Security News Curated from across the world
The report card is intended to raise the visibility of the need for strong information security, said FISMA’s author, Rep. Tom Davis (R-Va.).
Information security will garner attention if there is a massive cyberattack that could compromise the economy or homeland security, he said.
More info: [url=http://www.fcw.com/fcw/articles/2003/1201/web-fisma-12-02-03.asp]http://www.fcw.com/fcw/articles/2003/1201/web-fisma-12-02-03.asp[/url]
“IT spending is more correlated with corporate profits than (gross national product) or other factors, and corporate profits are increasing,” said Frank Gens, senior vice president of research at IDC.
Servers running so-called x86 processors and Windows or Linux will continue to grow at the expense of RISC-Unix servers. In 2004, x86 servers will account for more revenue overall, and Linux will account for 10 percent of the servers sold in the United States. “Although manufacturers continue to promote the concept, real investments in server virtualization and other techniques to more efficiently use computing resources will continue to lag,” the prediction said.
The value of IT goods and services coming to the United States that are produced by offshore labor will hit $16 billion, doubling 2003’s total.
Not only will large U.S. companies continue to outsource, Indian service providers will gain market share as well.
The number of public Wi-Fi hot spots will grow from the current 50,000, to 85,000 by the end of the year, IDC said.
Chinese IT spending will hit $30 billion and grow at four times the rate of that of the rest of the world. Eastern European nations, meanwhile, will see a surge in spending as 10 new nations, most from Eastern Europe, join the European Union.
More info: [url=http://zdnet.com.com/2100-1104_2-5113558.html]http://zdnet.com.com/2100-1104_2-5113558.html[/url]
It includes asset management, device discovery, software license management, PC remote control, software distribution, and operating system recovery and migration.
Macintosh support has also been improved in this version.
To combat any network degradation and to increase performance to remote computers, LANDesk 8 provides bandwidth throttling, multicast distribution, and checkpoint restarts. For example, to distribute a security update to all Microsoft Office users or a new virus definition to all your users, you can simply specify the maximum bandwidth and eliminate congestion issues.
Using its peer download technology, LANDesk 8 will serve the appropriate packages to a select number of users across your network’s various subnets, and those machines will in turn serve them to their peers.
In the event that a machine shuts down halfway through a transfer, the byte-level checkpoint restart feature will ensure that the update gets efficiently completed upon restart.
LANDesk 8 presents a lot of management capabilities in one package, as do competitors such as Microsoft SMS and Novell ZenWorks.
While the initial experience can be a little daunting, the performance enhancements that LANDesk 8 delivers (namely the multicast and incremental file-transfer capabilities) are worth the initial start-up pains.
More info: [url=http://www.pcmag.com/article2/0,4149,1399924,00.asp?kc=PCRSS02129TX1K0000530]http://www.pcmag.com/article2/0,4149,1399924,00.asp?kc=PCRSS02129TX1K0000530[/url]
There is the usual dispute over which virus is most common, but the Sober and Swen worms have scored highly.
“Sober has had a big impact because it’s in English and German and many Germans don’t expect viruses in their own language,” said Graham Cluley, senior technology consultant at Sophos.
“We’re also seeing new MiMail viruses cropping up and there seems to be organised intent behind it; the authors have targeted users and anti-spam websites. So far 12 MiMail variants have been found, ranging from simple email harvesters to ‘phishing’ attacks that seek users’ PayPal or bank details. The worm is thought to have originated in Eastern Europe.
Klez H is still in most charts, making it one of the most persistent viruses in history.
More info: [url=http://www.infomaticsonline.co.uk/News/1151236]http://www.infomaticsonline.co.uk/News/1151236[/url]
However, less than favourable economic climates and ever-dwindling budgets mean that many organisations never invest in anything more advanced than an anti-virus package and a firewall solution.
In fact, companies need to stop looking at security as a purely preventative measure and realise that it can actually be a business enabler, but recognising the real benefits that more sophisticated solutions can bring to business seems to be eluding many organisations.
It stands to reason that when money is tight, investment is hindered.
The 2003 Ernst and Young Global Information Security Survey found that spending on technology, education, training and infrastructure to support IT security is slipping further down the priority list.
Mobile working and remote access have been widely welcomed by employers and employees alike.
Company bosses are won over by the extra productivity it can bring to business and the workforce is attracted by the added freedom and flexibility it enables in doing their jobs.
Whilst the mobile working revolution provides organisations with ease and convenience, it can have serious implications for security and information integrity which cannot be ignored.
In order to do their jobs outside the office, employees often need to download vital, confidential company information to their laptops and PDAs.
This means that at best you have just lost an expensive piece of kit which now needs replacing, but at worst your private company information ends up in the wrong hands.
It’s all very well rolling out laptops and PDAs to your employees, but without adequate security any potential gain from implementing mobile working may be lost along with your private company data.
Security solutions specifically designed to protect wireless devices are enabling organisations to enjoy mobile computing safe in the knowledge that security isn’t being sacrificed.
For example, with single sign-on and application launch control features, you can deliver both productivity and security improvements, enabling your business to take advantage of the latest technologies, such as GPRS, in a secure fashion.
The financial, retail and telecommunications industries have been benefiting from smartcard technology for a number of years, however its potential for enhancing security within all organisations is being recognised.
The major concern for most, if not all organisations is the bottom line and being able to survive over the competition.
Being able to take advantage of the latest technology and working procedures is the key to ensuring competitiveness in an overcrowded market and the board must recognise that security is a true business enabler.
More info: [url=http://www.infosecnews.com/opinion/2003/12/03_02.htm]http://www.infosecnews.com/opinion/2003/12/03_02.htm[/url]
A simple search reveals a plethora of resources, tools, and personal homepages, most claiming to “hack” for legitimate reasons, within the law. But there is also an entire underground network of hackers honing their tools and skills with malicious damage in mind.
“Ten years ago, ‘hackers’ used to mean people who tinker with computers. The definition has changed, so get over it,” Peter Tippett, founder and chief technical officer at TruSecure told BBC News Online.
The underground network is vast, with thousands of individuals and groups, ranging from lurkers who are intrigued by hacker chat to “script kiddies” who try out hacker tools for a laugh. Newsgroups, internet relay chat and increasingly, peer-to-peer chat and instant messaging, are buzzing with constant hacker chatter.
Net security companies like TruSecure in the US, have the job of keeping an eye on these groups to work out which weak net spot they are planning to attack next. It currently tracks more than 11,000 individuals in about 900 different hacking groups and gangs.
“There are 5,500 net vulnerabilities that could be used theoretically to launch an attack, but only 80 or 90 are being used,” says Mr Tippett. “Only 16 of 4,200 of vulnerabilities actually turned into attacks last year.”
A team of human and computer bots – artificial intelligence programs – count the vulnerabilities that pop up all over the web daily and measure the risk of security attacks for TruSecure’s 700 or so customers. But that is not enough for 21st century net security, says Mr Tippett.
A separate team at TruSecure has a more mysterious job. It is the elite group of hacker infiltrators, codename IS/Recon (Information Security Reconnaissance). Their daily job is to “see what the bad guys say to each other and what they claim to have done” by gaining respect and building online relationships with groups with names like Hackweiser and G-force Pakistan, Mr Tippett explains.
The hours spent gathering 200 gigabytes of information a day, are invaluable in helping to catch the small proportion of hackers who do the net severe damage. Pieces of information about groups and individuals are put together like a giant jigsaw in TruSecure’s mammoth database, nicknamed the “brain”. [Editor note this is actually a product called “The Brain”.]
More info: [url=http://www.thebrain.com/company/Press/bbc/BBC%20NEWS%20%20Technology%20%20Cracking%20the%20hacker%20underground.htm]http://www.thebrain.com/company/Press/bbc/BBC%20NEWS%20%20Technology%20%20Cracking%20the%20hacker%20underground.htm[/url]