Thursday, May 7, 2009

Around The Horn vol.1,95

Swede charged in cisco hack involving theft of trade secrets

By Robert A. on IndustryNews

"A 21-year-old Swede has been charged with hacking into Cisco Systems Inc. (NASDAQ:CSCO)'s computers and stealing trade secrets, U.S. officials say. Philip Gabriel Pettersson, also known as "Stakkato," was named in a five-count indictment that includes one count of intrusion and two of trade secret misappropriation involving the San Jose, Calif.,...

Cybercriminals use fake search engines to spread malware

By Elinor Mills

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and ...

FBController allows for hijacking of Facebook accounts

By Elinor Mills

A computer security enthusiast in India has released a tool designed to allow people to take complete control of strangers' Facebook accounts if they can get hold of the targets' session cookies. It also could be used to manage large ...

Prediction: Apple will recommend security software

By Jon Oltsik

As an analyst, it is my job to follow the industry, internalize trends, and then use this information to make predictions. OK, here goes: Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems.

Now I realize that this statement is ...

Windows 7 at risk from legacy flaw, F-Secure says

By Tom Espiner

Microsoft has failed to remove a long-recognized Windows Explorer security risk from Windows 7, according to security company F-Secure.

The "hide extensions" feature, which was present in Windows NT, 2000, XP, and Vista, is also included in the Windows 7 release candidate, Mikko Hypponen, F-Secure's chief research officer, said ...

Originally posted at News - Business Tech

McAfee blasted for having holes in its Web sites

By Elinor Mills

Updated 5:15 p.m. PDT with McAfee saying most of the vulnerabilities have been fixed.

Security researcher Mike Bailey released this screen shot showing that he gained access to McAfee Secure via a cross-site request forgery hole.

Security vulnerabilities on McAfee sites, including one designed to ...

McAfee: New botnets dwarf Conficker threat

By Lance Whitney

The Conficker worm, which has set off many a recent security alarm bell, may just be a small fry, compared to the growing number of botnets, viruses, and worms infecting cyberspace.

According to a report released on Tuesday from security vendor McAfee (PDF), cybercriminals have hijacked 12 million new computers ...

SMBs Often Hit Hardest By Botnets

Bot infections, spam can be 'silent killer' for SMBs due to drain on email servers, network resources

Coordinated efforts needed to fight cyberattacks

Agencies must prepare to face adversaries capable of launching persistent attacks from multiple locations, experts say at a cybersecurity conference.

Expert: White House needs cybersecurity coordinator

An expert at the Center for Strategic and International Studies said the job of securing government networks is too big for one person to be its operational leader.

Panel says it will approve millions more for swine flu

The chairman of the House Appropriations Committee said the group will approve spending more than $2 billion to deal with swine flu.

Increasing Internet security for average users

Boyle: One day, while working hard as the chief information security officer at an insurance company, I realized that much of our organization's network security was in the hands of ordinary users of our computers. No matter how much my team did to safeguard our customers' confidential data, no matter how much money we spent on our mission, all it would take was one average Internet-using employee to cause major damage, either deliberately or accidentally.

How cloud services impact e-discovery

At the recent RSA conference an attorney pointed out that cloud services have an impact on e-discovery - the turning over of electronic documents in response to lawsuits.

Symantec sees slowdown in security sales

Citing a slowdown in sales of its security and compliance products and weakness in international currencies, Symantec said Wednesday that it would post a US$249 million loss for the quarter ending April 3.

Add Another Layer of Security with Script Defender

Malware authors use a variety of underhanded ways of trying to infect your PC, notably using scripts including Visual Basic Scripting (.VBS), Java Script (.JS) and Windows Scripting (.WSH). AnalogX Script Defender is a free, simple way to get help thwarting them. Install the program, and then whenever one of those scripts tries to run on your PC, a warning pops up, telling you that a script is about to run, and asking you whether you wan to let it proceed. To stop the script, tell Script Defender to abort. If you're familiar with the script, and know it's safe, let it proceed.

Post-breach, Heartland plans aggressive encryption project

Heartland Payment Systems intends to deploy end-to-end encryption with its merchants to protect its payment processing system from cybercriminals.

Cellcrypt for BlackBerry Secures Cellular Voice Conversation

The BlackBerry platform is known for its impressive security safeguards; Research In Motion's (RIM) BlackBerry Enterprise Server (BES) is literally designed from the ground up to meet enterprise security needs, and its various international security certifications attest to its effectiveness. However, there's one component of the BlackBerry ecosystem that's largely unguarded from potential threats: phone calls, i.e., voice traffic.

Windows 7 RC ignores file extension security risk

Windows 7 Release Candidate (RC) continues a long-running Microsoft practice that puts users at risk, a security researcher said Wednesday.

'Hacker' threatens to expose health data, demands $10M

Days after a hacker claimed to have broken into a database and encrypted millions of prescription records at Virginia's Department of Health Professions, it remains unclear what happened.

Bank of America still not ready for iPhone

Despite Apple's determination to make the iPhone enterprise-ready, there are still some holdouts.

IPv6 security guru fields questions

Scott Hogg, the coauthor of the Cisco-approved IPv6 Security guidebook, talks discusses how networks could be affected by IPv6 traffic without their owners’ knowledge

Give users passwords they don't have to remember

In the last issue we were talking about username/password technology for modern networks and how to "manage" them. My suggestion was to manage to boot the technology out the door.

Use the Internet, Lose your Privacy

Bruce Schneier, author and computer security expert, wrote a good reality-check essay on the subject of online privacy, or the lack thereof.

Adobe promises patch for zero-day PDF bug by next Tuesday

Adobe has promised to patch the newest zero-day vulnerability in its popular Adobe Reader software no later than next Tuesday, potentially adding another update to the month's busiest patch day for the second time in three months.

Apple, Opera slammed over browser patch regimes

Apple and Opera lag behind Google and Mozilla when it comes to distributing Web browser updates due to how they've structured their patch programs, according to new research.

Expert: Data on Pentagon program was leaked on P2P network

Data on the Pentagon's Joint Strike Fighter aircraft that was recently reported as being illegally accessed by foreign cyberspies has been available for more than four years on a peer-to-peer file sharing network, the CEO of a software vendor said at a legislative hearing Tuesday.

US spy boss pushes for unified cyber-command center
Partnership to protect civilian networks

The US military wants to create a unified digital command center in Maryland as part of a push to reorganize its offensive and defensive cyber operations.…

Conficker hype obscures sneaky botnet growth
Cyberscamps merrily regrouping

Spammers and other cybercrooks are rebuilding their arsenal of compromised machines after suffering a setback with the takedown of cybercrime-friendly ISP McColo last November.…

Lame Mac 'email worm' limps into view
Riddled with bugs and rather sad

Virus writers have created a worm that seeks to establish a botnet of compromised Mac machines. But the Tored Mac worm, which attempts to spread via email, is so hopelessly buggy and lame that it's about as likely to score as Steve Ballmer at an Apple convention.…

Cisco source code swipe suspect charged
Swede also indicted over NASA hack

A Swedish man faces computer hacking and trade secret theft charges in the US over allegations he broke into the systems of Cisco and swiped the networking giant's source code.…

Win 7 RC fails to thwart well-known hacker risk
Malware extension renaming ruse stays undead

An almost-ready version of Windows 7 retains a feature from Windows NT which expedites a well-known hacker trick, according to net security experts.…

Safari, Opera browsers patch-shy, says study
Chrome, Firefox users plug more often

Users of Safari and Opera are much more likely to run insecure versions of those browsers because it's harder to keep up with updates, a new study has concluded.…

McAfee website visited by plague of security locusts
Eradication proves difficult

McAfee's website has been has been hit by at least three nasty bugs that left its customers susceptible to phishing and other types of scams. At least one remained unfixed at time of writing, more than 24 hours after it was first disclosed.…

Hackers demand $10m ransom for Virginia medical data
8.3 million records held hostage

Almost 8.3 million patient records have been stolen from a Virginia government website that tracks prescription drug abuse, according to hackers who are demanding a $10 million ransom for their return.…

Follow The Bouncing Malware: Gone With the WINS, (Wed, May 6th)

Isn't it kind of noisy?, his wife shouted over the roar of the new server's cooling fans ...(more)...

Swedish hacker indicted for Cisco Systems, NASA breach

By SearchSecurity.com Staff

The 21-year-old allegedly exploited an SSH vulnerability in 2004 to steal operating code from Cisco and hacked into NASA's Ames Research Center.

Feds should get private sector advice on cybersecurity

By Eric Ogren

Security expert Eric Ogren says lawmakers should avoid rushing in to set standards and let the private sector guide cybersecurity legislation.

Citrix virtual desktop, app delivery controller includes security benefits

By Neil Roiter

Citrix Systems' Receiver simplifies secure VDI deployments; NetScaler VPX offers portable Web application firewall combined with application acceleration and network features.

LexisNexis investigates breach, notifies thousands

By Robert Westervelt

Cybercriminals hacked into the LexisNexis database using stolen IDs and passwords and used information from the firm to set up fake credit cards. The USPS is investigating.

Craigslist Tough Talk by South Carolina AG Lacks Legal Foundation, EFF Says

Critics of Craigslist are calling for the site to remove its erotic services section in response to controversy. But threats by South Carolina Attorney General Henry McMaster to pursue a criminal investigation lack substance, according to the Electronic Frontier Foundation digital rights advocate organization.
- It has been a rough two weeks for online community bulletin board Craigslist. First came reports that alleged murderer Philip Markoff met his victim using Craigslist, which sparked a wave of outcry from attorneys general throughout the country. Now, South Carolina Attorney General Henry McM...

New Mac Malware Too Buggy to Build Botnet, Sophos Says

A new piece of malware targeting Mac users may attract attention but represents only a minor threat to the Mac, according to Sophos. Dubbed Tored, the e-mail-aware worm steals data from infected computers and attempts to build a botnet.
- Security researchers at multiple vendors have reported finding a new piece of malware targeting Macs. The good news for Mac users - it is not quite up to snuff, according to Sophos. Dubbed Tored, the malware is actually a worm that installs a backdoor on infected systems and attempts to steal...

Swedish Hacker Indicted for Attacking Cisco, NASA

A convicted Swedish hacker stands accused of cracking the security of NASA and Cisco in 2004. After a federal investigation, the 21-year-old man now faces multiple charges here in the United States.
- A 21-year-old Swedish national was hit with a five-count indictment accusing him of hacking Cisco Systems and NASA in 2004. Philip Gabriel Pettersson, aka quot;Stakkato," was indicted May 5 on intrusion and trade secret theft charges after allegedly swiping Cisco Interwork Operating System code ...

Windows 7 Security Fail: File Extensions Still Hidden

In From the Bunker

The release candidate for Windows 7 is now available for download, and techies everywhere are busy kicking the tires on the new operating system. But as the folks over at Finnish anti-virus firm F-Secure observe, Microsoft persists in misleading users on the true nature of file types, by hiding file extensions of known file types in Windows 7. The default behavior of Windows Explorer in every version of Windows from Windows 2000 through Windows Vista is to represent files using icons, and to hide each file's extension type, such as ".txt" for text files, ".doc" for Microsoft Word files, and so on. But as Security Fix has noted before, this is a usability vs. security decision that Microsoft should have reversed long ago, and it's disheartening to see this behavior persist in Windows 7. That means that our average Windows user -- when he or she opens up their "My

Safari, Opera Users Lag Behind in Security Updates

In New Patches

Users of the Google Chrome and Mozilla Firefox Web browsers are far more likely to be cruising the Web with the latest, most secure versions of the browsers than users of either Opera or Safari, a study released today found. The analysis, from researchers at Google Switzerland and the Swiss Federal Institute of Technology, pored through anonymized logs from Google's Web servers. The results were somewhat unsurprising, but still interesting: 97 percent of Chrome users were browsing with the latest version within 21 days of that version's release date. By comparison, 85 percent of Firefox users were surfing with the latest version within three weeks of a major new release (this is a marginal improvement over the results from a similar study released last summer, which showed roughly 83 percent of Firefox users browsing with the latest version). The study's conclusion extols the virtues of auto-update features, functionality that is

OSVDB on Problems with Identifying Vulnerabilities

By Richard Bejtlich

This post titled If you can't, how can we? described a problem I had not previously considered regarding identifying vulnerabilities. ("VDB" refers to Vulnerability Database.)
Steve Christey w/ CVE recently posted that trying to keep up with Linux Kernel issues was getting to be a burden. Issues that may or may not be security related, even Kernel devs don’t fully know... Lately, Mozilla advisories are getting worse as they clump a dozen issues with "evidence of memory corruption" into a single advisory, that gets lumped into a single CVE. Doesn’t matter that they can be exploited separately or that some may not be exploitable at all. Reading the bugzilla entries that cover the issues is headache-inducing as their own devs frequently don’t understand the extent of the issues. Oh, if they make the bugzilla entry public. If the Linux Kernel devs and Mozilla browser wonks cannot figure out the extent of the issue, how are VDBs supposed to?...
VDBs deal with thousands of vulnerabilities a year, ranging from PHP applications to Oracle to Windows services to SCADA software to cellular telephones. We’re expected to have a basic understanding of ‘vulnerabilities’, but this isn’t 1995. Software and vulnerabilities have evolved over the years. They have moved from straight-forward overflows (before buffer vs stack vs heap vs underflow) and one type of XSS to a wide variety of issues that are far from trivial to exploit. For fifteen years, it has been a balancing act for VDBs when including Denial of Service (DOS) vulnerabilities because the details are often sparse and it is not clear if an unprivileged user can reasonably affect availability. Jump to today where the software developers cannot, or will not tell the masses what the real issue is...
It is important that VDBs continue to track these issues, and it is great that we have more insight and contact with the development teams of various projects. However, this insight and contact has paved the way for a new set of problems that over-tax an already burdened effort. MITRE receives almost 5 million dollars a year from the U.S. government to fund the C*E effort, including CVE [Based on FOIA information]. If they cannot keep up with these vulnerabilities, how do their "competitors", especially free / open source ones [5], have a chance?
Projects like the Linux Kernel are familiar with CVE entries. Many Linux distributions are CVE Numbering Authorities, and can assign a CVE entry to a particular vulnerability. It’s time that you (collectively) properly document and explain vulnerabilities so that VDBs don’t have to do the source code analysis, patch reversals or play 20 questions with the development team. Provide a clear understanding of what the vulnerability is so that we may properly document it, and customers can then judge the severity of issue and act on it accordingly.

I think many of us just take for granted that assigning vulnerability identifiers is easy. Discovering the vulnerability is supposed to be the hard part. This is disturbing, because it means that the people with the most at stake -- the asset owners -- don't know how to assess risk. If you think about the risk equation, lack of knowledge of vulnerabilities just augments the problems of not knowing what you're protecting (assets) or who wants to exploit them (threats).
It's really an problem of incentives. The group with the strongest incentive to fully comprehend the vulnerability is the group that seeks to exploit it. Once they understand the vulnerability they have a strong incentive to not tell anyone else so they can financially or otherwise benefit from their asymmetric knowledge.
I am not a fan of government regulation or intervention, but it sounds like this incentive misalignment may require one or the other or both.

Lessons from CDX

By Richard Bejtlich

In my post Thoughts on 2009 CDX I described my initial reaction to the Cyber Defense Exercise from the point of view of seeing the white and red cells in action. Thanks to this press release I learned the outcome of the event:
The National Security Agency/Central Security Service (NSA/CSS) is pleased to announce that the United States Military Academy at West Point has won the 2009 Cyber Defense Exercise (CDX) trophy for the third year in a row.
I found more detail here:
The USMA team won the exercise for the third year in a row––West Point’s fifth win since the competition began in 2001. That means they successfully fended off the NSA hackers better than the U.S. Naval Academy, U.S. Air Force Academy, U.S. Coast Guard Academy, U.S. Merchant Marine Academy, the Naval Postgraduate School, the Air Force Institute of Technology and Royal Military College of Canada...
"We had large attacks against our e-mail and Web server from multiple (Internet protocol) addresses (all NSA Red Team), Firstie Josh Ewing, cadet public affairs officer for the team, said. "We were able to withstand their attacks and blocked over 200 IPs that they were using to attack the network."
All the while, the cadets were tasked with extra projects such as network forensics. The cadets’ scores from these extra tasks contributed to their win, Adams said.

Based on my discussions with people from the exercise, it is clear that West Point takes the CDX very seriously. As in previous years, West Point dedicated 30-40 cadets to the event. They appear to use the CDX as a capstone exercise for a computer security class. Based on manpower alone they dwarf the other participants; for example, the Coast Guard had a team of less than 10 (6-7?) from what I heard.
Thinking about this exercise caused me to try classifying the various stages through which a security team might evolve.

  1. Ignorance. "Security problem? What security problem?" No one at the organization realizes there is even an issue to worry about.
  2. Denial. "I hear others have security problems, but we don't." The organization thinks they are special enough that they don't share the vulnerabilities and exploitation suffered by others.
  3. Incompetence. "We have to do something!" The organization accepts there is a problem but is not equipped to do what is required. They may or may not realize they are not equipped to handle the problem.
  4. Heroics. "Stand back! I'll fix it!" The organization develops or hires staff who can make a difference for the first time. This is a dangerous phase, because the situation can improve but it is not sustainable.
  5. Captitalization. "Now I have some resources to address this problem." The heroes receive some funds to advance their cause, but funding alone is not sufficient.
  6. Institutionalization. "Our organization is integrating our security measures into the overall business operations." This is real progress. The organization is taking the security problems seriously and it's not just the security team's problem anymore.
  7. Specialization. "We're leveraging our unique expertise in X and Y to defend ourselves and contribute back to the security community." The organization has matured enough that it can take advantage of its own environment to defend itself, as well as bring lessons to others in the community.

Based on what I know of the West Point team, they seem to be at the Institutionalization phase. Contrast their approach and success with a team that might only be at the Heroics phase. Heroics can produce a win here and there, but Institutionalization will produce the sort of sustainable advantage we're seeing in the West Point team.
You may find these labels apply to your security teams too.

Risk Assessment, Physics Envy, and False Precision

By Richard Bejtlich

In my last post I mentioned physics. Longtime blog readers might remember a thread from 2007 which ended with Final Question on FAIR, where I was debating the value of numerical outputs from so-called "risk assessments." Last weekend I attended the 2009 Berkshire Hathaway Shareholder meeting courtesy of Gunnar Peterson. He mentioned two terms used by Berkshire's Charlie Munger that now explains the whole numerical risk assessment approach perfectly:
Physics Envy, resulting in false precision:
In October of 2003 Charlie Munger gave a lecture to the economics students at the University of California at Santa Barbara in which he discussed problems with the way that economics is taught in universities.One of the problems he described was based on what he called "Physics Envy." This, Charlie says, is "the craving for a false precision. The wanting of formula..."
The problem, Charley goes on, is, "that it's not going to happen by and large in economics. It's too complex a system. And the craving for that physics-style precision does nothing but get you in terrible trouble..."
When you combine Physics Envy with Charley's "man with a hammer syndrome," the result is the tendency for people to overweight things that can be counted.
"This is terrible not only in economics, but practically everywhere else, including business; it's really terrible in business -- and that is you've got a complex system and it spews out a lot of wonderful numbers [that] enable you to measure some factors. But there are other factors that are terribly important. There's no precise numbering where you can put to these factors. You know they're important, you don't have the numbers. Well practically everybody just overweighs the stuff that can be numbered, because it yields to the statistical techniques they're taught in places like this, and doesn't mix in the hard-to-measure stuff that may be more important...
As Charley says, this problem not only applies to the field of economics, but is huge consideration in security analysis. Here it can give rise to the "man with a spread sheet syndrome" which is loosely defined as, "Since I have this really neat spread sheet it must mean something..."
To the man with a spread sheet this looks like a mathematical (hard science) problem, but the calculation of future cash flows is more art than it is hard science. It involves a lot analysis that has nothing to do with numbers. In a great many cases (for me, probably most cases) involves a lot of guessing. It is my opinion that most cash flow spread sheets are a waste of time because most companies do not really have a predictable future cash flow.

You could literally remove any references to financial issues and replace them with risk assessments to have the same exact meaning. What's worse, people who do so-called "risk assessments" are usually not even using real numbers, as would be the case with cash flow analysis!
Physics envy, leading to false precision, are two powerful ideas I intend to carry forward.

Dan Geer on Marcus Ranum's 5th Rearguard Security Podcast

By Richard Bejtlich

Last week while flying home from the midwest I listened to the fifth Rearguard Security podcast, featuring Dan Geer. If you like my blog you will enjoy the entire podcast. This was my favorite quote, from Dan:
"Internet security is quite possibly the most intellectually challenging profession on the planet... for two reasons... complexity... and rate of change [are] your enemy.
Take that, quantum physics!!
You might also like the line used to introduce the podcast:
The Rearguard Security podcast: where the elite meet to share a sense of defeat.

Thoughts on 2009 CDX

By Richard Bejtlich

Last month Tony Sager was kind enough to invite me to visit NSA's Cyber Defense Exercise (CDX), an annual computer defense drill where cadets from the nation's military service academies defend training networks from red teams. I first mentioned CDX in 2003 and attended a great briefing on CDX summarized by my 2006 post Comments on SANS CDX Briefing.
For this event I drove to Elkridge, MD and visited the defense contractor hosting the CDX white and red cells. The red team conducts adversary simulation against the cadet teams while the white cell runs the exercise and keeps score. NSA did a great job hosting visitors, ranging from lowly bloggers like yours truly, all the way up to multi-star generals and their staffs. I'd like to mention a few points which caught my attention.

  • This is the second year that the participants were given a budget. This means that making changes to the architecture they were defending, such as installing software and taking other actions, inflicted costs. To me this makes enterprise defense much more realistic.
  • Three weeks prior to the exercise, the students receive the images they will be running during the event. This gives them three weeks to essentially conduct forensics against the systems to determine what is wrong with them. The NSA red team "taints" the systems prior to delivery, so they typically contain malware and other persistent backdoors that permit the red team to access and pillage the systems once the cadets deploy them in the exercise. This really tests the teams's forensic abilities but it seems highly unrealistic.
  • The room I visited held approximately 30 red teamers. They were focusing their efforts against 9 or 10 target teams. That level of effort helps you understand the sort of real adversary forces arrayed against real targets.
  • Points are lost when the teams fail to keep their services operational. The main services are Web/database, DNS, instant messaging, and email. While services are clearly important, the exercise doesn't test the sort of real-world scenarios we see, such as data exfiltration. Good threat agents don't disable any services. They steal while keeping everything running, like the good parasites they are.

I'll save comments on who won and why they might have won for a future post. Thanks to Tony and those who kindly hosted me and took time from the schedules to do so!

Black Hat Class Outline Posted

By Richard Bejtlich

The registration process for my TCP/IP Weapons School 2.0 class at Black Hat USA 2009 continues to be active. Several people have asked for something they could show their managers to explain the course in one page, so I created a class outline in .pdf format. No, this is not a malicious .pdf!
I am also available to answer questions on the class, so please feel free to ask here. Based on the feedback from my DC and Amsterdam sessions earlier this year, students are enjoying the new lab-centric format which focuses on teaching hands-on skills and an investigative mindset. In Amsterdam I also used a new question-and-answer approach where I "batched" questions asked by the students during the labs, and then set aside separate time to just answer questions on whatever security topic the students wanted to discuss.
Remember I also posted a Sample Lab a few months ago to give one example of the format used by this new class.
After Black Hat USA I will not be training again until 2010. If you want to attend my class your best bet is to sign up before 1 July. "Late" and "Onsite" registration is a possibility after that, but it's more expensive and seats are not as easy to get as earlier in the process. Last year I trained almost 140 students in two classes. Thank you.

Spam down but "zombie" armies growing: McAfee (AFP)

In technology

AFP - Hackers appear to be beefing up armies of "zombie" computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee.

Windows Passwords: Making them secure (Part 2)

By (Derek Melber)

What technologies are available to break into a Windows password.

Common Network Security Misconceptions: Firewalls Exposed

As the commercialization of the Internet enters its third decade, the Web itself has evolved from sharing static information to driving dynamically connected mission-critical applications. While web applications and efficiencies of Web 2.0 are universally adopted, network security practices often still rely too heavily on the basic network firewall to block access to static information. Too many enterprises today believe their firewalls deliver "good enough" security to mitigate Internet-related threats and attacks. However, enterprises that do not currently have advanced network protection deployed face significant risk and are likely already compromised.

Why IT Should Start Throwing Data Away

It can be a storage nightmare: Given expanding regulatory requirements and the key role that electronic records now play in lawsuits, some enterprises are saving...

Sweden May Prosecute Cisco Hacker

The Swedish man indicted in the U.S. for the alleged 2004 theft of source code for Cisco Systems' IOS software may be prosecuted in his home country.

No comments:

Post a Comment

My Blog List