admini – Page 268 – CyberSecurity Institute

More IT Security Pros Filling Executive

Posted on January 3, 2006December 30, 2021 by admini

Schmidt, on the Board of Directors of the International Information Systems Security Certification, said he gets calls three or four times a month from companies that recently created executive positions in security. “There’s more attention and focus on IT security as a profession, as opposed to just a job,” Schmidt said.

The factors giving information security professionals greater visibility are: the maturation of the certification process; the increasing mobility of the world’s workforce and subsequent vulnerabilities; growing sophistication among hackers; more stringent regulations regarding data. “A lot of companies are finding themselves being in better financial positions, freeing up funds for investments in staffing and security,” Bohne said.

The IDC study, which culminated from the responses of 4,305 full-time information security professionals in more than 80 countries, showed that information security is most mature in the Americas.

Experience counts for something, but accreditation is helping build credibility in the information security field as well.

http://www.securitypipeline.com/news/175800733

December IM Attacks Jump 826 Percent Over ’04

Posted on January 3, 2006December 30, 2021 by admini

IMlogic has posted year-end results of its IM threat tracking efforts, including a graph showing the dramatic rise in attacks during 2005, on its Web site.

http://www.securitypipeline.com/news/175800842

Are your employees your biggest security concern?

Posted on January 2, 2006December 30, 2021 by admini

While the SANS list makes End Users responsible for keeping things like anti-virus up to date and operating systems patched, these functions can be and should be automated by IT staff.

Executive staff, according to the SANS article, have a much bigger responsibility. Many of the breaches that are known to have occurred in 2005 were the result of dishonest insiders, hackers, or poor security procedures (i.e., losing a backup tape). Encryption is a big deal in the world of networking and may require revamping the network in terms of encryption capable hardware and bandwidth needs. It is management’s responsibility to develop and mandate security policies, so that secure processes and procedures must be in place before systems “go live”, as well as make sure that IT is properly staffed.

A comprehensive Security Awareness program would go a long way towards educating banking employees at every level.

The breakdown of End User, Executive Staff, and Information Technology people is a good way to start. IT people need to understand that every time they rush to meet a deadline and put an unsecured system into production, they are jeopardizing the security and safety of the bank.

http://www.bankinfosecurity.com/articles.php?art_id=103&PHPSESSID=8af89b3eb8240a0e33ca65c806a8ac16

IP cloaking becoming a business necessity

Posted on January 2, 2006December 30, 2021 by admini

IP-based spoofing, on the other hand, directs certain IP addresses to fake Web sites containing false or misleading information. Another, similar technique is IP-based cloaking, which configures a legitimate Web site to display inaccurate or incomplete information only when it is accessed from certain IP addresses. Redirect spoofing sends specific traffic to an alternate page within the site.

For instance, if one airline knows a competitor checks its site for fares daily, it can jack up the price only when a rival’s IP address tries to access the site.

Major retailers sometimes employ this technique by displaying only expensive merchandise based on customers’ past buying habits.

http://www.bankinfosecurity.com/articles.php?art_id=102&PHPSESSID=8af89b3eb8240a0e33ca65c806a8ac16

Phishing By The Numbers: 41,000 Blocked Sites in 2005

Posted on January 1, 2006December 30, 2021 by admini

Top Techniques for this activity include Phishing Hosting: Free web hosts continued to be favored location for hosting phishing sites, as seen on Netcraft’s Phishiest Hosters page. Also ranking highly were several hosts that seem to offer scant policing of scams, including Romanian host Home.ro/Go.ro, which was home to more than 760 phishing URLs in 2005.

More than 600 phishing spoof sites were hosted on compromised forums and content management systems, offering a reminder that security problems with these programs extend beyond the site’s operators and users.

The Geography of Phishing: A review of 5,000 of the most recently confirmed phishing URLs shows that .com continues to be the most popular top-level doman (TLD), with Russia and Romania being the only country-specific TLDs with more than 1 percent of URLs. Romania has hosted 1,397 phishing sites in 2005, equivalent to about 3.3 percent of all hostnames in that country.

The Netcraft Toolbar Community is digital neighborhood watch scheme, in which the most alert and expert members act to defend the larger community of users against phishing frauds. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL. Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.

http://news.netcraft.com/archives/2005/12/31/phishing_by_the_numbers_41000_blocked_sites_in_2005.html

Phishers Stay One Step Ahead

Posted on December 30, 2005December 30, 2021 by admini

Other phishing trends Netcraft spotted during 2005 included the appearance of pharming attacks and fraudulent e-mails that included HTML-based forms, a tactic that eliminated the need to craft elaborate Web sites to trick users.

Also in 2005, phishing attacks — which are spawned by massive amounts of spam — began using the spammer technique of replacing text with image-based e-mails to avoid detection by keyword-sniffing spam and phishing filters.

http://www.securitypipeline.com/news/175800281