Cyber Security Institute

Thursday, May 22, 2008

Cyber crime on the rise in Canada

According to a recent survey commissioned by the Canadian Association of Police Boards, cyber crime is quickly becoming that country’s top crime.  In a release issued by the CAPB, an official with the organization said that the average Canadian citizen is “now more likely to be the victim of a crime through the Internet than on the street or in their home.”


Wednesday, May 21, 2008

Organizations deal with a broad range of security threats

Spyware, viruses and worms continue to plague most organizations, but security challenges tied to the use of handheld devices and mobile and remote computing are growing at a rapid pace, new research commissioned by the Computing Technology Industry Association (CompTIA) reveals.


Microsoft expands security information sharing services to CERTs

Microsoft announced the extension of the Microsoft Security Cooperation Program (SCP) to include computer emergency response teams (CERTs), computer security incident response teams (CSIRTS), and other response and guidance organizations that represent a nation, region or population.


Thursday, May 15, 2008

Three-Layer Encryption Method Awarded Patent

Eruces Data Security has secured a patent for its three-step encryption and key management scheme, which is designed to lock down data through its lifecycle.  The security firm’s so-called Tricryption technology first encrypts the data itself with symmetric keys, and then encrypts the keys and stores them in a central key repository.


Tuesday, May 13, 2008

SecureWorks Revolutionizes Security Information Management with New, On-Demand Service

SecureWorks’ new SIM On-Demand is a software-as-a-service (SaaS) offering that provides the first sustainable solution for collecting and analyzing logs and alerts from security devices and information assets in real time without having to install and manage SIM software or hardware.  Unlike traditional SIM product offerings, SecureWorks clients also have instant access to certified security experts at SecureWorks’ Security Operations Center for 24x7x365 support should they have any questions.


ASUS motherboards now offer extensive protection

ASUS has announced key motherboard innovations to provide users with the ultimate in safety and data security.  Increasingly, cyber crime and ID theft are becoming more prevalent, and PC users and business client may face risks to their sensitive data and personal data through unauthorized usage, hackers, stolen hard disk drives, and even loss of critical data through the Internet and emails.  The ASUS Data Guardian (TPM support) provides ultimate data security protection for the user’s personal data by creating a virtual folder that is protected by an encryption key, and then stored on a USB portable drive—allowing users to store their most valued and secret data safely against unauthorized access.


The botnet business

Botnets have been in existence for about 10 years; experts have been warning the public about the threat posed by botnets for more or less the same period.  Nevertheless, the scale of the problem caused by botnets is still underrated and many users have little understanding of the real threat posed by zombie networks (that is, until their ISP disconnects them from the Internet, or money is stolen from their credit cards, or their email or IM account is hijacked).  This article discusses zombie networks or botnets: how they are created, who uses them to make money on them and how this is done.


Monday, May 12, 2008

Hackers Find a New Place to Hide Rootkits

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s microprocessor, hidden from current antivirus products.  Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what’s happening in a computer’s memory.


New Intrusion Tolerance Technology Treats Attacks as Inevitable

First there was intrusion detection, then intrusion prevention, and now, intrusion tolerance.  A professor and researcher at George Mason University is readying the commercial rollout of a new, patent-pending technology that basically assumes an attack or infection on a server is inevitable, so it instead minimizes the impact of an intrusion.  Called self-cleansing intrusion tolerance (SCIT), the new security method doesn’t replace IDS, IPS, firewalls, or other traditional security tools, but rather adds another layer that minimizes the damage of an attack, says Arun Sood, professor of computer science and director of the Laboratory of Interdisciplinary Computer Science at GMU in Fairfax, Va.


Thursday, May 08, 2008

Draft guidance for securing servers

The National Institute of Standards and Technology is seeking comment on its draft guidelines for securing servers, released this week.  NIST Special Publication 800-123 [1], “Guide to General Server Security,” makes recommendations for securing server operating systems and softwarein addition to maintaining a secure configuration with patches and software upgrades, security testing, log monitoring and backups of data and operating system files.  The recommendations apply to a variety of typical servers, such as Web, e-mail, database, infrastructure management and file servers.


Tuesday, May 06, 2008

Crucial Security Releases its First and the Industry’s Fastest Computer Forensics Tool

Crucial Security, Inc. (Crucial) announced today that it is offering a free download of Crucial Vision: a digital forensics bulk-processing preview and holistic examination tool.  Crucial Vision speeds time to analyze large volumes of data by providing examiners a holistic view across all of their data; resulting in prioritized work flow.  Crucial Vision offers 3 to 5 times faster searching and processing performance than traditional products.


Study: Security pros look to wireless, biometrics

Companies plan to invest in wireless security and biometric technologies over the next year and increasingly view continuing education as a necessity to make their businesses more secure, according to a recently published survey.  The report, published by business-intelligence firm Frost & Sullivan and funded by security-certification group (ISC)2, found that companies in each of three major regions—the Americas, Europe and Asia—listed wireless-security, biometric-authentication and business-continuity systems in their top-5 technologies to deploy in the next year.


Monday, May 05, 2008

Net vendors demo improved security protocol

A handful of vendors have demonstrated a technique to help companies more easily secure a rising number of Internet Protocol devices accessing their private business networks.  ArcSight, Aruba, Infoblox, Lumeta Networks and Juniper have demonstrated a new protocol to link to a common security database.  The protocol, called IF-MAP, is at the core of the Network Access Control 2.0 standard just published by the Trusted Computing Group, a broad ad hoc security organization devoted to security.  The new protocol defines a standard interface to a common shared database of who is on a network and what each node is doing.


More April malware trends

In April 2008, the global ratio of spam in email traffic from new and previously unknown bad sources, was 73.5 percent (1 in 1.36 emails), a decrease of 0.3 percent on the previous month.The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources, was 1 in 218.9 emails (0.46 percent) in April, a decrease of 0.13 percent since the previous month.  April saw an increase of 0.05 percent in the proportion of phishing attacks compared with the previous month.


Saturday, May 03, 2008

Groups warn travelers to limit laptop data

A recent federal district court ruling upholding seizures of electronic devices, such as laptops and iPhones, at the U.S. border has traveler- and civil-rights organizations worried that personal and sensitive data could be put at risk.  On Thursday, almost three dozen organizations—including civil-rights advocates, academic groups, and religious and minority groups—sent an open letter to four congressional committees, asking that their members consider legislation to “protect all Americans against suspicionless digital border inspections.”