Cyber Security Institute

Friday, November 28, 2008

Hackers publish attack code for last week’s Windows bug

Just a day after downplaying the vulnerability that caused it to issue an out-of-cycle patch last week, Microsoft Corp. late yesterday warned customers that exploit code had gone public and is being used in additional attacks.  “We’ve identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067,” said Mike Reavey, operations manager of Microsoft’s Security Response Center, in a post to the MSRC blog Monday evening.  “This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000.”

MORE... (0) Comments

Rootkit unearthed in network security software

Network security software from a Chinese developer includes processes deliberately hidden from a user and, even worse, a hidden directory, Trend Micro reports.

MORE... (0) Comments

Thursday, November 27, 2008

Human error is the No 1 IT security issue for UK companies

No matter how many policies and training schemes you put into operation, basic human error still poses the most likely threat to your company’s IT security according to IT directors.  86 percent of all IT directors polled believed that the most likely cause of an IT security issue came from their own employees.

MORE... (0) Comments

Monday, November 24, 2008

Symantec says Internet underground economy is organized and rich

Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.  For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category.  Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.

MORE... (0) Comments

Saturday, November 22, 2008

Google Analytics — Yes, it is a security risk

Contrary to what many commentators believe, widgets used by Google Analytics and similar services do represent a threat, especially if you’re a high-profile target.  To recap, Change.gov and BarackObama.com were both found exposing non-encrypted pages that Obama officials use to make post press releases and carry out other administrative tasks.  The lack of IP filtering, or at the very least, use of secure sockets layer was surprising, but what was really baffling was the decision to link the admin pages to Google Analytics.  The reason: The service grants unscrupulous employees at Google—- not to mention anyone who manages to penetrate Mountain View’s fortress—- access to the administrative pages.

MORE... (0) Comments

Tuesday, November 18, 2008

Secure OS Gets Highest NSA Rating, Goes Commercial

Unlike existing commercial OSes, Integrity OS is designed and certified to defend against sophisticated attacks.  After receiving the highest security rating by a National Security Agency (NSA)-run certification program, Green Hills Software has announced that its Integrity-178B operating system was certified as EAL6+ and that the company had spun off a subsidiary to market the OS to the private sector as well as government agencies.

MORE... (0) Comments

Secure OS Gets Highest NSA Rating, Goes Commercial

Unlike existing commercial OSes, Integrity OS is designed and certified to defend against sophisticated attacks.  After receiving the highest security rating by a National Security Agency (NSA)-run certification program, Green Hills Software has announced that its Integrity-178B operating system was certified as EAL6+ and that the company had spun off a subsidiary to market the OS to the private sector as well as government agencies.

MORE... (0) Comments

Saturday, November 08, 2008

2 Log Managers Show State Of The Art

There has been explosive growth in the log management market for a couple of reasons.  One is the overwhelming complexity of deciphering log data from hundreds or thousands of nodes.  Information Week took a close look at two log management appliances, LogLogic’s LX2010 and LogRhythm 4.0, to see how they stacked up.

MORE... (0) Comments