Ahhhh….Friday!

Here’s the list for today:

Introduction to Identity Management – Part II – A topic that is on everyone’s mind.

Before we delve any deeper into IDM, we should take a moment to acknowledge three “interim solutions” to the IDM problem that have supported IT for many years. Each of these solutions was designed to support centralized credentials for a specific class of system.

Student evades Cisco NAC; gets suspended – Should the student be suspended for bypassing the default setting on the device that the Administrator left unchanged?

The exploit was the work of a sophomore who was suspended for doing it, and further use of the weakness has been blocked by changing a setting on the Cisco Clean Access box involved, according to Cisco.

NY teen hacks AOL, infects systems – That’s quite the list of alleged exploits.

In a complaint filed in Criminal Court of the City of New York, the DA’s office alleges that, between December 24, 2006 and April 7, 2007, 17-year old Mike Nieves committed offenses like computer tampering, computer trespass and criminal possession of computer material.

Bot Infections Surges to 1.2 Million – Something needs to be done.

The number of compromised computers that are part of a centrally controlled bot net has tripled in the past two weeks, according to data gathered by the Shadowserver Foundation, a bot-net takedown group.

The weekly tally of bot-infected PCs tracked by the group rose to nearly 1.2 million this week, up from less than 400,000 infected machines two weeks ago. The surge reversed a sudden drop in infected systems–from 500,000 to less than 400,000–last December.

Project Honey Pot Files Massive Anti-Spam Suit Against Millions of IP Addresses – I guess that’s one tactic.

An anti-spam organization that collected millions of spam messages sent to fake email addresses seeded on volunteers’ websites and blogs filed a lawsuit against every spammer who harvested those addresses and spammed them. The suit, filed in the Eastern District of Virginia, seeks more than $1 billion in damages. The suit names John Doe defendants based on their IP addresses.

Pen-test cost versus being sued – No one wants to pay the money up front…but they typically regret after the fact.

I had to laugh, well kind of anyways, when I saw the following article. Reason being is that I have had clients in the past balk at the cost of my per diem, and by extension the pen-test that I was contracted for. Well, if you factor in the cost of a class action lawsuit, or simple litigation, guess which is by far cheaper. Much as I stated to the client, is that my fee, while four figures, is a heck of a lot less then being sued for not practicing due diligence. Having a yearly pen-test of vulnerability assessment done is no longer an option, but a business necessity.