admini – Page 271 – CyberSecurity Institute

DSW Settles Data Theft Case

Posted on December 2, 2005December 30, 2021 by admini

In March, DSW found that credit, debit and checking account numbers of customers in 25 states had been stolen by hackers breaking into the company’s database. In its complaint, the FTC charged that DSW unnecessarily held on to sensitive customer data it no longer needed and stored the information in multiple files, increasing the risks to consumers.

Some DSW customers have reported fraudulent charges to their accounts, and others with checking accounts have asked the company to pay the cost of closing accounts and ordering new checks, the FTC said. DSW noted that when the theft was discovered, it took immediate steps to notify customers and put in measures to prevent future thefts.

http://www.latimes.com/technology/la-fi-dsw2dec02,1,733532.story?coll=la-headlines-technology&ctrack=1&cset=true

BY THE NUMBERS: THE NEW SOX BREAKDOWN

Posted on December 1, 2005December 30, 2021 by admini

AMR Research compliance guru John Hagerty attributes the shift in spending in part to better guidance from the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PSCAOB), the watchdog for public accounting firms.

AMR found that many companies focused their SOX efforts this year on refining their existing business and IT control in preparation for automating through technology. According to the AMR survey, more than 80% of companies said they expect to reap business benefits by adding or improving their SOX compliance regimens.

The two biggest areas for SOX investment in 2006, says AMR, will be compliance management software and continuous controls monitoring software.

The report is a sneak peak at the firm’s annual comprehensive survey on SOX spending.

http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1148856,00.html

IT specialists ‘a dying breed’

Posted on November 29, 2005December 30, 2021 by admini

“The long-term value of today’s IT specialists will come from understanding and navigating the situations, processes and buying patterns that characterise vertical industries and cross-industry processes,” said Diane Morello, a research vice-president at Gartner, in a media statement.

According to Gartner, the workplace will also spawn a trend which will see the transfer of laptop ownership from company to employee. By 2008, 10 percent of companies will adopt this practice, managing the use of employee-owned laptops with schemes such as notebook allowances.

In addition, the analyst predicts that spending on regulatory compliance will grow at a rate twice that of IT spending. In a bid to keep up with regulatory compliance requirements by the US government and European Commission, businesses may consume discretionary IT budgets. This would leave little resources for organisations to manage initiatives key to business growth, such as exploring the use of new technology, Gartner warned.

The analyst advised IT departments to work with their legal, financial, and corporate departments to ensure business growth.

These and other industry trends are part of Gartner’s research series that discusses major trends affecting IT users, vendors and most industries in 2006 and beyond.

http://news.zdnet.co.uk/business/employment/0,39020648,39238831,00.htm

INFLUENTIAL SURVEY SAYS SECURITY ‘SET BACK BY 6 YEARS’

Posted on November 23, 2005December 30, 2021 by admini

“Six years ago attackers targeted operating systems and the operating system vendors didn’t do automated patching. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. ” During a press conference, Paller added, “These applications, other than AV, don’t have automated patching.”

In recent years, the institute said a majority of attacks targeted operating systems like UNIX and Windows and Internet services like Web servers and mail systems.

“The most noticeable set of applications targeted by attackers are the backup and recovery tools as well as antivirus and other security tools that most organizations think are keeping them safe from attacks and from loss of data,” the institute said. These include backup software, antivirus software, database software and even media players.

During the Tuesday morning press conference, Dhamankar said the threats that worry him the most are those targeting the Web browsers and media players — including Microsoft Media Player and Macromedia Flash. “The US-CERT received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products,” he said.

SANS said another worrying trend this year has been the fresh attention given to critical security holes in network devices like the routers and switches that keep traffic moving across the Internet.

http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1148491,00.html

CSI in computer forensics gaffe

Posted on November 18, 2005December 30, 2021 by admini

The temptation for IT departments to become digital detectives and deal with a breach of security in house is understandable, says Tobias, as companies worry about investor confidence, company reputation and business in general.

CY4OR’s guide to crime scene investigations Treat the matter seriously.
– Tell your legal team not your colleagues about your suspicions.
– Do not inform your IT department. Instead, hire computer forensic experts.

Professional analysts from reputable companies adhere to ACPO (Association of Chief Police Officer) guidelines, can identify digital evidence quickly and ensure that it will stand up in court by following the correct procedures. They can even image your computers at night, to avoid inevitable discussions by the water cooler.

The principle of forensics which says that “every contact leaves a trace” cannot be emphasised enough, says Tobias.

http://www.theregister.co.uk/2005/11/18/csi_forensics_gaffe/

Bots slim down to avoid detection

Posted on November 17, 2005December 30, 2021 by admini

The move to pint-size botnets helps malicious attackers have more success in delaying detection of their illicit zombie networks, Sunner said.

“When a larger botnet is spreading a virus, it lights up the switchboard of (antivirus) vendors, and they’ll respond in a few hours with a signature to contain the outbreak,” Sunner said. First, an increase in the numbers of hackers hoping to put together networks has made the task of securing zombie computers more competitive, so it is harder for the “bot herder” to amass a larger number of drone computers. Second, home users with high-bandwith connections, the primary targets of hackers, are taking more steps to secure their computers.

“As botnets get used up, they are blacklisted and less useful for spamming or phishing attacks,” Sunner said. Last year, Sunner said his company began noticing old, wornout spambots were being resold as potential DOS bots on various sites and forums used by malicious attackers.

http://www.zdnetindia.com/print.html?iElementId=130532