Security News Curated from across the world
For the indicator to move higher, there has to be a notable threat increase, Cole said. Similarly, when an unusual number of Trojan horses or phishing e-mails are being spammed, the e-mail threat level will rise to medium, Cole said.
http://news.zdnet.com/2100-1009_22-6043873.html
Even with the comprehensive set of security products Juniper and Cisco have developed, integrators are still finding holes that can be filled by innovative security companies with specialized tools.
In particular, with applications like VoIP and 802.11 wireless networks, security concerns are only starting to emerge, so the reliability of protection from attacks is very much in doubt, according to several VoIP specialists.
VARs say they’d like to see Cisco’s SDN platform include an integrated management tool that links all the products together, and a solution for spam, content filtering and virus control, all of which are handled by third-party products with SDN.
http://www.varbusiness.com/showArticle.jhtml;jsessionid=QVM0ECQPSNV1WQSNDBOCKHSCJUMEKJVN?articleID=179103316
This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake Web site.
“These Trojans are very selective,” said Cristine Hoepers, general manager of Brazil’s Computer Emergency Response Team, which runs under the auspices of the country’s public-private Internet Steering Committee.
According to data compiled by computer security companies in 2005, the use of “crimeware” like keyloggers to steal user names and passwords — and ultimately cash — has soared. The antivirus company Symantec has reported that half of the malicious software it tracks is designed not to damage computers but to gather personal data. About one-third of all malicious code tracked by the company now contains some keylogging component, according to Ken Dunham, the company’s rapid-response director.
And the SANS Institute, a group that trains and certifies computer security professionals, estimated that at a single moment last fall, as many as 9.9 million machines in the United States were infected with keyloggers of one kind or another, putting as much as $24 billion in bank account assets — and probably much more — literally at the fingertips of fraudsters.
The Federal Deposit Insurance Corporation, responding to the growing threat of cybercrime to the financial industry, stiffened its guidelines for Internet banking in October, effectively ordering banks to do more than ask for a simple user name and password.
“These can be developed by a 12-year-old hacker,” said Eugene Kaspersky, a co-founder of Kaspersky Labs, an international computer security and antivirus company based in Moscow.
http://www.nytimes.com/2006/02/27/technology/27hack.html?_r=1&ei=5094&en=bd1daecaefa11240&hp=&ex=1141102800&oref=slogin&partner=homepage&pagewanted=print
The software created by the project will likely compete with Microsoft’s InfoCard framework, which will form the core identity management role in the software giant’s next-generation operating system, Windows Vista.
The hope is that the software will help reduce the amount of unsecured data on the Internet and stem the tide of data leaks.
http://www.securityfocus.com/brief/149?ref=rss
Consumer advocate Beth Givens ruefully chuckled at the idea that companies that specialize in security and keeping track of important information would commit such gaffes. “It just points out how pervasive these security breaches are,” said Givens, director of the San Diego nonprofit Privacy Rights Clearinghouse.
Deloitte made the CD in order to back up a McAfee database of employee stock holdings, according to the letter. MacDermott said McAfee did not have a policy requiring its auditor to encrypt the data.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/02/25/BUG2IHEGCC1.DTL&hw=security+breach&sn=001&sc=1000
Computer virus statistics from the Commtouch Detection Center indicate that 40% of attacks during January met this profile.
Also, there is a clear connection between the attack’s speed and its intensity — the faster attacks are the biggest ones: while the average distribution time of low intensity attacks is a “leisurely” 27 hours and medium-intensity attacks can take 17 hours, massive attacks take as little as 5.5 hours to spread in hundreds of millions of emails.
Based in part on a reliable third party lab test, Commtouch was able to compare detection times of 21 leading AV engines against 19 new viruses in January.
January spam statistics show that 43.18% of global spam is sent from US-based sources (down from approximately 50%).
http://www.alwayson-network.com/comments.php?id=14063_0_3_0_C