December 2003 – Page 4 – CyberSecurity Institute

Don’t leave holes in your patching policies

Posted on December 16, 2003December 30, 2021 by admini

Bugs are an inevitable problem in a sector where companies are driven by shareholders to rush out equipment before it is ready.

From a security perspective, this presents users with a huge problem. Empirical evidence suggests that the average device – whether it is a perimeter network resource such as a firewall or router, or a core device such as a server – has more holes in it than a piece of Gruyere.

One of the rarest but most devastating security vulnerabilities in host computers is the buffer overflow error, said Gary Jones, professional services manager of security consultancy MIS Corporate Defence Solutions.

The problem is that too many companies are not implementing patches in a structured way. “If you are running a corporate database, you cannot just slap on a patch when it is released,” he said. “You need some form of development environment and the patch must be tested first.”

Companies must also react to critical patches. If another aggressive internet worm appears, companies must be aware of it before they read about it in the press and they must be able to implement a patch quickly.

One solution is to have an employee checking newsgroups, supplier sites and bulletins to pick up on patches before the hackers do. Unfortunately, many companies are not in a position to pay this extra salary.

Common sense plays a big part in locking down your network vulnerabilities, but resources are also an important factor.

Virtual patching, where an intrusion dection system dynamically configures against threats, is the way on insuring against unknown vulnerabilities.

More info: [url=http://www.computerweekly.co.uk/articles/article.asp?liArticleID=127212&liArticleTypeID=20&liCategoryID=1&liChannelID=7&liFlavourID=1&sSearch=&nPage=1]http://www.computerweekly.co.uk/articles/article.asp?liArticleID=127212&liArticleTypeID=20&liCategoryID=1&liChannelID=7&liFlavourID=1&sSearch=&nPage=1[/url]

Check Point to buy Zone Labs for $205 million

Posted on December 15, 2003December 30, 2021 by admini

Working together, the two types of software can further help corporations defend themselves against attacks, the companies said.

More info: [url=http://zdnet.com.com/2100-1105_2-5124542.html]http://zdnet.com.com/2100-1105_2-5124542.html[/url]

EMC acquires server specialist VMware

Posted on December 15, 2003December 30, 2021 by admini

The move will help EMC reach further into the world of utility computing, a trend sweeping the industry as companies search for ways to make information technology easier to manage and more efficiently used, the Hopkinton, Mass.-based company said. Today, EMC is accelerating the convergence of these two worlds,” he said in a statement.

The acquisition indicates that EMC, which already has a major presence in large corporations, is trying to expand into the same advanced systems management area targeted by IBM, HP, Sun Microsystems, Microsoft and others.

VMware’s software lets a single server run multiple operating systems simultaneously on different “virtual machines,” a technology well developed in expensive mainframe computers, maturing in Unix servers, and now arriving in lower-priced machines based on Intel processors.

IBM’s and HP’s comfort working with a neutral start-up may not carry over to EMC, a competitor in the storage domain, Haff said.

More info: [url=http://zdnet.com.com/2100-1104_2-5124506.html]http://zdnet.com.com/2100-1104_2-5124506.html[/url]

Financial Security info center gets $2 million

Posted on December 14, 2003December 30, 2021 by admini

The center is one of many that industries and their government liaisons formed since 1998 to share vulnerability information and alerts when incidents occur that affect critical infrastructure, such as telecommunications and banking.

Money from Treasury will allow the center to expand to serve the entire financial industry, department officials said. By the end of fiscal 2005, officials expect that the center will be funded entirely by membership fees, which range from $750 to $50,000 per year. Upgrades include:
* Enhancing the network so it can serve more than 30,000 institutions.
* A secure forum for real-time information sharing.
* Physical data threats to the cyberthreat information.
* Web-based warnings and alerts service
* Setting more than 16 performance metrics
More info: [url=http://www.fcw.com/fcw/articles/2003/1208/web-fsisac-12-10-03.asp]http://www.fcw.com/fcw/articles/2003/1208/web-fsisac-12-10-03.asp[/url]

How the Internet Gives Consumers the Upper Hand

Posted on December 14, 2003December 30, 2021 by admini

Moreover, key decision makers and stakeholders—competitors, government agencies, the media, attorneys, current and former employees, and suppliers—are increasingly listening and referring to these online discussion communities for real-time insights.

Today, nearly 75% of consumers cite word-of-mouth recommendations as the most influential factor in their car-buying . In the space of a few short years, the Internet has evolved into a useful medium for particular kinds of commerce. After the dot-com hype of the 1990s, several car-buying Web sites emerged as some of the most popular of all Web destinations for consumers.

In addition to these quasi-official sites for information and opinions about vehicles, a parallel universe of Internet communities also sprang up where consumers freely shared information and informal opinions about all phases of the automotive experience—new-car attributes and drawbacks, subjective accounts about ownership, comparisons of competing vehicles, anticipation about new models, safety issues, product recalls, service problems, launch glitches and hassles with dealers.

These online communities, populated almost exclusively by consumers who love to talk about their cars, trucks and SUVs, have become an increasingly legitimate, albeit unstructured, source of car-related information in the eyes of all potential consumers.

Quite inevitably, this vast new storehouse of highly believable, unsolicited, unstructured information has begun to exercise huge infl uence on consumers’ behavior.

Left unmonitored and unchecked, these free-form and unstructured Internet discussions can both boost and harm automotive companies’ brand images, loyalty and satisfaction levels, product-quality perceptions, sales and profi ts.

As this paper will explore, these influential consumers, and the consumers and stakeholders they infl uence, are directly affecting the bottom lines of automotive manufacturers and dealers.

Of consumers who purchased a 2001 or 2002 vehicle, nearly 20% participated in online discussion groups before buying (Source: JD Power & Associates).

Consumers continue to rely on car companies and the automotive media for updated product information, auto reviews and new-model information, but more and more of them are looking to the Internet to narrow their choices and evaluate their options.

More info: [url=http://www.feedbackasp.com/whitepaper]http://www.feedbackasp.com/whitepaper[/url]

Changes to Functionality in Microsoft Windows XP Service Pack 2 Improve Security

Posted on December 12, 2003December 30, 2021 by admini

The technologies include: