March 2005 – Page 2 – CyberSecurity Institute

Europeans worry about online banking security

Posted on March 30, 2005December 30, 2021 by admini

That means, according to Forrester, banks can’t rely solely on governments or ISPs (Internet service providers) to make the Internet a safe place to do business but must deploy or strengthen two-factor authentication — such as PIN (personal identification number) and TAN (transaction authorization number) — and educate Net users about security precautions, such as firewalls.

European consumers are losing trust in the Internet as a channel for doing business as computer attacks on them and the companies they do business with mount, according to Forrester. Just 30 percent of the 22,907 Europeans polled by Forrester said they are confident of the security of personal financial information, such as credit and debit card numbers, when used to make transactions online.

http://security.itworld.com/4337/050330bankingsecurity/page_1.html

IPv6 addresses its problems

Posted on March 29, 2005December 30, 2021 by admini

Google has been allocated an address range, marking the start of its permanent presence on the new frontier. And Microsoft has tried to patent it, surely a rite of passage for any new technology that aspires to be taken seriously. In the US and Europe, it is still not on many people’s lists of things to worry about.

It promises to relieve the lack of address space in IPv4, replacing a mere four billion addresses with enough to label every atom on the planet, but so far the use of NAT to hide private networks behind a single public address has meant that nobody is hurting too much so far. It has better security, quality of service and routing, but IPv4 has proved flexible enough to incorporate its own advances here. These take some managing, so the thought of adding the challenges of an entirely new protocol to the mix — everyone expects that both versions will have to run concurrently for many years — will not come easily to those charged with looking after a company’s network.

All that means that ISPs are reluctant to spend the extra money to provide IPv6 — if nobody is prepared to pay more for it, then you’re better off spending on bandwidth, better security and higher reliability. The Japanese love it: major ISPs such as NTT and IIJ support it, and more are joining in. That is due to a rather over-generous allocation of IPv4 address ranges to the US accentuating the shortage elsewhere, and an enthusiastic take-up of mobile access and multimedia services in Asia. When every mobile and fixed phone, television, recording device and games console has its own network address, a household’s need for multiple independent connections to the Internet can overwhelm NAT’s somewhat limited and inflexible support for multiple services running on multiple devices behind the router.

This value is enhanced by the protocol’s other features, such as automatic configuration and understanding of quality of service requirements: at the moment, for example, there are plenty of problems running VoIP telephony through home routers. As a result of such moves, all the major infrastructure manufacturers have been including IPv6 in routers and other devices for some time — so ISPs and major customers have been acquiring the capability by default as part of the normal cycle of equipment upgrades.

Behind the scenes, IPv6 has already been rolling out — and large, specialist networks such as the 33 country European GEANT research system have provided a lot of practical experience in deploying and managing the protocol. 30 out of the 34 Internet exchanges in the European Internet Exchange Association support IPv6, and between them they have 201 IPv6 customer networks — around 11 percent of the total.

http://comment.zdnet.co.uk/0,39020505,39192571,00.htm

Cisco readying XML device

Posted on March 29, 2005December 30, 2021 by admini

The first product from the Aeon project, which is being tested with a handful of clients in the financial industry, was expected to be released in April but has been pushed back until June, one industry executive said. With Aeon, Cisco is expected to compete with a number of smaller companies already in the field that build devices designed to speed up XML or process Web services security protocols.

http://www.zdnet.com.au/news/business/0,39023166,39186268,00.htm

Black Duck debuts IP compliance software

Posted on March 29, 2005December 30, 2021 by admini

Called protexIP/OnDemand, the Internet-based service helps developers more quickly deal with compliance requirements related to intellectual property, which typically stem from things such as customer procurement, outsourced project validations, and internal compliance programs.

“Increasingly, businesses are being required to provide evidence that they are managing the origins of their software intellectual property. Consequently, development teams are being called on for in-depth compliance validations in support of specific business transactions,” said Doug Levin, Black Duck’s CEO.

The company has had approximately a dozen beta testers of the product over the past few months, including Kayak.com, which is in the business of providing objective travel information through its simultaneous search of almost 100 travel sites.

“Open source software has gained a strong foothold in the lower levels of the software stack and is likely to have a greater impact higher up in the software stack in the future. Organizations would be wise to gain a better understanding of open source license and intellectual property to comply with various licensing obligations,” said Dan Kusnetzky, program vice president at IDC’s System Software, Enterprise Computing Group.

Typically, developers are asked to manually analyze code line by line to validate its origins, with management and legal counsel often working in concert with them to evaluate those results and assure compliance.

An online service such as protexIP/On Demand, however, serves to automate that review process, thereby producing more accurate results, company officials contend.

The product uses Black Duck’s Code Print technology and open source Knowledgebase to identify thousands of open source programs that might have been inserted into the source code. After it identifies the code, the service can identify the license associated with the inserted code by polling its database of hundreds of different license types.

http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-4de06927-3389-4cde

Telecom giants join forces against hackers

Posted on March 28, 2005December 30, 2021 by admini

The new Fingerprint Sharing Alliance hopes to help its members, which include British Telecommunications, Cisco Systems, EarthLink, MCI and NTT Communications, more effectively share information on individuals responsible for launching online attacks. Other organizations involved in the collaboration include Asia Netcom, Broadwing Communications, Verizon Dominicana, XO Communications and the University of Pennsylvania.

Members of the Fingerprint Sharing Alliance will automatically send one another data on computer hackers as they observe or experience new attacks. By immediately alerting other communications companies when they’re being threatened, members of the group hope they can more effectively guard against online attacks and infrastructure hacks that cross network boundaries.

Arbor Networks is helping to spearhead the effort. The Lexington, Mass.-based company, which specializes in network threat detection and monitoring tools, will provide the technology used by the group’s members to share emerging attack data. By helping the communications giants rapidly distribute information on hackers, the security company said it can aid in blocking attacks closer to the source.

Mark Sitko, vice president of MCI’s Security Services Product Management group, said the Fingerprint Sharing Alliance will quickly provide an “unparalleled view” into new security threats as they surface around the globe. Sitko also promised that MCI will bring significant antihacking firepower to the table.

At least one industry watcher has also endorsed the group’s efforts. Jim Slaby, senior analyst with Boston-based Yankee Group, said that as online attacks become more sophisticated, industrywide collaboration is becoming a more important tool in stopping criminals. “We’re seeing more technology-savvy criminals trying to make money through denial-of-service extortion schemes,” Slaby said in a statement. “Service providers that are cooperating by sharing attack fingerprints are helping mitigate these threats more quickly and closer to the source, thus making the Internet a more secure place.”

http://news.zdnet.com/2100-1009_22-5642840.html?part=rss&tag=feed&subj=zdnet

Industry group to map VoIP security

Posted on March 26, 2005December 30, 2021 by admini

The alliance was set up with the aim to generate public awareness and focus on best practices for security and privacy of Internet telephony networks.

The alliance said membership of its technical board had risen to 50, with newer members including a McAfee division, MCI, PricewaterhouseCoopers, Samsung Telecommunications America, Sprint and VeriSign.

Internet telephony, which is unregulated, is becoming popular due to cheap rates. With this popularity have come fears of spam and viruses–a nuisance for Internet users–though there have been no major attacks as of yet on Net telephony.

http://news.zdnet.com/2100-1009_22-5643061.html?tag=zdfd.newsfeed