NoticeBored blog

Cheapskate copycat 419 scammers

2009-11-07T21:03:00.007+13:00

The following extraordinary sentence launched yet another tedious social enginering 419 scam in my spam box: "Take notice that based on the UNITED NATIONS government inauguration of this committee...

Read more ...

Word-based email blacklisting

2009-11-04T09:27:00.001+13:00

Using banned-word lists to block spam may be a simple and hence cheap control but it may be too crude or simplistic to work properly. Blocking emails with "teen" in them, for example, is perhaps not...

Read more ...

Blogging policies

2009-11-02T15:50:00.005+13:00

A set of policies, presented as checklists or guidelines for employees, explains typical rules for employees who use blogs or other social media: "The Disclosure Best Practices Toolkit is a draft...

Read more ...

Blogging policy

2009-10-30T10:00:00.002+13:00

The CBC Blogging Manifesto is not unlike a skeleton corporate policy about blogging by employees. Even in this succinct original form, it would be an interesting advisory or discussion piece for...

Read more ...

New NB module on social networking

2009-10-28T20:07:00.002+13:00

Social networking has become extremely popular of late and is getting lots of coverage on new and traditional news media. Given the fact that a great deal of network/Internet use and applications...

Read more ...

Yet another inept 419er

2009-10-15T07:44:00.003+13:00

Some Nigerian thinks I was born yesterday: Content-Type: text/plain Content-Transfer-Encoding: 8bit Message-Id: Date: Wed, 14 Oct 2009 19:12:44 +0200 (CEST) From :The Honourable Officeof the...

Read more ...

Directions in Security Metrics Research

2009-09-03T08:42:00.004+12:00

NISTIR 7564 "Directions in Security Metrics Research" says: "Advancing the state of scientifically sound, security measures and metrics (i.e., a metrology for information system security) would...

Read more ...

Locational privacy

2009-09-02T11:49:00.002+12:00

The Electronic Freedom Foundation's paper on locational privacy explores the privacy issues relating to automatic road toll devices and similar systems that check the locations of users. Such...

Read more ...

HSBC fined for not protecting customer confidentiality

2009-09-01T19:11:00.002+12:00

Info4security published news about HSBC's privacy lapses: "The Financial Services Authority (FSA) has fined three HSBC firms over £3 million for not having adequate systems and controls in place to...

Read more ...

New security awareness module on privacy

2009-09-01T16:13:00.001+12:00

Privacy is both a narrow, intensely personal issue relating to the individual, and a broad democratic principle relating to society at large. It’s one of those things in life that perhaps we don’t...

Read more ...

Cradle-to-grave security awareness

2009-08-21T13:43:00.004+12:00

Today's release of Information Security 101 adds another valuable tool to the Information Security Manager's security awareness toolkit from IsecT Ltd. Information Security 101 was formally known...

Read more ...

Twitter admin email password reset incident

2009-08-07T11:09:00.002+12:00

Last month a story broke about employees of the company behind Twitter being hacked. TechCrunch has published details of the incident, and the comments on their story identify some of the possible...

Read more ...

Digital Forensics Mag

2009-08-07T10:37:00.004+12:00

A new magazine for fans of digital forensics will debut later this year, covering: • Cyber terrorism • Law • Management issues • Investigation technologies and procedures • Tools and...

Read more ...

Office comms risks and controls

2009-08-07T09:06:00.004+12:00

An article about responsible Twittering hints at a broader concern for all social media, and in fact all forms of communication between the office and the outside world. Examples in the article...

Read more ...

Tax passwords are valuable!

2009-08-06T10:30:00.003+12:00

The BBC reports that fraudsters are exploiting taxpayers' passwords to access an online Inland Revenue system in attempts to make fraudulent claims for tax refunds. They presumably obtain the...

Read more ...

Office and email security awareness

2009-08-06T10:23:00.003+12:00

We've released a thoroughly refreshed and updated awareness module on office security, covering physical and IT security in the workplace. It includes email security and security for other forms of...

Read more ...

Forensic examination of secondhand disks

2009-07-03T21:03:00.005+12:00

Used hard disks bought on an online auction site were found to contain personal and proprietary data. Some of the drives that had supposedly been erased yielded their secrets to forensic examination...

Read more ...

New awareness module on digital forensics

2009-06-30T14:28:00.002+12:00

Dear friends of NoticeBored, Digital forensics - the capture and analysis of digital evidence for use in court - is an increasingly important topic not just for law enforcement but for ordinary...

Read more ...

Writing workable infosec policies

2009-06-17T17:22:00.005+12:00

Writing in Computerworld, author Jennifer Bayuk offers some innovative suggestions on how best to write information security policies that are effective and workable in practice. I particularly like...

Read more ...

Appeals Court Protects White House Office E-mails

2009-05-21T11:08:00.001+12:00

From today's GigaLaw news: "A federal appeals court ruled that the office that has records about millions of possibly missing e-mails from the Bush White House does not have to make them public. The...

Read more ...

Pop Mechanics does infrastructure security

2009-03-26T12:50:00.002+13:00

Popular Mechanics gives the US national infrastructure a once-over from the perspective of its resilience to cyberwarfare, asking "How Vulnerable is U.S. Infrastructure to a Major Cyber Attack? Could...

Read more ...

Revised NIST security awareness/training standard

2009-03-24T11:38:00.004+13:00

I've been reading and thinking today about a revised NIST Special Publicatio SP800-16, currently released for public comment. If you are genuinely interested in making security awareness more...

Read more ...

How to fix SCADA security [not]

2009-03-24T09:40:00.004+13:00

In "A cautionary tale about nuclear change management" ComputerWorld blogger Scott McPerson discusses a few security incidents that have been linked to SCADA systems, picking out two causes: poor...

Read more ...

SCADA stories of 2008

2009-03-19T14:22:00.002+13:00

SCADA security specialists Digital Bond run an annual summary of the top SCADA security stories of the year before. Here are their lists for 2008, 2007 and 2006. In 2007, the story about...

Read more ...

Worming the Internet

2009-03-19T12:49:00.001+13:00

Unprecedented collaboration between ICANN, antivirus vendors, other malware security professionals and domain name registrars in US, China and elsewhere is seeking to neutralize the...

Read more ...