Cyber Security Institute

Tuesday, November 29, 2005

IT specialists ‘a dying breed’

Demand for IT specialists could shrink as much as 40 percent within the next five years, according to predictions by Gartner analysts who on Tuesday unveiled a list of key trends for 2006.  According to the research firm, businesses will increasingly look to employ “IT versatilists”—- people who are not only specialised in IT, but who demonstrate business competencies by handling multidisciplinary assignments.


Wednesday, November 23, 2005


Attackers don’t go after operating systems like they used to.  They’ve found bigger fish to fry in flawed applications like the average AV, database, IM or media player program.  They’re also paying more attention to flaws in the routers and switches that keep the Internet afloat and are successfully stealing data from government networks.  That’s the consensus among security experts who contributed to the SANS Institute’s Top 20 vulnerability list for 2005.  “The bottom line is that security has been set back nearly six years in the past 18 months,” SANS Institute Research Director Allan Paller said in an e-mail exchange.


Friday, November 18, 2005

CSI in computer forensics gaffe

A team of computer forensic investigators has pointed out that a character in a recent episode of hit TV show CSI: Crime Scene Investigation failed to follow a basic rule of looking for evidence: don’t switch on the computer.  Experts at CY4OR, based in Bury, England, praised CSI for bringing computer forensics to the forefront of public awareness; but they say it does little to reflect the correct and essential procedures that must be put in place when there is suspicion of criminal activity.  “Not only could this potentially damage evidence, any incriminating data that was uncovered would undoubtedly be thrown out of a court of law as the proper evidential procedures would not have been put in place,”..


Thursday, November 17, 2005

Bots slim down to avoid detection

Over the past two years, the average network of bots, or compromised PCs commandeered by remote attackers, has dropped from more than 100,000 to an average of 20,000, Mark Sunner, MessageLabs’s chief technology officer, said during Tuesday’s annual Security Roundtable Webcast.


Windows with anti-rootkit

Microsoft Company is developing plans to secure 64-bit versions of Windows from dangerous malware such as rootkits.


Wednesday, November 16, 2005

e-Security Debuts Mainframe Compliance Monitoring

e-Security, the Vienna, VA supplier of security information management and compliance monitoring software, unveiled Sentinel Mainframe Connect, an add-on module to its flagship Sentinel 5 enterprise compliance monitoring system.


Risky Employee E-mail Habits Threaten Business

Results of the survey show that 68 percent of U.S. employees who use e-mail at work have sent or received e-mail via their work e-mail account that could place their company at risk.  A majority of employees who use e-mail at work (61 percent) admit they have used e-mail at work for personal use.


CMP Media acquires Black Hat

CMP Media, a marketing solutions company serving the technology, healthcare and entertainment markets, announced that it has acquired Black Hat Inc., a producer of information security conferences and training that includes Black Hat Briefings and Conferences.


Tuesday, November 15, 2005

ID Theft Numbers May Be Misleading

You can almost hear the maniacal laughter.  By some measures, one in five Americans has been hit.  Another common statistic is that 10 million people fall victim every year.  Making matters even scarier, new laws in California and other states have forced companies to essentially tell all U.S. consumers when their personal data have been compromised—even if the files have not actually been maliciously used.  In response, Congress is considering bills to restrict the flow of personal information.  And identity theft monitoring services have sprung up that can cost consumers well over $100 a year.  But while it’s certainly important to be vigilant against this potentially devastating crime, it also appears identity theft is too broadly defined and often misunderstood.  As a result, some experts say, lawmakers and companies might be misdirecting their anti-fraud energies.  Overly fearful consumers could be unecessarily avoiding doing business on the Web.


Keyloggers Jump 65% As Info Theft Goes Mainstream

The number of keyloggers unleashed by hackers exploded this year, soaring by 65 percent in 2005 as e-criminals rush to steal identities and information, a security intelligence firm said Tuesday.  “The overall number of keyloggers has just skyrocketed this year,” said Ken Dunham, senior engineer with Reston, Va.-based VeriSign iDefense.  Keyloggers are small programs, silently installed by the attacker, typically after an earlier attack that compromised the computer through a vulnerability in the operating system or Internet browser, that record all or selected keystrokes, then sends that data to the hacker.


Monday, November 14, 2005

TippingPoint Device Has Broad Appeal -

TippingPoint is poised to step outside its high-end intrusion-prevention niche into the broader security market with a new multifunction device that marks the vendor’s entry into the growing unified threat management space.  he 3Com division is unveiling the X505, its first integrated security device, which combines TippingPoint’s intrusion-prevention technology with stateful inspection firewall, IPsec VPN, bandwidth management, Web content filtering and dynamic routing.


Enterprises Patch 10 Percent Faster, But Not Fast Enough

Even though two out of every three machines are vulnerable to one or more critical vulnerabilities, enterprises are managing to patch faster than ever, a researcher said on the eve of his keynote speech at a security conference. 
The “half-life” of vulnerabilities—the amount of time it takes companies to patch half of their systems against a newly-disclosed bug—continues to drop, said Gerhard Eschelbeck, the chief technology officer of Qualys and the creator of his self-titled “Laws of Vulnerabilities.”  Eschelbeck based his research on statistical analysis of 21 million critical vulnerabilities, and 32 million network scans conducted over a three-year period. 
Companies have made dramatic progress in patching internal computers, too; the half-life of these computers was cut by 23 percent in the last year, said Eschelbeck, down from 62 in 2004.


Friday, November 11, 2005

Security Is Top Issue For Converged IP Deployments: Survey

Security is corporate executives’ top priority for implementing converged IP networking, according to a new survey released by AT&T and the Economist Intelligence Unit (EIU).  With more than 60% of respondents expressing concern that online customer data processing might expose their organizations to potential security breaches, IP security has become a hot topic.  Some 62% of companies surveyed plan to implement IP networking through most or all of their organizations within the next three years.


Wednesday, November 09, 2005

Microsoft Calls for US National Privacy Law

Microsoft has released a document outlining a series of steps it would like to see the US Congress take to preempt a growing number of state laws that impose varying requirements on the collection, use, storage and disclosure of personal information.