March 2006 – Page 4 – CyberSecurity Institute

Computer hacking laws discussed in Parliament

Posted on March 7, 2006December 30, 2021 by admini

Home secretary Charles Clarke outlined details of the legislation, including an update of the 1990 Computer Misuse Act.

By amending section three of the CMA to explicitly make denial of service attacks a criminal offence, the UK government also plans to ratify its position as a member of the Council of Europe’s cyber crime convention, which sets out a common international approach to prosecuting hackers, virus writers and internet extortionists.

http://www.computing.co.uk/computing/news/2151493/computer-hacking-laws-discussed

IT security top concern for fed CIOs

Posted on March 7, 2006December 30, 2021 by admini

While some high-profile agencies have addressed privacy issues, “privacy is a much less mature concern in government” than security, Wohlleben said.

The 16th annual ITAA survey of U.S. government CIOs included interviews with 36 CIOs or assistant CIOs and three government oversight officials between August and December 2005.

In addition to security concerns, federal CIOs also identified as key priorities standardizing and consolidating their IT infrastructure, improving project management, and examining ways to use managed services from outside vendors, according to the survey.

One general theme in the interviews was concern about executing long-term plans, Wohlleben said. While federal CIOs see themselves as agents of change in coming years, shifting priorities within government can make it difficult to carry through long-term IT plans, he said. They’re multiyear implementations in a political environment where laws are being changed, in a budgetary environment where budgets are being changed.”

http://www.infoworld.com/article/06/03/07/76192_HNsecuritytopgovcio_1.html

Black market thrives on vulnerability trading

Posted on March 7, 2006December 30, 2021 by admini

China saw the largest increase in botnet activity with a 37 per cent growth of botnet infected systems and a 153 per cent increase in attacks originating there. That’s not to say China is full of criminals. But with a well-documented history of software pirating, it stands to reason that many systems hooking up to the Net in the People’s Republic aren’t patched properly and vulnerable to infection.

With a population of 1.3bn, the 94m Chinese who are online represents a point right at the bottom of the S-curve expected as the Internet revolution takes off there. If the black market in vulnerability trading increases, as Symantec predicts, massive numbers of systems coming online in China will prove an ideal vector for attack.

http://www.pcpro.co.uk/news/84523/black-market-thrives-on-vulnerability-trading.html

Combating Identity Theft

Posted on March 7, 2006December 30, 2021 by admini

Identity security has developed beyond the simplest form of authentication where one party issues and verifies identities within a closed group of users.

Essentially, an organisation that is joining another’s authentication network must have confidence in the checks that have been carried out to guarantee the identity of the user.

Privacy laws have further compounded this as one organisation is unlikely to be able to share any meaningful information with another organisation to prove that these checks are robust.

http://www.net-security.org/article.php?id=904

Risky Sites Account for 5% of traffic

Posted on March 6, 2006December 30, 2021 by admini

The automated virtual computers, also known as client-side honeypots or ‘honeymonkeys’, have been used to research current online threats by Microsoft and other companies.

SiteAdvisor is the first attempt to turn the data generated by such computers into a service.

Microsoft used its honeymonkeys to browse the riskier side of the Web for servers that use zero-day exploits against visitors. The University of Washington used similar techniques to survey the Web and find that one in twenty executables on the Internet contain spyware.

http://www.securityfocus.com/brief/156?ref=rss

Customers voice concern over IP telephony security

Posted on March 5, 2006December 30, 2021 by admini

“And one of our main aims in IP communications is to improve security when we implement voice over internet protocol (VoIP) networks,” he stated. “The other threat is hackers gaining access to the network,” he added.

Karam explained that to combat the threat of viruses Alcatel uses the Linux operating system (OS) which he described as “much more secure than a Windows 0S.” “You never hear about a Linux OS being infected by a virus,” he went on to claim.

Karam said that in the Middle East two other factors are slowing down the growth of IP telephony — government regulations and the reluctance on the part of users to break away from traditional telephony technology.

Alcatel claims to hold 17% of the enterprise market with its IP communications technology in the region.

“Some facts are delaying that growth — regulatory issues in the region are one factor. At present VoIP has not been legalised but we expect this to change and that we will see more growth as a result in the future,” he said.

“Another factor is people’s fear over the move towards IP in voice, namely because they are used to working in a traditional time division multiplexing (TDM) environment,” he added.

However, he described the region as a “booming market” where Alcatel has enjoyed the highest growth in the take up of its IP communications technology.

“We have identified some fast growing markets all over the world and the Middle East is one of the booming markets we are targeting,” he went on to say.

http://www.itp.net/news/details.php?id=19760