The updated PCI standard will cover Web apps, third-party controls. VISA Inc. and MasterCard International Inc. will release new security rules in the next 30 to 60 days for all organizations that handle credit card data, a Visa official said this week. The rules will be the first major updates to the one-year-old Payment Card Industry (PCI) data security standard, which analysts said is slowly but surely being adopted. One set of PCI extensions is aimed at protecting credit card data from emerging Web application security threats, said Eduardo Perez, vice president of corporate risk and compliance at Foster City, Calif.-based Visa. Other new rules will require companies to ensure that any third parties that they deal with, such as hosting providers, have proper controls for securing credit card data.
Author: admini
Security agency war game tries to teach Net defense
In hopes of simulating a real-world situation, the attackers made a point of using the most publicly known exploits during the competition. They also took advantage of common mistakes like the use of weak passwords or the same passwords on multiple systems, and targeted security holes in Microsoft Windows that have readily available patches. In one case, for instance, NSA hackers gained control of a router in a complex network architecture built by the West Point team because the team neglected to change the default password on the Cisco Systems device.
Michael Tanner, an Air Force cadet, said the team’s nine members, mostly computer science and engineering majors, had only basic knowledge of information assurance practices.
“We know there’s a tendency for students to think they have to build some sort of whizbang network with bells and whistles,” said Rigo MacTaggart, who participated on the NSA’s end.
http://news.com.com/Security+agency+war+game+tries+to+teach+Net+defense/2100-7355_3-6091731.html?tag=nefd.top
Trojans On The March
The malware writers are trying to keep the vendors busy while they target malware attacks, such as specific threats sent to specific users for theft purposes, she added.
“Figures may vary from one company and other, of course, but undoubtedly the Trojan hordes, due to their capability to steal passwords, give the creators the chance of stealing money,” Panda Software Labs’ Sanabria said.
The stats arrive at a time when the “classical” viruses (file virus, macro virus, etc) are considered almost dead by firms such as Panda. Ron O’Brien, senior security analyst at Sophos, explained to internetnews.com that the Mac statement was made in the context of whether the end user is committed to the effort or time to manage and maintain a safe and protected Windows environment.
“The introduction of new security measures, including some planned for Vista, may slow down the rate at which machines are impacted by malware, O’Brien said. Microsoft, for its part, said it believes Windows customers are becoming increasingly more secure, thanks in part to Microsoft’s Malicious Software Removal Tool (MSRT). Microsoft claims in a recent report that since it released MSRT, over 270 million unique computers ran the tool for about 2.7 billion executions of the removal tool.
“It’s important to remember that no software is 100 percent secure,” a Microsoft spokesperson told internetnews.com.
http://www.internetnews.com/security/article.php/3618381
VPN and Security Services Markets to Reach $37B in 2009
The report tracks annual VPN service revenue by service type, technology, remote access vs. site-to-site, intranet vs. extranet, and organization size, and tracks security services by service type and organization size.
http://www.infonetics.com/resources/purple.shtml?ms06.vs.nr.shtml
http://www.darkreading.com/document.asp?doc_id=98632&WT.svl=wire_2
Email gives way to new virus distribution tactics
“This is by no means a victory for the security industry over malware writers”, said James Kay, chief technology officer at BlackSpider. “What we are actually seeing is a switch in virus distribution tactics rather than a drop in viruses,” he said.
It’s more of an evolution than a new wave in internet crime,” said Thomas Raschke, senior analyst at Forrester Research.
http://www.pcauthority.com.au/news.aspx?CIaNID=34514
McAfee, Inc. Reports Security Threats Doubled in Record Time
McAfee, Inc., the global leader in Intrusion Prevention and Security Risk Management, today announced a significant milestone in the growth of malicious threats faced by businesses and individual users. McAfee Avert Labs combine world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise.
http://interestalert.com/story/siteia.shtml?Story=st/sn/0706001caaa04683.prn&Sys=siteia&Fid=COMPUELE&Type=News&Filter=ComputerandElectronics