Cyber Security Institute

Friday, July 29, 2005

High-tech border pass raises alarm

Kingston’s closest U.S. border crossing will employ high-tech radio frequency technology to monitor visitors from other countries who want to enter the States from Canada – a move that alarms both a Kingston privacy expert and an immigration specialist.  The technology is part of US-VISIT, a billion-dollar anti-terrorism initiative launched last December that has kept about 700 criminals, including one posing as a Canadian, out of the States.

MORE... (0) Comments

Mixed reaction to New Zealand spam bill

There has been mixed reaction from the industry to a bill tabled in aimed at fighting junk emails.  Information Technology Minister David Cunliffe has tabled the Unsolicited Electronic Messages Bill, which will prevent the mass-marketing of emails and text messages to unsubscribed receivers.  The Marketing Association’s Chief Executive Keith Norris says while they support the bill, it won’t change company practice, as they have had a permission-based code for five years.

MORE... (0) Comments

Wednesday, July 27, 2005

Microsoft enlists security partner in IE update

Microsoft has enlisted some outside help for one of the most anticipated new features of its updated Web browser: the ability to alert people that they may be about to enter a fraudulent Web site.  The company has tapped WholeSecurity, a maker of computer security programs in Austin, Texas, to help Internet Explorer 7, the next version of its browser, identify Web sites designed to trick people into disclosing personal data to identity thieves, the companies said.

MORE... (0) Comments

The Next Big Corporate Benefit: Identity Theft Protection

As times change so do risks, and companies have historically provided benefits to address risks common to all employees.  One of the fastest growing today is the risk of identity theft, according to the Federal Reserve Bank of Boston, as it’s projected to impact one in three people by the end of the decade.  Costing billions in damages, and weeks in lost productivity, identity theft has quickly moved beyond the scope of being just an individual problem.

MORE... (0) Comments

Monday, July 25, 2005

Security holes add up in second quarter

More than 422 new Internet security holes were found during the second quarter, according to data released by the SANS Institute.

MORE... (0) Comments

Survey: Hackers Target Flawed Backup Software

The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets.  Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft Corp.‘s Windows operating system and other software widely used by business, the cybersecurity research organization found.

MORE... (0) Comments

Friday, July 22, 2005

USB Devices Can Crack Windows

The buffer-overflow vulnerabilities could enable an attacker to circumvent Windows security and gain administrative access to a user’s machine.  This is just the latest example of a growing danger posed by peripheral devices that use USB (Universal Serial Bus), FireWire and wireless networking connections, which are often overlooked in the search for remotely exploitable security holes, experts say.

MORE... (0) Comments

Tuesday, July 19, 2005

Checklist brings clarity to Web Application Firewalls

IT managers will now be capable of choosing the best security solution for their needs, with the publication of Secure Application Delivery checklist, industry’s first comprehensive guide for IT professionals to evaluate and compare products offered in the secure application delivery market.

MORE... (0) Comments

Calculate Security and Compliance Cost, Benefits

New tool assists IT organizations in establishing financial benchmarks that quantifies the cost of security breaches.  According to Apani Networks, the goal of the Compliance IT Security Cost/Benefit Calculator is to help organizations develop a view of the financial benefits of the required improvements to network security demanded by the regulatory environment.

MORE... (0) Comments

Monday, July 18, 2005

Cost of US cyber attacks plummets

The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns.  The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year.  The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year’s average loss of $526,000.

MORE... (0) Comments

Sunday, July 17, 2005

Microsoft Plans Security Alliance

Microsoft is pilot-testing a security alliance program for partners and will require industry-standard security certifications going forward.  Informally dubbed the Partner Security Support Alliance, the program is targeted at OEMs and partners that have earned Microsoft’s security solutions competency and is designed to cut customer support costs and improve partner responsiveness to potential threats, said sources familiar with the plans.

MORE... (0) Comments

Saturday, July 16, 2005

Computer virus infections on the rise globally

During the second quarter (April-June) of this year, more than 10 million virus infections have happened worldwide, according to trend micro, a leading anti virus and internet content security software services provider.

MORE... (0) Comments

Wi-Fi Watchdog 5.0 Tracks Wi-Fi Users By Location

Newbury Networks says its Wi-Fi Watchdog 5.0 can precisely locate—and block—unauthorized users trying to enter networks.Noting that security is becoming an urgent necessity as wireless networks proliferate throughout enterprises, Newbury Networks said it is addressing the need with its Wi-Fi Watchdog 5.0, which can precisely locate—and block—unauthorized users trying to enter networks.In announcing the latest version of its enterprise software security product Monday

MORE... (0) Comments

Thursday, July 14, 2005

Another pitch to UK Parliament for Denial of Service law

Tom Harris MP presented a bill to UK Parliament that would amend the UK’s 15-year-old cybercrime law to confirm that denial of service attacks are illegal.

MORE... (0) Comments

Cisco Plugs VoIP Gateway Holes

Network equipment supplier Cisco has issued patches for several security flaws in its voice-over IP gateways that hackers could exploit and use to eavesdrop on telephone calls.  The vulnerability could also be exploited to issue denial-of-service attacks on services managed by its VoIP software platform.

MORE... (0) Comments

Wednesday, July 13, 2005

Major Windows exploit ‘days away’

Hackers are actively exploiting two serious security vulnerabilities in Windows, Microsoft warned on Tuesday as it released “critical” alerts about the flaws.

MORE... (0) Comments

Cyber Crime Rates, Losses Fall, Says Surve

A downward turn in overall cyber crime has hit its fourth year, said the 10th-annual survey on computer crime released Thursday, and average financial losses have tumbled by more than half.  The yearly survey, which is conducted by the Computer Security Institute (CSI) in coordination with the FBI, found that the average dollar amount pegged to a security breach fell by a whopping 61 percent compared to 2004, when the loss per polled company or government agency was estimated at $526,000.  Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent. 

MORE... (0) Comments

Bank Of America Rolls Out New Online Security System

Bank of America Corp. is rolling out a new online banking security system aimed at making it harder for cyberthieves to crack customer accounts, an effort that comes as the industry struggles with a recent string of high-profile security breaches.

MORE... (0) Comments

Security authentication system Kerberos flaws

The Massachusetts Institute of Technology has issued patches for three serious flaws in Kerberos v5, a widely used security authentication system.  The worst of the flaws could allow an attacker to gain access to an entire authentication realm, according to MIT.

MORE... (0) Comments

Linux and Windows security neck and neck

There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms.  Graham Titterington, principal analyst at Ovum, told vnunet.com that, while in security terms the gap between Linux and Microsoft had shortened, Linux had the edge.  However, he suggested that the mass of statistics put out by both sides was obfuscating the issue.

MORE... (0) Comments

Tuesday, July 12, 2005

Word Bug Shows Trend In File Format Hacks

The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security firm says.  The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security analyst from the company which first uncovered the Word bug said Wednesday.

MORE... (0) Comments

What is Endpoint Security?

Endpoint security is something that many IT professionals think they have, though few can agree on what it is.  According to a recent study by research firm IDC, the confusion over endpoint security is leaving enterprises open to attack from destructive malicious sources.

MORE... (0) Comments

Oracle integrates Web services, security products

Oracle plans to combine two of its Web services products to make it easier for developers to set security policies for applications built using its Oracle BPEL Process Manager software, a company executive said Tuesday.

MORE... (0) Comments

CIO Relationships Limit Outsourcing Success

A nationwide survey has identified that chief information officers (CIOs) are in need of ‘relationship counseling’, to help them get the most from outsourcing.  The survey commissioned by Computacenter and carried out by PMP Research, questioned 100 CIOs from banking, pharmaceutical, manufacturing and the public sectors.

MORE... (0) Comments

Monday, July 11, 2005

IT Compliance Institute Launches The Unified Compliance Project

IT Compliance Institute, a division of media company 101communications LLC, has launched its Unified Compliance Project (UCP), a cooperative research and development effort by the IT Compliance Institute and compliance consultancy Network Frontiers, to reveal the overlap between complex regulatory requirements.  The project’s goal is to deconstruct the requirements of the major corporate regulations—including Sarbanes-Oxley, Basel II, HIPAA, and Gramm-Leach-Bliley—and present them in a holistic IT compliance view that exposes commonalities across compliance efforts.

MORE... (0) Comments

Yahoo, Cisco Merge E-Mail Specs

In a rare display of industry cooperation, Yahoo and Cisco merged their e-mail authentication specification, officials announced.

MORE... (0) Comments

Thursday, July 07, 2005

ID Theft Bill Widens Encryption Rules

Congressional leaders appear eager to pass an identity-theft law this week, and their proposals are becoming tougher.  The bill calls for data brokers to submit their security policies annually to the Federal Trade Commission for approval.  Broader than any other IT security proposal on Capitol Hill—-including the latest Senate bill, the Personal Data Privacy and Security Act—-the Barton-Dingell draft bill deals with the kind of government technology involvement most industries fear.

MORE... (0) Comments

Zombies: The Digital Undead

Like the living dead, armies of “zombie” computers are disrupting corporate networks and sucking the life out of business-critical systems around the world.  Zombies strike fear into the hearts of IT personnel responsible for maintenance of corporate networks, and particularly those charged with protecting and ensuring the availability of vital corporate email systems.

MORE... (0) Comments

Tuesday, July 05, 2005

Radicati Group Survey Finds That Fighting Spam Is Still the Top Concern of Corporate Organizations

The Radicati Group, Inc.‘s latest study, “Messaging and Collaboration Corporate Survey, 2005-2006” finds that many organizations are still struggling with spam.  Despite several years of aggressive anti-spam product development, many companies are still not satisfied with their anti-spam solutions.

MORE... (0) Comments

Monday, July 04, 2005

The coming Web security woes

Anyone who runs a Web site with registered users and receives income from it should be concerned.  The Specter-Leahy bill says that if that site’s list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone.  Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years.

MORE... (0) Comments