admini – Page 184 – CyberSecurity Institute

Microsoft Unveils New Management and Security Tools

Posted on May 4, 2007December 30, 2021 by admini

The software is designed to simplify and automate a broad set of tasks through a single console from which IT managers can view and maintain servers, clients, hardware and software.

The product is available for purchase as of Wednesday as part of the Microsoft Enterprise Client Access License suite via Microsoft Volume Licensing, with stand-alone product availability in July through standard Microsoft volume licensing channels.

http://www.darkreading.com/document.asp?doc_id=123207&WT.svl=cmpnews2_4

Compliance drives security configuration management

Posted on April 26, 2007December 30, 2021 by admini

“Either it’s a vulnerability in software, which we are all familiar with or configuration changes being made day to day by people within the organization that introduce vulnerabilities,” he said.

Colorado Springs, Co.-based Configuresoft Inc. is making itself stand out by trying to capitalize on organizations upgrading systems to a service oriented architecture and those that are using server virtualization.

Companies such as Lexington, Mass.-based Bladelogic Inc. are filling the need for server configuration management, said Mark Nicolett, research vice president at Stamford, Conn.-based Gartner Inc. “This segment is a bit busier than it had been and I expect this segment to be driven harder,” he said. The vendor is using business intelligence to alert management of any configuration changes that can open holes and increase risk, said Andi Mann, a senior analyst at Boulder, Co.-based Enterprise Management Associates.

George Gerchow, Configuresoft’s technology strategist said merchants seeking compliance with PCI DSS, credit card security standards are driving spending on configuration management tools.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1252785,00.html

Companies Say Security Breach Could Destroy Their Business

Posted on April 26, 2007December 30, 2021 by admini

23% said they were able to estimate the total annual cost of data leakage, putting the figure at $1.82 million.

Just last week, the U.S. Department of Agriculture announced that it had exposed the personal identifying information on about 150,000 people over the last 26 years. The agency admitted inadvertently exposing online sensitive information, such as names and Social Security numbers, in a publicly available database, which had existed since 1981.

People are getting fed up with their personal information leaking out into areas where it could be scooped up by criminals working online. A report came out earlier this month from Javelin Strategy & Research showing that 77% of 2,750 consumers polled said they would stop shopping at stores that suffer data breaches.

http://www.informationweek.com/news/showArticle.jhtml?articleID=199201085

Microsoft adds security muscle

Posted on April 26, 2007December 30, 2021 by admini

“Microsoft is entering a very competitive market and one that is new to them,” said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. “It will take some years, perhaps five, for Microsoft to be up to par,” said Andreas Clementi of AV Comparatives, an organization that tests antivirus products.

Microsoft started selling its Windows Live OneCare consumer antivirus product almost a year ago. The security research and response team at Microsoft, as at traditional antivirus providers, investigates and responds to threats. Turning irritation into opportunity Security used to be just something that Microsoft got hammered on, but five years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft now sees it as a market it had not previously tapped.

“Some of our customers view this a little controversially, in a sense that if we could solve these problems at the root, why is there a need for extra products,” Microsoft Chief Executive Officer Steve Ballmer said this week.

http://news.zdnet.com/2100-1009_22-6179582.html

Malware Spikes in 1Q As Hackers Increasingly Infect Websites

Posted on April 25, 2007December 30, 2021 by admini

With computer users becoming more aware of how to protect against e-mail-based malware, hackers have turned to the Web as their preferred vector of attack. The trojan is typically found in html or ASP files, and can download and execute files from malicious Web sites to infected computers.

The company’s researchers found that 70%, were legitimate Web sites that were vulnerable to attack because they were unpatched, poorly coded, or had not been maintained by their owners. They also found that 12.8% were hosting malicious script, while Windows malware was responsible for infecting 10.7%.

“What’s most worrying is that so many Web sites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches,” said Carole Theriault, a senior security consultant at Sophos, in a written statement.

“The average Internet user assumes sites like the Miami Dolphins homepage are safe to access, but by targeting a whole range of Internet pages, hackers are successfully infecting a larger number of unwary surfers.

http://www.darkreading.com/document.asp?doc_id=122469&f_src=darkreading_section_318

Sweetening the Honeypot

Posted on April 24, 2007December 30, 2021 by admini

“We are aware that in the past installing and maintaining and analyzing data from honeynets has been somewhat resource intensive,” says Ralph Logan, principal with The Logan Group and vice president of the Honeynet Project. The services are based on a new version of the alliance’s Capture-HPC client honeypot software. He says the tools are intended for organizations that can’t or don’t want to have their own client honeynet.

Meanwhile, the Honeynet Project’s soon-to-be-announced Global Distributed Honeynet, a distributed network of honeynets, automatically analyzes honeypot attack data gathered from various honeypot and honeynet locations around the world.

Kevin Mandia, who worked on the Honeynet Project until 2001, says honeynets are great for research and academia, but he would not recommend any of his clients in the government and enterprise world put one up.

Honeynets determine the “who and why” of insider attacks, notes Logan, versus security products such as firewalls and IDS that look more at the when, how, and what.

http://www.darkreading.com/document.asp?doc_id=122352&WT.svl=news2_5