Category: News

A lot of companies spend too much money on security controls such as firewalls, anti-virus software and other desktop protection tools designed to defend against traditional mass attacks, said John Pescatore, a Gartner analyst. According to Pescatore, over the years such products have become highly commoditized and can be deployed for far less than many companies currently shell out for such protection. Such planning is important at a time when the costs associated with security breaches are going up sharply.

Over the next two years in fact, companies can expect breach-related costs to increase on average by 20 percent each year compared to today, according to Gartner. Increasingly, companies that suffer data breaches are getting sued by victims as well as by other affected parties.

http://www.pcworld.com/businesscenter/article/138494/better_it_security_doesnt_mean_spending_more.html

Runald said the rising occurrence of “drive-by” downloads is “most worrying”, referring to the situation whereby a Trojan, embedded in a website, surreptitiously downloads itself onto a user’s system when the page is visited. The only solution, the security expert said, is vigilance in ensuring all security software is constantly updated, so that the user can be protected from threats they do not see. “Even if people have been educated on safe surfing, they either forget or don’t care,” Runald said.

Mobile security Runald also noted that the technology is available to cause serious damage on mobile devices. According to the security expert, 99 percent of mobile malware is targeted at the Symbian operating system (OS) because it is the market leader and its source code is open, making it easier to examine the OS for vulnerabilities. Referring to Apple’s iPhone, Runald said: “In theory, by having a closed OS, it should be safer.

Offering an explanation as to why a mobile malware pandemic has not yet occurred, Runald said there has not been a concerted effort by mobile virus coders because they tend to be “kids” who are interested in “a bit of fame and mischief”, rather than being motivated by profit like those who code for PCs.

However, Runald cautioned that this does not rule out the possibility of a mobile malware outbreak.

http://news.zdnet.co.uk/security/0,1000000189,39289980,00.htm?r=1

“Our research shows that, while most companies (including financial institutions) recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”

62 percent of study respondents confirm or are unsure if their off-network equipment contains unprotected sensitive or confidential information; At same time, 39 percent do not view the management of off-network data bearing equipment a critical component to security; 70 percent of data breaches result from the loss of off-network equipment; and, 30 percent say they would never detect the loss or theft of confidential data from off-network equipment.

http://www.bankinfosecurity.com/articles.php?art_id=571

“vPro will ship with the third generation of Intel Active Management Technology (AMT). The engine helps manage, inventory, diagnose and repair PCs even when the system is turned off or has suffered an OS or hard drive crash.
vPro also now supports new standards from Desktop Mobile Working Group (DMWG), which is a specification for compatibility across PC hardware and software developed by the Distributed Management Task Force (DMTF).

http://www.theregister.co.uk/2007/08/24/intel_vpro_update_2007/

Graham says it’s no surprise this could be accomplished, but it was a bit of a shock to him that attackers are already using it to their advantage.

TippingPoint late last month temporarily removed its Zero Day Initiative (ZDI) signature updates for its IPSs after getting the word from Errata on its research. The IPS vendor said it then added more secure storage and delivery to its software and recently released an update with those enhancements.

Graham says Errata decided to test the ZDI signatures after finding at least two different hacking groups that wrote zero-day attacks using the signature TippingPoint released to patch the hole found in the infamous $10,000 Apple hacking contest at CanSec West earlier this year. Errata used the well known IDA Pro reverse-engineering tool, and also wrote its own tools for decrypting TippingPoint’s signatures.

Graham says he won’t be releasing the tools: “We want to demonstrate that it can be done… ” He argues that the trouble with these zero-day signatures is they are often used more for marketing purposes so an IPS vendors can show that they “got there” first, but this process instead invites trouble. “We believe, and our customers agree, that providing zero-day filters in advance of vendor announcement of a vulnerability is serving a positive security purpose, in spite of the risk that some point out,” says Terri Forslof, manager of security response for TippingPoint.

Graham says Errata’s Black Hat briefing session will also include some strategies for this, but the bottom line is vendors cannot protect themselves with software alone. “An important first step would be to compile the signatures at the factory before sending them to the box, rather than shipping the source of their signatures.”

As for IPS customers, if you’re a high-value target, Graham says, you need to be aware that the bad guys already have these signatures, and they could use them to hit you. It’s simple for an attacker to bypass the IPS altogether: “All they have to do is change a few bytes in the patterns” of the exploit, and they can get right past the IPS.

http://www.darkreading.com/document.asp?doc_id=130313&WT.svl=news2_1

Cybercrime has become a threat to the nation’s economic and security interests, according to a report released Monday by a Congressional research and investigation agency.

“These projected losses are based on direct and indirect costs that may include actual money stolen, estimated cost of intellectual property stolen, and recovery cost of repairing or replacing damaged networks and equipment,” says the report, released through the offices of Reps.

What’s more, he added, a lot of cybercrime goes undetected. “There’s more expertise in the private sector, where it’s easier for a corporation to have an instant response team of professionals that deal with these issues,” Bedser said. “They can go in, figure out what happened, clean it up, fix it and keep the business running quicker and more effectively than calling in criminal investigators to look into the problem.”

The GAO report acknowledges that certain personnel policies at federal law enforcement agencies may be hurting the fight against cybercrime.

“In order to address the challenge of ensuring adequate law enforcement analytical and technical capabilities,” it continues, “we are recommending that the Attorney General and the Secretary of Homeland Security reassess and modify, as appropriate, current rotation policies to retain key expertise necessary to investigate and prosecute cybercrime.”

http://www.technewsworld.com/rsstory/58517.html