Security News Curated from across the world
Other phishing trends Netcraft spotted during 2005 included the appearance of pharming attacks and fraudulent e-mails that included HTML-based forms, a tactic that eliminated the need to craft elaborate Web sites to trick users.
Also in 2005, phishing attacks — which are spawned by massive amounts of spam — began using the spammer technique of replacing text with image-based e-mails to avoid detection by keyword-sniffing spam and phishing filters.
http://www.securitypipeline.com/news/175800281
The data relates to 206,000 employees, timeshare owners, and timeshare customers of Marriott Vacation Club International, the company said in a statement. They contained Social Security numbers, bank and credit card numbers, according to letters the company began sending customers in late December.
Vacation club officials reported the missing data to authorities and began their own investigation into the tapes’ disappearance, according to the statement.
http://www.securitypipeline.com/news/175700611
Earlier this month, the CBO released a report with projections on the likely economic impact of a pandemic on the United States, and concluded that in a “mild” scenario, 100,000 Americans would die and the gross domestic product (GDP) would drop 1.5 percent.
http://www.securitypipeline.com/news/175003156;jsessionid=L4U2AUHYNRLYYQSNDBCSKH0CJUMEKJVN
Using a risk-management approach, many companies, for instance, accept a priori that all its activities have risks. The challenge then becomes spending your resources to protect the business from likely security threats. This adds a third dimension to the classic cost-benefit analysis.
You can apply this approach to just about any kind of company. Begin this analysis by categorizing your potential security projects according to their business impact. Here are the categories, in order of importance:
• Enablement: Your enterprise will earn the most return on its investment from security projects that serve as obvious enablers to lines of business.
• Protection of key assets
Opportunity: Opportunistic investments typically result in cost savings or process improvements.
http://www.securitypipeline.com/166400617
By watching a computer’s main memory, the System Integrity Services can detect when an attacker takes control of the system.such attacks sever the ties between data loaded into memory by an application and the application itself.and can fool a system so as to avoid detection while potentially allowing for surreptitious pilfering of data or the perpetration of other attacks.
“Our threat model assumes that the attacker gets on the system somehow and has unrestricted access to the system,” said Travis Schluessler, a security architect inside Intel’s Communications Technology Lab.
If it were to be put into a product platform, Intel’s System Integrity Services could be used in conjunction with other elements, including the Intel Active Management Technology for monitoring hardware, and could also be used in concert with other research projects such as Circuit Breaker.
Such a combination might help quickly head off widespread infections, which can cost companies not only in data theft by also in reduced employee productivity due to computer downtime and heavy use of IT resources to clean them up, the Intel researcher said.
Indeed, in one example, “Once System Integrity Services has detected a problem, it can tell Circuit Breaker to turn [a machine] off the primary network and switch it over to a remediation network,” he said.
That focus has been brought about by the chip maker’s recent shift to designing platforms around devices such as servers or desktop PCs. Unlike when it sold chips individually, the platform design strategy has Intel creating numerous add-ons, which include features such as virtualization and the Intel Active Management Technology, which are designed to increase the usability and manageability of desktops, notebooks and servers.
Many of Intel’s more advanced worm and virus detection technology are still at the research stage today.some of Intel’s other projects include worm signature detectors called autograph and polygraph.but it could easily wind up as features inside Intel’s future product platforms. Now we’re looking at this even more from a platform level on how we can bring these things together to drive new value to customers.”
The lab is also working on a projects called Autograph and Polygraph projects, which are designed to help prevent large-scale worm infections altogether by analyzing individual worms and quickly publishing data on how to detect them. Autograph and Polygraph employ a combination of heuristics and good old sleuthing to track down worms and locate their signatures.or the unique pattern of data required for its particular exploit.and then notify other systems with those signatures so that they can move to identify and block the worm, said Brad Karp, at Intel Research Pittsburg, a lab located on the campus of Carnegie Mellon University.
http://www.eweek.com/article2/0,1895,1900533,00.asp
But the ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet. SPIT — spam over internet telephony — could become a huge problem for companies.
In surveying ISF members to research the report, concerns were also expressed that as VoIP becomes more popular, organised criminals will turn their attention to sabotaging businesses by disabling phone systems through DoS attacks or spreading malicious viruses or worms.
The problems of poor quality transmission and loss of service are gradually being overcome, which is expected to lead to more widespread adoption and reliance on VoIP in the future. “We take it for granted but it is extremely resilient, something that VoIP can not currently deliver.
http://security-protocols.com/modules.php?name=News&file=article&sid=3116