This disparity may be responsible for the rise in costs of dealing with security incidents overall, while average “clean-up” costs for large companies actually decreased.
http://www.viruslist.com/en/news?id=185152438
Security News Curated from across the world
This disparity may be responsible for the rise in costs of dealing with security incidents overall, while average “clean-up” costs for large companies actually decreased.
http://www.viruslist.com/en/news?id=185152438
RSA says the trend is down to a combination of factors including an increase in the number of online banking users in Europe and Asia Pacific, banks offering increased functionality as part of online services, and heightened sophistication on the part of hackers.
Fraudsters are essentially crooked entrepreneurs; they are constantly looking for the greatest return for the smallest investment, and financial institutions in relatively untapped markets with users unfamiliar with phishing attacks are an attractive target.
http://www.theregister.co.uk/2006/04/26/international_phishing_survey/
“We started seeing huge vulnerabilities,” Borg said Wednesday at the GovSec conference in Washington, where the draft document was released. Most of the systems were compliant with current security checklists and best practices. “And portions of those systems were extraordinarily secure. But they were Maginot Lines,” susceptible to being outflanked. The problem is that existing best practices are static lists based on outdated data. “We are way into diminishing returns on our investments in perimeter defense,” he said. “To deal with it now, you have to think of the problem of cybersecurity not from a technical standpoint, but by focusing on what the systems do, what you could do with them and what … the consequences [would] be.”
The list is based on real-world experience and on economic analysis of breaches. Surprisingly, the researchers found that simply shutting a system down is not the biggest threat in most areas of critical infrastructure. “Shutting things down for two or three days is not that costly,” Borg said. The larger threat is disruption of systems in ways that are not immediately evident.
“All of the things we are talking about are already under way,” Borg said, but some of the items in the checklist have no cost-effective commercial solutions. Borg said he hopes industry will step up to the plate to create solutions, and that government will adapt its acquisition policies to create incentives for these developments.
Borg said there is no schedule for final DHS approval of the draft. Additional information about the checklist is available from Borg at mailto:scott.borg@usccu.us.
http://www.gcn.com/online/vol1_no1/40564-1.html
On the operating system front, e-Security had already created collectors for Microsoft Windows 2000 and Windows 2003 and the Microsoft Operations Manager (MOM) systems management console; Red Hat Enterprise Linux; Sun Microsystems Solaris and Trusted Solaris (an ultra-secure variant of Solaris); IBM AIX and OS/400; Hewlett-Packard HP-UX.
A few months after Novell bough Immunix, it took the AppArmor security appliance software that Immunix had created and not only began the task of embedding it into SUSE Linux, but also released the AppArmor code as an open source project as a means to help create the thousands of application profiles that the AppArmor software requires.
Sales and engineering for the Sentinel product will remain in Vienna, but the company will be rolled into Novell’s system security and identity management unit, which includes the AppArmor, ZENworks, and Novell Identity Manager products.
http://www.itjungle.com/tlb/tlb042506-story03.html
Essentially, the process works by tricking e-mail recipients into going to phony Web sites to divulge personal data, like bank-account numbers or credit-card information.
Identity thieves also use technical subterfuge through spyware and Trojans to capture user names and passwords so they can gain access to consumers’ financial details.
http://www.cio-today.com/story.xhtml?story_id=42950&page=1
PassMark, based in Menlo Park, Calif., provides so-called two-factor authentication for conducting transactions over the Internet. PassMark’s technology is designed to guarantee the identity of a person who visits a Web site, based on his or her password and the type of device used.
http://news.zdnet.com/2100-1009_22-6064214.html?part=rss&tag=feed&subj=zdnet