Cyber Security Institute

Tuesday, October 28, 2008

Cisco Study: IT Security Policies Unfair

Unfair policies prompt most employees to break company IT security rules, and that could lead to lost customer data, a Cisco study found.  The first part dealt with common employee data leakage risks and the potential impact on the collaborative workforce.  More than half of the employees surveyed admitted that they do not always adhere to corporate security polices.  Of the IT respondents who dealt with employee policy violations, one in five reported that incidents resulted in lost customer data, according to the Cisco study.


Monday, October 27, 2008

Army defense task force targeting hackers

The U.S. Army has set up a task force to counter the theft of sensitive data by hackers breaking into the computer networks of military contractors.  The Defense Industrial Base Cyber-Security Task Force was quietly established earlier this year, in the face of what an Army document says are continuing large-scale thefts of “controlled unclassified information” from contractor systems.


Saturday, October 25, 2008

Forensic Teams Take On Hackers

The sophistication of today’s cybercriminals is evidenced by the 2008 CSI Computer Crime & Security Survey’s results indicating that stealthy, highly targeted attacks have gone from hypothetical a few years ago to a significant problem today.  Because attackers are primarily motivated by financial gain, as soon as they have your data, it’s being converted into profit by selling identities and corporate secrets and draining bank accounts.


Friday, October 24, 2008

Symantec to identify safe software by ‘reputation’

Symantec will soon introduce a “reputation-based” software-rating technology that it has claimed can accurately differentiate malicious malware from legitimate programs.  “Reputation-based security is the latest and greatest technology in malware detection,” said Basant Rajan, chief technology officer of the IT security vendor’s India office.  Essentially, this approach involves looking at where a program can be found across the database of Symantec users, categorizing the reputation of those machines and coming to a judgment on whether the application poses any security risks.


Tuesday, October 21, 2008

Ethernet data center standards still evolving


Wednesday, October 15, 2008

The Global State of Information Security 2008

Not to be alarmist, but WAKE UP, PEOPLE!  Our information security is, in many ways, failing.  Ask the 11 alleged hackers charged in August with breaking into TJX and other retailers by way of insecure Wi-Fi.  Forty million credit and debit card numbers were stolen.  Ask the Medicaid claims processor at the outsourcer EDS.  In February she pleaded guilty to stealing Social Security numbers and dates of birth, and selling them for use on fake tax returns.  Ask the courier hired by the University of Utah Hospital to take backup tapes to offsite storage.  One day in June, he used his own car instead of his company’s secured van.  The tapes, containing billing data for 2.2 million patients, were stolen from his front seat.  Or you could, as we did, ask 7,097 business and technology executives worldwide about their security troubles.  In this, our sixth year of conducting the “Global State of Information Security” survey with PricewaterhouseCoopers, we got an earful about the challenges, worries and wins in security technology, process and personnel.


Tuesday, October 14, 2008

Altor Networks Introduces First Purpose-Built Virtual Firewall to Secure Virtualized Data Centers

Altor Networks today announced the availability of the Altor VF, the first purpose-built virtual firewall, and announced its certified integration with products from ArcSight, Juniper Networks, Mazu Networks and VMware.  Enterprises are eager to extend virtualization into their data centers to realize the cost savings, operational flexibility, and increased availability they achieved with virtualization in the development and test environments.  At the same time, virtualized networks create unique security challenges for production environments.  Altor Networks’ new Altor VF addresses those challenges and enables the virtualization of data centers without compromising security.


Fidelis Security Systems Releases Next Generation of Extrusion Enhanced Reporting & Alert Management

Fidelis Security Systems, the leader in next-generation data leakage prevention (DLP) solutions, today released the latest version of the award-winning Fidelis Extrusion Prevention System(R), Fidelis XPS(TM).  The integration of Fidelis XPS with the ArcSight Security Information and Event Management (SIEM) Platform via Common Event Format (CEF), coupled with enhancements to the Fidelis XPS reporting and alert management functions, gives customers powerful new tools to track and analyze information security policy violations and to correlate that visibility into related events or trends.


Friday, October 10, 2008

Exploit code loose for six-month-old Windows bug

On Thursday, Microsoft revised a security advisory it first posted April 19 about a bug in Windows XP, Vista, Server 2003 and Server 2008 that could be exploited to gain additional privileges on vulnerable machines.  “Exploit code has been published on the Internet for the vulnerability addressed by this advisory,” confirmed Bill Sisk, a communications manager at Microsoft’s Security Response Center in a post to the MSRC blog.  In late March, Argentinean security researcher Cesar Cerrudo announced he had found a bug that could let attackers bypass some of the security schemes in the newest versions of the operating system, including Windows Server 2008.  “Basically, if you can run code under any service in Windows Server 2003 then you can own Windows,” he added.  Microsoft has yet to issue a fix for the flaw; since April its own move has been to recommend work-arounds for customers running Internet Information Services.


U.S. proposes digital signing of DNS root zone file

The U.S. government is seeking input on a way to make the Internet’s addressing system less susceptible to tampering by hackers.  Under the idea, records in the Domain Name System (DNS) root zone would be cryptographically signed using Domain Name and Addressing System Security Extensions (DNSSEC), a set of protocols that allows DNS records to carry a digital signature.


Wednesday, October 08, 2008

Symantec to buy e-mail security vendor MessageLabs

Symantec Corp. will pay $695 million for MessageLabs Group Ltd., a security vendor that offers a hosted spam and Web traffic filtering service.  The filtering is performed within the company’s 14 data centers located around the world, a type of computing known as “software as a service” or cloud computing. 


Spam Trends Down?

Bucking some reports to the contrary, which find spam levels incrementally increasing over time, MessageLabs’ latest research paper claims that unsolicited e-mail dropped noticeably during Q3 2008, driven in part by the shutdown of a nefarious ISP.  Despite the fact that the MessageLabs Intelligence Report for September/third quarter 2008 aligns the lowered volumes of spam observed during the timeframe directly to the shuttering of shady California-based ISP Intercage on Sept. 20, researchers predicted that the noticeable slowdown would likely be temporary as the holiday season gets into swing and scammers again seek to use those themes to lure end users.


Tuesday, October 07, 2008

Data Breaches Reach Record High

The Identity Theft Resource Center reports data breaches in 2008 have already exceeded the record breaches of 2007.  First, the bad news: Data breaches continue unabated at U.S. corporations, governments and universities, already surpassing last year’s record 446 breaches, according to the Identity Theft Resource Center.  Through the end of September, the total number of data breaches recorded by the ITRC was 516, averaging 57 breaches a month.


Malware in E-Mail Rose Dramatically in September, Security Pros Report

The amount of e-mail-borne malware attacks jumped dramatically during the month of September, according to security researchers at MX Logic and Symantec.  In its “October Threat Forecast & Report,” security vendor MX Logic reported that 5.14 percent of all e-mails in September contained malware, more than twice August’s percentage and more than five times January’s rate of 0.95 percent.  Symantec had similar findings in its October “State of Spam” report, where the vendor reported the percentage of e-mails with malicious code multiplied about 12 times between June and September.  “The two largest contributors to this increase in September were e-mails purporting to be an iPhone game and fake FedEx delivery notifications,” said Sam Masiello, vice president of information security at MX Logic.


Saturday, October 04, 2008

New Protocols Secure Layer 2

Physical layer security is viewed by most IT professionals as a low-priority problem because cables are run behind walls or in ceilings, beyond the accessibility of most people.  Wiring closets and data centers often are locked, and anyway, there are easier ways to subvert a network than by recabling it.  That said, if you could protect traffic on the wire with no hit to performance, would you do so?  You’ll be answering that question in the next few years as two new network security protocols come to a switch near you.  Together, these two protocols—IEEE 802.1AE-2006, Media Access Control Security, known as MACsec; and an update to 802.1X called 802.1X-REV—will help secure Layer 2 traffic on the wire.


Friday, October 03, 2008

Kaspersky Lab: Kaspersky Lab Reports Significant Increase Of In-The-Wild Threats In September 2008 S

Kaspersky Lab, a leading provider of security solutions that protect against viruses, Trojans, worms, spyware, crimeware, rootkits, phishing, hacker attacks and spam, today revealed that 35,103 different malicious and potentially unwanted programs were detected on users’ computers by the Kaspersky Security Network (KSN) during September 2008.  Kaspersky Lab first detected and added the rootkit to its anti-malware databases on 28th August 2008 and throughout September it actively spread across the Internet.


Thursday, October 02, 2008

Why Risk Management Doesn’t Work

Two reports published in the last two days are challenging conventional wisdom about how to calculate enterprise security risk—and recommending new evaluations that account for industry-specific threats and potential rewards.  Verizon today issued a supplement to the data breach report it published earlier this year.  The report, which compares risk factors in six different vertical industries based on actual forensic breach investigations in those industries, indicates that the likelihood of specific types of attacks varies radically from industry to industry.  In a separate report, RSA’s Security for Business Innovation Council recommends a new process for calculating enterprise risk that more accurately weighs business rewards against potential security threats.


Second bill tackles laptop border searches

Three U.S. lawmakers announced this week that they had proposed a law to limit the searches of laptops or other electronic devices to cases where customs agents have reasonable suspicion of illegal activity.  The Travelers Privacy Protection Act, a bill written by U.S. Senators Russ Feingold, D-Wis., and Maria Cantwell, D-Wash., and Representative Adam Smith, D-Wash., would allow border agents to search electronic devices only if they had reasonable suspicions of wrongdoing.


Rogue Security Apps Exceed 60 Percent of Reported Malware in September

Fortinet announced the top 10 most reported high-risk threats for September 2008.  For the second consecutive month, rogue security applications have dominated cyberspace—making up 61.5 percent of total activity for September.  Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr—the most prolific variant of the rogue security Trojans—launched an all-out campaign with volumes not before observed by Fortinet researchers.  Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.


UK cybercrime overhaul finally comes into effect

Modifications to the Computer Misuse Act (CMA) - which was enacted in 1990 before the advent of the interweb - were included in the Police and Justice Act 2006.  DDoS doubly illegal from 1 October.


Wednesday, October 01, 2008

Secure Computing Unveils Cyber Security Initiative

Secure Computing Corporation, an enterprise gateway security company, today unveiled its Cyber Security Initiative, aimed at protecting critical networks, applications, assets and data from both known and unknown attacks and attackers without sacrificing availability.


IT security fears snarl business innovation

The results of two new research initiatives from IT security solutions provider RSA show that concerns about IT security is stifling innovation at 80 percent or businesses worldwide.  One of the studies, entitled “Innovation and Security: Collaborative or Combative,” was conducted by market research firm IDC and focused on how these fears are impacting organizations, while the second study, titled “Mastering the Risk/Reward Equation: Optimizing Information Risks to Maximize Business Innovation Rewards,” surveyed security executives to find out what type of strategies they’re implementing to address the issue.


New Federal Law Targets ID Theft, Cybercrime

President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.  The Identity Theft Enforcement and Restitution Act of 2008 lowers the bar prosecutors need to clear before bringing hacking and other cybercrime charges against an individual.  The new law allows federal courts to prosecute when the cybercriminal and the victim live in the same state.


Cisco survey: Cultural differences can complicate IT security when work goes offshore

Companies that are globalizing their operations or outsourcing work to offshore locations shouldn’t overlook behavioral and cultural differences when developing their security risk-management plans, according to a survey of IT managers and end users in 10 countries that was released yesterday by Cisco Systems Inc.  The survey results show that employee behavior can vary by country and culture and have a direct bearing on the threats posed to corporate data.


EU to introduce ‘virtual strip searches’ at airports by 2010

According to a draft European Commission regulation, seen by The Daily Telegraph, the new millimetre wave imaging scanners are to be used “individually or in combination, as a primary or secondary means and under defined conditions” to provide a “virtual strip search” of travellers.  Dominic Grieve, Shadow Home Secretary, stressed that while body scanners may be an effective security tool “the implementation must be carried out by the British government in a proportionate manner, based on UK security requirements rather than the dictates of Brussels”.  The new imaging technology creates an image of an unclothed body which privacy critics argue “amounts to a virtual strip search” has been tested on a voluntary basis at Heathrow’s Terminal Four.


How to Minimize the Impact of a Data Breach

Thirty-one percent of customers—-nearly one-third of a company’s client base and revenue source—-are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute.  When it comes to a data breach, companies are making some major mistakes and as a result, customers are beating the street—-potentially paving a pathway for your fiercest competitor.  The good news is you can prevent it and avoid the costly impact of a breach: first, by putting a proactive plan in place and second, by adopting tactics that maximize retention.  Last year alone saw the exposure of nearly 128 million personal records.