Category: Trends

Air passengers scanned by the new technology walk into a large booth where electromagnetic waves are beamed on to their body to create a virtual three-dimensional “naked” image from reflected energy.

Gareth Crossman, Director of Policy at Liberty, said: “I don’t think people are aware of what these scanners can do and how demeaning it is to have your body on display.

Security officials in the United States have pioneered use of the scanners at New York and Los Angeles airports because the technology reveals the contours of the body, picking up hidden items, such as guns or knives, more effectively than standard physical “pat-down” checks. Paolo Costa, Chairman of the European Parliament’s Transport Committee, is concerned over the safety of the new technology and how “nude” images of passengers will be viewed, then stored, by security officials.

http://www.telegraph.co.uk/news/worldnews/europe/3110533/EU-to-introduce-virtual-strip-searches-at-airports-by-2010.html

According to Finjan, code obfuscation remains the preferred technique for cybercriminals for their attacks.

Real-time content inspection is the optimal way to detect and block dynamically obfuscated code and similar types of advanced cybercrime techniques, since it analyzes and understands the code embedded within web content or files in real time – before it reaches the end-users.

http://newsblaze.com/story/2008092303030900016.pnw/topstory.html

“These findings illustrate the ineffectiveness of simply blocking incoming communications from foreign IP addresses as a way to defend your organization from cyber attacks,” SecureWorks says.

Many of the Georgian IT staff members thought that by blocking Russian IP addresses, they would be able to protect their networks. However, many of the Russian attacks were actually launched from IP addresses in Turkey and the United States, and Georgian systems ended up being hit hard.

In a separate report by the SANS Institute, researcher Maarten Van Hoorenbeeck wrote yesterday that stolen data is increasingly being stored on networks in the U.S. and Europe.

“Certain hosts started tunneling data to the network of an Indiana based provider of anonymity services, SecureIX,” Van Hoorenbeeck writes. Such anonymization services are not entirely safe for attackers, Van Hoorenbeeck says.

http://www.darkreading.com/document.asp?doc_id=164488&WT.svl=news1_3

More than a third of respondents plan to implement risk management tools across all of their business units in the next 12 months; another 26 percent will implement such tools with some business units. In 2006, about 40 percent of respondents said internal attacks were their top concern; that figure has dropped to 33 percent.

“Given all the attention that’s been paid to user awareness in the past few years, it’s sort of surprising that the user issue continues to be such a big part of the problem,” says Rick Blum, director of strategic marketing at BT. “This will require quantifying the potential cost of data loss as well as downtime caused by a virus or other attack,” the report states.

“These costs should take into account financial damages (outright theft), recovery costs (notification of affected parties, etc.), and loss of reputation (leading to loss of business).”

http://www.darkreading.com/document.asp?doc_id=163569&WT.svl=news2_1

As usual, the vulnerabilities most found in Web applications were cross-site scripting, information leakage, and SQL injection.

XSS accounted for 41 percent of all vulnerabilities; information leakage, 32 percent; SQL injection, 9 percent; and predictable resource location flaws, 8 percent.

“Looking at the numbers, I thought SQL injection would have a bigger presence in the number of vulnerabilities and vulnerable sites. Although the statistics seem to show the number is decreasing from previous years, do not stop fighting this class of attack, and all types of injection in general!!

http://www.darkreading.com/document.asp?doc_id=163467&WT.svl=news2_4

Those are impressive numbers in this economy, analyst Khalid Kark said in a keynote during Forrester’s Security Forum in Boston.

An organisation-wide focus on security also brings higher expectations, and sometimes conflicting expectations from the various departments in a business. Security has been the top priority for CIOs in Forrester surveys for four straight years, and 30% of security decision-makers surveyed report having a “dotted-line relationship” with the board or CEO.

Kark attributes this change in attitude partly to data breaches and resulting media coverage and lawsuits that focus public scrutiny on information security.

http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=10842