Category: Trends

“McDonald’s Canada proudly supports the Canadian beef industry,” says Jeff Kroll, Senior Vice-President, National Supply Chain, at McDonald’s Canada. “McDonald’s Canada has made a commitment to Canadian beef which today translates into the company using 100% Canadian beef for all its burger offerings,” says John Gillespie, BIC Chairman and producer from Ayr, Ontario. “As the largest foodservice purchaser of beef in Canada, this is a significant alliance for Canada’s beef industry.”

From the outset, Brad Wildeman, President of the Canadian Cattlemen’s Association and a feedlot operator fron Lanigan, Saskatchewan, has been quick to point out that “Canadian cattle producers appreciate that McDonald’s Canada has been a long-time supporter of the Canadian beef industry.

The initial appearance of the chain email earlier in the year prompted McDonald’s Canada to post a statement on its website, www.mcdonalds.ca, refuting the claim with the facts, most notably that McDonald’s Canada proudly sources 100% of its beef from Canadian producers.

http://www.meattradenewsdaily.co.uk/news/051109/canada___beef_information_service.aspx

While browser vulnerabilities increased slightly, application vulnerabilities dropped and operating system holes were flat, Microsoft said. Microsoft software accounted for 6 of the top 10 browser-based holes attacked on Windows XP computers, compared with only one on Vista computers. Of the top 10 browser-based holes exploited on computers running Vista, 2 targeted Adobe Reader and the most significant one targeted Adobe Flash Player.

In the third spot was an exploit aimed at Internet Explorer.

Infection rates for Windows Vista were significantly lower than Windows XP, while the rate for Windows Server 2008 was less than Server 2003.

Microsoft released 27 security bulletins in the first half of the year, addressing 85 individual vulnerabilities.

McAfee’s report showed the U.S. as the top country when it comes to the number of compromised computers that are zombies used in botnets to do things like send spam, followed by China and Brazil.

http://news.cnet.com/8301-27080_3-10387768-245.html

According to PricewaterhouseCooper’s (New York) Global State of Information Security 2010 survey, information security executives are facing more challenges today than ever. Surprisingly, however, they are not being starved of the resources they need to keep company data safe.

PwC surveyed its own clients in 130 countries, plus the readers of CIO Magazine and CSO Magazine.

Technology and financial services companies consisted of the top two in terms of survey participants, at 1,250 and 1,165 respondents, respectively.

Mark Lobel, a principal with PwC in its security practice, told attendees at a conference unveiling the survey results on Wednesday that he and his team weren’t too optimistic about what they would find, given all the news of layoffs and budget cutbacks.

Even in this crisis, 38 percent of global companies said they still plan to increase their information security spending.

Forty-three percent of respondents said their companies are deferring security initiatives for capital expenditures, while 40 percent said they were deferring these initiatives for operating expenditures.

“I believe that moving from 2009 to 2010 will be a coming of age for information security,” he said.

Even so, information security executives are experiencing more pressure from the top to prove the value of their expenditures on security technology. Further findings from the survey found that there has been a steady increase in security incidents from 2008 to 2009, with 35 percent of companies reporting 1 to 9 incidents, versus 30 percent last year.

Also, data is the biggest target of cyber thieves: 23 percent this year, as opposed to 16 percent in 2008. Although respondents said 33 percent of incidents occurred because of a current employees, 39 percent didn’t know whether it was from the inside, a former employee or a hacker.

It’s no longer acceptable to reactively hear about a breach. Again, referring to the leadership role financial services has shown in data security, Lobel indicated another finding: that although the downturn is a driver for companies’ infosec spending, it had less of an impact on financial services than other sectors (38 percent for financial services versus 43 percent for technology, 42 percent for healthcare and 41 percent for the retail industry).

http://www.banktech.com/risk-management/showArticle.jhtml;jsessionid=LTGLRGEA3IYVFQE1GHPSKHWATMY32JVN?articleID=220800154&_requestid=525984

“We’ve certainly seen in last 120 days an uptick in critical infrastructure impacting attacks,” said Danny McPherson, Arbor’s chief security officer.

Paul Lappas, vice president of engineering for GoGrid, said the attack came from thousands of severs around the Web, and targeted every last one of his company’s Internet addresses.

On April 1, attackers struck Register.com, a Web hosting provider that also is one of the Internet’s largest domain name registrars. The attack came in fits and starts, and disrupted service intermittently for millions of register.com customers for several days.

On April 6 and 7, The Planet, the world’s largest privately held dedicated Web hosting provider, that serves more than 15 million Web sites, was hit by what the Houston-based company called a “massive” DDoS attack.

That same week, a concerted DDoS attack struck Telefonica in Brazil, an Internet service provider that provides Web connectivity to more than 2.1 million Brazilians.

In most cases, the attacks go unnoticed, either because the target pays the ransom or quickly hires companies that specialize in fending off the assaults. “Attackers like to illustrate their firepower of their botnets, and sometimes when you see these attacks that target large numbers of users, they are often just a demonstration,” McPherson said. “They are becoming more successful because we’re reading about them a lot more in the press than we did in the past,” Silva said.

DNS is akin to the white pages of the Internet, translating Web site names like example.com into numeric addresses that are easier for computers to find. The machines that handle that translation, known as DNS servers, are the unseen workhorses responsible for routing everything from Web searches to e-mail and instant messaging. “This is usually fine, until that organization comes under an attack on those DNS servers.” Also, the global DNS system doesn’t yet have a widely deployed system for determining when someone requesting the location of a site is fibbing about his or her own location.

SharkTech owner Tim Timrawi said his business was knocked offline for five hours from a DNS attack that heaved more than 20 gigabits of traffic per second at his company’s servers, or roughly the equivalent of the data contained in about 5,000 novels sent digitally every second. “Imagine if someone using the U.S. mail sent a small letter to a company requesting a brochure of their information, but that person wrote your address as the return address.

Arbor’s McPherson said there are number of things that can be done to diminish the effectiveness of DDoS attacks, but that most require ISPs to do a better job adopting long-established Internet best practices, such as those that call on network providers to filter out incoming Web traffic that appears to be spoofed.

http://www.washingtonpost.com/wp-dyn/content/article/2009/05/01/AR2009050101593.html?hpid=moreheadlines

This more “persistent” rootkit is more dangerous than a regular rootkit because it could use the BIOS-located network stack to attack other machines, as well as “using normal exploits, without any access to the disk or memory in the operating system,” the researchers said.

What’s the best defense against such an attack? The researchers say it’s tough to prevent any attack from an advanced rootkit like this.

The best options, they say, are to prevent the flashing of the BIOS by enabling “write” protection on the motherboard, or deploying digitally signed BIOSes, for instance.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=EHDXVE1URKONSQSNDLPCKH0CJUNN2JVN?articleID=216401170&subSection=Vulnerabilities+and+threats

The Federal Information Security Management Act requires agencies to report cyber incidents, which are defined as acts that violate computer security or acceptable-use policies.

Mischel Kwon, US-CERT’s director, said that the numbers represent both an increase in malware and improvements in the capabilities of US-CERT and agencies to detect and report cyber incidents. “Both parts of the story are true: There is an increase in mal events, and there is an increase in capabilities in order to detect those mal events.” Kwon added that the numbers were a bit deceiving because the reports are based on manual reporting by agencies and that there are few security operations centers that monitor federal agency networks.

US-CERT, the operational arm of DHS’ National Cyber Security Division, works to analyze and reduce threat capabilities throughout government and industry, disseminate warning information and coordinate incident response activities. US-CERT also runs Einstein, a federal network-monitoring system. It is in the process of deploying a second version of the system with enhanced capabilities.

Kwon added that visibility across the federal network and incident reporting will improve as the second version of Einstein is deployed and agencies continue to reduce the number of connections they have to Internet under the Trusted Internet Connection project.

http://fcw.com/Articles/2009/02/17/CERT-cyber-incidents.aspx