April 2005 – Page 6 – CyberSecurity Institute

Security: It’s just a matter of asking the right questions

Posted on April 11, 2005December 30, 2021 by admini

Almost all companies test for vulnerable versions (i.e., missing security patches) and default configuration files.

Before investing any time or money in securing or verifying the security of an application, first perform a risk assessment.

The following are areas that should be considered:
– Scripting;
– Enumeration;
– Passwords;
– Sessions;
– Error handling;
– Field variables;
– Code commenting;
– Session time-out;
– Session cache; and
– Network parameters.

http://insight.zdnet.co.uk/internet/security/0,39020457,39194163,00.htm

The future of IT security is fewer walls, not more

Posted on April 8, 2005December 30, 2021 by admini

A roving gang of European chief information security officers claims the key to better security is less walls not more — a concept they call deperimeterisation.

Security is a process not a product, says Jericho. Establish open standards for identity management, digital rights, encryption and data-level authentication, and we can eventually do away with the rest of the security infrastructure altogether while maintaining commercial and operational flexibility. But because the Jericho Forum is user-led, it is honest about the problems and pragmatic about a gradual introduction of these ideas.

ZDNet UK spoke to one of Jericho’s founders, Paul Simmonds, global information security director of chemical giant ICI, about the ideas behind deperimeterisation and pushing the organisations unique take on security to the US.

http://insight.zdnet.co.uk/internet/security/0,39020457,39194164,00.htm

IMlogic Threat Center Reports Steady Rise in Targeted Attacks on Instant Messaging Networks in Q1 20

Posted on April 5, 2005December 30, 2021 by admini

During the first quarter of 2005, IMlogic issued more than 15 priority alerts to enterprises and IMlogic Threat Center subscribers in response to the increasing frequency of reported IM threats. 75 new threats on public IM and peer-to-peer computing networks were discovered in the first three months of this year.

More than 50 percent of the incidents reported to the Threat Center during the first quarter of 2005 involved attacks at workplaces.

Only 11 percent of the incidents tracked by the Threat Center involved attacks on known vulnerabilities on IM applications.

The group said that 82 percent of the incidents reported to it involved IM virus or worm propagation, while 14 percent dealt with IM file transfer hijacking.

The Bropia, Kelvir and Serflog worms were found to be the three most frequently detected IM infections at workplaces.

The report released today by the IMlogic Threat Center provides complete data, analysis and discussion of key trends for the first three months of 2005.

More than 50 percent of externally reported incidents to the IMlogic Threat Center in Q1 2005 were attributed to enterprises and small businesses utilizing popular IM applications such as AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo!

The report highlights the increase in targeted IM attacks on corporate environments and the need for both enterprises and small businesses to prepare and defend against emerging IM threats.

Trend analysis provided in the IMlogic Threat Center Q1 2005 report suggests that IM-borne attacks will continue to increase as hackers capitalize on the growing popularity of IM in both consumer and corporate environments.

“The trends identified in our report will continue as IM becomes the new target for more sophisticated attacks aimed at disrupting Internet security,” said IMlogic Chief Technology Officer and Vice President of Products Jon Sakoda.

The Q1 2005 IM Security Threat Report is available free of charge by visiting the company’s Web site at www.imlogic.com/online/Q105_IMThreatReport.asp.

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20050405005541&newsLang=en
http://www.zdnetindia.com/news/international/stories/120002.html

Privacy Pays For Banks

Posted on April 5, 2005December 30, 2021 by admini

“In the past, online banking was all about who had the best features and functions,” says Mike Weider, founder and CTO at risk-management solutions company Watchfire Inc. “Now, issues of trust, privacy, and security are more and more a differentiator between the leaders and the laggards.”

According to the 2005 Privacy Trust Survey for Online Banking, customers with a high degree of trust in their bank are more likely to use online financial services, which generate more profit for banks than offline transactions. The study, sponsored by Watchfire and conducted by the Ponemon Institute, a management-practices research organization, also finds that trusting customers are loyal, with 55% claiming they’ve never visited another bank’s Web site. The price of that loyalty is an expectation of privacy.

Among those with a high level of trust in their bank, 57% indicated that they would stop using online services in the event of a single privacy breach. More than 82% of respondents cited identity theft as their biggest concern should a privacy breach occur.

“Having a privacy problem will have a catastrophic effect,” Weider says. “Not only will you lose a lot of customers, but they’ll be your best customers.”

Asked what steps banks should take to earn customer trust, survey respondents wanted information sharing with third parties to be limited, fewer marketing pitches, and identity verification when conducting online transactions.

http://www.informationweek.com/story/showArticle.jhtml?articleID=160500671