by Josh Arrington
Despite our nice little July 4th break in the U.S. this week’s news continues to suggest that 2011 has been anything but an IT security “holiday” for a number of organizations. Let’s take a look at some of the week’s biggest news items:
Big Brother, Where Art Thou? – Remember the consultant who was able to exploit a hardcoded, default password in a police cruiser’s digital video recorder system to gain access to controls and manipulate its use? We thought that was bad news, but now according to figures released by the Big Brother Watch, over 900 police officers and other staffers were subjected to internal discipline for breaching the data protection act (DPA) in the U.K. It’s one thing when law enforcement’s technology is susceptible to a data breach, it’s another when the actual officers are illegally viewing computer records for “non-policing purposes.” Talk about an abuse of privileges.
Not an Even Trade Between U.S. and China – A ThreatPost article details the arrest of a CME Group employee who allegedly stole trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange and passed them along to China. The implications here obviously are far reaching as the employee downloaded “thousands of files” containing “source code and proprietary algorithms” used by CME to run its trading systems.” What is unclear, however, is how he gained access to the systems—was it through an escalation of privilege to access this sensitive information?
IT Security Rewind, uh, Rewind – Clearly, we think it’s important to recap the week’s most important IT security related developments, so we are always excited to identify similarly detailed reports, like this one from Help Net Security, that covers recent security incidents. The report recaps some of the biggest events of the year—from RSA to Citibank—and highlights the impact of the breaches on the organizations and their users.
That’s it for this week—thoughts? Comments? Bring ‘em on.