President Barack Obama issued a long-anticipated Executive Order for improving the nation’s cyber security late Tuesday. The Order, released on the same evening as President Obama addressed both chambers of Congress with his State of the Union Address called cyber attacks “one of the most serious national security challenges we must confront,” and put public and private owners of critical infrastructure in the U.S. on notice that they would need to work closely with the government to reduce the risk of crippling cyber attacks. President Obama issued the Order after Congress failed, in its last session, to agree on comprehensive cyber security legislation. Negotiations over the bill broke down over Republican amendments to a Democratic sponsored bill and concerns from the business community about the cost of complying with some of the more controversial provisions. Among those: a requirement that the Department of Homeland Security be able to audit […]
Search Results for "Privacy"
Update: Canadian Colleges Go Dark Following Expulsion of Whitehat
Editor’s Note: Updated to clarify that the sites were unreachable outside Canada, but accessible from IP addresses within that country and to add comment from Skytech on the Internet filtering. – PFR (1/22/2013) The web sites of a number of Canadian General and Vocational Colleges were unreachable from IP addresses outside Canada on Tuesday, after news spread that Dawson College, in Montreal, expelled a student who uncovered and reported security holes in a web-based student portal used at the school. The web site for Dawson College, dawsoncollege.qc.ca returned a 403 “Access Denied” message on Monday evening and Tuesday morning, along with the web sites for John Abbott College, the Collège de Maisonneuve and Cégep de Trois-Rivières. The schools all use the Omnivox software by local firm Skytech Communications to manage their student portals. The web site for Skytech Communications could not be reached either early Tuesday and returned the same 403 error. Calls […]
Student Exposes Gaping Hole In Software, Gets Expelled
The days of chasing down white-hat security researchers with packs of lawyers like they were criminals is long behind us – or is it? A new story out of Canada suggests that “killing the messenger” is still the preferred response of some organizations when presented with inconvenient truths about shoddy and insecure software. According to a story in Sunday’s National Post, a 20 year-old student at Dawson College has been expelled after he discovered and responsibly disclosed a gaping security hole in a management platform used by Dawson and many of Quebec’s General and Vocational Colleges” (or CEGEPs), which server around 250,000 students. Ahmed Al-Khabaz, a student in Dawson’s Computer Science program discovered the flaw while designing a mobile application to give students easier access to the campus’s Omnivox program, which is used to manage a wide range of student services. In an interview with National Post, Al-Khabaz said that […]
University Course Will Teach Medical Device Security
The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 “Medical Device Security” will teach graduate students in UMich’s Electrical Engineering and Computer Science program “the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.” It comes amid heightened scrutiny of the security of medical device hardware and software, as more devices connected to IP-based hospital networks and add wireless monitoring and management functionality. The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the US Food and Drug Administration (FDA) reported that software failures were the root cause of a quarter […]
Citing Facebook, Mobile Devices, FTC Updates Online Protections for Kids
The U.S. Federal Trade Commission issued updated rules on Wednesday that will ban online advertisers from tracking the online behavior of children without explicit consent from their parents. In a press conference in Washington D.C, FTC Chairman Jon Leibowitz announced new guidelines for implementing the Children’s Online Privacy Protection Act (COPPA). Among other things, the changes expand the list of information that cannot be collected from children without parental consent to include photographs, videos and audio recordings of children and geo-location information. “Unless you get parental consent, you may not track children and use their information to build massive profiles of online behavior,” said FTC Chairman Leibowitz. The new rules are a major revision to the COPPA rule, which was first passed in 1998. The law is a kind of privacy Bill of Rights and applies to children 13 years old and younger. Speaking at a press conference on Wednesday afternoon, […]
