admini – Page 185 – CyberSecurity Institute

Malware Spikes in 1Q As Hackers Increasingly Infect Websites

Posted on April 25, 2007December 30, 2021 by admini

With computer users becoming more aware of how to protect against e-mail-based malware, hackers have turned to the Web as their preferred vector of attack. The trojan is typically found in html or ASP files, and can download and execute files from malicious Web sites to infected computers.

The company’s researchers found that 70%, were legitimate Web sites that were vulnerable to attack because they were unpatched, poorly coded, or had not been maintained by their owners. They also found that 12.8% were hosting malicious script, while Windows malware was responsible for infecting 10.7%.

“What’s most worrying is that so many Web sites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches,” said Carole Theriault, a senior security consultant at Sophos, in a written statement.

“The average Internet user assumes sites like the Miami Dolphins homepage are safe to access, but by targeting a whole range of Internet pages, hackers are successfully infecting a larger number of unwary surfers.

http://www.darkreading.com/document.asp?doc_id=122469&f_src=darkreading_section_318

Sweetening the Honeypot

Posted on April 24, 2007December 30, 2021 by admini

“We are aware that in the past installing and maintaining and analyzing data from honeynets has been somewhat resource intensive,” says Ralph Logan, principal with The Logan Group and vice president of the Honeynet Project. The services are based on a new version of the alliance’s Capture-HPC client honeypot software. He says the tools are intended for organizations that can’t or don’t want to have their own client honeynet.

Meanwhile, the Honeynet Project’s soon-to-be-announced Global Distributed Honeynet, a distributed network of honeynets, automatically analyzes honeypot attack data gathered from various honeypot and honeynet locations around the world.

Kevin Mandia, who worked on the Honeynet Project until 2001, says honeynets are great for research and academia, but he would not recommend any of his clients in the government and enterprise world put one up.

Honeynets determine the “who and why” of insider attacks, notes Logan, versus security products such as firewalls and IDS that look more at the when, how, and what.

http://www.darkreading.com/document.asp?doc_id=122352&WT.svl=news2_5

The RAND Corporation last week sounded the alarm for refocusing the nation’s attention on a potentia

Posted on April 24, 2007December 30, 2021 by admini

Lurie said progress has been made in using technology to improve communications and pandemic surveillance but that more investment was needed.

As a step toward establishing methods to measure whether a community is ready for a large-scale health emergency, RAND recently convened an expert panel to come to a clear definition of public health preparedness.

http://govhealthit.com/article102525-04-20-07-Web

Users Confess Security Fears

Posted on April 20, 2007December 30, 2021 by admini

The exec explained that Six Flags, which owns 29 parks in the U.S. and Mexico, is in the middle of a major IT restructuring, which involves “segmenting” different parts of the business for security purposes.

“For example,” he said, “if we bring Kodak in to sell photos to our customers, they are on their segment and it can’t be hacked into.”

Encryption was also high on the agenda during the panel debate, prompted by the apparent ambivalence of many IT managers toward the technology. Just over a quarter of respondents confirmed that they encrypt laptop data, although only 8 percent lock down data on all devices, such as USB drives.

The biggest gripe from the panelists concerned the lack of security for portable media such as USB drives, which is something of an ongoing source of frustration for many IT managers.

http://www.darkreading.com/document.asp?doc_id=122196&WT.svl=news2_2

Targeted Attacks on the Rise

Posted on April 19, 2007December 30, 2021 by admini

“Previously, they may have been lost in the general noise of one to two million pieces of malware per day,” the report states. “Target organizations are those with data worth stealing,” the report says.

“One gang has been using the same two attack files since November 2006,” the report says. The Taiwan gang changes its source IP address frequently, making it hard to detect, MessageLabs says. The IP address hosting the Web server that dishes out the malware is registered to China United Telecommunications Corp. in Beijing. Emails from the Taiwan gang are not particularly attractive, generally showing only a string of unreadable characters and carrying attachments.

Many antivirus applications do not yet detect the Trojan, according to the messaging security company.

http://www.darkreading.com/document.asp?doc_id=122009&WT.svl=news2_5

Top 10 Internet Crimes of 2006

Posted on April 17, 2007December 30, 2021 by admini

More interesting are those areas with the highest per capita rate of perps: the District of Columbia, Nevada, New York, Tennessee, Maine, and Florida.

http://www.usnews.com/usnews/news/badguys/070416/top_10_internet_crimes_of_2006.htm