September 2006 – Page 2 – CyberSecurity Institute

Computer Virus Writers Plan Slow Spread

Posted on September 25, 2006December 30, 2021 by admini

“If they are able to stay active longer, they make more money,” said Alfred Huger, senior director of engineering with the security response team at Symantec Corp., a software vendor that issued its twice-annual state-of-security report Monday.

Not too long ago, he said, a single person took control of as many as 400,000 computers at once with the help of malicious programs. Today, the average is less than 1,000, making such networks more difficult to track and shut down.

Huger said spammers have been compiling e-mail lists specific to geographic areas, by targeting a single Internet service provider that serves a particular region or by combing mailing lists devoted to a city’s happenings. Messages sent to those lists can be used for scams or the spread of malicious programs, such as those for stealing data.

Virus writers have also judiciously used Web sites with software vulnerabilities allowing for the spread of malicious code, Huger said. They will remove the malicious programs once enough users are infected and restore the malware later, he said. “They are very careful about the spread,” he said.

Many of the newer viruses spread primarily through social engineering — tricking a user into opening an e-mail attachment by making a message appear legitimate. Although virus writers have long used that technique, many had been trying to overcome delays inherent with the need for any user intervention, taking advantage of system flaws to automatically spread their programs.

Network worms such as 2004’s “Sasser” exploited flaws in Microsoft Corp.’s Windows operating system, automatically scanning the Internet for computers with the vulnerability and sending copies of themselves there. But the rapid spread also triggered rapid-response alerts among security vendors and prompted network operators to prioritize applying fixes to the Windows flaws.

High-profile threats, often more an annoyance than an effort to set up armies of rogue computers, are typically contained within a day or two. By contrast, botnet computers can stay active for months.

http://news.moneycentral.msn.com/provider/providerarticle.asp?feed=AP&Date=20060925&ID=6050838

New Gartner Hype Cycle Highlights Five High Impact IT Security Risks

Posted on September 20, 2006December 30, 2021 by admini

They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry,” said Amrit Williams, research director at Gartner. “For example, we have recently seen several companies hiring private investigators to spy on their competitors.”

Gartner said that social engineering and viruses will remain an everyday nuisance for chief information security officers through 2009.

Gartner urged organisations to incorporate penetration testing into vulnerability management processes and investigate more-aggressive intrusion detection and protection approaches that move beyond threat-signature-based approaches.

It also advised companies to evaluate managed security services when internal capabilities are not available or sufficient for advanced security activities.

Identity theft refers to the theft of an individual’s personal or financial information for the purpose of stealing money or committing other types of crimes. This continues to be a disruption as it can be used to send confidential information to unauthorised persons without the knowledge or consent of an e-mail user.

Gartner advised organisations to ask their existing desktop security vendor to provide an integrated anti-spyware solution.

They should also use their gateway and network security devices to provide anti-spyware capabilities in the network, a strategy that has proved effective in the fight against viruses and spam.

Defence against social engineering relies on deploying consistent security policies and practices that include; educational and clear reporting programmes as well as appropriate technology management. For example, to minimise the risk of sending confidential corporate documents or trade secrets to inappropriate recipients, organisations should use content monitoring and filtering tools.

More than 1,900 information technologies and trends across more than 75 industries, technology markets, and topics are evaluated by more than 300 Gartner analysts in the most comprehensive assessment of technology maturity in the IT industry. It highlights the progression of an emerging technology from market over enthusiasm through a period of disillusionment to an eventual understanding of the technology’s relevance and role in a market or domain.

http://www.gartner.com/it/page.jsp?id=496247

Symantec Prepares For Shift To ‘Security 2.0’

Posted on September 20, 2006December 30, 2021 by admini

At the same time, Symantec wants to help businesses to be more careful about whom they let connect to their networks, the underlying principle of the emerging market for network-access control technology.

Yet as Symantec expands into new areas, and other high-profile vendors like Microsoft and Cisco expand their security offerings, the company could face unprecedented competition.

The company last week announced it’s teaming with Juniper Networks to build unified threat-management appliances, intrusion detection and prevention systems, and access-management and endpoint-compliance devices based on Juniper hardware and Symantec software.

“We need to understand all of the risks” that customers face, “although we don’t have to provide a Symantec-branded solution,” Bregman says. This sentiment was also evident in Symantec’s announcement Wednesday with Dell to help midsize businesses get control of their e-mail systems through a new offering called Secure Exchange.

http://www.informationweek.com/story/showArticle.jhtml?articleID=193004118&cid=RSSfeed_IWK_News

Thumb-sized leaks in corporate security

Posted on September 20, 2006December 30, 2021 by admini

“In many cases, it’s an unrecognized security problem,” says Jack Gold, founder of J. Gold Associates, an IT consulting firm. “Think about compliance issues if an insurance company employee downloads a couple of thousand customer records onto a flash drive and then loses the device,” he says.

While relatively few companies are addressing the issue, some have tried solutions ranging from total network lockdowns to requiring the use of encrypted flash drives to ensure that data will at least be safeguarded if it is lost. Although CHS has a “thou shalt not copy” policy regarding the downloading of sensitive information to portable memory devices, Valleau says he isn’t about to ban them, because “some people might need to carry protected medical records from one location of ours to another.” As a result, Valleau is looking at requiring employees to use only new, encrypted flash drives at the 1,000 computer workstations at the firm’s 210 offices around Florida.

Hospitals, which must closely guard patient information under the Health Insurance Portability and Accountability Act, are particularly concerned about flash drives.

Gower, vice president of information systems at Martin, Fletcher & Associates uses network-control software to limit both the type of content users can view and the time of day they can see it. Her company totally prohibits employees other than managers from copying data by limiting the network’s ability to write to portable storage devices. “The way we’ve got the network set up, employees can’t plug PDAs, smart phones, flash drives or USB hard drives into the network. “I have no doubt that, with all these portable memory devices in the workplace, there will be a federal privacy compliance breach in the next year.”

First line of defense: Establish a portable-device policy and educate users about it. Second line of defense: Network management tools, used by less than 5 percent of corporations, can restrict network access by individual, workstation or type of device. Third line of defense: Dismiss employees caught.

http://www.computerworld.com.au/index.php/id;1698947885;fp;16;fpid;0

Gartner: Security costs fall with good policies

Posted on September 18, 2006December 30, 2021 by admini

Rather than trying to anticipate a new regulation, it’s better for companies to treat regulation as one more factor in an overall risk portfolio, Heiser said.

From its latest data, Gartner expects information security budgets to increase 4.5 percent over the next year.

Wheatman said companies have shown success in negotiations with security vendors in getting, for example, antispyware included with antispam and antivirus software instead of paying extra. Antivirus software represented 54.3 percent of the revenue, at $4 billion.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9003402

Web flaws race ahead in 2006

Posted on September 15, 2006December 30, 2021 by admini

The case of Eric McCarty illustrates the danger: The network administrator found a database vulnerability in the online application site for the University of Southern California but was prosecuted for his unauthorized access of the server and last week agreed to plead guilty.

Easy-to-use Web programming languages are also to blame, because they attract people who have not programmed before and can be more easily audited for flaws, Christey said. “The existence of these web-friendly languages, like PHP, lowers the bar for someone to create a useful application but also lowers the bar for someone to find vulnerabilities in that application,” he said. In the CVE Project’s latest numbers, flaws that use a technique for injecting code from one Web site into another, known as cross-site scripting or XSS, accounted for 21.5 percent of the vulnerabilities reported so far in 2006.

http://www.securityfocus.com/news/11413?ref=rss