Security News Curated from across the world
“Then last month they more than doubled their spending outlook when users realized the economy was still perking along,” John Gantz, IDC’s Chief Research Officer, said in a statement.
IDC’s forecast of 5 percent growth in U.S. IT spending growth in 2006 is double the 2.5 percent forecast earlier this week by Merrill Lynch.
http://www.internetnews.com/ent-news/article.php/3575466
In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total.
Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total.
Another 2,058 vulnerabilities affected more than one operating system.
http://www.securitypipeline.com/news/175801169
Schmidt, on the Board of Directors of the International Information Systems Security Certification, said he gets calls three or four times a month from companies that recently created executive positions in security. “There’s more attention and focus on IT security as a profession, as opposed to just a job,” Schmidt said.
The factors giving information security professionals greater visibility are: the maturation of the certification process; the increasing mobility of the world’s workforce and subsequent vulnerabilities; growing sophistication among hackers; more stringent regulations regarding data. “A lot of companies are finding themselves being in better financial positions, freeing up funds for investments in staffing and security,” Bohne said.
The IDC study, which culminated from the responses of 4,305 full-time information security professionals in more than 80 countries, showed that information security is most mature in the Americas.
Experience counts for something, but accreditation is helping build credibility in the information security field as well.
http://www.securitypipeline.com/news/175800733
IMlogic has posted year-end results of its IM threat tracking efforts, including a graph showing the dramatic rise in attacks during 2005, on its Web site.
http://www.securitypipeline.com/news/175800842
While the SANS list makes End Users responsible for keeping things like anti-virus up to date and operating systems patched, these functions can be and should be automated by IT staff.
Executive staff, according to the SANS article, have a much bigger responsibility. Many of the breaches that are known to have occurred in 2005 were the result of dishonest insiders, hackers, or poor security procedures (i.e., losing a backup tape). Encryption is a big deal in the world of networking and may require revamping the network in terms of encryption capable hardware and bandwidth needs. It is management’s responsibility to develop and mandate security policies, so that secure processes and procedures must be in place before systems “go live”, as well as make sure that IT is properly staffed.
A comprehensive Security Awareness program would go a long way towards educating banking employees at every level.
The breakdown of End User, Executive Staff, and Information Technology people is a good way to start. IT people need to understand that every time they rush to meet a deadline and put an unsecured system into production, they are jeopardizing the security and safety of the bank.
http://www.bankinfosecurity.com/articles.php?art_id=103&PHPSESSID=8af89b3eb8240a0e33ca65c806a8ac16
IP-based spoofing, on the other hand, directs certain IP addresses to fake Web sites containing false or misleading information. Another, similar technique is IP-based cloaking, which configures a legitimate Web site to display inaccurate or incomplete information only when it is accessed from certain IP addresses. Redirect spoofing sends specific traffic to an alternate page within the site.
For instance, if one airline knows a competitor checks its site for fares daily, it can jack up the price only when a rival’s IP address tries to access the site.
Major retailers sometimes employ this technique by displaying only expensive merchandise based on customers’ past buying habits.
http://www.bankinfosecurity.com/articles.php?art_id=102&PHPSESSID=8af89b3eb8240a0e33ca65c806a8ac16