infosec4all.com

The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing. Supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, ENISA has conducted a risks assessment on cloud computing business model and technologies. The report provide also a set of practical recommendations.

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/

Foote Partners LLC released updated report on trends in IT skills, certifications, and pay. “[... the] trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations”. Click here to download a free copy of 2009 IT Skills Trends Report Update.

PCI Security Standards Council issues guidance and installation suggestions for testing and deploying 802.11 Wireless Local Area Networks.

More…

This is nothing new. I already blogged about covert channels and how publicly  available data can be used to accurately guess personal information.

[...]Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data [...] The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, [...] results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies [...]

Full article.

The Office of Cyber Security (OCS), dedicated to protecting Britain’s IT infrastructure, will be created in line with a model proposed — and in part practised by the US.

The government will develop information systems to allow it to launch denial-of-service attacks and to spy on chosen targets…

At the same time Defense Secretary Robert Gates ordered the establishment of a U.S. Cyber Command to protect military networks and organize digital security efforts underway at the Pentagon.

The command also is charged with “synchronizing warfighting effects across the global security environment, as well as providing support to civil authorities and international partners,” according to a memo issued Tuesday by Gates to senior military officials.

BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
For more information visit: http://remote-exploit.org/backtrack.html

I already wrote about this topic. It cannot be stressed enough that credit card theft is not identity theft. However, an interesting video from CNN:

On Tuesday, January 13, I will be talking about Identity theft at ISSA DC Chapter monthly meeting. Come and join us. Everyone is welcome.

This is a good opportunity to learn something about an issue that impacts all of us today and collect a few CPEs.

The aim of this presentation is to help security professionals to better understand identity theft, and to differentiate it from other related crimes. The presentation begins by describing the history of identity theft and explains how the process takes place. It introduces the notion of identity theft enablers, and identifies those that make the United States the most seriously affected country by this crime. We will see how legislation deals with the problem and how official statistics fail to properly account for the magnitude of the crime. Finally, we will learn about the real costs and recovery of the crime; both tangible and intangible.