Computer Crime More Likely than Physical Crime 01/30/2006

Internet users believe they are more likely to be victims of a cybercrime than a physical one in the coming year, according to a survey released this week. This growing fear of Internet vulnerability is well-founded, computer security experts contend. Whereas most malevolent software was once a form of electronic vandalism, it has become a profit-making venture backed by organized crime.

Online Bank Security Tightening 01/30/2006

Online banking will receive a major makeover in 2006 thanks to tightened federal Internet security standards. Soon, a user ID and password won't be sufficient to log onto online bank accounts. Federal Financial Institutions Examination Council rules require so-called multifactor authentication no later than Dec. 31, 2006. That means banks will adopt online security gadgets, from tokens that generate passwords each time a person logs onto a Web site to fingerprint readers.

180solutions Dismisses Lawsuit Against Internet Security Application Company 01/31/2006

180solutions, Inc., a leading provider of Internet search marketing solutions, today announced the dismissal of its lawsuit against Zone Labs L.L.C. ("ZoneLabs"). The suit, filed in November 2005, alleged that ZoneLabs wrongfully failed to correct false and misleading labeling by ZoneLabs' "ZoneAlarm" application of 180solutions' search assistant programs. 180solutions dismissed the case last week, without prejudice, due to ZoneAlarm's action to downgrade classification of 180solutions' S3-enabled search assistant software. At the time the suit was filed, ZoneAlarm warned that older search assistant software was exhibiting "Dangerous Behavior" and was a "High Risk" to users. The warning stated that 180solutions' software was "trying to monitor your mouse movements and keyboard strokes," which 180solutions contended was not only false, but at odds with the prevailing industry standards and the criteria utilized by leading security applications. The complaint also alleged that the false labeling was solely responsible for blocking a significant business partnership for 180solutions.

Long Prison Terms for CyberCrooks 01/27/2006

Cybercriminals in the United Kingdom face the prospect of tougher sentences and modernized laws to ensure a greater number of convictions for computer-related crimes. A Police and Justice Bill introduced Wednesday by the Home Office includes sections relating specifically to the modernization of U.K. law to better deal with those who have committed Internet-related crime.

Gartner Bashes Oracle Over Security 01/27/2006

administrators should hunker down in protecting their database systems. Just five days after Oracle released a critical security update that patched 82 vulnerabilities, a Gartner researcher said in an online advisory that "Oracle can no longer be considered a bastion of security."

Call Center Security 01/26/2006

Poor security checks in UK call centres are leaving banking customers exposed to the risk of identity fraud, according to a new study. Call centres operated by the UK's top 20 financial services companies were investigated to find out how robust identity checks on customers calling up were. At three of the financial institutions investigated no security password was required to conduct a credit card balance transfer of £500. A password was found to be the most widely used security check when customers get through to a call centre but agents at nine of the institutions were persuaded to accept less secure methods of verifying the identity of callers claiming to have forgotten their password.

Can Search Engines Be Trusted to Guard User Privacy? 01/25/2006

Something to watch: The attention that has been drawn to the major search engines that handed over anonymous search results subpoenaed by the U.S. Justice Department has brought into question whether the Internet businesses can be trusted with people's private information. On Thursday, America Online Inc., Microsoft Corp.'s MSN, Yahoo Inc. and Google Inc. acknowledged that they received subpoenas from government prosecutors trying to revive the 1998 Child Online Protection Act that was struck down by the U.S. Supreme Court. AOL, Microsoft and Yahoo acknowledged handing over search data to the government; Google has refused and intends to fight, saying the Bush administration's requests are too broad.

Strong Defense is the Best Offense 01/25/2006

High-profile security threats such as the Sober worm and vulnerabilities in Microsoft software grab a lot of the attention, but most companies this year will be looking to control the biggest threats of all--the ones initiated within their own businesses. The growing use of blogs, chat rooms, Internet postings, instant messages, and E-mail have increased the risk of proprietary information being leaked, knowingly or inadvertently, into the public domain or where it shouldn't be. Employee training, enforcement of security policies, and careful screening during hiring can reduce the threat, but emerging technologies also are playing an increasing role.

Attackers To Go After 2006's Weakest Link: People 01/25/2006

Enterprises should expect a continued move toward stealthier, smaller, more focused attacks on their computer security, IBM said Monday, with the weakest link -- workers' gullibility -- increasingly the focus of hacker efforts. In its annual "Security Threats and Attack Trends Report" for 2005, IBM laid out the major events of the past year and made security predictions for the next. It won't be pretty. Complete Article

Attorney General Warns About Internet Security 01/25/2006

The best way to protect against Internet threats is to simply be aware of the danger, said government and technology leaders Tuesday, Jan. 17 2006, at an Internet protection workshop. "The biggest thing people can do is know that what they do on the Internet could fall into the wrong hands," said Utah Attorney General Mark Shurtleff. "Before you double-click that mouse, ask yourself, 'Is this safe?'" Complete Article

Zone Labs Wins PC Magazine's Best of Year 2005 Award In Security 01/25/2006

Zone Labs, a Check Point Software Technologies company, today announced that ZoneAlarm Internet Security Suite 6.0 has been awarded the prestigious PC Magazine Best of the Year 2005 Award in the security suite category. The ZoneAlarm Internet Security Suite was given four and one half out of five stars -- the highest rating in this category -- for its flexible program control, new OSFirewall, excellent spyware blocking and effective antispam and antivirus technology.

Internet Security Systems Earns 2005 Frost & Sullivan Award for Market Leadership in Vulnerability Assessment 01/24/2006

Internet Security Systems today announced that the company has been awarded the 2005 Frost & Sullivan Award for Market Leadership in Vulnerability Assessment, based on the market performance of its patented Internet Scanner product. The Frost & Sullivan Award for Market Leadership is presented each year to the company that has demonstrated leadership in a particular industry through the development, refinement and implementation of a successful market strategy.

Application Security: Beyond the Buzzwords 01/25/2006

One of the emerging buzzwords of 2005 is "application security" but many managers still don’t have a clear picture of what the term means. Security vendors are not helping as they all clamor for a piece of this emerging budget line-item with very diverse offerings. To understand what it means to secure an application, it helps to understand why everyone is trying to secure them, and what they're securing them against. The reason application security is becoming an important priority for corporations is that a company's applications, specifically its web-based applications, are the currently the "path of least resistance" for hackers. Simply put, it's the current weak link in most corporate security chains. Just as Willy Sutton once famously quipped that he robbed banks because "that's where the money is" hackers today are attacking web applications because that's where the data is. Companies have made an unprecedented amount of information available to an unprecedented number of people thanks to the web, and hackers are taking advantage of that. They realize that any application which can access one person's account information can, by definition, access anyone else's account information. Tricking the application itself, then, is an effective way to gain access to restricted files. Complete Article

Top Iran Security Official to Visit Moscow for Talks on Russian Offer 01/24/2006

Secretary of Iran’s Supreme National Security Council Ali Larijani said he will visit Moscow to follow up consultations with Russian officials on a proposed plan by Russia that would help alleviate fears of Tehran’s nuclear program, IRNA agency said Monday. “The focal point of our talks in Moscow will not be restricted to nuclear issues and we will hold talks on all fields,” said Larijani in an interview with IRNA on the sidelines of a meeting with a senior Iraqi political-cultural figure Moqtada Sadr.

Financial Institutions are Offering a Better Sense of Security 01/24/2006

Alaska's banks and credit unions are working to meet a new federal requirement to add an additional layer of security to their online-banking Web sites. By next year, customers will see a change when they go online to do their banking, though the state's institutions say they will try to keep the effects to a minimum. Still, those who have accounts at multiple financial institutions may have to learn a new trick for each bank.

Security Predictions 01/23/2006

With the start of the new year, it's time to take a shot at predicting the key trends that will define the field of information security in 2006. Here goes: New attack vectors will grow precipitously Security Predictions

Logan Tackles Express Security 01/23/2006

Logan International Airport plans to join airports nationwide that are launching a "Registered Traveler" program this summer, allowing passengers to pay an annual fee to use a special express security line. The passengers would have to pass special screening checks, including having their identities confirmed by fingerprint or eye scan. They could also have their credit histories and property records examined, said federal officials who announced details of the new program on Friday. "Registered travelers" would still have to go through metal detectors and X-ray scanners, but they wouldn't have to wait in the lines used by the general public and they would be exempt from the pat-downs given by security officials to a randomly selected group of passengers.

Virus Birthday 01/23/2006

Happy 20th. It is 20 years since the release of the world's first PC virus, according to antivirus firm F-Secure. 'Brain' was a boot sector virus created by two brothers, Basit and Amjad Farooq Alvi, to protect a game they had written. The exact day of creation is open to question, however, and some experts have suggested that the 'Ashar' virus pre-dated 'Brain'. These viruses were spread via floppy disc and could be avoided fairly simply by making the disc read-only. Since then virus propagation has become significantly easier, and transmission rates have skyrocketed since the birth of the internet. Complete Article

F-Secure patches antivirus engine flaw 01/23/2006

F-Secure has issued a critical security patch for its antivirus engine after a flaw was discovered that could crash the protection software. An advisory from the security firm warns that specially prepared ZIP files could be designed to bring down the antivirus engine and leave targeted systems vulnerable. Customers are being urged to patch systems immediately. Complete Article

Security Company Uses Google To Help Find Vulnerabilities 01/20/2006

Malicious hackers have long used Google to find vulnerable systems to exploit. Now, IT managers can use Google's enterprise search products to identify and patch those systems. Security software maker Secure Elements on Tuesday joined the Google Enterprise Professional program, a partner program that makes it easier for developers, consultants, and independent software vendors to extend Google's enterprise products. The Herndon, VA-based company has done just that by bringing the capabilities of its C5 Enterprise Vulnerability Management Suite to Google's hardware. Complete Article

National Security Agency sued in Detroit over surveillance 01/18/2006

The American Civil Liberties Union filed suit Tuesday in federal court in Detroit to stop President George W. Bush's secret domestic surveillance program being run by the National Security Agency. The 60-page suit was filed on behalf of a group of scholars, lawyers and journalists who frequently contact the Middle East by telephone and email. They believe their communications have been intercepted by the NSA's electronic surveillance operation authorized by Bush shortly after the 9-11 terror attacks.

Wireless Security Everyones Concern 01/18/2006

A law has been proposed in a New York City suburb that would require any business or home office with a wireless network to install separate servers to combat Internet attacks. Violators would face fines of $250 US or $500 US. The purpose of the law is not to protect the owners of the networks, but rather to protect consumers from identity theft and other data threats.

Firefox Security 01/17/2006

What would happen if Mozilla's Firefox suddenly became the browser that everyone was running? What would happen if it was as big a target for hackers and for virus and spyware authors as Internet Explorer is now. How would Firefox's reputation for security hold up? One has to wonder how secure a default Firefox installation is, and if there are things that can be done to make a Firefox deployment more secure? Firefox has long had a reputation for being more secure than Internet Explorer, but I wondered if that was more perception than reality. Complete Article

Banks Struggling to Meet Online Security Requirements 01/17/2006

Alaska's banks and credit unions are working to meet a new federal requirement to add an additional layer of security to their online banking Web sites. By 2007, customers will see a change when they go online to do their banking, though the state's institutions say they will try to keep the effects to a minimum. Still, those who have accounts at multiple financial institutions may have to learn a new trick for each bank. The Federal Financial Institutions Examination Council in October told the nation's financial institutions that they have until the end of the year to do a risk assessment on their Web-based financial services and, when authentication procedures are deemed inadequate for security, organizations must add an additional layer to their procedures. Complete Article

Unprecedented Growth in Security Sector 01/17/2006

The Australian technology sector is experiencing unprecedented demand for security professionals prompting new specialisations, according to recruiters. Michael Page Technology NSW associate director Stuart Packham said demand was strong for senior security professionals, in areas such as security architecture, policy and consulting. "In the second half of last year we've seen demand for security professionals escalate and that pattern will continue into this year," he said.

Microsoft's Newest Bug Could Be Awful, Researcher Says 01/13/2006

The Outlook and Exchange vulnerability disclosed by Microsoft Tuesday has the potential to become a much more virulent problem than the long-hyped Windows Metafile bug patched last week, said one of the e-mail flaw's discoverers Wednesday. "What I find bizarre is that there's still all this focus on the WMF [Windows Metafile] bug," said Mark Litchfield, the director of NGS Software, a U.K.-based security company, and one of the two researchers credited by Microsoft with the discovery of the TNEF (Transport Neutral Encapsulation Format) vulnerability. Complete Article

AIM users targeted again by Instant Messaging Worm 01/13/2006

Via a ZDNet blog post, I came across this story. In a nutshell, it looks like a new IM worm is out there that not only installs bot software and a rootkit, but also a rootkit detection tool.

Linux Attracting More Virus Writers 01/12/2006

Grisoft, the maker of AVG Anti-Virus software, has claimed that the fast growing popularity of Linux is making the operating system an increasingly attractive target for virus writers.

Opinion: It's 2006: Do You Know Where Your Security Policies Are? 01/05/2006

It's the beginning of a new year--time to review your approach to security policy. If you think implementing firewalls, IDSs and antivirus/antispam products is enough, you're sorely mistaken. No matter the size of your enterprise, you must define a framework of security policies, standards and procedures for securing valuable corporate assets. If you don't, you may be leaving your company open to a variety of vulnerabilities. A quick refresher: Security policies are high-level declarations that seldom change. These differ from standards, which define how to implement the policies, and procedures, which are the step-by-step instructions individuals follow to enforce or comply with standards. Complete Article

Microsoft Security Advisory 01/04/2006

In a new security advisory posted on the Microsoft website, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. Windows 2000 SP4, Windows XP, Windows Server 2000, Windows 98, and Windows Millennium can be attacked using the newly-discovered vulnerability... http://www.microsoft.com/technet/security/advisory/912840.mspx

Blog Archive