Government - Page 41

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Navigating Open-Source Security Risks: The Pursuit of Memory Safety in Open-Source Software

Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled "Exploring Memory Safety in Critical Open Source Projects," led by prominent cybersecurity bodies, reveals some severe r...
Jun 27, 2024
  0

German State Abandons Microsoft for Linux and LibreOffice

The German state, Schleswig-Holstein, has decided to mo...
Apr 05, 2024
  0
5.ShakingHands Esm H115

White House Warns: Move to Memory-Safe Languages

The Office of the National Cyber Director (ONCD) emphas...
Mar 04, 2024
  0
4.Lock AbstractDigital Esm H115

Discover Government News

Joint effort on operating system

Joint effort on operating system

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Officials from Korea, China and Japan agreed over the weekend to jointly develop a Linux-based operating system. ... "With a Linux-based operating system, it is relatively easier to prepare security measures against computer virus attacks because of open source codes," an industry official said. "When Linux-based software is developed, Microsoft Windows' market dominance is likely to be weakened." ... The three countries came to the conclusion that open-source operating systems are more effective in protecting computer systems from hackers and developing the software industry, the Yomiuri Shimbun, a Japanese daily, said. . . .

Security needs better education for programmers

Security needs better education for programmers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It could be years before the results of education show up in software that is being sold, but the effort is needed more than ever because the problem is getting worse, officials said. Describing the problems facing Internet users, Hale said an increasing number of cyberattacks are done for profit. . . .

Richard Clarkes Legacy of Miscalculation

Richard Clarke's Legacy of Miscalculation

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In all the recent ruckus about the strained relationship between the Federal Government and the computer security community, it is fitting to now remember Richard Clarke. He's been grabbing headlines lately on the strength of a book claiming that he warned Bush about Al Queda but was ignored, a charge that might strike even Bush-haters as odd, given Clarke's illustrious record of causing nothing to be done about terrorism for all the time he was the head terrorism czar. What has he been really up to, instead? Hawking the yet-to-materialize threat of cyber-terrorism, on the theory that real terrorists want to virus and spam us to submission. This is the Terrorism --> Cyberterrorism Czar, folks, and the best excuse the Feds have for trying to tell us how to be secure. . . .

The Joke of Federal Cybersecurity Oversight

The Joke of Federal Cybersecurity Oversight

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Granted, popular enterprise technology is nowhere as secure as it should be, but today's federal cybersecurity woes result more from flawed technology management practices than flawed technology. To that end, we need to foster and reward innovative, effective management processes in the federal computer security arena and terminate the current technology management and oversight philosophy that tolerates and rewards idleness and mediocrity while doing little to actually eliminate them. The standards for acceptable cybersecurity are known: it's time to start holding the people in charge accountable to them. . . .

Security groups call for crisis coordination center

Security groups call for crisis coordination center

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two national task forces organized by the National Cyber Security Partnership called for a public awareness campaign, an early warning contact network and a national crisis coordination center to improve the nation's responses to cyber vulnerabilities, threats and incidents. Created last December at the National Cyber Security Summit, the task forces released their recommendations today for improving the nation's cybersecurity defenses. The National Cyber Security Partnership was formed to bring together private organizations and government agencies. . . .

Court orders Interior to disconnect systems from the Internet again

Court orders Interior to disconnect systems from the Internet again

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There has been a lot of talk of late about how the Federal Government is going to step in and make us all conform to computer security standards as a matter of law. Yet, it is hard to escape the creeping feeling that this same Federal Government has very little understanding of computer security. If CERT is the Federal idea of a central security clearinghouse, then the security community already largely sees it as a humorless joke. But perhaps even more frightening is how incompetant they are at securing their own networks. Perhaps its comes from the fact that their own money isn't involved -- but Federal legislation will have the same problem. . . .

DHS Gets Relegated to the Corporate Security Margin

DHS Gets Relegated to the Corporate Security Margin

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When the White House released the National Strategy to Secure Cyberspace in February last year, the guiding principle was to make it a "living document" capable of changing with the times and meeting the needs of a diverse Internet community. But in the year since its release, the strategy has had little or no impact on the security plans and investments of many of the companies that were supposed to be integral to its implementation, corporate IT executives say. And although some critical-infrastructure sectors have heeded the government's call to action, many corporate users still view the plan as irrelevant to the challenges they face. . . .

Inside the DoDs crime lab

Inside the DoD's crime lab

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Digital evidence comes in all shapes and sizes: pallets full of computers, a hard drive with an AK-47 bullet hole in it, audio tapes fished out of the ocean, mangled floppies, garbled 911 calls. Whenever U.S. government agencies investigating a crime or a cybercrime has digital evidence that's too difficult to analyze, they send it to the Department of Defense computer forensics lab. . . .

Internet Providers Sue Hundreds for Spam

Internet Providers Sue Hundreds for Spam

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Leading Internet companies, in an unusual joint effort among corporate rivals, announced six lawsuits Wednesday against hundreds of people accused of sending millions of unwanted e-mails in violation of the new federal law against "spam." Actions by Microsoft Corp., America Online Inc., Earthlink Inc. and Yahoo! Inc. represent the first major industry actions under the "can spam" legislation that went into effect Jan. 1. The suits were filed in federal courts in California, Georgia, Virginia and Washington state. . . .

Is password-lending a cybercrime?

Is password-lending a cybercrime?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The case in New York demonstrates several things. First, criminal statutes that allow civil lawsuits (like the RICO statute and others) inevitably result in distortions of the criminal law -- with potentially bad consequences for criminal defendants. They unnecessarily expand the scope of what is criminal. Second, even though the statute has been amended at least a half a dozen times, it's still hard for the courts to tell the difference between "damage" -- harming the system -- and "damages" -- harming the owner of the system in a way that results in quantifiable loss. It's time for Congress, or the Supreme Court, to clarify the matter once and for all. And while they're at it, they should take another hard look at what's meant by "unauthorized" access. . . .

Linux meets enterprise server challenge

Linux meets enterprise server challenge

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Government officials are beginning to sit up and take notice of the Linux operating system. A few years ago, Linux began appearing in data centers as information technology professionals discovered that the open-source operating system could easily tackle basic network tasks -- such as Web, file and print serving -- more cost-effectively than its commercial counterparts. . . .

Technical problems reported in e-voting

Technical problems reported in e-voting

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Computer scientists have been protesting the switch. They're particularly concerned that few of the computers provide paper records, making it nearly impossible to have meaningful recounts, or to prove that vote tampering hasn't occurred. Politicians, voter-rights advocates and even some secretaries of state have acknowledged that the systems could theoretically fail -- with catastrophic consequences. In several software and hardware tests, critics have shown it's easy to jam microchip-embedded smart cards into machines, or alter and delete some votes -- in some cases simply by ripping out wires. . . .

Alleged WebTV 911 hacker charged with cyberterrorism

Alleged WebTV 911 hacker charged with cyberterrorism

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It appears that the controversial 'cyberterrorism' clause of the USA-PATRIOT act is actively being enforced. A lot of good folks have convincingly argued against the both the term and the false understanding of hackers that the term conjures up. However, the details of the law have become important here; especially that you can be convicted of a felony even if you did not cause an ascertinable minimum of $5000 in damages. In the case of 911 fraud, we must admit that that makes sense. The price of readyness, of a fast response to 911 calls, would have to be paid regardless of the number of false emergencies there are, so it is impossible to prove a high cost associated with the calls themselves. However, intentionally attacking this readyness capability certainly seems like it should be a felony. Maybe the proponants of the term 'cyberterrorism' have a point after all? . . .

Companies Form Computer Security Lobby

Companies Form Computer Security Lobby

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Eleven of the nation's top computer security companies are forming a new organization to lobby on cyber-security issues in Washington, breaking ranks with the broader technology industry in hopes that a more cooperative approach to protecting the nation's critical information infrastructure will avert heavy-handed regulation by Congress and the White House. Leaders of the Cyber Security Industry Alliance (CSIA) stress that they remain wary of any government effort to regulate security practices. They are, however, willing to concede that some requirements, perhaps developed under existing federal laws, could improve computer security practices without foisting onerous mandates on businesses. . . .

Critical infrastructure data sought

Critical infrastructure data sought

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The private sector can voluntarily submit critical infrastructure information to the Homeland Security Department with a new program designed to protect such information. Starting Feb. 20, the Protected Critical Infrastructure Information (PCII) program will collect sensitive data about physical and cyber infrastructure according to regulations that will be posted online Feb. 19 and published in the Federal Register the following day. Public comment on the regulations could last up to 90 days. . . .

The first fallout from Cybergate

The first fallout from Cybergate

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This might be analogous to the difference between trespassing and "breaking and entering". It is a well known aspect of law that breaking into private property that has been explicitly locked is far more serious than if it was left open. If left open, the issues become muddied with those of entrapment; the act of encouraging a crime so that you can persecute it. If the Democratic memos were left completely unsecured, which appears to be the case here, it clouds the legal case against those who read them. . . .

States Balk at Joining Antiterrorism Database

States Balk at Joining Antiterrorism Database

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the earliest post-9/11 attempts at intergovernmental data sharing appears to be running aground as various states find that privacy, data security, and cost concerns outweigh the benefits of state-of-the-art criminal-tracking and -identification technology. Georgia and Utah are the most recent defectors. Both are charter members of the Multistate Antiterrorism Information Exchange, known as Project Matrix, which lets law-enforcement agencies share criminal-history, driver's-license, vehicle-registration, and other data to prevent terrorism. Gov. Olene Walker put a hold on Utah's participation Jan. 29 and formed a committee to assess the security and social implications. Georgia pulled out the next day. They join Alabama, Kentucky, Louisiana, Oklahoma, Oregon, and South Carolina, which have pulled out in the last six months. Six of the 16 states originally invited to participate remain and are recruiting new members. . . .

Bush budget sweeps in tech, cybercrime

Bush budget sweeps in tech, cybercrime

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

President George W. Bush on Monday proposed a $2.4 trillion federal budget that boosts spending on information technology and on computer crime investigation. The record budget request for the 2005 fiscal year, which begins Oct. 1, 2004, asks Congress to ignore a widening deficit of $521 billion and to increase defense spending by 7 percent and homeland security spending by 10 percent. . . .

Digital Signatures and European Laws

Digital Signatures and European Laws

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Electronic signatures are backed by valid European laws and thus qualified digital signatures have great potential. Strong digital signatures have great importance to all businesses who must do electronic transactions with European partners because they have a very deep juridical value. Once again, a secure digital signature warrants the authentication, integrity, confidentiality, and non-repudiation of a signatory; these are the most desired guarantees in e-business. Strong digital signatures thus have widespread use for high value e-commerce situations: everyone wants to be sure her/his contract is valid and there is no hacker interference. . . .

U.S. Takes Anti-Virus Role

U.S. Takes Anti-Virus Role

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The federal government yesterday announced a new, centralized system to alert the country to threats to computer systems, as a virulent worm continued to play havoc with e-mail around the world. The alert system, announced by the cybersecurity division of the Department of Homeland Security, will be a clearinghouse of information on hacking, viruses, worms and cyberterrorism. It will also be a place for consumers to learn about their systems' vulnerabilities and how to fight computer crime. . . .

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved