Reuters reports the potential for power failures in the Midwest

Posted on by admini

Coming into summertime and with the violent storms we have seen, it is clear to us the power grid is stretched,” said MAP President Gary Heminger in a conference call.

The bulk of its operations are in the Midwest, a region that has been strafed by deadly storms over the past couple of weeks and which is particularly sensitive to refinery problems due to a shortfall in the region’s fuel production capacity. Oil refinery operations can be brought to a swift and sometimes damaging halt during a power grid failure. He said he expects strong refining margins through the summer due to a lack of U.S. refining capacity and strong demand despite record high gasoline prices. Heminger said MAP is on track to increase refining capacity at its Detroit, Michigan, refinery from 74,000 bpd to 100,000 bpd by the end of 2005.

More info: http://biz.yahoo.com/rc/040602/energy_map_refineries_1.html

Read more

Cisco details strategy for Catalyst Firewall Services Module and anti-DDoS gear

Posted on by admini

According to Hoe, the Firewall Services Module 2.2 can be deployed and configured through any of three Cisco management consoles so that network managers can establish “logical firewalls” between Catalyst switching points, each with its own policy and rules.

The PIX Device Manager v.40 would only support a single Cisco Catalyst 6500 Series Firewall Services Module.

Firewall controls can be set based on IP address, protocols, and network access control lists, Hoe said. The Firewall Services Module is wholly separate from the module for IPSec VPN, which is also available for the Cisco Catalyst 6500 Series switches, as are modules for intrusion detection.

In addition, Cisco also announced what amounts to a re-branding of the Riverhead Networks equipment, Guard and Detector, which Cisco gained in its acquisition of Riverhead this March for $39 million. Guard and Detector are used to monitor traffic flows and combat distributed denial-of-service (DoS) attacks that can flood networks with unneeded traffic so that legitimate traffic is obstructed.

The Cisco Guard XT 5650 is a network appliance that compares traffic flows to profiles of normal traffic patterns, behavior and protocol compliance, among other features, and can be used to block attacks. The Cisco Traffic Anomaly Detector XT 5600 is used to identity a broad range of distributed DoS attacks and automate activation of the Cisco Guard XT 5650.

More info: http://www.nwfusion.com/news/2004/0602cisco.html

Read more

Security vendor says offshore development needs checks

Posted on by admini

Software companies must add additional controls to the development process for software produced outside the U.S., said Steve Solomon, chief executive officer of the Dallas, Texas-based Citadel.

“Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code,” Solomon told the House Government Reform Committee’s Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

Much of the hearing, which lasted more than two hours, was devoted to government agencies detailing their cybersecurity efforts, but Solomon’s comments drew disagreement from Microsoft Corp. and Juniper Networks Inc. representatives.

Subcommittee chairman Adam Putnam, a Florida Republican, focused some of his questions on the patching process after software vulnerabilties are discovered. Asked by Putnam if the patching process and the alert process that accompanies it is working well, Scott Culp, senior security strategist for Microsoft, said he believes software vendors are working hard to notify government and private customers. “I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today …

Solomon also suggested that companies that rely on patch management services have “false security” because they are missing larger problems, such as the lack of broad security policies and recovery after attacks.

Incentives such as tax breaks, cybersecurity insurance and lawsuit reform could help software companies make more secure products, Rosenthal added.

Meanwhile, the U.S. Department of Homeland Security (DHS) is working with private companies to pump up the programs offered by US-CERT, the government’s computer emergency readiness team, said Amit Yoran, director of the National Cyber Security Division at DHS. US-CERT launched a national cyber alert system in January, and around mid-year it plans to roll out a partner program to encourage private companies and universities to work with government agencies. Goals of the partner program include the better sharing of information on cyber threats, improving cyber response and increasing discussion about cybersecurity, Yoran said.

More info: http://www.infoworld.com/article/04/06/02/HNoffshorecheck_1.html

Read more

Hackers costing banks millions

Posted on by admini

The world’s financial and banking systems are under increasing attack from internet viruses. Many attacks, according to the Deloittes Global Security Survey 2004, have resulted in costly losses.

Despite this experience, the survey also found that 25 per cent of the top 100 companies interviewed have flat budgets for their security systems.

This month Westpac was penetrated by the Sasser virus which slowed down its information processing. Westpac spokesman Paul Gregory said the bank’s systems were purged overnight and no financial loss was incurred. Westpac, AMP financial Services and Kiwi Bank also said they regard information systems security and planning to be critical.

Global leader of Deloitte’s IT Risk Management and Security Services, Adel Melek, said the challenges were getting greater as banks fought bigger battles around security and resources stagnated. Although more than 70 per cent of respondents saw viruses and worms as the greatest threat to their systems in the next 12 months, only 87 per cent had fully deployed anti-virus measures.

The ASB’s general manager retail banking Barbara Chapman said her organisation had security as a top priority and its banking systems had never been penetrated. Management took a very firm view that security was critical. There were significant policies, practice and adequate funding to support initiatives in this area. She said an area where there was potential for harm for any bank was when customers accessed their accounts from unsafe environments like internet cafes. It was the same as being aware that someone could be watching as you used your Eftpos card to get money from a hole in the wall.

More info: http://www.dsinet.org/?id=3797

Read more

Financial Firms in Hackers’ Crosshairs

Posted on by admini

The professional service firm’s annual Global Security Survey showed a dramatic rise in the number of respondents reporting system breaches.

“Security threats such as viruses, worms, malicious code, sabotage and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally,” Ted DeZabala a principal and national leader of Security Services for Deloitte & Touche, said in a statement.

Despite that, fewer respondents reported fully deployed antivirus measures — 96 percent last year compared to 87 percent this year. Also, IT security budgets were flat at more than 25 percent of the survey base, with 10 percent reporting reduced security budgets.

The survey found gains in the areas of privacy and regulatory compliance efforts, where two-thirds claim to have a privacy management program in place, up incrementally by 6 percent over the previous year. Most identified themselves as “effective users of demonstrated technology” according to the surveys authors. That said, only 9 percent were willing to take risk associated with being an early adopter.

The survey also found vulnerability and identify management technologies were the two most common technology initiatives planned for pilot programs or deployment in the next 18 months.

A recent Gartner group survey estimated the cost of fake e-mail ‘phishing’ attacks at $1.2 billion dollars. This year also looks to be bad for viruses and Trojans of all sorts, though according to one study infection rates are holding steady.

More info: http://www.internetnews.com/fina-news/article.php/3360961

Read more

Deloitte security survey has some puzzling figures

Posted on by admini

The release accompanying the survey has it differently.

“Practitioners from Deloitte’s Global Financial Services Industry practice conducted face-to-face interviews with senior information technology executives of the top 100 global financial services organizations (sic),” it says. The survey claims that the results, published this month, “provide a global benchmark for the state of security in the financial sector.” Did the company actually speak to representatives from the top 100?

Kevin Shaw, Leader Security Services Group – Asia Pacific for the company’s Enterprise Risk Services, said: “What we can say is that interviews with senior information technology executives of top 100 global financial services organizations (sic) were conducted and that the sample includes 31 of the top 100 global financial services institutions.” He said four Australian banks were among those interviewed but refused to name them.

“I am sure that you will understand that respecting the confidentiality of those who were so kind as to participate is very important to us, and so unfortunately, we cannot denote the true number of organizations (sic) that have participated in the survey,” Shaw said.

“If we indicate the number of organizations, (sic) people may start to reverse engineer the number and make assumptions about who participated. This could have impact on two levels, one being that unfair assumptions are made leading to potentially erroneous conclusions, and the other in that they circumvent our intent and promise of allowing organizations (sic) to remain anonymous.”

Last year’s survey had some question marks over it as well. The company claimed the participants represented 35 percent of the top 500 global financial services organisations, which would have meant that 175 companies of the top 500 had been interviewed. However, when asked about it, Deloitte admitted that the facts were that 35 percent of the top 50 global financial services organisations – meaning 17 or 18 – had been involved.

More info: http://www.smh.com.au/articles/2004/05/28/1085641687991.html

Read more