Compliance and Privacy News
Compliance and Privacy News )
Essential Reading for Today's Business 14th February 2006

in this issue:
  • iDefense WebCast Replay: The Rise of Online Islamic Propaganda
  • Rootkits and Other Concealment Techniques in Malicious Code - Live iDefense Webcast
  • Businesses Disregard Penetration Tests
  • iDefense Vulnerability Reports added

    Dear Visitor,

    We're back to our regular schedule of fortnightly newsletters, though we will put out a special edition when there's something really newsworthy. The feedback we've had said that last week's update was appreciated.

    With Islam in the news for all the wrong reasons at present, the replay of the webcast on extremist Islamic propaganda is very topical. And the webcast on rootkits continues the theme of topicality with Sony's little faux pas still very much in the news.

    As always, we welcome your comments - why not contribute to C&P yourself? Post a comment on your views, issues and experiences.

    Do also participate into our simple survey on Information Security Policies - it appears in the left hand margin on Compliance and Privacy. Do you have one in your organisation? If you do, is it comprehensive enough?

    Peter Andrews

    iDefense WebCast Replay: The Rise of Online Islamic Propaganda

    Numerous recent media articles have noted that al Qaeda is improving its information operations tactics through the use of the Internet, providing a means of anonymous communication and the dissemination of news on the group's military successes. This webcast reveals the frequent presence of Islamic Extremist Propaganda online and provide a clearer understanding of the different forms of IEP, based on the specific objective and approach of each type.

    The full Webcast is streamed to your Desktop - runtime 26 minutes. (Please note this is a replay and no interaction is possible. Requires speakers or headphones).

    Rootkits and Other Concealment Techniques in Malicious Code - Live iDefense Webcast

    In order for malicious code to provide its author with some benefit, it must be successful in four areas: propagation, infection, malicious actions and persistence. With the advent of multi-tasking computers, the increased popularity of networking in general, and the Internet in particular, the tools and techniques used by malicious code authors have improved considerably. This report will focus on these tools and techniques, concentrating on the evasion of first-line defenses, autostart considerations and rootkits.

    This iDefense Webcast is live on the 15th February 2006 at 2pm US EST, that is 7pm GMT. As usual we will mount the replay on the site a couple of days after the event. However to get full value it is worth participating live.

    Duration is between 30 and 60 minutes and you will need audio facilities on your computer.

    Businesses Disregard Penetration Tests

    Along with the The Confederation of British Industry, the CBI, Compliance and Privacy has found that its own survey on business vulnerability shows great apathy. The CBI is urging medium-sized firms to have robust security systems to prevent online attacks

    According to a recent CBI survey, 60% of medium-sized firms engage with their suppliers, partners or clients online. But 52% of these firms plan for no security measures whatsoever

    Our own simple survey into Penetration Testing shows the same cavalier disregard for even the most basic security measures. The results are astounding, worse than the CBI's figures:

    iDefense Vulnerability Reports added

    We've upgraded our Breaking News Page to include iDefense Vulnerability Reports.

    These reports help you trap vulnerabilities "as they are discovered", so, by adding them, we've made the Breaking news page even more valuable as a resource. If it's the only page you ever visit, that alone makes the site worthwhile for you. And it's free.

    The page has the most general newsfeeds in the top half, and the specific ones in the bottom half. It updates regularly, so check back at least daily

    Quick Links...


    Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.