admini – Page 182 – CyberSecurity Institute

Security: New Study IDs Top Threats

Posted on May 18, 2007December 30, 2021 by admini

Careless behavior by employees combined with spotty security policies provide plenty of openings for scam artists.

A widely reported study by MarkMonitor, an Internet security firm specializing in brand protection, found a rise in “cybersquatting” (using trademarks on illegitimate sites), “clickfraud” (bogus clicks on ads) and “domain kiting” (illicit Web sites with similar names to well-established sites), along with phishing and other scams.

The better gauge of how CIOs truly feel about security is spending: IT security budgets are growing, and companies are plunking down cash for a broader range of technologies and services. Finding 1: IT Executives Say Security Is Adequate Despite Threats Security snafus often make news, but most CIOs aren’t rattled. As previous CIO Insight surveys have shown, very few IT executives think their companies are at high risk, and most feel their IT security measures are up to the job.

Finding 1: IT Executives Say Security Is Adequate Despite Threats

Finding 2: Online Fraud and Theft Has Hurt Few Companies

Finding 3: Careless Employees and Lost Laptops Are Danger No. 1

Finding 4: Weak Protection Policies Put Social Security Numbers at Risk

Finding 5: Companies Are Diversifying Their Security Spending

Finding 6: More Companies Are Backing Off Windows Amid Doubts About Vista Security

http://www.cioinsight.com/article2/0,1540,2134832,00.asp?kc=EWWHNEMNL052407EOAD

Microsoft tweaks Patch Tuesday advance notification

Posted on May 18, 2007December 30, 2021 by admini

As of June 7, notices will list the maximum severity rating, vulnerability impact, affected software and necessary detection information for each bulletin scheduled to post the following Tuesday.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019720&source=NLT_AM&nlid=1

Traffic-Scanning Flaw Hits 90+ Vendors

Posted on May 17, 2007December 30, 2021 by admini

An attacker could send a malicious HTTP packet to the vulnerable content scanning system

Cisco has confirmed that its Cisco Intrusion Prevention System and Cisco IOS with Firewall/IPS Feature Set products are vulnerable to the flaw. Cisco notes in its advisory that it is not aware of any malicious use of the vulnerability. Among those US-CERT lists include: 3com, Alcatel, Avaya, D-Link Systems, Debian GNU/Linux, EMC, Fedora Project, Gentoo Linux, Hitachi, IBM, Intel, Linksys (a division of Cisco), Lucent, McAfee, Microsoft, Nokia, Nortel, Novell, Red Hat, Sony, Sun and Symantec.

http://www.internetnews.com/security/article.php/3678051

OpenSEA Aims for Better Authentication

Posted on May 16, 2007December 30, 2021 by admini

A new initiative to develop open-source security solutions was born Monday, with the announcement that six companies were jointly creating a new alliance called OpenSEA. The networking and security technology companies forming the new alliance are Symantec, Extreme Networks, Identity Engines, Infoblox, TippingPoint, and Trapeze Networks. The 802.1X supplicant is essentially the client side of a client/server authentication handshake.

The name OpenSEA refers not to a sailor’s vision of the beckoning ocean, but to Open Secure Edge Access. The group’s first project is to develop a cross-platform, open-source 802.1X supplicant using the Firefox Web browser as a model. The statement said that Xsupplicant uses a modular architecture to enable extensions, including new authentication types and integration with other security components.

The alliance is looking to help extend Xsupplicant with key functionality, including support for Windows XP, a robust GUI, and an API for extensibility. Based in the UK, JANET serves 18 million users as a network that connects education and research organizations in the UK to each other and to the rest of the planet. The United Kingdom Education and Research Networking Association, or UKERNA, manages JANET.

http://www.newsfactor.com/news/OpenSEA-Aims-To-Improve-Security/story.xhtml?story_id=101003AOKMV0

RSA enVision boasts HA features and integration with EMC storage.

Posted on May 12, 2007December 30, 2021 by admini

Key features listed for the IPDB include a write-optimized architecture that stores the collected event and log data in its raw form–no pre-processing required (but with compression and encryption); WORM support for the protection of stored data; and direct support for the storage of Internet Protocol information (IP address, MAC address, hostname, etc.).

In addition to this, the appliance offers “Universal Device Support”–including a user interface for the definition of new messages, their payload data, and their classifications–allowing the integration of custom event sources.

http://www.products.datamation.com/security/security/1178815743.html

Intel, PGP In Security Hookup

Posted on May 12, 2007December 30, 2021 by admini

PGP security encryption is available now, but Phil Dunkelberger, president and CEO of PGP, thinks this will widen its appeal. Dunkelberger said PGP will be doing special development projects with Intel to adapt applications and systems utilities to utilize PGP technologies.

The PGP Encryption Platform is an enterprise framework for shared user and key management, policy, and provisioning automated across multiple, integrated encryption applications. PGP Whole Disk Encryption provides complete, constant disc encryption in real time, protecting the disk drive in its entirety, not just application data at the individual file level.

http://www.internetnews.com/security/article.php/3677076