http://www.zdnetasia.com/news/security/0,39044215,62046412,00.htm
Author: admini
‘Profiler’ Hacks Global Hacker Culture
The ultimate goal of the project is to help prevent cyber crime gaining a better understanding of different types of criminal hackers, their movements, and the types of attacks they perform, as well as their possible ties to organized crime activity and cyber terrorism.
There are so many typologies of hackers, especially if we consider why they do it and how they do it,” says Chiesa, director of communications the Institute for Security and Open Methodologies (ISECOM), which is spearheading the project. ISECOM envisions a methodology where you can identify the type of attacker who hit you based on forensic data that correlates with his or her profile.
The project includes detailed psychological profiles of script kiddies, crackers, and mercenaries, for example, and eventually will correlate honeynet data with the various hacker profiles to match behaviors and methodologies.
“I’m thinking about building a honeypot in order to act like a fake e-banking system, [or] a government Web site,” Chiesa says. “It will help to break some myths and preconception that the society and law enforcement agencies have on cyber criminals.”
Chiesa says one company that wanted to move its IT headquarters to Romania asked ISECOM to analyze the Romanian hacking scene so it could determine the risk of the move. And the United Nations Interregional Crime & justice Research Institute is using the HPP data for studying new threats, he says.
But some security experts have questioned whether it’s truly possible to reach the bad guys and get accurate information from them to actually profile them. “That’s why the whole Hackers Profiling Project was carried out by psychologists, criminology researchers, and infosec people…
http://www.darkreading.com/document.asp?doc_id=164364&WT.svl=news2_5
McAfee to pay $465 million for Secure Computing
The Santa Clara, California-based company said on Monday it will pay $5.75 per share of Secure Computing’s common stock, representing a 27 percent premium to the San Jose, California, company’s closing price of $4.52 on Friday.
Secure Computing shares rose 23 percent to $5.56 on Nasdaq, while McAfee shares fell 1.7 percent to $36.68 in morning trading on the New York Stock Exchange.
McAfee Chief Executive Dave DeWalt said the purchase will help round out McAfee’s line of products that help protect business networks. The Secure Computing purchase will add 22,000 more customers in that area, he said.
Jefferies & Co. analyst Katherine Egbert said that while Secure Computing has great technology for protecting computer networks from hackers, it has a reputation for being difficult to use. Ives called the McAfee deal “a better choice (for Secure Computer) than continuing to embark down a bumpy road in a tough macro environment.”
http://news.yahoo.com/story///nm/20080922/tc_nm/securecomputing_mcafee_dc
Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity
Abramson said it hasn’t been unusual for him to stumble across views of sensitive data while fulfilling consulting contracts. More and more, companies are pulling their production data forward into unsecure areas where business partners, outside contractors, consultants, or even customers can see it.
Encryption features generally may be applied to database tables as data is stored in them, and Secure Backup guarantees that only encrypted data flows out to the backup tapes. “If used fully, these measures reduce serious risks,” said Abramson, but he also acknowledged that Oracle alone can’t cover all areas of security exposure.
Both Oracle and several third parties are making products available that monitor database activity, watching for suspicious activity and alerting managers when someone seems to be attempting unauthorized activity.
http://www.informationweek.com/news/security/app_security/showArticle.jhtml;jsessionid=NHV10EELD1SC4QSNDLPSKH0CJUNN2JVN?articleID=210602800
SandBox Analyzer for Linux and addition of file-format exploit support
In addition to these improvements, the recent release of the Norman SandBox includes a new emulator, advancing functionality, boosting analysis speed by 10%, and increasing detection by nearly 20%.
SandBox Analyzer Pro also gained important debugging features and functionality.
http://www.net-security.org/secworld.php?id=6542
Microsoft to release secure coding model
Starting in the fall, the company will allow companies to download its Secure Development Lifecycle (SDL) Optimization Model, which allows organizations to gauge the completeness and maturity of their own software development programs as well as identify gaps in their practices, Steve Lipner, senior director of security engineering strategy at Microsoft, said in an interview transcript posted by company online.
The SDL Optimization Model and SDL Threat Modeling Tool will both become freely available in November, the software giant said.
http://www.securityfocus.com/brief/820?ref=rss