The report also detailed what hardware and software players were gaining traction.
Surprisingly, Lenovo and Apple were shown to be gaining share of the IT spend, which Dell and HP were losing share.
http://blogs.zdnet.com/BTL/?p=4646
Author: admini
Forget hackers; companies responsible for most data breaches, study says
“What this shows is that a surprising number of incidents actually involve corporate mismanagement more than hackers,” said Philip Howard, assistant professor of communication at the University of Washington and co-author of the report.
A report released last week by the IT Policy Compliance Group showed that human error is the overwhelming cause of losses of sensitive data — contributing to 75% of all occurrences, while malicious hacking activity contributed to just 20% of data losses. According to that report, the primary channels for data loss involve laptops and mobile devices as well as e-mail and instant messages. Even in incidents that were publicly blamed on external hackers, the reality is a bit more nuanced, Howard said.
When it comes to just the volume of compromised records, though, external hackers accounted for some 45% of breached records, while 27% came from internal errors and 28% remained unattributed, Howard said. The university study also showed that there were more reported incidents in 2005 and 2006 — 424 — than the previous 25 years combined, when there were 126. But that’s likely because of breach-disclosure laws in California and several other states that require companies to notify consumers of incidents involving the potential compromise of their data, he said.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013142&source=NLT_AM&nlid=1
Microsoft has released SP2 for Windows 2003
Clustering A new event log event has been created to address certain situations in which the Cluster service account becomes excessively restricted by domain policy. Data access components XmlLite is new with Windows Server 2003 SP2. XmlLite is a fast, low-level, native XML parser with a small memory footprint. Distributed…
McAfee maps malware risk domains
The survey – which aims to provide a guide book of the net’s most dangerous top level domains – also looked at generic top level domains. Some web activities, like registering at a site or downloading a file, are significantly more risky when done at certain domains.
http://www.theregister.co.uk/2007/03/12/malware_atlas/
A New Spin on Honeynets
Low-interaction honeypots find the what, when, and how of an attack: “They are there to capture automated attacks and malware,” and don’t really interact with the attacker, he says.
High-interaction honeynets let the attacker exploit and interact with the machines more actively, thus capturing more details about the attack and attacker.
Not only do they incur overhead for IT — you need staff to manage them and their flow of information — but they are also limited to known vulnerabilities, for instance. “Honeynets are great collecting tools, but unfortunately the majority of the time they don’t provide information on a vulnerability that was not already public. Arbor, like other organizations that dabble in this type of attack analysis, uses a combination of darknets and honeynets to track malicious traffic for its ISP customers in its Atlas service.
“No one knows it’s a honeypot — it looks like an enterprise server.” That’s especially useful when attackers are targeting a specific organization’s IP addresses, he says. If they try to log onto a honeypot, they are doing something outside your corporate policy.” And the insider threat may be the sweet spot for honeynets in the enterprise, where the practice has not had much widespread use due to the overhead associated with the all the data they gather, as well as worries about asking for trouble by putting one up.
He says the Big Brother argument doesn’t fly here: “Corporations are well within their rights to deploy honeynets to secure their own networks and identify anyone doing things outside the corporate policy.”
http://www.darkreading.com/document.asp?doc_id=119081&WT.svl=news1_1
ID theft forecast: Gloomy today, worse tomorrow
“Hackers are exploiting Internet auctions, money transfers like Western Union and PayPal, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,” said Litan. “They’re going after the weakest links, the consumers using social engineering tactics, and the U.S.’s payment systems at retail and businesses.” “Banks eat the fraud there,” at least for now, said Litan.
A Massachusetts state lawmaker, however, has proposed a bill that would hold retailers financially responsible for breaches. “The retailers are already paying for fraud” in the form of higher interchange charges, Litan said. She offered up examples of how that might be done, including more sophisticated authentication on debit cards and payment processors relying on identity scoring systems that were able to spot thieves using indicators like physical location.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9012483&source=NLT_AM&nlid=1