NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

12.08.2006

 
TiVoToGo DRM cracked

posted by GeeWhiz Friday, December 08, 2006

 
Dead musicians lobby for copyright term extensions

posted by GeeWhiz Friday, December 08, 2006

 
Ohio U. names interim CIO to replace William Sams following security lapses that led to the firing of two IT workers - Malware wars: Are hackers on top? - From Andy

posted by GeeWhiz Friday, December 08, 2006



12.07.2006

 

U.S. outlines privacy safeguards - and reveals plans to mine personal data. "The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives...none of us will have the ability to know our own score, or to challenge it..."

government of the government, for the government, by the government. The terrorists have won, Im moving to Gaferut...

posted by Theobromine Thursday, December 07, 2006

 
A Critical Look at the Regulation of Cybercrime

posted by GeeWhiz Thursday, December 07, 2006

 
RIAA wants to pay artists less royalties for their content.

posted by The Captain Thursday, December 07, 2006

 
CFP2: 2007 International Workshop on Autonomous Intelligent Systems -- Agents and Data Mining

posted by GeeWhiz Thursday, December 07, 2006



12.06.2006

 
Enterprise Incident Response - Network and Disk Analysis

posted by GeeWhiz Wednesday, December 06, 2006

 
Podcast: Defense by Offensive Hacking - Vulnerability researcher Dave Aitel talks about simulated hacking attacks, penetration testing tools and techniques, the resiliency of Vista, and his unique take on the vulnerability disclosure debate

posted by GeeWhiz Wednesday, December 06, 2006



12.05.2006

 
FBI taps cell phone mic as eavesdropping tool

posted by GeeWhiz Tuesday, December 05, 2006

 
FBI computer system short on funds - MySpace building sex offender database - Hackers hit Naval War College computer network - From Tom

posted by GeeWhiz Tuesday, December 05, 2006

 
Security Of Electronic Voting Is Condemned

posted by Ed Tuesday, December 05, 2006

 
Cat and mouse, on the web

posted by GeeWhiz Tuesday, December 05, 2006

 
Amendments to the Federal Rules of Evidence, Federal Rules of Civil Procedure, and Federal Rules of Criminal Procedure took effect Friday. There seems to be a lot of misinformation out there which is typical when non-lawyers try to make sense of the law. Being a non-lawyer myself, I shall endeavor to add to the noise!

In short, the new rules state that organizations must track data collected and, should they become aware of pending legal action, endeavor to preserve all relevant data. The outcome is that all organizations need to have document retention and destruction policies in place. These policies must be adhered to in a consistent manner in order to avoid the appearance of impropriety. Documents (like email) may be safely destroyed in a manner consistent with this policy. However, once an organization becomes aware of a lawsuit that may affect these records, the organization must endeavor to preserve all relevant evidence in order to avoid the appearance of impropriety. This requires that the organization be aware of what sort of records they have. This is a good reason for organizations to limit what data is collected and retained as a systematic part of managing corporate liability.

The history of this clarification is in the Enron case. Arthur Andersen had document destruction policies in place but failed to follow them. When served with a subpoena in the Enron case, AA officials suddenly "followed" their policy by shredding tons of documents and by deleting email. Deleting a file NEVER really deletes it so many of the emails were later recovered. This created the appearance of impropriety and doomed them before the court. AA is no longer allowed to even practice accounting as a result. Lesson learned: If they had adhered to their policies in a consistent manner, they still would have been "wrong" in the big picture sense but they would have been within their rights under the law.

Certain records like financial statements, medical data, etc. have legal retention periods. Ensure that any policy created adheres with these requirements. Email Retention Policy (sample policy): Specify an online retention period of roughly 3-6 months, an of roughly 12-24 months. The time interval is going to vary widely based upon the organizational goals, objectives and liabilities. This type of decision making should really flow from the top but the hard part is that "the top" may be a group of people with diverse backgrounds and little understanding of the importance of such policies in terms of managing legal liabilities.

Document Retention and Destruction Post-Arthur Andersen: What Can You Destroy? - Perfecting the Document Destruction Policy - A Brave New World

Note: I am not an attorney. This is not legal advice. If you require legal advice, please consult with an attorney.

posted by GeeWhiz Tuesday, December 05, 2006

 
E-Mail Retention: The High Cost of Digging Up Data

posted by GeeWhiz Tuesday, December 05, 2006



12.04.2006

 
VoIP Security - Does it exist? by Sheran Gunasekera

posted by Ed Monday, December 04, 2006

 
What's on Tap for IT Pros in 2007? By Deborah Rothberg

posted by Ed Monday, December 04, 2006



12.03.2006

 
Tools from last week's labs - tcpxtract is a tool for extracting files from network traffic based on file signatures. tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging.

posted by GeeWhiz Sunday, December 03, 2006

 
Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet by Robert Hale II

posted by GeeWhiz Sunday, December 03, 2006





This page is powered by Blogger.
Site Meter Locations of visitors to this page