Government - Page 33

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Navigating Open-Source Security Risks: The Pursuit of Memory Safety in Open-Source Software

Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled "Exploring Memory Safety in Critical Open Source Projects," led by prominent cybersecurity bodies, reveals some severe r...
Jun 27, 2024
  0

German State Abandons Microsoft for Linux and LibreOffice

The German state, Schleswig-Holstein, has decided to mo...
Apr 05, 2024
  0
5.ShakingHands Esm H115

White House Warns: Move to Memory-Safe Languages

The Office of the National Cyber Director (ONCD) emphas...
Mar 04, 2024
  0
4.Lock AbstractDigital Esm H115

Discover Government News

Commerce signs up for security training

Commerce signs up for security training

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Commerce Department has awarded a task order to the International Information Systems Security Certification Consortium, or (ISC)2, to provide an expanded information security education program for the department’s information security employees.

Government to force handover of encryption keys

Government to force handover of encryption keys

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Businesses and individuals may soon have to release their encryption keys to the police or face imprisonment, when Part 3 of the RIP Act comes into effect. The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts.

Open Source stacks shake up government security certifications

Open Source stacks shake up government security certifications

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Open-source stacks are poised to shake up the world of government security certifications, such as the National Institute of Standards and Technology's Federal Information Processing Standard 140-2 and the National Information Assurance Partnership's Common Criteria ratings. Agencies that must buy software to meet these standards are finding that an open-source, modular approach can provide new choices on the marketplace.

Protection From Prying NSA Eyes

Protection From Prying NSA Eyes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Imagine being the head of a major telecommunications company in the United States. You and your lawyers have developed a carefully worded privacy policy to conform with the law. In it you tell your customers that you do not share information about your customers' use of your services except for particular business purposes, and to ensure that the calls get through. You also tell your customers that you, of course, give information in response to lawful subpoenas or lawful mandates of law enforcement agencies. And that's about it.

Congress May Slap Restrictions On SSN Use

Congress May Slap Restrictions On SSN Use

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Democratic and Republican politicians on Thursday both promised to enact new federal laws by the end of the year that would restrict some commercial uses of Social Security numbers, which are often implicated in identity fraud cases. "Whether Social Security numbers should be sold by Internet data brokers to anyone willing to pay, indistinguishable from sports scores or stock quotes... to me, that's a no-brainer," Texas Republican Joe Barton, chairman of the U.S. House of Representatives Energy and Commerce Committee, said at a hearing. Such a practice should not be allowed, he said, "period, end of debate."

More Protections Urged for Medical Records

More Protections Urged for Medical Records

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

WASHINGTON D.C. -- The push for a national network of electronic medical records poses significant privacy risks at the same time that it promises to save lives, said members of a panel here at the Computer, Freedom and Privacy Conference on Wednesday.

New Security Glitch Found in Diebold System

New Security Glitch Found in Diebold System

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines. The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.

NIST Issues Draft Guidance For IT Security Metrics

NIST Issues Draft Guidance For IT Security Metrics

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The National Institute of Standards and Technology has released the initial public draft of its Special Publication 800-80 titled Guide for Developing Performance Metrics for Information Security. NIST is inviting public comment on the guidance, which provides a methodology for linking information security program performance to agency performance. It is a companion guide to SP 800-55, titled Security Metrics for Information Technology Systems, and uses security controls spelled out in a third NIST publication, SP 800-53 Recommended Security Controls for Federal Information Systems.

Military Students Get Lesson In Cyberwarfare

Military Students Get Lesson In Cyberwarfare

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In an obscure office park midway between Baltimore and Washington, about 50 men and women use laptop computers to break into networks at the nation's military service academies. When one of them is successful at penetrating a networked computer, they get up and ring a bell. "We hit a remote desktop on a workstation," one hacker proclaims. Everybody in the room breaks into applause, like the whole issue of national security is just a game -- and in this case, it is.

Government buys in to deperimeterised security

Government buys in to deperimeterised security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security deperimeterisation is at the heart of plans that underpin the Cabinet Office's high-profile transformational government programme, delegates at the Infosecurity Conference will be told today. Increasing demands for public sector bodies to exchange information and share IT services will mean that traditional approaches to security will no longer be appropriate, the Cabinet Office's security adviser will say. Steve Marsh, director of the Central Sponsor for Information Assurance, said that a new security architecture would play a key role in the transformational government plan.

Groundwork For Cybersecurity R&D Agenda Begins

Groundwork For Cybersecurity R&D Agenda Begins

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Bush administration has drafted a federal plan to improve cybersecurity research and development. Yesterday, the National Science and Technology Council, a Cabinet-level body that coordinates governmentwide science and technology policies, issued a preprint release of the “Federal Plan for Cyber Security and Information Assurance Research and Development.

Forensic felonies

Forensic felonies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new law in Georgia on private investigators now extends to computer forensics and computer incident response, meaning that forensics experts who testify in court without a PI license may be committing a felony. In the U.S. television show "Medium," Patricia Arquette's character uses her "special psychic skills" to help solve crimes. If a new law passed by the Georgia legislature but not yet signed by the Governor goes into effect, not only could Miss Arquette's character face legal troubles, but thousands of computer security consultants would face the very real threat of jail time - simply for plying their trade.

Future of NIST

Future of NIST

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Although it's less well known than some of the standards and models in place at many businesses today, an emerging framework being used within the federal government could help organizations improve their security, according to information security experts. NIST 800-53 was created in 2005 by the National Institute of Standards and Technology, as required by the Federal Information Security Management Act of 2002. It provides guidelines for selecting and specifying security controls for information systems that support the executive agencies of the U.S. government.

Whats the next security threat?

What's the next security threat?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In January this year, 20-year-old Jeanson James Ancheta pleaded guilty in a California court to charges that he had broken into government computers and taken control of them for purposes of fraud. He had planted Trojan software on the systems at the China Lake Naval Facility in California's Mojave Desert, enabling him to manipulate computers on the network there. He had then used the computers to generate hits on Web site advertisements, for which the advertisers paid according to the traffic they received.

Your tax info may not be as secure as you think

Your tax info may not be as secure as you think

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A rule change proposed by the U.S. Treasury Department and the Internal Revenue Service (IRS) has come under fire from privacy advocates who have taken issue with a clause allowing tax preparers to sell tax-return information to third parties. Introduced last December, the IRS change was proposed to update regulations that govern how tax preparers handle return information. These rules have not been changed since 1974, and the IRS wrote in the proposal that the revision will give preparers greater flexibility in the age of electronic filing.

Can UK law stop criminal hackers?

Can UK law stop criminal hackers?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

MPs are preparing to get tough on hackers as the law on computer misuse and hacking is up for a revamp. For some years now, critics of the Computer Misuse Act (CMA) 1990 have said that gaps in the legislation have made it very hard to prosecute anyone. As a result, this summer the CMA will be updated by the new Police and Justice Bill, which will increase the scope and strengthen the sanctions available against hackers.

US security agency scrutinises secure storage device

US security agency scrutinises secure storage device

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The US National Security Agency (NSA) and Treasure Department have expressed interest in a secure storage device that hard drive manufacturer Seagate is developing. Seagate spokesperson Michael Hall told vnunet.com that the company has met with the two US government agencies over its Momentus 5400 FDE technology. He said that the agencies are investigating the device's implications on their ability to fight organised crime, but stressed that so far they are only gathering information.

Nationwide data breach bill clears a hurdle

Nationwide data breach bill clears a hurdle

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Data Accountability and Trust Act (DATA) was approved by the U.S. House Energy and Commerce Committee last week and could soon be cleared by the House of Representatives. The bill, if passed, would mean all companies have to inform customers of security breaches that affect their personal data.

Consumer Data Security Bill Passes Out of House Committee

Consumer Data Security Bill Passes Out of House Committee

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A House committee this week unanimously approved a data security law that would establish federal standards for protecting personal information and would supersede state laws. The Data Accountability and Trust Act, (HR 4127), is one of a spate of bills introduced last year in the wake of publicity about the theft or loss of data that could lead to identity theft. The incidents came to light as a result of state laws requiring consumer notification of security breaches and spurred a consumer demand for tighter regulation.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved