Security News Curated from across the world
The majority of cybercriminals in Japan were in their teens and twenties, following the trend from recent years.
The NPA is currently trying to promote public awareness of cybercrime and has so far succeeded in that, which has been highlighted by a significant drop in the number of cybercrime complaints for the first six months of 2006.
http://www.viruslist.com/en/news?id=208274044
“Identity management is one aspect of security that becomes a lot more complex in a Web services environment, because now you need a way to preserve the identities of both users and applications across different services.
The merger of Cisco and Reactivity could make it easier for enterprises to build a common structure for Web services security in at the network level, rather than forcing application developers to resolve the security issues at the program level, experts say. From that standpoint, especially in the virtualized data center, Reactivity and Cisco are in a good spot to make things happen.” “There is a threat of external attacks, and we’re addressing that, but in Web services, there’s a more important threat, which are security problems caused inadvertently by misprogramming,” says Sirota.
http://www.darkreading.com/document.asp?doc_id=117912&WT.svl=news1_2
“But one of the key things about hypervisors is their design is simpler than the modern operating system. On the flip side, it’s a new layer that’s another opportunity for attack,” he says.
Hypervisors are programs that allow multiple operating systems to use the same hardware. But these programs can also breed complexity, and with complexity comes security problems.
Virtualization security solutions so far have been focused mostly on the hypervisor: IBM, for instance, recently unveiled SHype, a new secure hypervisor technology that ties security policies to virtual machines. And VMWare’s desktop Ace software lets you lock down virtual machines, even when they are moved around. Lin says it works like a network access control (NAC) for virtual machines.
Thomas Ptacek, a security researcher with Matasano Security, says the move to virtualization is the biggest thing happening in IT today. “Some say virtualization of the OS doesn’t change anything, and others, that with virtualization, everything is broken,” Sequeira says. There are more vulnerabilities in your operating system than in your virtualization software, such as VMware, Matasano’s Ptacek notes. It’s more about how you configure your virtual architecture, where the virtual machine software is the main barrier among the different apps sharing the same physical machine.”
The underlying problem: Virtualization creates a set of dynamics in the IT infrastructure that traditional security approaches “don’t cope with well,” says Kevin Leahy, director of virtualization at IBM.
http://www.darkreading.com/document.asp?doc_id=117908&WT.svl=news2_3
“The increase in spam coming out of the region is likely the result of a newly activated botnet running off computers in Asia”, said Anstis.
http://www.darkreading.com/document.asp?doc_id=118020&WT.svl=wire_6
This move by the Swedish government follows several well-publicized incidents in 2006 when government and police websites were brought down by DoS attacks.
Up until now Sweden had no laws that specifically addressed DoS attacks, but a new draft amendment to hacking laws proposed by the government this week would punish such offences by a maximum of 2 years in jail.
Last summer’s incidents with the government and police sites have gone unpunished because the authorities could not prove who the perpetrators were, even though there was speculation that these attacks were related to raids on prominent pirate exchange site The Pirate Bay.
http://www.viruslist.com/en/news?id=208274043
Firms’ internal controls are fundamental in ensuring customers’ details remain as secure as they can be and, as technology evolves, firms must keep their systems and controls up-to-date to prevent lapses in security.”
By agreeing to settle at an early stage of the FSA’s investigation, Nationwide qualified for a 30% discount under the FSA’s executive settlement procedures; without the discount, the fine would have been £1.4 million.
http://www.darkreading.com/document.asp?doc_id=117881&WT.svl=cmpnews1_1