Cyber Security Institute
Friday, July 29, 2005
High-tech border pass raises alarm
Kingston’s closest U.S. border crossing will employ high-tech radio frequency technology to monitor visitors from other countries who want to enter the States from Canada – a move that alarms both a Kingston privacy expert and an immigration specialist. The technology is part of US-VISIT, a billion-dollar anti-terrorism initiative launched last December that has kept about 700 criminals, including one posing as a Canadian, out of the States.
Mixed reaction to New Zealand spam bill
There has been mixed reaction from the industry to a bill tabled in aimed at fighting junk emails. Information Technology Minister David Cunliffe has tabled the Unsolicited Electronic Messages Bill, which will prevent the mass-marketing of emails and text messages to unsubscribed receivers. The Marketing Association’s Chief Executive Keith Norris says while they support the bill, it won’t change company practice, as they have had a permission-based code for five years.
Wednesday, July 27, 2005
Microsoft enlists security partner in IE update
Microsoft has enlisted some outside help for one of the most anticipated new features of its updated Web browser: the ability to alert people that they may be about to enter a fraudulent Web site. The company has tapped WholeSecurity, a maker of computer security programs in Austin, Texas, to help Internet Explorer 7, the next version of its browser, identify Web sites designed to trick people into disclosing personal data to identity thieves, the companies said.
The Next Big Corporate Benefit: Identity Theft Protection
As times change so do risks, and companies have historically provided benefits to address risks common to all employees. One of the fastest growing today is the risk of identity theft, according to the Federal Reserve Bank of Boston, as it’s projected to impact one in three people by the end of the decade. Costing billions in damages, and weeks in lost productivity, identity theft has quickly moved beyond the scope of being just an individual problem.
Monday, July 25, 2005
Security holes add up in second quarter
More than 422 new Internet security holes were found during the second quarter, according to data released by the SANS Institute.
Survey: Hackers Target Flawed Backup Software
The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets. Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft Corp.‘s Windows operating system and other software widely used by business, the cybersecurity research organization found.
Friday, July 22, 2005
USB Devices Can Crack Windows
The buffer-overflow vulnerabilities could enable an attacker to circumvent Windows security and gain administrative access to a user’s machine. This is just the latest example of a growing danger posed by peripheral devices that use USB (Universal Serial Bus), FireWire and wireless networking connections, which are often overlooked in the search for remotely exploitable security holes, experts say.
Tuesday, July 19, 2005
Checklist brings clarity to Web Application Firewalls
IT managers will now be capable of choosing the best security solution for their needs, with the publication of Secure Application Delivery checklist, industry’s first comprehensive guide for IT professionals to evaluate and compare products offered in the secure application delivery market.
Calculate Security and Compliance Cost, Benefits
New tool assists IT organizations in establishing financial benchmarks that quantifies the cost of security breaches. According to Apani Networks, the goal of the Compliance IT Security Cost/Benefit Calculator is to help organizations develop a view of the financial benefits of the required improvements to network security demanded by the regulatory environment.
Monday, July 18, 2005
Cost of US cyber attacks plummets
The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns. The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year. The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year’s average loss of $526,000.
Sunday, July 17, 2005
Microsoft Plans Security Alliance
Microsoft is pilot-testing a security alliance program for partners and will require industry-standard security certifications going forward. Informally dubbed the Partner Security Support Alliance, the program is targeted at OEMs and partners that have earned Microsoft’s security solutions competency and is designed to cut customer support costs and improve partner responsiveness to potential threats, said sources familiar with the plans.
Saturday, July 16, 2005
Computer virus infections on the rise globally
During the second quarter (April-June) of this year, more than 10 million virus infections have happened worldwide, according to trend micro, a leading anti virus and internet content security software services provider.
Wi-Fi Watchdog 5.0 Tracks Wi-Fi Users By Location
Newbury Networks says its Wi-Fi Watchdog 5.0 can precisely locate—and block—unauthorized users trying to enter networks.Noting that security is becoming an urgent necessity as wireless networks proliferate throughout enterprises, Newbury Networks said it is addressing the need with its Wi-Fi Watchdog 5.0, which can precisely locate—and block—unauthorized users trying to enter networks.In announcing the latest version of its enterprise software security product Monday
Thursday, July 14, 2005
Another pitch to UK Parliament for Denial of Service law
Tom Harris MP presented a bill to UK Parliament that would amend the UK’s 15-year-old cybercrime law to confirm that denial of service attacks are illegal.
Cisco Plugs VoIP Gateway Holes
Network equipment supplier Cisco has issued patches for several security flaws in its voice-over IP gateways that hackers could exploit and use to eavesdrop on telephone calls. The vulnerability could also be exploited to issue denial-of-service attacks on services managed by its VoIP software platform.
Wednesday, July 13, 2005
Major Windows exploit ‘days away’
Hackers are actively exploiting two serious security vulnerabilities in Windows, Microsoft warned on Tuesday as it released “critical” alerts about the flaws.
Cyber Crime Rates, Losses Fall, Says Surve
A downward turn in overall cyber crime has hit its fourth year, said the 10th-annual survey on computer crime released Thursday, and average financial losses have tumbled by more than half. The yearly survey, which is conducted by the Computer Security Institute (CSI) in coordination with the FBI, found that the average dollar amount pegged to a security breach fell by a whopping 61 percent compared to 2004, when the loss per polled company or government agency was estimated at $526,000. Losses reported per respondent due to unauthorized access crimes was up a huge 580 percent in 2005 over 2004, while theft of proprietary information because of a security breach rose 211 percent.
Bank Of America Rolls Out New Online Security System
Bank of America Corp. is rolling out a new online banking security system aimed at making it harder for cyberthieves to crack customer accounts, an effort that comes as the industry struggles with a recent string of high-profile security breaches.
Security authentication system Kerberos flaws
The Massachusetts Institute of Technology has issued patches for three serious flaws in Kerberos v5, a widely used security authentication system. The worst of the flaws could allow an attacker to gain access to an entire authentication realm, according to MIT.
Linux and Windows security neck and neck
There is little to choose between Microsoft and Linux in terms of operating system security, according to experts, but misleading figures and surveys are muddying the waters for IT managers evaluating the platforms. Graham Titterington, principal analyst at Ovum, told vnunet.com that, while in security terms the gap between Linux and Microsoft had shortened, Linux had the edge. However, he suggested that the mass of statistics put out by both sides was obfuscating the issue.
Tuesday, July 12, 2005
Word Bug Shows Trend In File Format Hacks
The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security firm says. The vulnerability in Microsoft Word is only the latest in a spreading trend that’s seeing hackers probe for foibles and failings in file formats, a security analyst from the company which first uncovered the Word bug said Wednesday.
What is Endpoint Security?
Endpoint security is something that many IT professionals think they have, though few can agree on what it is. According to a recent study by research firm IDC, the confusion over endpoint security is leaving enterprises open to attack from destructive malicious sources.
Oracle integrates Web services, security products
Oracle plans to combine two of its Web services products to make it easier for developers to set security policies for applications built using its Oracle BPEL Process Manager software, a company executive said Tuesday.
CIO Relationships Limit Outsourcing Success
A nationwide survey has identified that chief information officers (CIOs) are in need of ‘relationship counseling’, to help them get the most from outsourcing. The survey commissioned by Computacenter and carried out by PMP Research, questioned 100 CIOs from banking, pharmaceutical, manufacturing and the public sectors.
Monday, July 11, 2005
IT Compliance Institute Launches The Unified Compliance Project
IT Compliance Institute, a division of media company 101communications LLC, has launched its Unified Compliance Project (UCP), a cooperative research and development effort by the IT Compliance Institute and compliance consultancy Network Frontiers, to reveal the overlap between complex regulatory requirements. The project’s goal is to deconstruct the requirements of the major corporate regulations—including Sarbanes-Oxley, Basel II, HIPAA, and Gramm-Leach-Bliley—and present them in a holistic IT compliance view that exposes commonalities across compliance efforts.
Yahoo, Cisco Merge E-Mail Specs
In a rare display of industry cooperation, Yahoo and Cisco merged their e-mail authentication specification, officials announced.
Thursday, July 07, 2005
ID Theft Bill Widens Encryption Rules
Congressional leaders appear eager to pass an identity-theft law this week, and their proposals are becoming tougher. The bill calls for data brokers to submit their security policies annually to the Federal Trade Commission for approval. Broader than any other IT security proposal on Capitol Hill—-including the latest Senate bill, the Personal Data Privacy and Security Act—-the Barton-Dingell draft bill deals with the kind of government technology involvement most industries fear.
Zombies: The Digital Undead
Like the living dead, armies of “zombie” computers are disrupting corporate networks and sucking the life out of business-critical systems around the world. Zombies strike fear into the hearts of IT personnel responsible for maintenance of corporate networks, and particularly those charged with protecting and ensuring the availability of vital corporate email systems.
Tuesday, July 05, 2005
Radicati Group Survey Finds That Fighting Spam Is Still the Top Concern of Corporate Organizations
The Radicati Group, Inc.‘s latest study, “Messaging and Collaboration Corporate Survey, 2005-2006” finds that many organizations are still struggling with spam. Despite several years of aggressive anti-spam product development, many companies are still not satisfied with their anti-spam solutions.
Monday, July 04, 2005
The coming Web security woes
Anyone who runs a Web site with registered users and receives income from it should be concerned. The Specter-Leahy bill says that if that site’s list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone. Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years.