Cyber Security Institute
Thursday, September 01, 2005
Finns urge better Wi-Fi security after bank break-in
Finland has called on its citizens to take more care securing their Wi-Fi networks after it emerged this week that about â,¬200,000 (£135,623) had been stolen from a bank using an unprotected home network. The Helsinki branch of global financing company GE Money called on police to investigate the theft in June. Police now believe that the company’s 26-year-old head of data security in Helsinki stole banking software from the company along with passwords for its bank account.
Data storage and infrastructure management
The volume of data generated and stored by businesses is growing at an uncontrollable rate and companies have invested substantially in IT systems to help manage this growth. The challenge they face is how to manage their data storage infrastructure cost-effectively. More and more businesses are recognising that an effective way to reduce overall IT spend and, more specifically, the high cost of data storage is to outsource the provision of IT services to a third-party supplier. But businesses have become wary of 100 per cent outsourcing contracts under which they lose control of the output and direction of the IT environment. With the explosion of data being led by the need to improve quality of service to customers, enterprises are also striving to ensure that quality and system availability levels remain high across the infrastructure.
This has prompted businesses to consider the nature of the environment in which data is stored and effectiveness of their recovery systems.
Tuesday, August 30, 2005
Integrating automated patch and vulnerability management into an enterprise-wide environment
This article explores the trends that are creating requirements for a strategic - rather than a tactical - approach to information security, patch and vulnerability management among public and private sector organizations. It demonstrates how an integrated, automated and enterprise-wide strategy that uses best-of-breed security solutions can be most effectively integrated into the operations of organizations large and small.
Monday, August 29, 2005
Symantec, SonicWall Unveil New Security Gear
Two new all-in-one security appliances from Symantec and SonicWall will offer customers of gigabit Ethernet performance a variety of security functions including firewall, antivirus protection, SSL VPN and even antispyware features.
Networking giant sets site on security intelligence
MySDN, a security intelligence Web site maintained by Cisco Systems Inc., identifies, collects and analyzes security threats pertinent to Cisco products. To analyze security threats, the free Web resource uses the Common Vulnerability Scoring System, an emerging industry standard for gauging the severity of security vulnerabilities.
CA Ranked Top Identity and Access Management Software Vendor Again
Computer Associates International Inc. has been ranked the worldwide leader in identity and access management software again. It is the fifth consecutive year that the Islandia, N.Y.-based management software company has been named the market leader by IDC, a research and analysis company based in Framingham, Mass.Friday, August 26, 2005
Colleges Lead Charge for Secure, Open Networks
Security is moving to the forefront of campus IT efforts, after decades as an afterthought at schools, according to interviews with campus IT administrators. The techniques that schools are adopting could soon become commonplace on corporate networks, as well, as traditional network perimeters begin to disappear, experts say.
Cisco sensor flaw
Cisco Systems has warned of a security flaw affecting two of its widely used security systems, IDSMC and Secmon. The flaw involves SSL (Secure Sockets Layer) and affects CiscoWorks Management Center for IDS Sensors (IDSMC) as well as Monitoring Center for Security, also called Security Monitor or Secmon.
Tuesday, August 23, 2005
Banks abandoning SSL on home page log-ins
Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time. Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time and guide users to more memorable URLs, a U.K. Web performance firm said.
Monday, August 22, 2005
New security breaches disclosure law
New York has enacted an information security breaches law, which will oblige firms and local government agencies to notify customers in the state if their personal information is taken, or its systems are hacked into. The legislation is designed to promote security.
New law may tighten power plant security
U.S. power plants may have to tighten security against malicious hackers bent on wreaking havoc, according to a new federal law.
US-Cert report on spyware
US-Cert has published a report on spyware, http://www.us-cert.gov/reading_room/spyware.pdf, a 15-page document that includes an overview, definition and examples of different types of threats.
Gartner’s latest on tablet PCs, social tagging, and other emerging technologies
Innovative approaches to security are underway according to Gartner. AT&T provides a range of network-based security services and startups like VigilantMindsa, Prolexic Technologies and Perimeter Internetworking insert themselves into the cloud, similarly to how anti-spam filtering services insert themselves into the e-mail flow.
Sunday, August 21, 2005
Repositioning the CISO
The position of CISO is relatively new. It came into being in response to federal regulations, the burgeoning security industry, and the ever-increasing cyber-threats facing the modern enterprise. The CISO is responsible for establishing a credible economic basis for information security investments, assessing corporate risk as it relates to information security, and effectively communicating his or her findings to corporate executives. But many CISOs seem to be struggling in the position. This is due to several factors, some structural and some cultural.
Saturday, August 20, 2005
Tough road for identity tech
Privacy rights aren’t exactly a pressing concern in Malaysia. If they were, the country’s Government Multi-Purpose Card wouldn’t exist. All Malaysians over 12 must carry the card, nicknamed “Mykad.” It stores thumbprints, a digital photo and basic information on the cardholder, including religion for the major ethnic group, the Malays. But the card also serves as a driver’s license, passport and, under government plans, the national health card. And cardholders can use it to pay for purchases, withdraw money from ATMs, cover transit fares, pay road tolls and digitally sign documents on their PCs. Few countries are following Malaysia’s example with the all-in-one card, but a growing number of nations, from China to the tiny Baltic republic of Estonia, are already rolling out the new generation of electronic ID.
Thursday, August 18, 2005
Bills could make businesses do more to prevent ID theft
Businesses better take steps to protect the personal data of consumers and employees or face the wrath of Congress, an identity theft prevention expert warns. John Gardner, an independent associate with Pre-Paid Legal Services in Darlington, S.C., in a Birmingham seminar last week, outlined several proposed bills that could make businesses liable for negligence that leads to identity theft. At least a half-dozen bills are under consideration in Congress to help fight identity theft.
Thursday, August 04, 2005
Hackers’ Prowess on Display at Defcon Conference
Even the ATM machines were suspect at this year’s Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.
Anyone naive enough to access the Internet through the hotel’s unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen. It was dubbed the “The Wall of Sheep.” Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.
Tuesday, August 02, 2005
Apple adopts controversial security chip
Developer preview models of Apple’s new Intel powered computer contains a security chip that has been criticised for privacy risks. Apple recently started shipping its Developer Transition Kits that help developers test and prepare their software to the switch to the new Intel powered Apple computers next year. The kit contains a version of OS X for Intel and a Mac computer featuring the new processor.
Fighting The New Face of Fraud
Banking fraud is as old as the industry itself, and it continues to be one of the largest expenses faced by many financial institutions, according to Virginia Garcia, research director for Needham, Mass.-based TowerGroup. Garcia estimates that 30 percent to 50 percent of the industry’s $55 billion in annual operating losses is attributable to fraud.
Government, Financial Top Targets Of Security Attacks
IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in ‘customised’ attacks on the government, financial services, manufacturing and healthcare industries. According to the report, there were more than 237 million overall security attacks in the first half of the year.