In his scam, Quimby for computers, cameras, iPods, even washing machines, through accounts at the website of the Army and Air Force Exchange Services, the organization that does about $10 billion in business annually on military bases. lapses and data leakage problems gave Quimby his opening -- but last week he was sentenced to 75 months in federal prison and must pay $210,000 in restitution to AAFES.

MORE ON SECURITY:

Getting ripped off via stealthy network intrusions was the theme for the , which was organized by trade group TechAmerica and RSA. As you probably know, RSA is the security company that acknowledged earlier this year that an intruder got into its network and stole sensitive information related to its SecurID product. Later, that information was used to attack Lockheed Martin.

RSA has since taken to organizing the equivalent of high-tech group therapy, and about 100 chief information security officers, CIOs and CEOs attended the APT Summit, which took place in July in Washington. A report about its main findings is forthcoming. One problem is that CISOs are understandably nervous about the legal ramifications of even talking about APTs.

The need to discretely share intelligence was also the theme with the Department of Homeland Security (DHS) last week. At a , DHS Acting Deputy Under Secretary Greg Schaffer of the National Protection and Programs Directorate said DHS does work directly with financial institutions to thwart cyberattacks and plans to do so more in the future. Schaffer said top secret/sensitive compartmentalized information clearance to key banking and financial information systems managers so US-CERT can share more sensitive intelligence with the private institutions. To broaden that collaboration, DHS is seeking laws that would make that sharing less problematic. "Some institutions have concerns about the privacy implications of sharing information with the government or about brand damager that nay result from reporting an incident," he said.