iT Compliance – 変貌するSOX: 再定義、洗練、改良

SOXの問題点が改善されようとしている。 最近のSOX指導内容、会計基準、リスク評価手法について。
IT Compliance Institute – Changing SOX: Redefinition, Refinement, and Reform
WSJの記事で、SVB Finaicial Groupの社長によると、$529Mの売上に対して、コンサルティング会社への支払いが$20Mを超え、これは2003年実績の5倍にも膨らんでいる。
AS5はAS2に比べて原則主義で、かつ合理化されている。
EメールのアーカイブはSOXには必要ない。

TPMに対するハッキングセッションが中止 – Black Hat

TPMのハッキングを説明及びデモしようとした、Black Hat のセッションが中止になった。
“TPMkit: Breaking the Legend of [Trusted Computing Group’s Trusted Platform Module] and Vista (BitLocker),”
つい2週間前、Jeff Mossが2005年のCiscoとのバトルを説明したのを聞いたばっかりなだけに、なまなましいなあ。
ちなみにCiscoについては、Ciscoの弁護士はプロではっきりしていてすばらしい、小さい会社の弁護士がころころ言うことを変えたりするのに比べて安心できる、訴えられるならCiscoだね、といっていたのが印象的だった。
Integrity of hardware-based computer security is challenged – Network World

A presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation.
The briefing, “TPMkit: Breaking the Legend of [Trusted Computing Group’s Trusted Platform Module] and Vista (BitLocker),” promised to show how computer security based on trusted platform module (TPM) hardware could be circumvented.
“We will be demonstrating how to break TPM,” Nitin and Vipin Kumar said in their abstract for their talk that was posted on the Black Hat Web site but was removed overnight Monday.
“The demonstration would include a few live demonstrations. For example, one demonstration will show how to login and access data on a Windows Vista System (which has TPM + BitLocker enabled),” the abstract said.
BitLocker is disk-encryption technology in Microsoft’s Vista operating system that relies on TPM to store keys.

セッション概要のコピー
Black Hat paper on breaking Trusted Platform Module withdrawn – Network World
Black Hat paper on breaking Trusted Platform Module withdrawn
Abstract promised to show weakness of TPM chip protection
Network World, 06/27/07
Sponsored by:
This is the abstract for a paper that was scheduled to be presented at Black Hat USA 2007 security conference next month. It was removed without explanation from the conference Web site this week, and promised to circumvent security afforded by Trusted Platform Module chips:
“TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)”
Nitin Kumar
Vipin Kumar
“Trusted computing” means that the computer will consistently behave in specific ways, and those behaviors will be enforced by hardware and software. Trusted computing is often seen as a possible enabler for future versions of document protection (mandatory access control) and copy protection (Digital Rights Management)?which are of value to corporate and other users in many markets and which to critics, raises concerns about undue censorship. It’s also being used by software vendors. (Source)
Trusted Computing includes the use of Trusted Platform Module (security processor (hardware chip) which can be used to enforce protections (such as BitLocker in Microsoft’s Windows Vista).TCG has proposed a specification for Remote Attestation that allows a host to remotely prove its hardware and software while protecting its privacy. Trusted reporting is the key component for attestation of a host’s configuration and is accomplished by exposing trusted measurements. Remote Attestation is also used to Trusted Network Connect. The TNC architecture enables network operators to enforce policies regarding endpoint integrity at or after network connection.
TCPA/TPM DRM is a technical term for a Trustworthy Computing solution that limits what fair use consumers can use with the media they own. More info.
Nearly 150 Million TPM devices have already been shipped and this number is increasing day-by-day. (Source)
The TPM becomes the first step in the boot sequence, serving as a secure foundation for the BIOS, the boot loader, the kernel, and the rest of the operating system. Since the TPM performs this check every time the PC boots, it provides a regular check for rootkit infections. This means it will be easily apparent when a PC has been tampered with. (Source)
The attack procedure (TPMkit) involves an attack on the TPM chip. TPMkit lets you overcome technologies such as Vista’s BitLocker. TPMkit also bypasses remote attestation and thus, will allow to connect over Trusted Network Connect(TNC) (although the system might not be in Trusted state).
TPMkit bypasses the security checks mentioned (in the above paragraphs) and thus, you will never know that you are using a compromised or changed system.
We will be demonstrating how to break TPM. The demonstration would include a few live demonstrations. For example, one demonstration will show how to login and access data on a Windows Vista System (which has TPM + BitLocker enabled).
More information on TPMkit (as it evolves) will be released.

NACベンダーCaymasが解散

NAC security vendor Caymas is out of business – Network World
“…the buyer will not be continuing with the Caymas Product or with supporting the Caymas Product. Therefore, there will no longer be any support made available to you effective immediately.”
Caymas was ranked as “visionary” last year by Gartner, a category that means the market research firm thinks the company is strong on vision but weak on execution.
Caymas is different from other NAC vendors in that it intends its products to be used in front of data centers to protect servers. Other vendors stress more that they check the security posture of devices before they are allowed on networks at all.

TJX情報漏洩のコスト、1四半期で$20M

http://www.networkworld.com/news/2007/060807-tjx.htmlTJX lists mounting costs of data-breach debacle- 2007年6月12日1時36分
Retailer TJX yesterday detailed the mounting legal woes and financial costs spawning from a data-breach disclosed in January that’s believed to have resulted in the compromise of at least 45.6 million credit and debit cards.

TJX acknowledged that the computer intrusion still under investigation has cost it $20 million during the first quarter alone

DSSがOASIS標準

OASISニュース2007年6月7日
新しいデジタル署名サービス(DSS)OASIS標準が、Webサービス向けデータの信頼性を保証
2007年6月7日 米国マサチューセッツ州ボストン発 – 国際標準化コンソーシアム OASISは本日、同会員が、デジタル署名サービス(DSS)を、同組織の批准の最高位レベルを示すOASIS標準として批准したことを発表しました。DSSは、Webサービスとその他のアプリケーション向けデジタル署名を処理するXMLインタフェースを定義し、複雑なクライアント・ソフトウェアと機器の設定を必要とせずに、電子署名の生成、検証、その他の関連サービスを共有することを可能にしました。

変なスパム Job from Sony

なんだ、このスパムは。
日本の有名会社が求人している内容。
はあ?

Date: Sun, 03 Jun 2007 22:19:10 -0600
From: “Job from Sony” <exigent@kyokodate.com>
Message-ID: <52443751.83304386@fjord.com>
To: XXXXX@XXXXX (あて先は会社の、もう退職した人のアドレス)
Subject: Job from Sony! We need you!
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Position Type : Permanent.
Working hours: 9am – 1pm weekdays. Variable overtime is also required.
Occupation Type: part-time (2-5 hours a day occupation).
Probation period: 2 weeks.
Salary: 4’500JPY per hour
www.sonyjobjapan.com

上記Webサイトは存在してて、でもメール送信元とは違うし。
WHOISで引くと、

Administrator:
Name– Said Mahmod
EMail-: (admin@sonyjobjapan.com)
tel –: +96.485743234
org: Said Mahmod inc.
Gavi-ayesh 34 21
Reeayad,Reeayad,PALESTINIAN TERRITORY, OCCUPIED 7849343

パレスチナ?
なんとも不思議なスパム。
Webサイトをみると、ログインフィールドがあったりするから、フィッシングの一種?
SMTPヘッダを見ると、最初の発信元Received fromはウチの会社が持っているグローバルIP。
うーむ。