**********************************************************************
The OCSIG Security News Overview - Ottawa, Canada
**********************************************************************
OCSIG Council :
President : Edward E. Johnson CISSP
Vice President : Carol Sullivan CISSP
Past President : Maynard Hanscom CISSP
Secretary : Peter A. Thomas B.Sc., ACA., ACIS.,
Gord Larose CISSP, Ron Chuchryk CA,CISA,CFE
Ernest Chadler PEng,MBA,CMA,
John Hopkinson CISSP, Mervyn Berridge-Sills M.A.
Alice Sturgeon, Fred Carter CISSP
OCSIG Email : tenovus@ncf.ca
gparm@sympatico.ca
Tel. : 613 - 829 - 4319
Fax : 613 - 726 - 9134 (24/7)
**********************************************************
Visit < http://www.cccure.org> for OCSIG and CISSP
**********************************************************
OCSIG - SECURITY NEWS LETTER :
Vol 3.Number 2069, March, 2006
**********************************************************
CONTENTS :
***************
OCSIG - Where are the bucks? Drug-related or cyber-crime activity?
OCSIG - IT Job Universe - A helping Hand to all in Security.
OCSIG - Canada - Interesting Notes from all corners
OCSIG - Ottawa's Own IT Magazine " The Monitor "
OCSIG - Sachet of 500 Free Tools for Download !!
OCSIG - Available for Download Sarbanes-Oxley Compliance WhitePaper
OCSIG - Our Dan Swanson - A Must for Researchers
OCSIG - Bernard A. Hodson : Armageddon Thwarted II !
OCSIG - Open Study CISSP Site : Clement Dupuis CD CISSP
OCSIG - The Third ISESTORM - Barcelona Spain
OCSIG - Dr. Urs E.Gattiker - Fighting spam :obstacles we need to move
OCSIG - Dr. Mich Kabay- Internet links pose image and legal problems
OCSIG - Frank R Zeitlhofer - Sarbanes Oxley - Historical review ?
OCSIG - The Foundation
*******************************************************************************
OCSIG - Where are the bucks? Drug-related or cyber-crime activity?
******************************************************************************
Recently quotes based on DATA from December 2005 have stated :-
'Last year was the first year that proceeds from cybercrime were greater
than proceeds from the sale of illegal drugs, and that was, I believe, over
$US105 billion.'
This was a quote mentioned during a presentation at the German Business
Informatics conference 2006 in Passau, see here for some cybercrime
presentations:
http://freebies.weburb.org/newsservice/link/3918/http://www.mkwi06.de/
The presentation presented various taxonomies and categorizations
comparing those provided by the:
- cybercrime convention, as well as those use by
- KOBIT (the Swiss federal police webpage used for Internet crime
reporting by the public).
An Abstract can be found here:
http://freebies.weburb.org/newsservice/link/3918/http://casescontact.org/
press_rel_view.php?ID=42
The presentation then proceeded and outlined how these claims and
estimates lack any theoretical, definitional and statistical basis for taking
them serious in comparison to these provided by the UN Office on Drug
and Crime (UNODC).
The presentation then went on and illustrated how the claims made by
various agencies regarding cybercrime lack:
- content validity,
- reliability,
- basis for generalization
and so on using various examples that you can look at downloading the
slides here:
<http://freebies.weburb.org/newsservice/link/3918/http://brief.weburb.dk/fr
ame.php?loc=archive/00000213/>
The above, including the related stories with links to further documents and
research indicate that we are left with much work before we will have a
better understanding of this phenomenon- if at all..
RELATED STORIES:
Regulation that Matters - Cybercrime Convention - USA citizen groups are
balking...
- http://security.weburb.dk/frame/show/news/3841
W3 - Lib 1 - Study reports that Cybercrime and Cyberterrorism Are Not
Being Reported - Is Special Legislation Based on Flimsy Data the Answer?
- http://security.weburb.dk/frame/show/news/3248
I think we should lend these "experts" the services of our Auditor General
for, without such assistance, we may never arrive at the undisputed facts !
We all live in interesting times - Best wishes
Peter A. Thomas
OCSIG Secretary
*********************************************************************
OCSIG - IT Job Universe - A helping Hand to all in Security.
*********************************************************************
This is a new Service being provided to all in Canada - Coast to '
Coast. It is Free to both Employers and Applicants. The address
is : <www.itjobuniverse.ca/search>
For more details contact
Robert Chueng at 416.290.0240. Ext 174 or
<Rcheung@itworldcanada.com>
**************************************************************
OCSIG - Canada - Interesting Notes from all corners
**************************************************************
The proliferation of wireless hotspots could reduce the use of the
BlackBerry and other handheld devices, a study in the UK found:
- 13% (2005) ==> 29% (2006) of UK business travellers use hotspots
- 42% (2005) ==> 40% use handhelds
RELATED STORIES:
Tool - What beats Google Talk and Skype by far?
- http://security.weburb.dk/frame/show/news/3892
*********************************************************
Debunking the myths about PKI or - why it will most likely never work
properly
- http://security.weburb.dk/frame/show/news/2889
*******************************************************
Gattiker and Kaspersky - Debunking myths about hacking - outlining the
trends
- http://security.weburb.dk/frame/show/news/3388
*******************************************************
24 Windows XP myths exposed
This is a well researched list that debunks dozens of commonly held
Windowsbeliefs such as:
1) Periodically cleaning the pre-fetch folder speeds up boot time.
2) Windows XP requires a high end PC to install and run
3) Deleting the contents of the Prefetch folder improves performance
4) Setting any Value higher then 3 to EnablePrefetcher will improve
performance.
5) Enable SuperFetch Tweak improves performance in Windows XP as it
does in Windows Vista.
6) Disabling the Pagefile improves performance.
7) Disabling System Restore improves performance.
8) The FAT32 file system is better than NTFS.
9) Moving the Pagefile to a different partition on the same drive improves
performance.
10) Increasing the amount of available RAM improves performance.
11) Registry Cleaners improve performance.
12) Windows 95/98/ME is as reliable as XP
13) Adjusting the Priority of IRQs especially IRQ 8 improves system
performance.
14) Limited User Accounts are a realistic security solution
and more here:
<http://freebies.weburb.org/newsservice/link/3938/http://mywebpages.com
cast.net/SupportCD/XPMyths.html>
****************************************
Today's 10 most-read stories
****************************************
1. World's largest Windows error message
<http://www.networkworld.com/nlsec27032>
2. Researchers: Impact of censorship significant on Google
<http://www.networkworld.com/nlsec27033>
3. IP telephony deployments struggle with power/heat issues
<http://www.networkworld.com/nlsec27034>
4. The category breaker: Apple's MacTel
<http://www.networkworld.com/nlsecuritynewsal25666>
5. Cisco blazes trails at sandwich shops
<http://www.networkworld.com/news/2006/031406-ciscoblaze.html?ts>
6. Bird flu: IT pros planning for worst
<http://www.networkworld.com/nlsecuritynewsal26487>
7. Study: The dirty, naked truth about teleworkers
<http://www.networkworld.com/nlsecuritynewsal26799>
8. Security jobs heat up
<http://www.networkworld.com/careers/2006/031306man.html?t5>
9. Cisco's Linksys unveils VoIP gear for small businesses
<http://www.networkworld.com/nlsecuritynewsal26796>
10. T-Mobile, Cingular pull Razr due to glitch
<http://www.networkworld.com/nlsecuritynewsal26488>
*****************************************************************
OCSIG - Ottawa's Own IT Magazine " The Monitor "
*****************************************************************
"The Monitor " has an industry news portal the intention, of which, is to
include the latest developments in the high tech sector with an Ottawa
focus. Bookmark
<http://www.monitor.ca/monitor/.>
or <http://www.monitortoday.com/.>
These are updated three times each working day !! Why not check them
out !!
Mind, you can also, ask Questions Try the Practice : Email :-
<ediitor@monitor.ca>
Mention "OCSIG " you will get preferential treatment !!
*****************************************************************
" Seek and ye shall find ! " So, do not hesitate to ask !
Assurance is two thirds of success.
*****************************************************************
OCSIG - Papers and Tools - Available for Download
*****************************************************************
Papers :
*********
1. "Business Intelligence for the Security Function "
by Mr Alan Breakspear
2. 12 Important Risk Management Papers
By Mr John P Hopkinson CISSP., ISP., CDRP., a leading
Authority on the Canadian and International Scene in Systems Security
3. " *GOL Security Requirements, Structure and Delivery "
Ms. Linda Hunter, IT Security Standards Coordination,
Treasury Board Secretariat of Canada
* - GOL = Government On Line Project "
All the above papers are available by Download - Free from :
< http://www.cccure.org>
***************************************************
Tools :
********
Do not hesitate to seek your needs from the Sachet of 505 Free Tools
Just try :- <http://security.weburb.dk/frame/show/news/3543>
***********************************************************************************
Sarbanes-Oxley Compliance Whitepaper
Get the best practices you require to maintain proper internal control
frameworks as you strive to meet Sarbanes-Oxley requirements with
NetIQ's free whitepaper, "Meeting Sarbanes-Oxley IT Control
Requirements with NetIQ." You'll learn how to dramatically reduce your
time and effort spent auditing, reporting on, and controlling essential areas
such as policies, file access rights, provisioning and change control.
Download this FREE whitepaper now.
http://www.netiq.com/f/form/form.asp?id=2529&origin=NS_SANS_050405
*************************************************************************************
OCSIG - Our Dan Swanson - A Lighthouse for those seeking Knowledge
*************************************************************************************
Our OCSIG Dan Swanson < Nunquam non paratus > has decided to
venture out on his own again; forming a new company under the name -
< Dan Swanson & Associates>.
Dan, with his Associates, will be devoting his time to Writing, Research,
Consulting and Lecturing. As subscribers to OCSIG News Letter will
know Dan has provided the best research paths to all those Professionals
involved in IT, Audit, Accountancy and Security with all its singular
facets. By the same token, the results of Dan's research will still be
available to OCSIG Members via a FREE Subscription (for details see
below).
Remember, Dan in Research is truly a "viverra specialis"
Dan Swanson, CMA, CIA, CISA, CISSP, CAP
President and CEO
Dan Swanson and Associates
Altamonte Springs, Florida, USA
< dswanson_2005@yahoo.com>
____________________________________________________________
Dan Swanson has recently established 2 Yahoo mailing lists including:
1) http://finance.groups.yahoo.com/group/Dans_CCCemails
"CCC emails provide online resources in support of your Governance, Risk
Management, and Internal Audit efforts. Content related to IT Audit and
IT Security is provided on occasion. Finally, resources related to
leadership, quality, strategy, and management is frequently included."
2) http://finance.groups.yahoo.com/group/Dans_SECemails
"SEC emails provide online resources in support of your IT Audit and IT
Security efforts. Content related to Governance, Risk Management, and
Internal Audit is provided on occasion. Finally, resources related to
leadership and strategy is frequently included."
****************************************************************************
OCSIG - Bernard A. Hodson : ARMAGEDDON - THWARTED !
****************************************************************************
This time I want to move away from the security problems mentioned in
my four Armageddon pieces and move to a related area that still involves
security, that of spying. Industrial espionage within Canada is costing our
economy about $1B per year, a figure that to me seems on the low side, in
view of the fact that our infrastructure is wide open to economic
exploitation. The cost in the USA is much higher. Espionage used to be the
realm of spies, traitors and corrupted employees but current industrial
practices make these people almost redundant. This particular article will
be trivial to many of you with security expertise but I want to use it as a
background to my next one or two articles, which I hope will detail
satisfactorily with the security threats in some detail.
One of the spy areas that seems to be accepted almost globally is the "Eye
in the Sky" or, as some would have it the "Spy in the Sky" of satellites
such as Landsat which scan the earth's surface and transmit images of what
they see.
A few countries object to this surveillance but most accept the fact that
useful information about their country is received and available, even
though other countries might use the data for economic exploitation.
Received data is used to find forest diseases, size increases in deserts,
flood and fire damage, various crop evaluations and so on.
Data from satellites can of course be intercepted. Many years ago Sir
Bernard Lovell, of radio astronomy fame and one of my former professors,
picked up some of the early scans from a Soviet satellite and the imagery
was made available to the world. Years later a Canadian scientist built a
receiving dish from chicken wire and an electronics kit. On one of his test
runs he picked up a beautiful image of the Great Lakes area that had
obviously been corrected in flight (normally such images came down in a
distorted form and had to undergo correction at a ground station). Phoning
his US colleagues he asked them when they had launched the satellite. The
US did not even know about it and asked him for the transmission
frequency. It turned out to be a new launch from Russia.
The usual concept of spying is, however, still with us, a personal story
illustrating the older way of doing things. This story has also been
published in ComputerWorld Canada. As you know from the Armageddon
series I have developed an approach to computing which offers significant
intrusion free benefits to the industry (e.g. see technonline.com,
< www.genetix.ca> et al). In its more infant days I received a call from Los
Angeles inviting me to give a presentation on these ideas. There I met a
group of people who identified themselves as follows: an investor; a
company Firemen's Fund, (controller of 7,000 micros); and one who
claimed to have been IBM "Man of the Year. They liked the presentation
and asked if I could use the software to clone one of Computer Associates
packages.
I said that such a clone was a rather trivial task but agreed to return in a
month with a clone (it took 3 days to clone with the software techniques I
had developed at that tome). On my return I met a couple of additional
people who claimed to have bought out a segment of EDS, on whose
computer the demonstration took place. There was no observable
difference between the CA product and the clone, except the clone ran
faster. They then discussed investment terms and suggested a celebration
dinner, placing my luggage in the trunk of their car. The driver dropped us
off at the restaurant and said he would join us later (no doubt to try and get
the non existent source code from my luggage).
On my return to Canada I was contacted by a supposed lawyer who
claimed to be making immigration arrangements, but by this time I was
becoming suspicious. I have always had excellent relations with IBM and
asked them about this so called Man of the Year. They said they had no
such designation and searched fruitlessly their entire current and past
employees' data base, drawing a blank. I wrote to Fireman's Fund in LA
and was told they had no such vice president. I wrote to Ross Perot in
Dallas and got an almost immediate reply from one of his senior managers
saying the statement about the LA centre was fraudulent. I was later told
that what had occurred was a typical CIA or KGB operation.
While the old fashioned spying still exists industry itself is virtually
giving away its secrets and, while the larger companies have the financial
clout to occasionally do something about it, small and medium sized
companies (SMB's), find it virtually impossible to prevent their secrets
from being stolen. If they try to discuss their product with a larger
company they usually have to sign an agreement which says that the larger
company may already be developing something along those lines and, even
if the larger company is untruthful, the SMB will have little recourse.
Patenting of their secrets is a time consuming and costly endeavor for most
SMB's and in any case, because of the costs of litigation, not very
productive. A larger company can cripple an SMB by just launching a suit.
It is questionable whether it is wise for an SMB to send demonstration
packages of their product. I have occasionally done this but wonder
whether sending them to Russia, China, India, Singapore or even the
United States, is wise. Demos can be reverse engineered and the ideas
copied, if not the code, as can the saleable product.
All computers generate signals which can be intercepted (in the early days
we used to broadcast music to external radio receivers by manipulating
programs to generate musical frequencies). The military used a variety of
"tempest" terminals, shielding and encryption to try and get around this
problem, not always successfully. With current wireless technology such
sophistication is not needed, industry is delivering signals to anyone with a
radio receiver. Range for most transmissions is not great but sensitive
equipment can pick up signals from a remote location. By this means
industry is very vulnerable to loss of valuable data and application
programs. It is often justified by its "penny pinching pound foolish"
management structure which saves a few dollars on internal wiring while
transmitting data for free to competitors or foreign parties. On occasion
this has led to companies being blackmailed, or to extortion.
Companies are beginning to use data encryption and it has some merit but,
given enough incentive, a determined group will eventually break the code.
During World War II the Germans had a theoretically unbreakable code
with their ENIGMA units but some of Britain's scientists broke the code by
exploiting the way that coded messages were generated. Modern
businesses have nowhere near such sophistication of the Germans and
blithely offer their data to anyone who cares to exploit the received
wireless signals. By analyzing the received data and getting some easily
available company encryption procedures it does not take long to break the
code, as very few companies will have the knowledge or sophistication
required to prevent it. The more data intercepted the easier the task of
decryption. Once it is done then company data can be routinely collected
and automatically decrypted.
There are also internal sources for espionage. While employees are still
regarded as a major potential threat in the loss of valuable company data
being connected to Internet provides the tools for unauthorized access by
anyone, anywhere in the world, through intrusion software which gains
access to company records. This is demonstrated by ever increasing horror
stories of intercepted data, identity theft, spyware and the like. In many
cases the companies involved do not even know that their systems and
data have been compromised.
We also have the trend to offshore development, which is another penny
wise pound foolish business practice that can compromise a company's
business data. In general, while there are many honest companies offshore
a business lends itself to all types of nefarious activity by contracting
offshore, with such development taking place in a foreign country.
Differing cultural environments, different ideas of honesty, and different
country objectives all contribute to the insecurity of the work produced
offshore. It would require a considerable amount of forensic software
analysis by the home company doing the offshore contracting to determine
whether the code, even if it does the task contracted for, does not also
contain malicious code. Trojan horses may be inserted in the code, data
transfers can be hidden within the code to send crucial information back to
the offshore developer, false financial transactions can be introduced.
My next articles will examine in more detail many of these security threats,
showing what they are, how they have been exploited in many places
around the world, and how some of the dangers may be avoided. They will
also discuss some of the aspects of forensic software analysis.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bernard A Hodson : <genetix@rogers.com>
Bernie is an IT Researcher and Seeker, with a background of
of many years in IT. He is a revolutionary IT thinker. Many of the
characters who made milestones in IT research and Development
- Bernie knew, and was on speaking terms with them. Such Knowledge
will, undoubtedly, be embodied in his future articles as, is demonstrated,
above. We must wait ....! Warten! Wir mussen !!!
***********************************************************************************
Canada CISSP - Open Study CISSP Site : Clement Dupuis CD CISSP
***********************************************************************************
THE CISSP OPEN STUDY GUIDES(OSG) at
<http://www.cccure.org>
All Security Professional interested in the helping those who are reading
for the CISSP certification will be welcomed. By the same token, if you
desire further information concerning the CISSP in your part of the World
Email :-
Contact cdupuis@cccure.org
******** tenovus@ncf.ca
Register for Clement's News Letter - Now getting serious - a must !!
Remember - OCSIG and CISSP OSG -- Two great Canadian products
**********************************************************************************
OCSIG - The Third ISESTORM - Barcelona Spain
**********************************************************************************
From April 1 - 8, the third ISESTORM training will be held in Barcelona
at La Salle-URL University. ISESTORM is the premium security training
laboratory for ISECOM. And it's provided at cost.
This is a Security Certification Review and training event which focuses
on the application of knowledge to enable the student to take what is
learned back into the real world and actually apply it immediately. Many
training courses focus on certification preparation. ISESTORM is a
certification application.
Within those 6 days all attendees will work interactively among other
professionals to learn and practice for the OPSA exam, the BS 7799/ ISO
27000 Auditor exam and the CISSP exam. The OPST review and exam
will be made available to all registered students interested.
For more details, see http://www.isestorm.org.
--
Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
-------------------------------------------------------------------
ISECOM is the OSSTMM Professional Security Tester (OPST),
OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool
Teacher certification authority !!!!.
Rumour has it ! Clement will be there !!!
***********************************************************************************
OCSIG - Dr. Urs E.Gattiker - Fighting spam :obstacles we need to move
***********************************************************************************
< www.ISNM.de - Luebeck>
Just a few Notes, re Big Bother, from my Desk for OCSIG :-
Fighting spam - some obstacles we need to move out of the way
Spam is a menace and we have yet to resolve this challenge because we
have various obstacles in front of us:
1)Over 90% of spam is coming from less than 5 countries and the U.S. is
one of them (1st related story). However, blacklists (ISP ranges from
which no e-mail is being accepted) may raise ethical and economical
concerns, whereby some if not many may have to suffer because of some
misdeeds of a few.
2) Even if we have regulation that should work (e.g., Australia, 2nd related
story), black lists are not advisable because in some countries they may
violate local regulation (see 3rd related story).
3) Having regulation that works on paper requires collaboration and
coordination across national boundaries to make it work in practice, as the
EU is trying to accomplish. However, as the Danish Consumer
Ombudgsman pointed out (4th related story) a while back, coordination
requires that similar agencies enforce the rules in various countries.
Unfortunately, this is not the case NOW in the EU and it is making things
quite difficult (this comes from a country's overseer of spam who has been
quite successful in court fighting the menace with huge fines for the
corporate violators - 5th related story). So what about the technical
solution?
4) Remember the talk about Sender ID versus DNS (DomainKeys) for
authentication of email? Well a new draft (3rd one in fact) is out regarding
DNS authentication (valid until March 2006) describing this approach and
its rational. The sender ID approach might die because of some patent
issues that were raised a while back by the open source community
<http://freebies.weburb.org/newsservice/link/3916/http://www.ietf.org/inte
rnet-drafts/draft-delany
-domainkeys-base-03.txt>
In the next posting we explain how it works regarding Domain-based Email
Authentication Using Public-Keys Advertised in the DNS (DomainKeys)
RELATED STORIES:
Where Does Most Spam come From? - Survey Says... 99% From 5
Countries
- http://security.weburb.dk/frame/show/news/3413
Value-Centered Computing to Bridge the Social-Technical Gap - The
Effective EC Approach to Fight Spam
- http://security.weburb.dk/frame/show/news/3500
Regulation that Matters - Case Law - Germany / Karlsruhe -- Court Ruling
Telecommunciations Act (TKG) - Section 88
- http://security.weburb.dk/frame/show/news/3761
Regulation - European Union (EU) - Contact Network of Spam-Enforcing
Authorities (CNSA)
- http://security.weburb.dk/frame/show/news/3546
Debitel gets Record Fine for Mobile Spam in Denmark
- http://security.weburb.dk/frame/show/news/3613
Sender ID versus DNS (DomainKeys) based Authentication for EMails -
Winner
is?.
- http://security.weburb.dk/frame/show/news/3451
** End of My Missal but, await further developments !
By the Way - I do Sleep, so comments on that point; can be closed !
Best Wishes from Dr. Urs E. Gattiker : <http://www.ISNM.de.Luebeck>
QUESTIONS, comments, ideas? Cheer me up at:
<Security@News.WebUrb.org>
EU-IST News (ISSN:1600-1869)from CyTRAP.org/training'
*********************************************************************************
OCSIG - Dr. Mich Kabay Internet links pose image and legal problems
*********************************************************************************
In my last column, I discussed a reader's question about links
from an intranet server to pages on Internet servers. This
second article of three looks at a related question: the risks
of pointing to external non-organizational Web sites from a
corporate Internet server.
In addition to the issues of integrity and availability
mentioned in the previous article, there's always the problem of
lack of control over where users - especially customers or
potential customers - will end up when they follow a link from a
corporate site into the greater Internet. What may have been an
inoffensive, useful page or document last week may be a
salacious, tendentious, pornographic, libelous or otherwise
embarrassing destination this week. The public relations
department will surely be concerned about the implications of
external linkages on any corporate Web page.
Does linking to another site imply approval or endorsement of
whatever is on that site? In 1997, the German government filed
charges against Angela Marquardt, the 25-year-old,
blue-and-purple-haired deputy leader of the communist Party of
Democratic Socialism, for linking from her Web page to a banned
issue magazine called _Radikal_. The issue of _Radikal_ was
banned because it included detailed instructions on how to
sabotage railway lines.
According to the public prosecutor, "It has nothing to do with
censorship. Criminally relevant materials are subject to
classification by the district attorney or criminal
prosecutors."
In early June, the court hearing opened and adjourned after an
hour so the magistrates could arrange for expert testimony to
explain the 'Net and the Web when the case reconvened toward the
end of June. On June 30, the court ruled that maintaining a
hyperlink to objectionable material is not tantamount to
publication of that material.
Linking to another organization's Web pages can open one to a
lawsuit. In a startling display of cluelessness about the
history and even the definition of the World Wide Web,
Ticketmaster Group sued Microsoft in April 1997 for including a
hot link from Microsoft Web pages to Ticketmaster Web pages
without a formal agreement granting permission for such links (a
practice now known as "deep linking"). The problem apparently
stemmed from Ticketmaster's perceptions that Microsoft was
deriving benefit from the linkage but bypassing Ticketmaster's
advertising.
A few weeks later, Ticketmaster programmed its Web pages to lead
all Sidewalk users trying to follow unauthorized links to a dead
end, where they were confronted with the statement, "This is an
unauthorized link and a dead end for Sidewalk. Ticketmaster does
not have a business relationship with Sidewalk and you do not
need them to visit us. They want to traffic on our good name and
your desire for information on live entertainment events to sell
advertising for their sole benefit while offering nothing in
return."
In another case, Hollywood photographer Gary Bernstein sued
several Web operators in September 1998 for having links - even
indirect links - to a site that contained pirated copies of his
works. In other words, his lawyers argued that the contamination
spread along Web links: from the bad site to all those who
linked to it and then to all the sites that linked to the sites
that linked to the copyright infringer. By this reasoning
presumably every owner of a Web site on the planet should be
liable. Luckily, Los Angeles Federal District Court Judge Manuel
Real dismissed the indirect linkage, and Bernstein withdrew his
entire suit.
In my next and last article in this short series, I will discuss
policies about external links.
The top 5: Today's most-read stories
1. SETI@Home project ends
<http://www.networkworld.com/nlsecuritynewsal13917>
2. Review: SSL VPNs dissected
<http://www.networkworld.com/nlsecuritynewsal14003>
3. Test assesses Skype's network impact
<http://www.networkworld.com/nlsecuritynewsal13624>
4. Is BellSouth next for Whitacre, AT&T?
<http://www.networkworld.com/nlsecuritynewsal14004>
5. SSL VPN interoperability across applications proves tricky
<http://www.networkworld.com/nlsecuritynewsal14005>
****************************************************************************
[Michel E. Kabay] Dr. M.E. Kabay is Associate Professor of
Information Assurance at Norwich University in Northfield, VT
and is also Program Director for the Norwich M.Sc. in Information
Assurance < http://www3.norwich.edu/msia > , an 18-month-long
online distance-education degree focusing on Information
Assurance management.
**************************************************
Mich can be reached by e-mail at mail to :<mkabay@norwich.edu>
and his Web site at <http://www2.norwich.edu/mkabay/index.htm>
*************************
Do not miss - Norwich University Journal of Information Assurance
aka (NUJIA) ! ! !
. See : <http://nujia.norwich.edu/>
****************************************************************************
OCSIG - Frank R Zeitlhofer - Sarbanes Oxley - Historical review ?
****************************************************************************
Section 404 of the Act requires management to assess the effectiveness of
the companies' controls and procedures and present a written assessment to
their auditors. The outside auditors are then required to attest to their
assertions.
I have restated the SOX statement above to even remind myself of the base
of a discussion I had with a very much retired Chartered Accountant.
My friend was of the opinion that SOX was a natural result of years of
" self rule " now proven to be of no avail and now the State has
intervened.
In 1931, Spicer and Pegler, great stalwarts of the accountancy profession
defined the treatment of Work in Process in the Balance Sheet as being
stated always at cost. Again, A sale is made when a company has received
an Order made delivery and sent an invoice for the goods or services.
Inventory related to those goods/ materiels on site and for which invoices
has been received. Inventory without invoices were to be costed and the
sum entered as an accrued liability.
Similar points were made by such as Dr Abs ( Deutches Bank ) Directors
of Public Companies should hold company shares equal in value to the total
of their (Annual Salary and Expenses ) and that such total be adjusted and
verified each year and be included and scheduled in the annual report to
shareholders.(1960)
In the matter of bonuses to directors, probably the remarks of the GM of
The Discount Bank ( Overseas) Ltd Harry .Reconnati was probably the
most erudite. < Bonuses intended to be paid to Directors of Public
Companies should be calculated on an annual basis - provided for; yet, held
for two years in reserve - in other words paid two years in arrear > (1964)
One must wonder why such advice was not acted upon and included in the
various acts of company legislation prior to SOX.
One item has emerged namely, the realization of the all embracing facets of
SOX - more thoughts to follow .
********************************************************
Frank R. Zeitlhofer is Vice President of Staslog Limited
Contact Frank at 613-831-0536 or email at
<staslog@sympatico.ca>
<http://www.staslog.com>
********************************************************
Mr Frank Zeitlhofer is a professional with over thirty years experience in
Transportation relative to Sea, Air and Land. Mr Zeitlhofer completed
his Canadian Institute of Traffic and Transportation with the University of
Toronto. The American Society of Transportation and Logistics with the
University of Baltimore and qualified with the Chartered Institute of
Transport and Logistics in the United Kingdom.
Mr Zeitlhofer holds the professional designations :-
CITT, (Can), CTL, ( USA ) MCIT, (UK) P.Log, (Can) PMM (Can)
***************************************************
OCSIG - The Foundation
**********************************************************
The OCSIG started in 1987 with express intention of bringing together
Security Professionals for the purpose of discussing common security
work problems. At that time, there was very little interchange of ideas
relating to security in Ottawa. In those days most security problems
related to Physical Security - IT Security was still classed as an EDP
Audit problem. The Security Professionals who formed SIG were
dedicated. They believed that a society could be formed from professionals
for professionals. In so doing, such a society should be FREE of annual
fees for all members. Time should be freely given by each professional for
the benefit of the new entrants. In other words the society was intended to
be not only a forum but educative in its endeavours. Educative because the
professionals realized that this was, to some degree, a new profession
and much needed to be done. OCSIG News Lettter based on these
principles now circulates to over 1400 members across the World..
***********************************************************************************
Your opinion really does count :-.
Please feel free to share this with interested parties via Email (not
on bulletin boards). For a free subscription, e-mail <tenovus@ncf.ca>
subject: Subscribe
You may also Email <tenovus@ncf.ca> with complete instructions for
subscribe, un-subscribe, change address, or any other comments.
End
***********************************************************************************
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
