Category: Warnings

If employees are just forwarding to their Web e-mail, we have no way to know what they are doing on the other end, said Joe Fantuzzi, chief executive of the information security firm Workshare.

Hospitals have an added legal obligation to protect patient records. When DeKalb Medical Center in Atlanta started monitoring its staff use of Web-based e-mail, it found that doctors and nurses routinely forwarded confidential medical records to their personal Web mail accounts not for nefarious purposes, but so they could continue to work from home. DeKalb now forbids the practice, and uses several software systems that monitor the hospitals outbound e-mail and Web traffic.

Even the security experts most knowledgeable about the risks of e-mail forwarding to personal accounts acknowledge doing so themselves. Bargero said she often used her Yahoo Mail account on business trips so she does not have to access her corporate network remotely. It is difficult to quantify exactly how many otherwise model employees are opting to use services like Yahoo Mail or Googles Gmail over their companys authorized e-mail programs.

At the business software maker BEA Systems, Anthony Bisulca, a senior security analyst, estimated that around 30 percent of his employees were using private e-mail accounts in the office, even though the companys Internet policy clearly prohibits it.

Many corporate technology professionals express the fear that Google and its rivals may actually own the intellectual property in the e-mail that resides on their systems. If you cant trust employees enough to use services like Gmail, they probably shouldnt be working for you, he said.

In a survey conducted last year, the e-mail security firm Proofpoint found that 37 percent of companies in the United States used software to monitor office use of Web mail.

This year, Google plans to introduce a more secure version of Gmail for use in large companies. But Microsoft and other providers of traditional internal e-mail systems, which the research firm Radicati says generated $2.5 billion in sales last year, are helping companies combat employee use of the Web services.

http://www.nytimes.com/2007/01/11/technology/11email.html

Corporate and industrial espionage attacks are on the rise using targeted trojans intended to steal intellectual property and confidential information, according to the 2006 Annual MessageLabs Intelligence Report.

Mark Sunner, chief technology officer at MessageLabs said: ‘2006 was the year that spammers took the security industry by storm and showcased their new tactics and techniques for mass disruption.

Now accounting for almost nine out of 10 emails, spam has categorically shed its title of being a nuisance and is a perilous threat which all companies need to be protected against.’

A key component in the success of these highly targeted attacks is the distribution of spyware and adware which has grown into a multibillion dollar industry and fuelled an increase in the number of botnets being created.

http://www.computing.co.uk/computing/news/2171089/targeted-attacks-rise

Rustock, like other recent in-the-news exploits such as “Stration,” is designed to send spam from hijacked computers.

Rustock hooks into the Windows 32-bit kernel, and patches several APIs (Applications Programming Interfaces) to hide the new registry keys and files it installs.

Polymorphic exploits, which first appeared in 1990, are rarely seen today, Martin says, but Rustock has revived the practice as another defensive strategy against security software, which uses pattern detection and threat-specific signatures to sniff out malware.

http://www.informationweek.com/showArticle.jhtml;jsessionid=3SBBS032AKJBOQSNDLRSKH0CJUNN2JVN?articleID=196603916

Multiple real servers can be consolidated into one larger, more powerful virtual server platform; just pack a single server with a lot of memory and a very fast CPU. But what’s coming on the virtual forefront is even more revolutionary. I know of one company that’s going to allow its employees to work from home using virtual images. The company will send the entire corporate image to the employee over a VPN connection, or at worst, on a single DVD.

Security experts and power users are using virtual machines to explore the riskier parts of the Internet without worry of host desktop modification. Banks and protection vendors are coming up with innovative solutions that involve sending virtual desktops to their online customers to prevent remote control bots from stealing PINs or fraudulently transferring bank balances.

First, because new virtual machines are so easy to create, administrators and operators aren’t treating them with the same security thoroughness as they do real metal and wire servers.

Second, if attackers break out of a VM into the host, they can immediately impact every other supported host on the server.

Third, anti-virus software and other scanners on the outside can’t easily scan inside virtual workstation images for worms, bots, and other threats.

Last, there are no comprehensive studies to prove how well a virtual machine protects against running malware.

Like instant messaging and USB thumb drives, the virtual revolution is coming whether you like it or not. Discuss the impact virtual machines will have on your environment, especially on security, with vendors and your technical staff.

http://www.infoworld.com/article/06/12/01/49OPsecadvise_1.html

“Our goal was to determine the success rates of different types of phishing attacks, not just the types used today but those that have not yet occurred in the wild,” said Markus Jakobsson, associate professor at the IU School of Informatics.

Along with computer science doctoral student Jacob Ratkiewicz, Jakobsson devised simulated attacks in which users received emails appearing to be legitimate and providing links to eBay. One experiment they devised was to launch a ‘spear phishing’ attack in which a phisher sends a personalised message to a user who might actually welcome or expect the message. The researchers used three types of approach statements: ‘Hi can you ship packages with insurance for an extra fee?’

“We think that spear phishing attacks will become more prevalent as phishers are more able to harvest publicly available information to personalise each attack,” said Ratkiewicz.

http://www.vnunet.com/2166518

The xsec.org hackers referred to their code as a 0day, meaning an exploit for a previously undisclosed vulnerability. But one well-known hacker said the flaw was not difficult to find using publicly available security tools, such as the AxMan ActiveX fuzzing software.

Moore wrote an automated ActiveX testing tool called AxMan that uncovered a handful of IE bugs, including the one exploited by on xsec.org. Although Moore recently launched a project called the Month of Browser Bugs, in which he disclosed a new browser vulnerability every day for the month of July, he said he had refrained from disclosing this particular vulnerability. “This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn’t include in Month of Browser bugs due to the ease of exploitation,” he said.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003329&source=NLT_AM&nlid=1