tag:blogger.com,1999:blog-127846722011-04-22T02:05:13.015+02:00Security Market WrapInteresting, topical & pertinent IT security industry developments for executive & IT management, analysts, strategists, consultants & IT proffesionals who wish to keep abreast of events that could shape the security landscape.Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.comBlogger4211100tag:blogger.com,1999:blog-12784672.post-6416905382781909732008-05-15T15:19:00.001+02:002008-05-15T15:21:29.427+02:00Management group warns CEO's of data-breach risksTop-level managers and chief executives often do not realise the impact that IT-security incidents can have on their organisations, according to influential group the British-North American Committee.In a report entitled Cyber Attack: A Risk Management Primer for CEOs and Directors, launched on Wednesday, the British-North American Committee (BNAC) said that chief executives underestimate the Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-74354754829142373222008-05-15T10:37:00.004+02:002008-05-15T11:22:19.069+02:00Cisco IOS Timebomb - one step closer...The IOS vulnerability threat just ratcheted up a notch with another first - someone has actually developed a malicious rootkit for any version of IOS that runs on Cisco's routers, a development that has placed increasing scrutiny on the routers that make up the majority of the Internet and corporate networking infrastructure. The researcher will unveil his work on May 22 at the EuSecWest Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-30288241206953210482008-04-11T18:39:00.004+02:002008-04-11T18:46:56.115+02:00Power Grid hacked in no timeResearchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the federal government and electrical industry about what might happen if such an attack were carried out on a larger scale.Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could take months to fix. In a previously classified video of the Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-91990474108868438802008-02-28T09:03:00.004+02:002008-02-28T09:26:08.706+02:00How recession proof is IT security?Leading economists have recently increased their projections of a likelihood of an economic recession in the United Kingdom, Japan and the United States. These countries together comprise 42% of the world's gross domestic product (GDP). Even though many other economies are growing quite vigorously it is inevitable they will feel the effects and themselves could be facing difficult economic times Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-56906802604411056232008-02-26T17:56:00.002+02:002008-02-26T18:02:49.346+02:00Top 10 cyber security menaces for 2008Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-63994913092614935672007-10-08T17:15:00.000+02:002007-10-08T17:21:21.814+02:002007 E-Crime Watch SurveyDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1176370836413378702007-04-12T11:20:00.000+02:002007-04-12T11:59:03.996+02:00US Data Breach disclosures top 150M recordsI have concluded an analysis of the latest data from the not-for-profit Privacy Rights Clearinghouse. Since February 2005 they have been recording a Chronology of Data Breaches that have been made public since the very first US Data Breach disclosure laws have come into effect.Whilst they are the only worldwide organisation to do this sort of thing (and I'm pretty sure that the US data breach Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com2tag:blogger.com,1999:blog-12784672.post-1156409673358131682006-08-24T10:01:00.000+02:002006-08-24T23:31:35.743+02:00IBM's acquisition of ISS for $1.6BnOPINION PIECEIt was inevitable that ISS would eventually be acquired. As network, systems and security management are all converging, and security technology starts becoming assimilated by the gorillas into networking fabric (Cisco) and operations systems (Microsoft), and the lines between security & network management start to blur, it stands to reason that ISS on its own would eventually be Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1154434635973874792006-08-01T11:17:00.000+02:002006-08-01T14:17:16.286+02:00The challenge of Cisco Network Device PatchingWe haven't posted something about Ciscogate for quite a while now. However I came across this BlackHat posting dated April 25th 2006 which was quite interesting. It was written by a BlackHat member that works for Gartner.Traditional, monolithic IOS is a proprietary operating system that runs Cisco routing and most switching devices. It has required an image replacement and reboot to upgrade. IOS Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1154423820770920532006-08-01T10:51:00.000+02:002006-08-01T11:17:01.540+02:00Happy Birthday, SOXOn July 30th, SOX turned four years old. Here is an interesting list of stories associated with SOX over time:Happy birthday, SOXSOX clock ticking for overseas businesses$6Bn US bill for Sarbanex OxleySecurity dominates SOX product spendSOX may push public firms to go privateSOX is too little, too late?Sarbox worsens your security stanceSOX weighs heavily on public companiesQualcomm shares 2 Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1154422246665061382006-08-01T10:35:00.000+02:002006-08-01T10:50:46.683+02:00CISO's overpromoted technologistsAn interesting 4 part series by Network World on the challenges faced by CISO's (Chief Information Security Officers) trying to promote and sell the merits of information security internally in their organisations. CISO's are having a hard time getting their ideas accepted from the board level down and are just "overpromoted technologists".Consultants suggest that the easiest and best way to Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1153316995486253782006-07-19T15:44:00.000+02:002006-07-19T15:49:55.723+02:00Token-based security crackedTwo-factor security tokens have always been thought of as the solution to password security woes. But now history has been made with man-in-the-middle attacks being used for the first time to circumvent token security being rolled out by banks at huge costs.Over the past few weeks, approximately 35 phishing Web sites have been set up that use the new attack. They attempt to trick users into Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1152716570252807552006-07-12T16:54:00.000+02:002006-07-12T17:02:50.253+02:00VARs & Integrators waking up to NAC actionThe first time solution provider Chris Labatt-Simon mentioned network access control to a customer three years ago, the executive was so stunned by the cost and complexity of putting a client on every single machine in his corporate network that he actually burst out laughing. But a few weeks later, after the same customer's network was brought to its knees by a worm introduced from a Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1152701405287148582006-07-12T10:26:00.000+02:002006-07-12T16:52:22.140+02:00A chronological take on the EMC/RSA DealOPINION PIECEA lot is floating around on the Internet about this $2.1Bn aquisition. Some are for it and some are against it. EMC stock has taken a hammering and the management of both companies are having to answer a lot of tricky questions. See EMC/RSA aquisition draws mixed reviews.The main drivers for Storage companies wanting to get into security (such as this aquisition) or Security Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1151624759774469632006-06-30T01:40:00.000+02:002006-06-30T03:24:23.240+02:00EMC to aquire RSA SecurityEMC late Thursday confirmed it plans to acquire RSA Security for some $2.1 billion.Under terms of the deal, Hopkinton, Mass.-based storage giant EMC will pay $28 a share for RSA, New Bedford, Mass. The companies anticipate the acquisition will close late in the third quarter or early in the fourth quarter, subject to regulatory approvals and other conditions.The deal is the third large-scale Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1150922095965966382006-06-21T22:21:00.000+02:002006-06-21T22:54:01.880+02:00NAC market gets crowdedYou can always tell something big is brewing that will shape our lives in security when the vendor market gets crowded with solutions before standards have been shaped. These 20 companies are giving Cisco Systems and Microsoft a run for their money by bringing network access control (NAC) products to market. The crowded market, coupled with gorillas like Cisco and Microsoft promoting propriatary Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1150899779772645202006-06-21T16:11:00.000+02:002006-06-21T16:22:59.803+02:00We will be back shortlyWork pressure has resulted in a lengthy pause of postings, but we will be back shortly with three knowledgeable contributors to content instead of just myself.The 1st 5 months was a worthwhile experiment and vindicated the usefuleness of this blog to over 300 internal Dimension Data security line of business staff as well as over 500 other regular readers, so consider Phase-I complete and Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139986001344046852006-02-15T08:25:00.000+02:002006-02-15T08:52:18.526+02:00RSA 2006 Day-1The most noticeable trends I observed today at the Exhibition centre was Apple iPod giveaways and NAC appliances. And of course over 400 exhibitors and 14,000 conference attendees.The keynotes were delivered by Bill Gates, Art Coviello and Scott McNealy. Gates took opportunity to demonstrate new security features in Vista and signalled the death of passwords as security measures. Nothing Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139862044466355002006-02-13T22:17:00.000+02:002006-02-13T22:20:44.466+02:00SEM enters mainstream in 2006Faced with regulatory compliance requirements and grueling audits, network managers are turning increasingly to security event management systems (SEM) to detect when policies have been breached.SEM products - from e-Security, Network Intelligence, ScriptLogic, TriGeo and others - have data aggregation and event correlation features similar to those in network management software. These products Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139861752756178352006-02-13T22:12:00.000+02:002006-02-13T22:15:52.760+02:00NAC confusion reignsSecurity products that perform health checks on desktop and laptop computers will be in abundance at this week's RSA Conference. But industry leaders Cisco Systems and Microsoft remain mum about a long-promised integration of their dominant network access control architectures, leaving IT managers wondering whether to go with one of the solutions that is already available or wait for an Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139861537507099082006-02-13T21:57:00.000+02:002006-02-13T22:12:17.543+02:00Retailer in massive breachA data security breach involving an undisclosed California retail company has prompted Bank of America to cancel the debit cards of numerous customers, a spokesman for the US' largest bank said on Tuesday.Investigators have traced a recent rash of fraudulent debit-card transactions across the globe to the theft of as many as 200,000 debit records from an office-supply store in California, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139860647553925192006-02-13T21:40:00.000+02:002006-02-13T21:57:27.556+02:00French bank accounts hit by Russian virus gangsRussian criminal gangs have used sophisticated virus programs to steal more than £600,000 from personal bank accounts across France.The fraud was uncovered after police arrested a dozen Russian gang members and several Ukrainians in Moscow and St Petersburg, according to a report in the Guardian. Victims lost money after their computers became infected with a “sleeper virus" when they opened Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139860143138521222006-02-13T21:36:00.000+02:002006-02-13T21:49:03.236+02:00RSA Conference 2006The security industry converges at the annual RSA Conference this week, an event that's moved far beyond its origins as a get-together for cryptogeeks and other insiders. Though still organized by RSA Security, a company with its roots in cryptography, the confab has developed into a showcase for security companies and an annual gathering for IT professionals. This year is the 15th anniversary ofDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139332408548509972006-02-07T19:10:00.000+02:002006-02-07T19:13:28.583+02:00Virus Delays Stock Trading in RussiaMOSCOW - Trading was suspended for an hour at Russia's main stock exchange because of a computer virus, officials said Friday. Data processing at the Russian Trading Systems, or RTS, was paralyzed late Thursday as specialists rushed to localize the virus and switch off the infected computer, according to the exchange. No permanent damage was caused and no information was lost.According to RTS Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139331816956408682006-02-07T18:55:00.000+02:002006-02-07T19:03:36.956+02:00Cartoon : Security SurgeCategories : 1cartoonDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139331230852302852006-02-07T18:11:00.000+02:002006-02-07T18:53:51.000+02:00Cisco to grab broader security roleInteresting detailed article about Cisco's current status and plans for security. I will make a short summary here of interesting stats and quotes:At next week's RSA Conference (thankfully I will be there with 12 of my team) Cisco plans to debut major security products to help bolster its already strong security portfolio. Security is categorized as one of the vendor's six Advanced Technologies Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1139328712174864922006-02-07T18:08:00.000+02:002006-02-07T18:11:52.200+02:00Hidden risks show up in normal business processesIncidents such as the data security breach disclosed last week by The Boston Globe and the Worcester Telegram & Gazette—which inadvertently attached the credit card numbers of more than 200,000 subscribers to newspaper bundles—highlight the unexpected ways in which sensitive information can leak out of companies.The data exposure by the two newspapers hammered home yet again the need for Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138960061706260842006-02-03T09:08:00.000+02:002006-02-03T11:47:41.806+02:00IBM Security Predictions 2006More from the predictions 2006 department. IBM recorded more than 1 billion suspicious computer security events in 2005, despite a leveling off in the amount of spam e-mail and a decrease in major Internet worm and virus outbreaks.Enterprises should expect to see the same level of malicious traffic in 2006, even as online criminal groups shift to stealth attacks and cyber-extortion instead of Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138950458724927302006-02-03T09:05:00.000+02:002006-02-03T09:07:38.726+02:00InfoSec 'top priority' for EU financial institutionsThe growing threat from hackers, new regulations, reputation issues and the growing importance of direct channel self-service banking are pushing IT security to the very top of the corporate agenda for Western European financial institutions, new research has revealed.According to the report from IDC company Financial Insights, banking and finance firms are increasingly finding that their IT Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138950046256287312006-02-03T08:53:00.000+02:002006-02-03T09:00:46.256+02:00Average laptop has $1M dataThe average laptop could contain data worth almost $1 million,according to new research. A report released Friday 27th January by security-software company Symantec suggests that an ordinary notebook holds content valued at 550,000 pounds ($972,000), and that some could store as much as 5 million pounds--or $8.8 million--in commercially sensitive data and intellectual property.The same research, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138949580659541942006-02-03T08:45:00.000+02:002006-02-03T08:53:00.680+02:00Thief nabs backup data on 365,000 patientsAbout 365,000 hospice and home health care patients in Oregon andWashington are being notified about the theft of computer backup datadisks and tapes late last month that included personal information andconfidential medical records.In an announcement on January 25th, Providence Home Services, a divisionof Seattle-based Providence Health Systems, said the records and otherdata were on several Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138369433616481012006-01-27T15:10:00.001+02:002006-01-27T15:43:53.616+02:00Cybercrime more likely than physical crimeA survey of U.S. adults revealed that three times the number of respondents said they were more likely to be victimized in an online attack such as phishing or virus outbreaks than a physical crime. Twenty six percent of respondents said they think they will be a victim of a virtual crime in the next 12 months, compared with just 8 percent who think that a physical crime is more likely, accordingDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138369218223644672006-01-27T15:10:00.000+02:002006-01-27T15:40:18.260+02:00Most businesses don't enforce Mobile SecurityEnterprises are doing a poor job of securing workers’ handheld devices, according to a report released Thursday by Orange PLC and Quocirca Ltd. The survey of 2,035 IT professionals in the U.K. found that one in five companies that already have wide deployments of mobile devices have no policies in place for mobile security.Of the surveyed companies that do have mobile security policies, more thanDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138367292216978102006-01-27T15:03:00.000+02:002006-01-27T15:08:12.216+02:00Stolen Ameriprise laptop compromises 230,000Ameriprise Financial, an investment advisor firm, said that a company laptop stolen from an employee's parked car in December contained the personal information of some 230,000 customers and company advisors, The New York Times reports.Within the stolen laptop was a list of customer accounts that had been reassigned, all stored unencrypted, a violation of Ameriprise's privacy policies. The Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138366952210574372006-01-27T13:36:00.000+02:002006-01-27T15:02:32.373+02:00EU Data Security FailingsBusinesses across Europe are failing to secure their critical business data, despite its importance to the business, a survey of 150 IT directors has revealed. The research, covering organisations in the UK, France and Germany, suggests that companies regard data security as a lower priority than the security of the rest of their IT systems.Across the three countries surveyed only 25% of Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138361686989097212006-01-27T13:30:00.000+02:002006-01-27T13:34:46.990+02:00"Robin Hood" hacker convictedStealing from the rich and giving to the poor might have worked for Robin Hood, but it landed hacker Thomas Gawith in court on six charges of computer crime. Gawith pleaded guilty before Judge Gregory Ross in Palmerston North District Court yesterday and was convicted and remanded on bail until March 2 for sentencing.Prosecutor Sergeant Johnny Ireland claimed the defendant had purchased access Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138361389691590682006-01-27T13:24:00.000+02:002006-01-27T13:29:49.693+02:00Top Spam countries : USA firstAlmost a quarter of the world's spam in the last three months of 2005 was sent from computers in the United States, according to U.K. antivirus company Sophos.While the U.S. still tops the chart, the latest figures mark the first time the country accounts for less than one quarter of all spam relayed. The decline in U.S.-sourced spam is thanks in part to the crackdown against fraudulent e-mail, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138360889390988982006-01-27T13:18:00.000+02:002006-01-27T13:21:29.390+02:00Gartner warns on Oracle securityAnalyst group Gartner has warned administrators to be "more aggressive" when protecting their Oracle applications because they are not getting enough help from the database giant.Gartner published an advisory on its Web site just days after Oracle's latest quarterly patch cycle, which included a total of 103 fixes with 37 related to flaws in the company's database products. Some of the flaws Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138360526347999962006-01-27T13:10:00.000+02:002006-01-27T13:32:23.953+02:00Hacker pleads guilty to building, renting attackA 20-year-old hacker admitted Monday to surreptitiously seizing control of hundreds of thousands of Internet-connected computers, using the zombie network to serve pop-up ads and renting it to people who mounted attacks on Web sites and sent out spam.Jeanson James Ancheta, of Downey, Calif., pleaded guilty in Los Angeles federal court to four felony charges for crimes, including infecting Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1138360221567207262006-01-27T12:35:00.000+02:002006-01-27T13:10:21.590+02:00Notre Dame University HackedHacker causes Notre Dame's first significant computer security intrusion.The personal and financial information of some University donors may be at risk after an unknown intruder hacked into a Development Office server Jan. 13 - the first computer security breach of its magnitude at Notre Dame, University officials said Sunday.The data in question - possibly including Social Security numbers, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137685892670617362006-01-19T17:48:00.000+02:002006-01-19T17:51:32.670+02:00Cartoon : Hacking the FedsBased on some recent complaints it would seem I have been lax with keeping the cartoons going. Enjoy!CATEGORIES : 1cartoonDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137684456328573382006-01-19T13:46:00.000+02:002006-01-20T21:22:28.436+02:00NAC sales soar 1,100%We have been on the Network Access Control bandwaggon for some time now on this site. Now some heavyweight analysts are "weighing in". Infonetics published some sobering forecasts today. It looks like 2006 is the year that NAC "comes of age", growing from $323M in 2005 to $1.3Bn in 2006.Worldwide manufacturer revenue for NAC enforcement will grow 1,101%, from $323 million to $3.9 billion between Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137670958425456752006-01-19T13:15:00.000+02:002006-01-19T13:42:38.476+02:00More Cisco vulnerabilitiesIn a continuation of last years' trend, and predictions by SANS and the community in general that IOS flaws will become more of a target over time, Cisco warned that new flaws in its Systems software (IOS) for routers and IP telephony could be a conduit for attacks on enterprise networks.On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs internet Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137669296497198372006-01-19T13:11:00.000+02:002006-01-19T13:14:56.496+02:00Antiphishing working group reportPhishing attacks reached a new high at the end of 2005 after growing steadily all year, according to a study published Wednesday. The number of unique e-mail-based fraud attacks detected in November 2005 was 16,882, almost double the 8,975 attacks launched in November 2004, said the report, published by the Anti-Phishing Working Group, an industry consortium that provides information on phishing Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137669062291067142006-01-19T12:41:00.000+02:002006-01-19T13:11:02.336+02:00Royal London snoops on staff PC'sRoyal London, the mutual life and pension company, has installed new security software to snoop on the computer activity of its 2,900 staff across the UK. Designed by 3ami, the software is being used to enforce “sensible rules relating to the personal use of e-mail and the internet”. Royal London group IT security manager Nick Harwood said, “Although the system will let us, we do not sit and Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137532049735208812006-01-17T22:45:00.000+02:002006-01-17T23:07:29.763+02:00Sony BMG "rootkit" still widespreadHundreds of thousands of networks across the globe, including many military and government networks, appear to still contain PCs with the controversial copy-protection software installed by music discs sold by media giant Sony BMG, a security researcher told attendees at the ShmooCon hacking conference this weekend.Building on previous research that suggested some 570,000 networks had computers Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137530733976875952006-01-17T22:40:00.000+02:002006-01-17T22:45:33.976+02:00Nuclear Sub hacker arrestedHere's one for the good guys - but I dont know whether to be scared or happy...MADRID, Spain (CNN) -- An 18-year-old suspected Spanish hacker who allegedly breached the top-secret computer security of a U.S. Navy base in San Diego has been arrested, according to the Spanish Civil Guard.The alleged hacker "seriously compromised the correct operations and security of a maintenance dry dock for Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137530369635112542006-01-17T22:37:00.000+02:002006-01-17T22:39:29.636+02:00Three more states add laws on data breachesCompanies struggling to keep up with a patchwork of state laws related to data privacy and information security have three more to contend with, as new security-breach notification laws went into effect in Illinois, Louisiana and New Jersey on Jan. 1.Like existing statutes in more than 20 other states, the new laws prescribe various actions that companies are required to take in the event of a Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137530143404904222006-01-17T22:33:00.000+02:002006-01-17T22:35:43.406+02:00Feds to banks: Put security policies in writingEven if US federal law doesn't explicitly say so, all companies that handle personal information for their customers should have written security policies, a computer security attorney said.Last month, the Federal Reserve Board, which governs the U.S. banking industry, issued a new guide stating that all banks and other financial institutions must take certain steps to safeguard the personal dataDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137529977185386592006-01-17T22:14:00.000+02:002006-01-17T22:32:57.206+02:00InfoSec Salaries spikeA new study released on the 10th January 2006 confirms that there is indeed a growing market for IS expertise. Alan Paller, director of research at The SANS Institute, a respected IT research and education organization, suggests that people "are waking up to the fact that there’s a shortage of security talent."The SANS Institute’s 2005 Information Security Salary and Career Advancement study of Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137528810810011702006-01-17T22:00:00.000+02:002006-01-17T22:13:30.833+02:00iPod, PSP, Xbox & MacOS in spotlightFurther to various predictions for 2006 and SANS Top-20 reports that threats and attacks will move beyond Microsofts' ubiquitious Windows operating system, we have reports that Cyber-security and computer experts from the government and law enforcement are increasingly concerned with malicious code that runs on Linux and Apple Computer Inc.'s Mac OS X operating systems and threats posed by Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137418431133036632006-01-16T15:24:00.000+02:002006-01-16T15:33:51.156+02:00Top 5 vulnerability management mistakesExcellent article on the top five vulnerability management mistakes. This article looks at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.No. 1: Scanning but failing to actNo. 2. Thinking that patching is the same as vulnerability managementNo. 3. Believing that vulnerability management is only a technicalDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137417837548863792006-01-16T15:20:00.000+02:002006-01-16T15:23:57.550+02:00Bank tape lost with data on 90,000 customersIt would seem there is no end to these "Lost in transit tape" disclosures...it makes you wonder how much this was going on before the new disclosure laws came into effect.A computer tape from a Connecticut bank containing personal data on 90,000 customers was lost in transit recently, the bank reported Wednesday. People's Bank, based in Bridgeport, Conn., is sending letters to the affected Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137417535064254072006-01-16T15:11:00.000+02:002006-01-16T15:18:55.096+02:00IDs of 50,000 Bahamas resort guests stolenThe identities of more than 50,000 customers of major Bahamas resort Atlantis have been exposed to possible identity fraud following the theft of personal information from the hotel, the owners said. Kerzner International Ltd., owner of the luxury 2,300-room Atlantis resort on Paradise Island, revealed details of the data theft in a document filed with the Bahamas Securities and Exchange Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137392341189228672006-01-16T08:13:00.000+02:002006-01-19T17:41:38.346+02:00Security Predictions 2006 Landing PageAs we start the year, 2006 security predicitions start emerging and these stories are currently the most sought after on this blog. So we have created a landing page to all these 2006 predictions for ease of reference:Dimension Data Predictions for 2006 from CSO OnlineComputerWorld security predictions 2006Red Herring Top trends for 2006Survivors guide to 2006Categories : 1landing page, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1137391960921853642006-01-16T08:06:00.000+02:002006-01-16T08:12:40.943+02:00Predictions for 2006Dimension Data North America have posted their security predictions for 2006 in the January issue of CSO Online. Click here for the full text.1. More damages, fewer epidemics2. Accelerated legislation, some litigation3. Points of attack move beyond Microsoft4. Mobile phone, PDA and smartphone concerns5. Spyware becomes business issue6. IM and P2P becomes a big headache7. Data protection energizedDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136368763356473732006-01-04T11:12:00.000+02:002006-01-04T11:59:23.386+02:00WMF Patch FiascoI have been observing the steady climb of the Windows Media File (WMF) vulnerability with some interest. Whilst the intention of this site is not to report on vulnerabilities, merely their effects, there is a lesson to be learnt in this episode.The problem is in the way various versions of Windows handle graphics in the Windows Metafile format. When a vulnerable computer opens a maliciously Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136365965716520572006-01-04T10:59:00.000+02:002006-01-04T11:12:45.716+02:00Symantec aquires IMLogicSecurity company Symantec leaped into the nascent market for protecting instant messaging systems on Tuesday, announcing that it has agreed to acquire IMlogic, one of the sector's top players. Financial terms were not released. But Carlin Wiegner, a senior director of Web security at Symantec, said in an interview with CNET News.com that the Cupertino, Calif.-based company has agreed to pay all Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136283821859062712006-01-03T12:07:00.000+02:002006-01-03T12:35:46.096+02:00Top stories for December 2005These were the most read (popular) posts for the month of December 2005.1. Lock down Cisco IOS in ten steps2. Top trends for 2006 : Red Herring3. ISS witholding more IOS vulnerabilities4. ABN Amro ditches tapes5. Reflections on 20056. Cartoon : Bill Gates hack7. Top stories for November 20058. Greenborder survey results9. Retailer charged for bad security10. Feature : Outsourcing leads to bad Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136282540922111042006-01-03T11:59:00.000+02:002006-01-03T12:02:20.943+02:00Sony settles lawsuitsEmbattled music label Sony BMG Music Entertainment has agreed to settle consumer complaints about its controversial attempt to copy-protect CDs.Under terms of a settlement consolidating several lawsuits, Sony will give consumers who purchased an estimated 10 million CDs a combination of cash, replacement music and free downloads.The settlement, which must be approved by a New York court, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136281364822555642006-01-03T11:15:00.000+02:002006-01-03T11:42:44.846+02:00Computerworld security predictions 2006It's that time of the year...some more from the 2006 security predictions department from ComputerWorld:1. Regulations: The Big StickCompliance will dominate the security agenda for 2006. The growing number of regulations -- and the consequences of not complying with them -- have elevated security into the boardroom. CIOs will use compliance to justify most of their information security spending Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1136279704877225792006-01-03T11:00:00.000+02:002006-01-03T12:06:23.810+02:00Marriot loses customer dataThe hotel chain Marriott admitted on Tuesday that backup computer tapes containing data on approximately 206,000 customers were missing from a company office in Florida. The data, which relates to customers of its timeshare division, Marriott Vacation Club International (MVCI), included personal information such as the credit card details, social security numbers and, in a few cases, the bank Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135763972333685002005-12-28T11:57:00.000+02:002005-12-28T11:59:32.336+02:00Texas adds to Sony LawsuitThe Attorney General for Texas added specific complaints to the state's existing lawsuit against music giant Sony BMG, alleging that the company installed copy-protection software on consumers' PCs even when the users did not agree to the software's license."We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music," Greg Abbott, the Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135763328634701142005-12-28T11:34:00.000+02:002005-12-28T11:48:48.676+02:00Top trends for 2006 : Red HerringRed Herring have released their Top Security trends for 2006, with the headline "Security threats will become more sophisticated in 2006, keeping security startups and their customers on their toes."Data theft wasn’t the only danger in 2005. An Internet worm, Zotob, infected computers at media companies like CNN and financial behemoths like Visa in August. And email nuisances, spam and phishing, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135344681962965552005-12-23T15:26:00.000+02:002005-12-23T15:31:21.983+02:00ITSecurity Magazine reprintThe folks at IT*Security magazine liked the "Outsourcing=Bad Security?" feature story and you can see a revised version of it published on their online publication.You can download the feature story PDF here Outsourcing : Does it have to mean bad security?CATEGORIES: 1feature, 1white paper, 1publicationsDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135168910692072762005-12-21T14:27:00.000+02:002005-12-21T14:41:50.713+02:00Site ReadershipUPDATED : 21 December 2005WEB SITEThere have been 4,100 unique web site visits to SecurityWrap since 20th May 2005, accounting for over 8,500 page hits (3 days' stories per page). There are 25 unique visitors per day generating 50 hits (on average)RSS NEWSFEEDSThere have been 2,600 unique visits generated to the XML (RSS) daily feeds since 20th June 2005, accounting for 10,500 hits or "views" of Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135158253993501872005-12-21T11:37:00.000+02:002005-12-21T11:55:18.876+02:00ABN Amro ditches tapesABN Amro Mortgage Group Inc. has decided it will no longer send data tapes to its credit reporting bureaus after one of those tapes -- with the private information of more than 2 million customers on it -- went missing a month ago (see "Update: Missing ABN Amro tape with 2 million names found").Instead, according to ABN Amro Mortgage Group CEO Thomas Goldstein, the company will encrypt data and Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135089552362418902005-12-20T16:36:00.000+02:002005-12-23T15:34:01.883+02:00FEATURE:Outsourcing = bad security?PREVIOUS CHAPTER : CAVEAT EMPTORCHAPTER SEVEN : MAKING A CAREFUL CHOICEAs applications such as Telephony, P2P and Live Messaging rapidly converge onto the network infrastructure, the security of this infrastructure becomes more complex and important. In addition we are finding a strong convergence of network, systems and security management as companies like Microsoft and Cisco embedd more Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135086087678650962005-12-20T14:22:00.000+02:002005-12-20T15:41:27.800+02:00Reflections on 2005We are heading fast for the end of 2005 and it was a year with no shortage of InfoSec action.Here is my personal summary of the biggest or most important security stories that occured in 2005 from the 350 postings recorded on this site since May 10th. Selections are made based upon the importance or relevance of the information they provide or their impact/influence on trends we can expect to seeDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135081228404616712005-12-20T13:47:00.000+02:002005-12-20T17:00:33.063+02:002006:Year of mobile malwareMobile security threats are expected to triple next year as smart phones and other mobile devices become more prevalent, according to a study released Monday by McAfee Avert Labs. The number of malicious software programs created for mobile devices is expected to reach 726 by the end of 2006, up from an estimated 226 at the end of 2005, according to McAfee.Mobile malware is not the only area Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1135079145179295012005-12-20T12:28:00.000+02:002005-12-20T13:46:40.336+02:00Guidance Software HackedNow this is crazy - Guidance is supposed to be a respected software vendor in the security business!Online attackers breached the security of a server at digital forensics firm Guidance Software and stole the account information of nearly 4,000 customers, the company acknowledged on Monday according to news reports. The breach, which took place in November, resulted in the loss of customer names,Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134983539350656972005-12-19T10:44:00.000+02:002005-12-19T11:19:05.330+02:00Survivors Guide to 2006As 2005 comes to a close, we should cast our thoughts to preparing for 2006. Network Computing has released a number of excellent "Survivors' Guides for 2006" and the two that are relevant for this weblogs' users are Survivors Guide to 2006 : Data Protection and Survivors' Guide to 2006 : Security.These are good reads and a few excerpts follow:DATA PROTECTIONTsunamis. Hurricanes. Accounting fraudDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134981696561071962005-12-19T10:13:00.000+02:002005-12-19T10:44:29.773+02:00Thomson CSO gives lowdownDennis Devlin said the reason that CSOs like himself have gray hair is that they get paid to think about the worst things that can happen to their organizations. And companies that do this well don't have to scramble as much when IT security threats emerge, he says.Devlin shared his experiences as an enterprise decision maker yesterday at a Massachusetts Network Communications Council seminar on Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134646243219492232005-12-15T13:11:00.000+02:002005-12-15T13:30:43.240+02:00Global InfoSec Workforce Study summaryCiske van Oosten of our European practice, kindly provided this nice summary of the 28 page report on this study. Many CISSP's received a free copy of this report - which can be downloaded from the (ISC)2.org website.The 2005 Global Information Security Workforce Study (GISWS) was conducted during the summer of 2005 on behalf of (ISC)2, a nonprofit organization dedicated to providing education, Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134645111944084332005-12-15T13:02:00.000+02:002005-12-15T13:11:51.946+02:00Security chiefs stuck in middleCorporate security experts face a crisis as they are caught between regulators demanding better accountability for data security and the need to keep businesses up and running with the help of many business partners, an American Express security executive told Interop New York attendees.As more data is housed at least temporarily outside corporate data centers, it becomes more difficult to complyDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134644539465423622005-12-15T11:55:00.000+02:002005-12-15T13:02:19.490+02:00Korean banks forced to compensate hacking victimsThe South Korean government is introducing legislation that will make it mandatory for financial institutions to compensate customers who have fallen victim to online fraud and identity theft.The new laws will require financial firms in the country to compensate customers for virtually all financial losses resulting from online identity theft and account hacking, even if the banks are not Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134640501501722592005-12-15T11:32:00.000+02:002005-12-15T12:38:13.416+02:00Databreach wrapup - Nov 2005According to the Privacy Rights Clearinghouse, here are the publicly disclosed data breaches reported for the month of November 2005.There were 10 incidents totalling over 2 million identities that were compromised. Lost or stolen laptops/computers accounted for 50% of the incidents and also 50 % of the compromised identities. Compromises of personal information involve data elements useful to Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134484973791795852005-12-13T15:42:00.000+02:002005-12-13T16:42:53.956+02:00Email spills corporate secretsSix percent of workers admitted that they've E-mailed confidential company information to someone they shouldn't have, according to a study released Monday, while 62% said they've used their personal email accounts for business purposes to circumvent security controls placed on their business accounts.This is according to a study released Monday by messaging research firm the Radicati Group."Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134481346714503442005-12-13T15:36:00.000+02:002005-12-13T15:42:26.716+02:00ISF warns of VOIP securityA new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats - such as caller ID spoofing, voice modifiers, SPIT (voicemail SPAM), packet injections , virus infections and denial of service (DoS) attacks.With VoIP now poised to hit the business market in a big way, the ISF Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134480985523170722005-12-13T15:24:00.000+02:002005-12-13T15:36:25.546+02:00Data breach at Sam's ClubSam's Club, a division of Wal-Mart Stores Inc., is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler's stations between Sept 21 and Oct. 2.In a brief statement released Dec. 2, the Bentonville, Ark.-based company said it was alerted to the problem by credit card issuers who reported that customers Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134480259977029752005-12-13T15:20:00.000+02:002005-12-13T15:24:19.996+02:00UK charity hackedHackers have stolen the personal details of thousands of donors to a Christian charity Web site and tried to extort money from the victims.U.K. charity Aid to the Church in Need admitted Monday that its online security systems had been breached by hackers. The charity does not yet know how much money the criminals have stolen, but the addresses of more than 2,000 online donors have been Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134387426491592722005-12-12T13:05:00.000+02:002007-02-14T07:47:18.236+02:00FEATURE:Outsourcing = bad security?PREVIOUSLY : FALSE SENSE OF SECURITYCHAPTER SIX : CAVEAT EMPTOR (Let the buyer beware)For those organizations who simply can not afford the investment in resources (both people & technology), be sure of what services you are buying and specifically what exclusions there are in any outsource contract. Frequently, outsourcers offer low bids to get the business and then try to make it up for it in Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134383560785331392005-12-12T11:02:00.000+02:002005-12-12T12:39:36.166+02:00Lock down IOS in 10 stepsIt's difficult to overestimate the importance of securing Cisco routers since they provide the communications backbone for so many organizations throughout the globe.Various industry sources such as SANS (see IOS makes it to SANS top-20) and Symantec (see Hacking to change tack in 2006) have warned that IOS devices are prime attack targets moving forward. We have also discussed the importance of Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134378113149682832005-12-12T10:42:00.000+02:002005-12-12T11:01:53.200+02:00Hacking to change tack in 2006Mobile devices, Cisco routers, Oracle software, VoIP and Windows Vista : businesses can expect all these and more to become hacker targets in the next year and beyond, according to Symantec.Symantec thinks one of the biggest developments will be attacks and attempts on alternative devices and platforms. As networked and user devices gain more intelligence and more computing power, they may becomeDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134376948260360312005-12-12T10:34:00.000+02:002005-12-12T10:42:28.263+02:00$6Bn bill for Sarbanes OxleyAMR Research estimates that companies will spend $6 billion on complying with Sarbanes-Oxley Act (SOX) requirements in 2006, on par with the $6.1 billion that will be spent in 2005. These findings are based on a recent study conducted by AMR Research in which over 300 business and IT leaders were surveyed on their Sarbanes-Oxley and broad compliance spending priorities.In 2006, there will be key Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134376452739506832005-12-12T10:28:00.000+02:002005-12-12T10:34:12.740+02:00Home PC's lack securityA survey of home PC users found 81 percent lacked at least one of three critical types of security, but the number of consumers using firewalls and updated antivirus software is improving.The vast majority of consumers surveyed were found to lack at least one of three types of critical security--a firewall, updated antivirus software or anti-spyware protection, according to a report by America Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134376117218110512005-12-12T10:04:00.000+02:002005-12-12T10:28:37.236+02:00Airport codes leakedPasscodes needed to enter secure areas at 16 Japanese airports and one in Guam have appeared on the Internet after a virus infected a computer belonging to a Japan Airlines Corp. (JAL) co-pilot, the airline said today.The codes, which included those for Tokyo's Narita and Haneda airports and an airport in the U.S. territory of Guam, are typically known to scores of airport workers who need to Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134139947250996362005-12-09T16:44:00.000+02:002006-01-09T17:12:04.033+02:00Cartoon : Bill Gates HackCATEGORIES : 1cartoon, 1microsoft, 1bill gatesDwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134139062138179152005-12-09T16:05:00.000+02:002005-12-09T16:37:42.160+02:00Phishing Scams Dupe 70% of TargetsNow this is really concerning - it looks like organised crime is onto a darn good business model here. Much better than spamming in fact. A study released Wednesday by America Online and the National Cyber Security Alliance looked at Internet security and "phishing scams." Phishing refers to e-mails that appear to come from banks or other trusted businesses and are used to induce recipients to Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134137107734974512005-12-09T16:03:00.000+02:002005-12-09T16:05:07.760+02:00Spyware soars in 2005Companies have seen a dramatic increase in spyware infections this year, according to the 2005 Security Threat Management Report from antivirus software company Sophos PLC.Sophos attributes the increase to the business model used by virus writers. The goal for virus writers is financial gain through long-term infection, which is why spyware usage has been so prevalent.The global report, (Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134135244261546842005-12-09T15:29:00.000+02:002005-12-09T15:34:04.263+02:00CSOs, CISOs Gaining Clout in BoardroomsA study released today by the International Information Systems Security Certification Consortium, also known as the (ISC)2, shows that CSOs are gaining clout in the boardroom as they -- and their boards of directors and CEOs -- are more accountable for information security and risk management strategies.A release from the group said the study showed the "ultimate responsibility for information Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134134859786399072005-12-09T15:19:00.000+02:002005-12-09T15:27:39.786+02:00Cisco's Chambers on SecurityCisco Systems Inc. CEO John Chambers talked yesterday about competition, partnerships, security and emerging markets to reporters at the company's 11th annual Worldwide Analyst Conference at Santa Clara yesterday. Among other things, here were his comments on security vulnerabilities with Cisco IOS and other products."Security is something that will be with us for another decade and beyond. As Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1134134275971822592005-12-09T15:04:00.000+02:002005-12-09T15:19:15.206+02:00New York breach law goes liveNew York has joined the growing list of U.S. states requiring that companies notify their customers whenever private information has been compromised. On Wednesday, the state's Information Security Breach and Notification Act went into effect. The law, which is similar to California's SB-1386 notification law, requires businesses and state agencies to inform New York residents "whose unencrpyted Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133904074977806942005-12-06T23:13:00.000+02:002005-12-06T23:31:06.663+02:00ISS witholding IOS vulnerabilitiesThe computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer.Mike Lynn, a former security researcher with Internet Security Systems, or ISS, said three of the flaws can Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133900855560949802005-12-06T22:18:00.000+02:002005-12-06T22:31:28.220+02:00Security Wrap-up : NovemberHere is the "wrap-up" for November 2005 security stories as reported in the Security Wrap monthly e-mail digest.1. TOP STORIES FOR NOVEMBER 2005These were the most read (popular) posts for the month of November 2005IOS makes it to SANS Top-20IOS Exploit and auditing toolsCisco IOS (CiscoGate) Landing PageNorwich Union locks down removable mediaOutsourcing leads to bad security - Chapter 5Cartoon Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133873306013797572005-12-06T14:09:00.000+02:002005-12-06T14:53:50.966+02:00Top stories for November 2005These were the most read (popular) posts for the month of November 2005 IOS makes it to SANS Top-20IOS Exploit and auditing tools Cisco IOS (CiscoGate) Landing PageNorwich Union locks down removable mediaOutsourcing leads to bad security - Chapter 5 Cartoon : Botnets Security key to convergence Infosec market will never mature Security set back by six yearsTop security mistakes to avoidSEE ALSO :Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133870664121967982005-12-06T13:53:00.000+02:002005-12-06T14:04:24.123+02:00Security Appliance top $1Bn in 3Q05Worldwide revenues from the sale of network security appliances and software reached $1 billion last quarter, according to a new study from Infonetics Research. Though this represents 1% growth over the previous quarter, network appliance and software revenues are growing at a healthy rate. Infonetics forecasts a 21% overall revenue increase over the next year, with annual revenues from network Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133868793905954852005-12-06T13:19:00.000+02:002005-12-06T13:33:13.933+02:00Network security in shaky stateResourceful I.T. security professionals are getting the job done, but their efforts have been hampered by undersized staffs and underfunded budgets that limit choices ranging from what products they buy to the vendors they work with.The third annual Strategic Deployment Survey conducted by Secure Enterprise, an InformationWeek sister publication, polled more than 1,500 IT-security pros about Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133867931028524022005-12-06T12:04:00.000+02:002005-12-06T13:18:51.123+02:00Database vendors lack securityAccording to this article, customers are driven to 3rd-party security solutions as major database vendors don't yet meet user needs.Analysts comment that databases are not hardened and they are still on the low end of the spectrum in terms of security. Even though their licenses cost tens of thousands of dollars, big commercial databases aren't meeting user demand for increased data security and Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0tag:blogger.com,1999:blog-12784672.post-1133774074270233342005-12-05T11:01:00.000+02:002005-12-05T11:14:34.306+02:00The Internet SopranosVery interesting article on organised crime and the structures and criminal business models that are forming around cybercrime in particular. The article opens with the line "Welcome to the age of the Internet gangster. Gone are the days when young computer nerds sat alone in their rooms figuring out how to break in to their schools' computer systems to change grades. Also fading into nostalgia Dwainehttp://www.blogger.com/profile/12997537303866512369noreply@blogger.com0