admini – Page 131 – CyberSecurity Institute

Identity theft prevention is security spending focus

Posted on December 13, 2009December 30, 2021 by admini

The survey results raised the issue of companies approaching security on a threat-by-threat basis, according to Dimension Data, and not taking a more holistic view and implementing five major types of security control to secure their organisation.

Dimension Data’s global general manager, security solutions, Neil Campbell commented: “We are concerned that the surveyed organisations are tackling threats reactively, on an ad hoc basis, and without putting some basic security controls in place. “Given that each new security technology should make the whole greater than the sum of the parts, these decisions will allow organisations to rapidly focus in on appropriate technologies to extend their ecosystem.

Implementing a firewall, intrusion prevention, system security, web content security, and email content security have become a necessity.

http://www.itp.net/578628-identity-theft-prevention-is-security-spending-focus

Top five security challenges of 2010

Posted on December 10, 2009December 30, 2021 by admini

New state-wide laws will be passed mandating that companies comply with specific data breach reporting regulations creating new challenges for many mid-tier businesses.

As the economy continues to rebound and spending increases, retailers will again be the top target for data theft. Look for at least one major retailer to fall victim to a security breach that exceeds the losses faced by TJX, and for midmarket retail attacks to double as this lucrative trend gains popularity among attackers. In the aftermath of Heartland Payment Systems — which exposed more than 130 million credit card records — compliance regulations will be refined and reinforced with greater specificity and steeper consequences.

Auditors will demand deeper demonstration of security process, risk assessment, penetration testing, employee training and policy verification and enforcement through real-time analysis and incident response.

http://www.echannelline.com/canada/story.cfm?item=DLY121009-3

CA Inc: CA Report: Fake Security Software, Search Engines and Social Networks 2009’s Top Internet Th

Posted on December 10, 2009December 30, 2021 by admini

‘Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff,’ said Don DeBolt, director of threat research for CA’s Internet Security Business Unit.

Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals. In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.’

– Search Index Poisoning: Google is a frequent target of online threats.

Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections.

In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.

http://www.quote.com/news/story.action?id=MTO344u0283

Internet posting prompts TSA investigation

Posted on December 10, 2009December 30, 2021 by admini

The Homeland Security Department has also stopped posting documents with security information, either in full or in part, on the Internet until the TSA review is complete, Mr. Heyman told the Senate Homeland Security and Governmental Affairs committee.

Among many sensitive sections, the document outlines who is exempt from certain additional screening measures, including U.S. armed forces members, governors and lieutenant governors, the Washington, D.C., mayor and their immediate families.

It also offers examples of identification documents that screeners accept, including congressional, federal air marshal and CIA ID cards; and it explains that diplomatic pouches and certain foreign dignitaries with law enforcement escorts are not subjected to any screening at all.

http://www.post-gazette.com/pg/09344/1019885-84.stm

New cloud hacking service steals Wi-Fi passwords

Posted on December 9, 2009December 30, 2021 by admini

The service was launched by a well-known security researcher who goes by the name of Moxie Marlinspike.

Hackers have known for some time that these WPA-PSK networks are vulnerable to what’s called a dictionary attack, where the hacker guesses the password by trying out thousands of commonly used passwords until one finally works.

WPA Cracker customers get access to a 400-node computing cluster that employs a custom dictionary, designed specifically for guessing WPA passwords.

If they find the $34 price tag too steep, they can use half the cluster and pay $17, for what could be a 40-minute job.

The service could save security auditors a lot of time, but it will probably make it easier for senior management to understand the risks they’re facing, said Robert Graham, CEO of penetration testing company Errata Security.

http://news.techworld.com/security/3208347/new-cloud-hacking-service-steals-wi-fi-passwords/

Germany plans Internet virus phonecall alerts

Posted on December 9, 2009December 30, 2021 by admini

BSI explained the plan at the Information Technology Summit, an annual meeting between industry chiefs and Chancellor Angela Merkel.

The survey offered a ranking of 15 nations’ competitiveness in the overall information and communications technology field, awarding the United States the top score.

Even more damning were the judgements of Chinese and US experts asked to say where they had noticed excellence in Germany.

http://in.news.yahoo.com/43/20091208/838/tbs-germany-plans-internet-virus-phoneca.html