您現在的位置: 首頁

用戶也懶得更改默認密碼

二月 22, 2012 通過 發表評論

Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords.

To collect the responses, ElcomSoft was running a questionnaire during the last few months. After gathering a statistically significant sample, the company discovered interesting information about its customers’ habits and preferences in regards to IT security.

Less than 50% of all respondents come from Computer Law, Educational, 財經, Forensics, 政府, Military and Scientific organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

通過 用戶也懶得更改默認密碼.

提出在: 技術字節 標籤: , , , , , , , ,

衝突發生時,當遵守中美. 和E.U. 法律 | 企業法律顧問 (凱瑟琳·鄧恩)

二月 22, 2012 通過 發表評論

As companies in the U.S. work to comply with laws such as the Foreign Corrupt Practices Act (反海外腐敗法), they often conduct internal investigations that rely, 部分, on collecting information from employees, such as documents and emails. It’s all perfectly legal in the U.S., but it can quickly lead to potential conflict when in-house lawyers also have to navigate European Union regulations on data protection—laws that guard employee privacy, even for information stored on company computers and servers.

Now imagine a scenario in which that information is even harder to obtain. Such appears to be the case under the E.U.’s new data-protection proposal.

“Currently, one of the ways that in-house counsel manage this potential conflict of laws is obtaining genuinely voluntary employee consent,” says Jim Halpert, a partner in DLA Piper’s communications, e-commerce, and privacy practice in Washington, DC. “The proposed [E.U.] regulation would declare employee consent—even if freely given—to be per se invalid.”

通過 衝突發生時,當遵守中美. 和E.U. 法律.

提出在: 從新聞 標籤: , , , , , , , , ,

的R-E-S-P-E - ç - T, 跨境電子發現 : 隱私法博客 (諾蘭戈德堡)

二月 21, 2012 通過 發表評論

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[在]here possible in the context of the proceedings before them, 美國. 聯邦, 國家, territorial, tribal and local courts consider and respect, 適當, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

The full text of the resolution and accompanying report (“報告”) can be found here.   In supporting its resolution, the ABA noted that “[升]itigants often face a Hobson’s Choice: violate foreign law and expose themselves to enforcement proceedings that have included criminal prosecution, or choose noncompliance with a U.S. discovery order and risk U.S. sanctions ranging from monetary costs to adverse inference jury instructions to default judgments.” Report at p. 2.   As “U.S. law already provides a clear and workable standard for resolving the conflict” the ABA believes that Courts should give more consideration “to the national interests behind the non-U.S. laws” such that the comity factors are weighed and applied “in a manner that demonstrates respect for those laws and the principles of international comity.” Report at p. 17.

The ABA’s involvement with this issue is particularly timely, as it has recently become apparent that new data analytic technologies have weakened the effectiveness and reliability of anonymization, one of the primary mechanisms available to litigants to navigate cross border discovery conflicts. See e.g., The Practice of Law in the Age of Big Data, 納特. L. J., 四月 11, 2011.

通過 的R-E-S-P-E - ç - T, 跨境電子發現 : 隱私法博客.

提出在: 從新聞 標籤: , , , , , , , ,

跨境數據流風險 : 信息“組 (W·斯科特百馬)

二月 21, 2012 通過 發表評論

Physical borders may be technically irrelevant in the age of online business, global corporate groups, 和雲計算, but they retain legal and cultural significance. Some recent developments in data privacy law around the world suggest that the “free flow of information” is becoming more conditional, and that enterprises will have to be nimble to meet the expectations of regulators, 消費者, and employees when the organization wants to move personally identifiable data from one country to another.

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries.  While the rules may soon become more uniform in the EU, they are still new and uncertain in many other countries.

歐盟

一月 2012, the European Commission published a proposed Regulation that would replace the 1995 EU Data Protection Directive. While national practices differ considerably under the 1995 framework directive, the Regulation would establish a much more consistent European approach to data protection rights and enforcement.

The Regulation would continue to authorize data transfers to “white-listed” jurisdictions with EU-style comprehensive data protection laws (such as Switzerland, 阿根廷, 以色列, 和, for most purposes, 加拿大的). It would also continue to recognize data transfers to US “Safe Harbor” companies and transfers protected by EU-approved standard contract clauses (“model contracts”) or binding corporate rules (“BCRs”), as well as transfers relying on informed consent. These have been subject to divergent national interpretations and procedures, 不過, and the Regulation aims to eliminate these differences.

通過 跨境數據流風險 : 信息“組.

提出在: 從新聞 標籤: , , , , , , ,

微軟Office應用程序到iPad? | 信號強度 – CNET科技資訊網

二月 21, 2012 通過 發表評論

Microsoft Office Suite may soon come to the Apple iPad, according to a report by The Daily.

週二, the blog reported that its sources say that an Microsoft app that will include Office programs, 字, Excel中, and PowerPoint will soon be submitted to the Apple App Store. The blog first noted the existence of an iPad version of the Microsoft Office Suite in November.

The Daily said that it’s had some hands-on experience with the new app. The user interface is supposedly similar to the current OneNote app. There is also some resemblance to Metro, the new design language used on Windows Phone and the soon to be released Windows 8 桌面操作系統.

The Daily said that Word, Excel and PowerPoint will be supported and users will be able to create and edit these documents locally or online. But the blog said it’s unclear if other Office apps will be supported.

通過 微軟Office應用程序到iPad? | 信號強度 – CNET科技資訊網.

提出在: 技術字節 標籤: , , , , , , , ,

美國. 參議員尋求海外賄賂法的清晰度 | 路透社 (阿魯娜 Viswanatha)

二月 21, 2012 通過 發表評論

Two Democratic senators urged the U.S. Justice Department on Thursday to explain what it considers a bribe of a foreign official, saying the lack of clarity has led companies to devote disproportionate resources to complying with the law.

Senator Chris Coons of Delaware and Senator Amy Klobuchar of Minnesota asked Attorney General Eric Holder to clarify how the Justice Department interprets the Foreign Corrupt Practices Act (反海外腐敗法), which bars bribes to foreign officials, and under what circumstances it would pursue a bribery case.

美國. government has stepped up enforcement of the FCPA, extracting $1.8 billion in sanctions from 23 companies in 2010, according to an industry blog called the FCPA Blog.

通過 美國. 參議員尋求海外賄賂法的清晰度 | 路透社.

提出在: 從新聞 標籤: , , , , , , , , ,

雲安全是所有關於可視性和控制 | CFOworld (托爾Olavsrud)

二月 19, 2012 通過 發表評論

It’s an oft-repeated mantra: Organizations engaged in or investigating cloud computing in any of its many flavors are concerned about security. 事實上, concerns about security, data privacy and data residency are often cited as inhibitors to cloud adoption. But are the concerns justified? Some security experts say visibility and control are the missing elements.

In a recent study of IT and business executives, CompTIA的, the IT industry association, 發現 50 percent of respondents cited greater reliance on Internet-based applications like cloud computing and software-as-a-service as a driving factor in their cyber security concerns. But a number of cloud experts say that in many ways data in the cloud is more secure than in an on-premise installationor at least rapidly becoming that wayespecially for smaller organizations that don’t have the resources to dedicate to security technology and expert staff.

通過 雲安全是所有關於可視性和控制 | CFOworld.

提出在: 技術字節 標籤: , , , , , , , ,

技術透視: 開始使用數據可視化的圖片 – 黑暗讀 (約翰·索耶)

二月 19, 2012 通過 發表評論

Security pros responsible for log analysis and digital forensic investigations today have so much data to analyze that it can be difficult to make heads or tails of it without the proper tools to parse, 優先級, and identify the valuable information.

Sometimes obscure log entries can be easily deciphered with a simple search on the Internet. But other times, there are too many results and it’s hard to wade through them to find the correct information. Many organizations have adopted security information and event management (SIEM) solutions to help with the correlation and prioritization of security data in order to turn it into actionable information. Once properly configured and tuned, SIEMs can certainly make a big difference. But often, the SIEM’s greatest feature turns out to be the ability to take the data and visualize it in a way that the analysts can easily spot patterns or peaks in activity indicating a problem.

Data visualization, or the simplest terms, the visual representation of data, is nothing new. The last two decades have seen an increase in interest in it as researchers, security pros, and vendors have worked to visualize computer-related data in meaningful ways. 在 2004, I saw the first data visualization presentation focused on security data visualization at a small hacker conference in Atlanta conference called Interz0ne. Greg Conti gave a fascinating talk that showed many different graphical representations of port scans and attacks that I’d analyzed on a regular basis using an intrusion detection system (IDS), packet sniffer, and network flow data. (PDF格式). The way the activity popped out was eye-opening.

通過 技術透視: 開始使用數據可視化的圖片 – 黑暗讀.

提出在: 技術字節 標籤: , , , , , , , , ,

BBC新聞 – 專利: 蘋果贏得了摩托羅拉 ‘幻燈片解鎖’ 裁決

二月 19, 2012 通過 發表評論

Apple has won a patent dispute against Motorola Mobility regarding a “幻燈片解鎖” feature on smartphones.

The judgement marks Apple’s first patent victory over Motorola in any part of the world.

Patent consultant Florian Mueller said the ruling could affect patent disputes involving Android device makers worldwide.

Motorola said it planned to appeal and the judgement would haveno impacton supply or future sales.

A spokeswoman for Motorola said: “Today’s ruling in the patent litigation brought by Apple in Munich, 德, concerns a software feature related to phone unlocking in select Motorola devices sold in Germany.

Motorola has implemented a new design for the feature. 因此,, we expect no impact on current supply or future sales.

Apple said it would not be commenting on the decision.

通過 BBC新聞 – 專利: 蘋果贏得了摩托羅拉 ‘幻燈片解鎖’ 裁決.

提出在: 技術字節 標籤: , , , , , , , ,

美國. 陸軍使用Pinterest? 先生, 是的,先生! | 混搭 (亞歷克斯菲茨帕特里克)

二月 19, 2012 通過 發表評論

Pinterest, the social image-sharing site that has exploded in popularity over the past few months, has found itself with a strange bedfellow: 美國. 陸軍.

The Army’s Pinterest boards include topics such as “Goodwill,” “Humanitarian Relief,” and “HOOAH!.” Each board is designed to show some aspect of Army life and the Army’s mission or to connect with Army families (“DIY & Decor,” for instance, might be a favorite among Army moms).

It may seem strange for the Army to have a presence alongside the companies that dominate Pinterest, such as fashion, do-it-yourself (DIY) advice and retail brands. But Juanita Chang, director of the U.S. Army’s online and social media division, says that it’s important for the Army to be on different platforms so it can reach people it can’t find anywhere else.

通過 美國. 陸軍使用Pinterest? 先生, 是的,先生!.

提出在: 技術字節 標籤: , , , , , , , , ,
« 較舊的文章