Cyber Security Institute

Thursday, August 31, 2006

The Current State of: Windows Mobile 5.0 Security Tools

Unique WebSite Article

I thought I would create a quick note to discuss my current focus when it comes to IT tools and toys.  As you all know, I’m in the IT security business and one of the side-effects on this is the need to manage my paranoia.  So I know have a Cingular 8125 phone.  A wonderful phone that when I initially received it, I thought was a bit chunky/clunky in look and feel.  But I am now a fan.  Those ultra thin phones might look pretty but in the rough and tumble of daily use, I need power, comfort and agility.  That’s what I get when I use the Cingular 8125.  It is even encroaching on my Rim usage which is pretty amazing.

So this wonderful phone runs Windows Mobile 5.0.  This is great solution unless you start to worry about security.  There is, of course, the obligatory password prompt but with WiFi connectivity, Internet access and Bluetooth, I am looking for a solution to protect not the physical access but the remote access.


Tuesday, August 29, 2006

Track Hurricanes From Mobile Handsets

The number of hurricanes have doubled over the last ten years, with meteorologists predicting another decade or two of elevated activity.  A pair of companies have new mobile applications to help the approximately 85 million U.S. coastal residents get a handle on what’s going on during the peak of the storm season, August through October. 
SurvivorSoft’s Hurricane Tracker ($18.95) is an application for Windows Mobile 5.0 and 2003 devices that monitors storms within the Atlantic Basin and Gulf of Mexico.  My-Cast Digital Cyclone, has added a new Hurricane Tracker to version 5.0 of its My-Cast mobile weather service application.  With the new feature, users can see the projected path of a hurricane or tropical storm in real-time with satellites focused directly on the eye of the storm.


Monday, August 28, 2006

IT execs feel the heat as security woes multiply

With security threats increasing and regulation tightening, companies are demanding greater IT accountability - and that can mean being forced to walk the plank after a breach.  AOL fired a researcher and a manager last week, and CTO Maureen Govern resigned after the Dulles, Va., company posted data on search queries made by 650,000 AOL subscribers.  Ohio University dismissed two senior IT people this month following news of five security vulnerabilities that exposed the sensitive records of 137,000 alumni.  Fallout from the Department of Veterans Affairs’ security debacle is ongoing.  The agency fired the analyst who took home a laptop containing data on 26 million veterans that was stolen when burglars broke into his home.  That doesn’t fly today. If a company is spending 5% of its IT budget on security, it expects a payoff. “The business side of the organization has learned to live with accountability and is able to talk about revenues and returns,” John Pescatore, a security analyst at Gartner says. “IT is getting dragged there, too.”


Tipping Point to publish flaws of many popular business solutions

A security company that pays hackers for information on software flaws and exploits plans to release a list of 29 unpatched flaws in products sold by a host of big-name vendors, including Microsoft, IBM, Apple Computer and Novell.  The Aug. 28 disclosure from TippingPoint’s ZDI (Zero Day Initiative) flaw bounty program is a significant change to the way the 3Com-owned company handles the disclosure of vulnerability data it buys from external researchers.  Instead of waiting for software makers to issue patches, TippingPoint will announce the flaw purchase in bare-bones advisories at the time the issue is reported to the vendor.  Dave Endler, director of research at TippingPoint, in Austin, Texas, said the list of 29 includes six bugs affecting Microsoft; three affecting Novell; two each for products sold by IBM and Apple; and one each affecting AOL, Adobe and Sun Microsystems.


Friday, August 25, 2006

Website is going to evolve

Well the time has come for this web site to evolve to the next level.  Extra value is you join.

If it will give access to the commenting system and also a newsletter quickly summarizes the news just for you.

Review: ‘Hacker-in-a-Box’ Tool Tests Attack Scenarios

Few “ethical” hackers can provide simulated attacks with the level of sophistication that Cenzic offers in its Hailstorm “hacker-in-a-box” penetration tester.  Hailstorm’s unique non-signature based technology interprets results during realtime attacks without comparing results with signature-based databases. The tool’s interpreting engine eliminates false positives by providing generic solutions to attacks.


Wednesday, August 23, 2006

IBM Up-Ends Security Services Market

An 800-pound gorilla threw its weight into the security market today, and analysts say the impact could send the industry reeling in a whole new direction.  IBM bought Internet Security Systems (ISS), one of the industry’s oldest and best-known independent security vendors, for a tidy $1.3 billion in cash.  The security software vendor, which has been a supplier of point products for more than a decade, will be integrated into Big Blue’s managed security services business, transforming it from software vendor to service provider in a single move.  With their joint entry into the managed services arena, IBM and ISS will challenge popular industry notions that such services are only for small businesses that lack security expertise, and that large enterprises would never consider handing over their security functions to an outsourcing vendor.


Enterprises Still Not Sweet on Honeypots

While they’ve long been a darling of researchers and law enforcement, honeypots are still trying to prove their case for wider enterprise deployment.  And it remains a bit of a hard-sell.  These “lures” that pose as legitimate network nodes are heavy on attacker- and attack data.  But they don’t do anything to actually stop an attack, plus they can attract unwanted attention to your network.  But some security experts say elements of honeypot technology can be used as an extra layer in the enterprise security arsenal, especially for protecting against insider threats or other malicious internal activity.  “Right now, we’re on the edge of someone picking up this technology and running forward with it for better security for enterprise installations,” says Ralph Logan, principal with The Logan Group and vice president of the Honeynet Project.


Tuesday, August 22, 2006

Standard Could Unify Security Apps

You’ve got anywhere from six to 60 security applications and tools in your data center, and most of them work pretty well. There’s just one problem: None of them speak the same language.  ArcSight attacked that problem by proposing a new log management standard, the Common Event Format, that could enable security devices and applications to present and exchange event data in a common way.


Sunday, August 20, 2006

How to Use Metrics

Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves.  The fact that established metrics and measures for the full range of security programs are few and far between tells a story about the historical disconnect between these functions and the core businesses they serve.  The risk environment has changed significantly over the past 30 years, with shocking wake-up calls to CEOs, boards and shareholders.  Attentive corporations have had to address the exposures uncovered in these times with more sophisticated and mainstream corporate security organizations.  With this mainstreaming comes the obligation to measure performance and demonstrate bottom-line contributions.  Metrics are a natural descendant of this process.  It is also essential that we recognize security’s contribution to the corporate system of internal controls.


Thursday, August 17, 2006

Defending Cell Phones and PDAs Against Attack

As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims.  By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.  Some cell phones and PDAs also offer the ability to connect to the internet.  Although these are features that you might find useful and convenient, attackers may try to take advantage of them.


Wednesday, August 16, 2006

United States of Access Control

The nuptials are set for Oct. 27, 2006.


US consumers losing billions in cyber attacks

A report out in the US has put a figure on losses suffered by Americans due to computer malware and cybercrime, and this figure is staggering.  According to Consumer Reports’ State of the Internet survey, last year Americans lost $7.9 billion because of computer viruses, spyware and online scams.


August patch management woes strike again

A suggestion for security pros: Don’t take your vacation in August.  Indeed, a pattern has emerged in recent years in which attackers take a recently disclosed Microsoft flaw and exploit it in dramatic fashion, often in the first two weeks of the month.  This year, security experts are sounding the alarm because of a critical Windows Server Service flaw that Microsoft addressed with its August patch release.  By Sunday, attackers were targeting the Windows Server Services flaw with malware in a bid to expand their IRC-controlled botnets.


When Disaster Strikes, Manage it

Business Continuity is a vast and often overwhelming subject which, in the main, has been adopted by the IT Department.  At its most basic level it encompasses everything involved in keeping a business up and running during a disaster.  Or depending on your business requirements, everything involved in getting the business operational within a set period of time after a disaster.  Before looking into all of this, it is necessary to assess the potential risks affecting your business, the likelihood they will occur and the disruption they could cause.  This will aid you in deciding what level of protection is required and may help in determining some realistic Recovery Time and Recovery Point Objectives, (RTO & RPO).  The cost associated with the loss of a particular business function, be it IT related or not, or the perceived cost of lost reputation or potential revenue.


Friday, August 11, 2006

Spain’s cybercrime growing fast

July and August are not the traditional holiday months in Spain any more.  In the first week alone the “nomasfraude” (nomorefraud) campaign received 5000 complaints from users, 80% of which concerned phishing scams.  It is thought fraudsters are using these summer months to launch more attacks, because more people are spending time at home, surfing the Internet during their holidays.


Search Engine Goes On Offensive

If you’re trying to find or figure out a nasty bit of malware in your IT environment, your job may have just gotten a lot easier.  A pair of independent researchers earlier this week launched Offensive Computing, an open-source search engine that contains information and analysis on some 40,000 hostile files and exploits from around the security industry.  The search engine, which was developed under the auspices of the Cult of the Dead Cow (a longstanding Black Hat forum) was unveiled on Wednesday. The idea, according to a co-founder who goes by the name Valsmith, is to provide a single source where security researchers can go to find a particular exploit, download it, and defuse it.


Implementing Information Safeguards Under Gramm-Leach-Bliley


Wednesday, August 09, 2006

Symantec Establishes Council

Symantec Corp. announced the launch of its Executive Customer Advisory Council, a dynamic group of chief information officers (CIOs) and information technology executives from a variety of market-leading global enterprises.


Tuesday, August 08, 2006

Workers Ignore the Risks of Web Links and Attachments

A recent security audit run by Finjan for a European organisation in the finance sector, usually one of the most security-savvy marketplaces, revealed that an overwhelming 67% of security policy violations discovered over a one week period were related to spyware downloads, attempts to access spyware websites or attempts to access websites that hide executable spyware.  Of those questioned 93 per cent said that they knew that links, attachments, pop boxes and web pages could have spyware or other forms of malicious code embedded within them.


Monday, August 07, 2006

Weekly Report On Viruses And Intruders

The recent report from Panda Software on viruses and intruders clearly reflects the new dynamic influencing malware creators. The three examples of malicious code detailed in the report are aimed at spying, hijacking computers and stealing bank details.  The three examples of malicious code detailed in the report are aimed at spying, hijacking computers and stealing bank details.


McAfee Releases 5.0

McAfee unveiled two new offerings as part of its security risk management portfo McAfee® Foundstone® Enterprise 5.0, a comprehensive priority-based vulnerability management solution, and McAfee Preventsys™ Compliance Auditor and Risk Analyzer both allow companies to automate the manually intensive process of reporting security compliance.


IM Attacks Escalate

Postini, the global leader in Integrated Message Management, today announced that its Monthly Message Security & Management Update for July confirms a 160 percent increase over June in instant messaging (IM) attacks against corporate networks.  In July, Postini detected and prevented new IM threats including Prokeylogger, which logs the keystrokes typed by the user, captures passwords and screenshots, and sends them to identity thieves.


Friday, August 04, 2006

Researchers warn over Web worms

Exploiting a lack of security checks in browsers and Web servers, Web worms and viruses are likely to become a major threat to surfers, security researchers speaking at the Black Hat Briefings warned.  Billy Hoffman, lead research and development researcher, SPI Dynamics In separate presentations, researchers showed off techniques for using Javascript code on Web pages to grab browser histories and scan internal networks as well as using AJAX—a technology that adds interactive features to Web sites—to create Web viruses that can steal personal information.  The threats are not only theory, but have been used to attack MySpace users and Yahoo users, said Billy Hoffman, lead research and development researcher for Web security firm SPI Dynamics.


Visa Takes Aim at Data Compromises

The card company has asked merchants to ensure that the software they use to process card transactions doesn’t store the full contents of “track data”, which contains passwords and other sensitive information.  Last year, a breach at CardSystems, a processor of card transactions, led to the exposure of 40 million payment records, setting off a firestorm that’s led to a crackdown on data security vulnerabilities by regulators and lawmakers.  Account numbers, expiration dates, and names are the only elements of track data that may be retained once a transaction has been authorized.  In addition, Visa requires compliance with the Payment Card Industry Data Security Standard (PCI DSS) by all merchants and any entity that stores, transmits or processes cardholder data.  Visa has a set of Payment Application Best Practices (PABP), which assists software vendors in creating secure payment applications, thereby helping to protect their customers from being exposed to a security breach.


Thursday, August 03, 2006

Attackers pass on OS, aim for drivers and apps

The disappearance of easy-to-find flaws in the major operating systems has pushed vulnerability researchers to branch out from finding security issues in core system software and instead concentrate on the device drivers and client-side agents present on all PCs, security experts said at the 2006 Black Hat Briefings.


Tuesday, August 01, 2006

Enterprise study reveals Wi-Fi Deployment Trends and Plans

The 2006 Webtorials “WLAN State-of-the-Market” report is hot off the virtual press, and it reveals a slew of trends and even a few surprises.  The report is the third annual Webtorials report based on end-user research about WLAN deployments, attitudes, and experiences.


SCADA flaw checks coming to Nessus

Security firms Tenable Network Security and Digital Bond announced on Tuesday that the two companies planned to release a plugin for the Nessus vulnerability scanner to enable the software to audit networks for vulnerable control system devices.