Code Security: MidAmerican Energy's top priority after SQL injection attacks |
- Code Security: MidAmerican Energy's top priority after SQL injection attacks
- Hack Pack
- Female North Korean spy caught
- IBM red-faced after handing out USB drives stuffed with malware
- Iran to boost 'cyber war' deterrence
- Bluetooth technology to help track travel times
| Code Security: MidAmerican Energy's top priority after SQL injection attacks Posted: InfoSec News: Code Security: MidAmerican Energy's top priority after SQL injection attacks: http://www.csoonline.com/article/594613/Code_Security_MidAmerican_Energy_s_top_priority_after_SQL_injection_attacks By Bill Brenner Senior Editor CSO May 21, 2010 MidAmerican Energy Company is the largest utility in Iowa, strategically located in the middle of several major markets in the Midwest, providing service to more than 725,000 electric customers and more than 707,000 natural gas customers in a 10,600 square-mile area from Sioux Falls, S.D., to the Quad Cities area of Iowa and Illinois. This makes it a tempting target for an attacker bent on striking a blow to critical infrastructure. Under the direction of John Kerber, manager of information protection, MidAmerican did an extensive review of its security procedures and found that its spread-out network had to be tightened up, particularly when it came to Internet access. Since the company owns other utilities across the globe [including PacifiCorp, which provides power to a large swath of the West coast], there were too many Internet access points that could be targeted. More importantly, though, the company found its biggest problem in the code that makes up its myriad applications for everything from power distribution to online billing services. "Last May we had an incident where one of our web pages was exploited through an SQL injection flaw," Kerber said. "It was a wake-up call that we had vulnerabilities people could find out about." In tackling the problem from the beginning of the app development process, MidAmerican is following a growing trend in the infosec community that relies less on bolt-on defenses and more on code security. The code security trend includes the Rugged software movement, BSIMM -- the Building Security In Maturity Model -- and Microsoft's Security Development Lifecycle (SDL). [...] |
| Posted: InfoSec News: Hack Pack: Forwarded from: Justin Lundy <jblphx (at) gmail.com> http://www.miaminewtimes.com/2010-05-20/news/hack-pack/ By Tim Elfrink Miami New Times May 20 2010 Andres Torres was dozing on a couch with the blinds drawn when he heard a chorus of boots pounding the stairs. [...] |
| Female North Korean spy caught Posted: InfoSec News: Female North Korean spy caught: http://www.koreatimes.co.kr/www/news/nation/2010/05/117_66344.html By Park Si-soo Staff reporter Korea Times 05-23-2010 The National Intelligence Service and prosecutors said Sunday that they had a female North Korean spy in custody who obtained 'confidential' [...] |
| IBM red-faced after handing out USB drives stuffed with malware Posted: InfoSec News: IBM red-faced after handing out USB drives stuffed with malware: http://news.techworld.com/security/3224283/ibm-red-faced-after-handing-out-usb-drives-stuffed-with-malware/ By Maxwell Cooter Techworld 21 May 10 You might get more than you bargained for if you attend a security conference. IBM shocked delegates at the Australian AusCERT conference [...] |
| Iran to boost 'cyber war' deterrence Posted: InfoSec News: Iran to boost 'cyber war' deterrence: http://www.presstv.ir/detail.aspx?id=127386§ionid=351020101 Press TV 22 May 2010 Iranian Defense Minister Ahmad Vahidi has said technological advances have amplified the need for defensive preparations against "cyber war." "At present, information and communication technologies are of great [...] |
| Bluetooth technology to help track travel times Posted: InfoSec News: Bluetooth technology to help track travel times: http://www.chicagotribune.com/classified/automotive/ct-met-eisenhower-travel-times-0521-20100523,0,7325891.story By Jon Hilkevitch Tribune reporter May 23, 2010 Whoever thought that talking on a cell phone while driving would be considered a public service? [...] |
| You are subscribed to email updates from [ISN] InfoSec News Mailing List To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment