Cyber Security Institute

Tuesday, August 31, 2004

Oracle users: Monthly patch cycle prudent

Oracle Corp. has taken a page from Microsoft’s playbook, adopting its own monthly patch release.


Secret Service warns banks to beware the enemy within

Banks in the US are being called on to do more to protect their information systems from the threat posed by insider cyber-attacks, following a detailed study of 23 such incidents by the US Secret Service and the Cert Co-ordination Centre at Carnegie Mellon University.  esearchers say the findings underscore the importance of organisations’ technology, policies and procedures in securing their networks against insider threats, as most of the cases showcased in the report were perpetrated by insiders with minimal technical skills.


DOJ Accuses Six Of Crippling Rivals’ Web Sites

Among the more than 150 cybercrime arrests and convictions announced Thursday by the Department of Justice was an original: the nation’s first case alleging denial of service attacks against competitors to knock them offline.


Sunday, August 29, 2004

Tired of reading long web pages…

Just want to see an even briefer summary…
Well now, we have the summary page: Summary Page
Same content…
Just faster to scan.

Hope you enjoy and any comments feedback is really appreciated.

Friday, August 27, 2004

WinFS Axed From Longhorn Client and Server

Microsoft announced, as expected, that it is cutting some of its planned Longhorn features in order to get the desktop version of the product out the door by 2006.


Wednesday, August 25, 2004

Joint Forum Issues High-Level Outsourcing Principles

The Joint Forum, a working group of international bank regulators, has issued high-level principles on the topic of outsourcing in financial services.


Security appliances add dynamic profiling to firewall technology

The new SecureSphere G4 Dynamic Profiling Firewall and MX Management Server application security appliances represent the first unified security platform to protect enterprise application and database assets from all attack vectors, including Web application hacking, internal database breaches, and worm infections, Imperva says.


Monday, August 23, 2004

Report says Virtually All Big Companies Will Outsource Security By 2010

A Yankee Group report suggests that the need to stay ahead of hackers will drive a move to outsource security to managed service providers.


Wi-Fi Plays Defense

The new 802.11i wireless LAN security standard is a step forward, but Wi-Fi LANs still aren’t impervious to attacks.  Unbounded by the physical constraints of cabling and walls, wireless LANs have proved tricky to secure.


How to Tackle the Threat from Portable Storage Devices

Gartner advises companies to take action against the risks that portable storage devices (flash drives, MP3 players, and so on) present to the enterprise.


Friday, August 20, 2004

Protection From the Perimeter to the Core

A decade ago, Internet security pioneer Bill Cheswick proposed a network security model that he famously characterized as a “crunchy shell around a soft, chewy center.”  Today, as more and more “outsiders”—remote users, business partners, customers, contractors—require access to corporate networks, enterprises are finding the idea of a “soft center” obsolete, if not downright dangerous.


Manging and Securing Mobile Devices


Wednesday, August 18, 2004

Wireless switch deployment growing rapidly, study finds

Paced by rapidly increasing adoption of wireless switches, overall sales of enterprise-class WLAN equipment grew 21 percent in the recent quarter compared to the same quarter a year ago, according to a market study released Wednesday (Aug. 18) by Dell’Oro Group.


Tuesday, August 17, 2004

Study: Unpatched PCs compromised in 20 minutes

Don’t connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.


Monday, August 16, 2004

XP Service Pack 2 kills over 40 programs

Microsoft has published the details of more than 40 programs that have conflicts with the newly released Windows XP SP2.


Friday, August 13, 2004

Happy Anniversary MSBlast

A year ago this week, MSBlast stormed onto the Internet, infecting millions of Windows PCs, disrupting business operations, and sending everyone and his uncle scrambling for the patch they should have deployed weeks before.


Thursday, August 12, 2004

Microsoft Garners Support For Authentication Scheme

Microsoft hosted a meeting with more than 80 e-mail providers to spread the news about its Sender ID authentication scheme, and got the support from some heavyweights in the messaging security market, such as Tumbleweed, Cloudmark, and VeriSign.


UK scientists roll out Wi-Fi proof wallpaper

British boffins have developed wallpaper that blocks Wi-Fi traffic but still allows other wireless transmissions to pass through in a bid to prevent unauthorised access to sensitive data via the WLAN.


Sarbox 404 Costs 63 Percent Higher than Expected

Companies are spending more on consulting, auditing, and labor than they projected in January, according to a new survey by Financial Executives International.


Tuesday, August 10, 2004

New Variant of Bagle is starting to spread

Comes in as a zip file. If you are at risk, then you will need to montior for some specigfic web sites.
AV vendors have started releasing signatures.
Sent via BlackBerry - a service from AT&T Wireless.

Monday, August 09, 2004

IBM tells users not to install Windows XP update

While developers at Microsoft Corp. may be celebrating that they finished work on Service Pack 2 (SP2) for Windows XP, IT departments around the world now face the question on whether they should update their systems, or not.  IBM Corp., for one, is holding off on installing the security focused update for Windows XP.


Windows XP Service Pack 2 good for AMD chips

AMD announced that with the release of Microsoft Windows XP Service Pack 2 (SP2), Enhanced Virus Protection (EVP) can now be enabled on all AMD Athlon64 processors.


MS XP2 Service pack

Now published to corporate users. On Friday, they released the package to OEMs and manufacturers.
Sent via BlackBerry - a service from AT&T Wireless.

Saturday, August 07, 2004

Wireless IDSes Defend Your Airspace

eWEEK Labs advises every enterprise that is considering deployment of a wireless network or maintaining an existing one to seriously consider investing in a wireless intrusion detection system.


Friday, August 06, 2004

Supervisors Say Subordinates Cause Most Security Screw-ups

Bosses point fingers at their workers when it comes to attacks on the company network, a study done by a U.K. research firm reported this week.


FBI publishes computer crime and security stats

Every year for the past nine years, the Computer Security Institute and the FBI undertake a computer crime and security survey among companies and institutions in the US.  These surveys provide interesting insights into the level of computer crime being experienced by companies, as well as how they are responding to security breaches.


Thursday, August 05, 2004

You are still the weakest security link

Yet again staff have been identified as the biggest security threat to business IT systems, in a survey released today.


Out of Control

Control Systems Penetrating a control system can be as easy as opening a can of tuna.  Industrial control systems sit squarely at the intersection of the digital and physical worlds.


Wednesday, August 04, 2004

So far, a banner year for attacks

Two new studies add weight to what information security experts have said all year: Malicious activity is way up and Windows is the prime target.