Security Web Digest: Security Burden Moving To Private Industry

House cybersecurity subcommittee chair says private sector needs to step up Symantec buys key security technology patent Sygate network security system enforces corporate policies Scam e-mail tries to entice Citigroup c

A top Republican congressman with jurisdiction over cybersecurity said it maybe time to require private industry to protect its slice of cyberspace from attack. While both President Bush and the Clinton administration before him have urged voluntary private-sector cooperation on this issue,Rep. Mac Thornberry (R-Texas), chairman of the House Subcommittee on Cybersecurity, Science, Research and Development, said hes investigating whether urging CIOs and CISOs to improve security is enough. The congressman offered no further detail about his criteria for imposing regulations or what they would be.


Symantec Corp. said Monday that it purchased a key security technology patent as part of a settlement of a lawsuit filed by Hilgraeve Inc.,and will take a charge to its previously reported first-quarter earnings. Symantec also received licenses to the remaining patents in Hilgraeves portfolio. "This is a patent that is fundamental to several security technology defenses, including antivirus technologies, and it is an essential part of providing comprehensive protection against the growing number of threats," Symantec Chief Executive Officer John W. Thompson said.

Sygate Inc.this week announced updates to its security software making it possible to secure all endpoints on a network -- servers, desktops, via remote access or on the LAN -- by making sure they are compliant with corporate security policies. Sygate Secure Enterprise 3.5 software can deny or restrict use of corporate networks by any machine running a Secure Enterprise agent. Previously, Sygate could enforce policies at key network access points, but not on all machines with the agent software. Agents check whether machines have the proper operating system configurations, appropriate patches, and security applications such as firewalls,antivirus and intrusion detection. Devices that come up short can be monitored, blocked from network access or referred to update servers.


Citigroup Inc.s corporate logo is the latest one to be lifted by Internet scammers as a way to steal information from unwitting consumers. Thescam, known as "phishing," happens when thieves send consumers e-mailsthat appear to come from major corporations and direct them to bogus websites that look just like the companys real sites. The fake Citigroup-mail asks its so-called customers to "become acquainted" and "agree" to its new terms and conditions. If not, the unsigned e-mail says, it "will have to suspend (their) Citibank checking account." It then asks customers to click on a link to post their consent.

The Minneapolis city public library will consider using Internet filters to restrict patrons access to online porn, and will pay $435,000 to a dozen librarians who said easy access to the images resulted in a hostile work environment, the librarians lawyer said Friday. Library officials released a statement confirming the settlement, but did not mention the amount. The issue arose in 1997, when librarians complained that staffers were being regularly exposed to pornographic images. Concern grew as patrons, including children, also were exposed to the graphic material.