [E.U.] regulation would declare employee consent—even if freely given—to be per se invalid.”

via Conflicts Arise When Complying With U.S. and E.U. Laws.

Filed Under: From The News Tagged With: , , , , , , , , ,

R-E-S-P-E-C-T, Cross-Border E-discovery : Privacy Law Blog (Nolan Goldberg)

February 21, 2012 By Leave a Comment

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[W]here possible in the context of the proceedings before them, U.S. federal, state, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

The full text of the resolution and accompanying report (the “Report”) can be found here.   In supporting its resolution, the ABA noted that “[l]itigants often face a Hobson’s Choice: violate foreign law and expose themselves to enforcement proceedings that have included criminal prosecution, or choose noncompliance with a U.S. discovery order and risk U.S. sanctions ranging from monetary costs to adverse inference jury instructions to default judgments.” Report at p. 2.   As “U.S. law already provides a clear and workable standard for resolving the conflict” the ABA believes that Courts should give more consideration “to the national interests behind the non-U.S. laws” such that the comity factors are weighed and applied “in a manner that demonstrates respect for those laws and the principles of international comity.” Report at p. 17.

The ABA’s involvement with this issue is particularly timely, as it has recently become apparent that new data analytic technologies have weakened the effectiveness and reliability of anonymization, one of the primary mechanisms available to litigants to navigate cross border discovery conflicts. See e.g., The Practice of Law in the Age of Big Data, Nat. L. J., April 11, 2011.

via R-E-S-P-E-C-T, Cross-Border E-discovery : Privacy Law Blog.

Filed Under: From The News Tagged With: , , , , , , , ,

Transborder Data Flows at Risk : Info Law Group (W Scott Blackmer)

February 21, 2012 By Leave a Comment

Physical borders may be technically irrelevant in the age of online business, global corporate groups, and cloud computing, but they retain legal and cultural significance. Some recent developments in data privacy law around the world suggest that the “free flow of information” is becoming more conditional, and that enterprises will have to be nimble to meet the expectations of regulators, consumers, and employees when the organization wants to move personally identifiable data from one country to another.

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries.  While the rules may soon become more uniform in the EU, they are still new and uncertain in many other countries.

European Union

In January 2012, the European Commission published a proposed Regulation that would replace the 1995 EU Data Protection Directive. While national practices differ considerably under the 1995 framework directive, the Regulation would establish a much more consistent European approach to data protection rights and enforcement.

The Regulation would continue to authorize data transfers to “white-listed” jurisdictions with EU-style comprehensive data protection laws (such as Switzerland, Argentina, Israel, and, for most purposes, Canada). It would also continue to recognize data transfers to US “Safe Harbor” companies and transfers protected by EU-approved standard contract clauses (“model contracts”) or binding corporate rules (“BCRs”), as well as transfers relying on informed consent. These have been subject to divergent national interpretations and procedures, however, and the Regulation aims to eliminate these differences.

via Transborder Data Flows at Risk : Info Law Group.

Filed Under: From The News Tagged With: , , , , , , ,

Microsoft Office app coming to iPad? | Signal Strength – CNET News

February 21, 2012 By Leave a Comment

Microsoft Office Suite may soon come to the Apple iPad, according to a report by The Daily.

On Tuesday, the blog reported that its sources say that an Microsoft app that will include Office programs, Word, Excel, and PowerPoint will soon be submitted to the Apple App Store. The blog first noted the existence of an iPad version of the Microsoft Office Suite in November.

The Daily said that it’s had some hands-on experience with the new app. The user interface is supposedly similar to the current OneNote app. There is also some resemblance to Metro, the new design language used on Windows Phone and the soon to be released Windows 8 desktop operating system.

The Daily said that Word, Excel and PowerPoint will be supported and users will be able to create and edit these documents locally or online. But the blog said it’s unclear if other Office apps will be supported.

via Microsoft Office app coming to iPad? | Signal Strength – CNET News.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

U.S. senators seek clarity on foreign bribery law | Reuters (Aruna Viswanatha)

February 21, 2012 By Leave a Comment

Two Democratic senators urged the U.S. Justice Department on Thursday to explain what it considers a bribe of a foreign official, saying the lack of clarity has led companies to devote disproportionate resources to complying with the law.

Senator Chris Coons of Delaware and Senator Amy Klobuchar of Minnesota asked Attorney General Eric Holder to clarify how the Justice Department interprets the Foreign Corrupt Practices Act (FCPA), which bars bribes to foreign officials, and under what circumstances it would pursue a bribery case.

The U.S. government has stepped up enforcement of the FCPA, extracting $1.8 billion in sanctions from 23 companies in 2010, according to an industry blog called the FCPA Blog.

via U.S. senators seek clarity on foreign bribery law | Reuters.

Filed Under: From The News Tagged With: , , , , , , , , ,

Security in the Cloud Is All About Visibility and Control | CFOworld (Thor Olavsrud)

February 19, 2012 By Leave a Comment

It’s an oft-repeated mantra: Organizations engaged in or investigating cloud computing in any of its many flavors are concerned about security. In fact, concerns about security, data privacy and data residency are often cited as inhibitors to cloud adoption. But are the concerns justified? Some security experts say visibility and control are the missing elements.

In a recent study of IT and business executives, CompTIA, the IT industry association, found that 50 percent of respondents cited greater reliance on Internet-based applications like cloud computing and software-as-a-service as a driving factor in their cyber security concerns. But a number of cloud experts say that in many ways data in the cloud is more secure than in an on-premise installation–or at least rapidly becoming that way–especially for smaller organizations that don’t have the resources to dedicate to security technology and expert staff.

via Security in the Cloud Is All About Visibility and Control | CFOworld.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

Tech Insight: Getting The Picture With Data Visualization – Dark Reading (John Sawyer)

February 19, 2012 By Leave a Comment

Security pros responsible for log analysis and digital forensic investigations today have so much data to analyze that it can be difficult to make heads or tails of it without the proper tools to parse, prioritize, and identify the valuable information.

Sometimes obscure log entries can be easily deciphered with a simple search on the Internet. But other times, there are too many results and it’s hard to wade through them to find the correct information. Many organizations have adopted security information and event management (SIEM) solutions to help with the correlation and prioritization of security data in order to turn it into actionable information. Once properly configured and tuned, SIEMs can certainly make a big difference. But often, the SIEM’s greatest feature turns out to be the ability to take the data and visualize it in a way that the analysts can easily spot patterns or peaks in activity indicating a problem.

Data visualization, or the simplest terms, the visual representation of data, is nothing new. The last two decades have seen an increase in interest in it as researchers, security pros, and vendors have worked to visualize computer-related data in meaningful ways. In 2004, I saw the first data visualization presentation focused on security data visualization at a small hacker conference in Atlanta conference called Interz0ne. Greg Conti gave a fascinating talk that showed many different graphical representations of port scans and attacks that I’d analyzed on a regular basis using an intrusion detection system (IDS), packet sniffer, and network flow data. (PDF). The way the activity popped out was eye-opening.

via Tech Insight: Getting The Picture With Data Visualization – Dark Reading.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

BBC News – Patents: Apple wins over Motorola in ‘slide-to-unlock’ ruling

February 19, 2012 By Leave a Comment

Apple has won a patent dispute against Motorola Mobility regarding a “slide-to-unlock” feature on smartphones.

The judgement marks Apple’s first patent victory over Motorola in any part of the world.

Patent consultant Florian Mueller said the ruling could affect patent disputes involving Android device makers worldwide.

Motorola said it planned to appeal and the judgement would have “no impact” on supply or future sales.

A spokeswoman for Motorola said: “Today’s ruling in the patent litigation brought by Apple in Munich, Germany, concerns a software feature related to phone unlocking in select Motorola devices sold in Germany.

“Motorola has implemented a new design for the feature. Therefore, we expect no impact on current supply or future sales.”

Apple said it would not be commenting on the decision.

via BBC News – Patents: Apple wins over Motorola in ‘slide-to-unlock’ ruling.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

The U.S. Army Uses Pinterest? Sir, Yes Sir! | Mashable (Alex Fitzpatrick)

February 19, 2012 By Leave a Comment

Pinterest, the social image-sharing site that has exploded in popularity over the past few months, has found itself with a strange bedfellow: the U.S. Army.

The Army’s Pinterest boards include topics such as “Goodwill,” “Humanitarian Relief,” and “HOOAH!.” Each board is designed to show some aspect of Army life and the Army’s mission or to connect with Army families (“DIY & Decor,” for instance, might be a favorite among Army moms).

It may seem strange for the Army to have a presence alongside the companies that dominate Pinterest, such as fashion, do-it-yourself (DIY) advice and retail brands. But Juanita Chang, director of the U.S. Army’s online and social media division, says that it’s important for the Army to be on different platforms so it can reach people it can’t find anywhere else.

via The U.S. Army Uses Pinterest? Sir, Yes Sir!.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,
« Older Posts