“The increase in spam coming out of the region is likely the result of a newly activated botnet running off computers in Asia”, said Anstis.
http://www.darkreading.com/document.asp?doc_id=118020&WT.svl=wire_6
Author: admini
DoS attacks to be made illegal in Sweden
This move by the Swedish government follows several well-publicized incidents in 2006 when government and police websites were brought down by DoS attacks.
Up until now Sweden had no laws that specifically addressed DoS attacks, but a new draft amendment to hacking laws proposed by the government this week would punish such offences by a maximum of 2 years in jail.
Last summer’s incidents with the government and police sites have gone unpunished because the authorities could not prove who the perpetrators were, even though there was speculation that these attacks were related to raids on prominent pirate exchange site The Pirate Bay.
http://www.viruslist.com/en/news?id=208274043
UK Bank Fined $1.9 Million for Losing Laptop
Firms’ internal controls are fundamental in ensuring customers’ details remain as secure as they can be and, as technology evolves, firms must keep their systems and controls up-to-date to prevent lapses in security.”
By agreeing to settle at an early stage of the FSA’s investigation, Nationwide qualified for a 30% discount under the FSA’s executive settlement procedures; without the discount, the fine would have been £1.4 million.
http://www.darkreading.com/document.asp?doc_id=117881&WT.svl=cmpnews1_1
Avoid Wasting Money on Penetration Testing
Is it reasonable to assume that an expert at testing Solaris, AIX, and other Unix flavours is also going to be equally as good on Windows? The truth is that most consultants have favourite platforms which they know at a deep level, and are either just competent or even incompetent with other platforms. Just as you wouldn’t use a tractor on a racetrack, or a Ferrari in a field, you wouldn’t put a Unix expert on a windows test, or an Oracle expert on a MSSQL assignment.
Consultants hate report writing The secret is out – consultants hate writing reports. You don’t ‘see’ the assessment – you see the report! The report IS the deliverable Remember, it is the Executive Summary that you will show to your manager, the remediation ad-vice that you will give to your team, and the classified vulnerabilities that your auditor will review.
The Methodology No doubt you’ve read, or at least skimmed through the “Methodology” paper on your suppliers web site, or their glossy brochure. It is designed to demonstrate a deep understanding of the assessment process. A consultant can do an excellent job without following the company methodology, but by not having a structure to work with, there is a good chance the results will be inconsistent at best, and dangerously incomplete at worst. It’s easy to wheel in a star consultant to win the business, but follow through with a trainee.
Finally, remember that companies don’t perform penetration tests, people do. So no matter which company you go to, it always boils down to the person you have working on your account.
http://www.it-observer.com/articles/1308/avoid_wasting_money_penetration_testing/
Security Outsourcing Heats Up
“While there’s still some skepticism out there — security was also cited as one of the top three factors keeping companies from engaging a managed service provider — there are some providers that have reached a kind of ‘trusted advisor’ status, and they are being engaged more and more frequently to deliver security services,” says Richard Rysiewicz, vice president of services at CompTIA.
RSA president Art Coviello announced a few weeks ago that his division will be working with parent company EMC’s professional services division for risk assessment for enterprises. And BT, which acquired MSSP Counterpane last year, is quietly making a major push into large, global enterprises, according to security guru Bruce Schneier, CTO of BT Counterpane.
“It’s not a choice between doing it in-house and doing it out-of-house.”
The trust issue is a plus for Internet Security Systems, the formerly-independent security vendor that now has become IBM’s arm for delivering managed security services.
Tom Noonan, a founder of ISS who now heads up IBM’s security efforts, says that rather than serving as an add-on, security is now driving many outsourcing projects. He says the researchers “were surprised” when security showed up in the top three reasons for selecting a supplier, just behind quality of service and price.
http://www.darkreading.com/document.asp?doc_id=117795&WT.svl=news1_4
CheckFree to Purchase Corillian in Bid to Expand Offerings to Banks
“Online banking is becoming increasingly integral to banks’ relationships with their customers, and the Internet is increasingly the point of interaction where services are delivered,” says Olsen.
Maggie Scarborough, a research manager with Financial Insight’s (Framingham, Mass.) corporate banking practice, “channel optimization” are the buzzwords of this acquisition. “CheckFree bought the channel for the delivery of its payments to consumers and small businesses; including consumer and business bill presentment and payment. The idea is that plugging directly into the channels gives CheckFree the opportunity to sell more services to Corillian’s expanding customer base, including fraud services, bill payment, and business bill payment and invoice presentment.”
This move is also to Corillian’s advantage as well as the company can further expand its potential for sales of online banking, small business banking, cash management, warehousing and fraud sales to CheckFree’s financial institution clients. The deal sounds reminiscent of another such announcement made earlier this year when financial management products provider Intuit announced its plans to buy online banking company Digital Insight. Art Gillis, IT consultant to banks and technology vendors, is not so sure about the extent to which CheckFree’s and Corillian’s bank customers will be affected by the combination. Whatever the outcome of this marriage, the merger shows the increasing importance being placed on the small business segment by the financial services industry, according to Financial Insight’s Scarborough.
http://www.banktech.com/news/showArticle.jhtml;jsessionid=J415R1IAHUNLYQSNDLOSKH0CJUNN2JVN?articleID=197007442