Security Matters Magazine Headlines

NCI Achieves PCI Certification

Mon, 13 Oct 2008 00:00:00 -0500

NCI (Net Cyclops Inc.), a provider of IT Security and Networking services and solutions to Canadian businesses, has added PCI DSS (Payment Card Industry Data Security Standard) compliance assessments to its PCI services portfolio. NCI has passed the rigorous testing process conducted by the PCI Security Standards Council and has achieved the designation of Qualified Security Assessor (QSA).

With PCI DSS, the credit card industry is enforcing “best practices for information security” within merchant environments to protect credit card data. Depending on their transaction levels, merchants have to demonstrate compliance to the standard through quarterly scans, questionnaires, and/or on-site audits.

“NCI offers extensive experience in security assessments and security best practices,” said NCI President, Dan Timmins. “Clients of all sizes are turning to us to assist them with understanding the PCI standard, assessing the gaps in their compliance, and performing quarterly scans. NCI is already an Approved Scanning Vendor (ASV). Now, NCI can also perform yearly compliance assessments as a QSA.”

The PCI standard applies to every organization that processes, stores, or transmits credit card data. Credit card companies and acquiring banks can levy stiff fines and even remove the merchant's ability to process credit card transactions until the merchant is PCI compliant.

Check Point Helps Secure iPhones

Tue, 03 Jun 2008 00:00:00 -0500

Check Point Software Technologies has announced VPN-1 support for the Apple iPhone, thus allowing secure remote access to corporate network systems. Check Point VPN-1 enables an encrypted connection between the iPhone and VPN-1 gateway, protecting in-transit data.

When deploying any device for corporate use, IT faces the challenge of safeguarding the traffic in and out of the private network. Check Point VPN-1 supports the embedded iPhone L2TP client, giving customers best-in-class IPsec virtual private network (VPN) access to corporate servers. Customers can receive email and utilize company resources without the need for additional software on the iPhone.

With VPN-1 administrators can take advantage of a shared secret password and certificates for all iPhones on the network with specific login credentials for each end user. The feature eliminates the need for IT to create separate gateway authentication keys for each device, easing the deployment of iPhones on the network. Check Point VPN-1 support for the iPhone provides customers with the ability to utilize IP-based encryption for transmitting sensitive and private corporate data.

"Love" is in the Air

Fri, 07 Mar 2008 00:00:00 -0600

Fortinet has released its top 10 most reported high-risk threats for January 2008. For the malware community, it would appear that Christmas is not over and it is not too early for Valentine’s Day, as some of January’s most prevalent attacks were spam disguised as Christmas greeting eCards or love letters. Together, they represent more than 11 per cent of the total threats for the month of January.

The report was compiled by Fortinet’s FortiGuard Global Security Research Team, using intelligence gathered from FortiGate multi-threat security systems in production worldwide.

Highlights of January 2008’s top 10 threats are as follows:

Displaying the power of Storm, a new worm variant – Small.FQS – took the No. 3 position in a one-day Valentine’s campaign. Arriving on January 16, Small.FQS charmed readers with emailed links to a Storm infection.
Trojans Pushu.BYC and Pushdo.DGH were responsible for the proliferation of Christmas greeting eCards, which earned them the No. 4 and No. 6 spots, respectively, on the top 10 threats list.
New adware Agent worked its way onto the top 10 list at No. 8, pushing Bdsearch and TCent from last month off the list.

“With eCards and Valentine spam saturating email accounts along with other threats from last month, we would remind users to ‘think before clicking that link.’ In a cyber world littered with dark alleys, not everyone online is your friend,” said Derek Manky, security research engineer for Fortinet. “It should be noted that most legitimate eCards come in the form of a link to the eCard hosting site, using a unique ID, rather than as attachments.”

SMBs At Most Risk

Sun, 17 Feb 2008 00:00:00 -0600

Webroot Software, a provider of Internet security software for the consumer, enterprise and SMB markets, recently unveiled State of Internet Security: Protecting Small and Medium Businesses, a report that highlights Internet security threats among small to medium-sized businesses (SMBs) worldwide.

â€œUnlike larger corporations, SMBs often lack the monetary resources and IT expertise to install and maintain the type of protection needed in the face of todayâ€™s growing malware threats," says aid Peter Watkins, CEO of Webroot Software. "The real dichotomy here is that most of these companies think the real threats are viruses and worms, but the reality is the percentage of spyware is much higher and growing quickly. As a result, these companies are easier targets for cyber criminals when compared to larger companies with dedicated IT security resources.â€

Because of the sheer number of SMBs worldwide, they are easy for criminals to find and have several consistent internal attributes that heighten their Internet security risk including:

Pervasive Internet use. 77 percent of SMBs said their success depends on the Internet.
Home-based and remote workers. Up to 52 percent of new businesses are home-based or remote.
The need to store valuable customer and employee data due to online sales.

According to the report, SMBs are increasingly connected in order to do business, but there are a number of other factors impacting their IT security including:

Lack of in-house security expertise.
Limited budget and resource constraints.
A constant struggle to keep pace with a growing mobile workforce.
Absence of policies managing personal use of work computers.
Increasing volume of sensitive customer and employee data.
A rapidly evolving threat landscape.

â€œWeâ€™re seeing a perfect storm developing that could possibly have serious economic impact. SMBs are heavily reliant on the Internet for their work, making them a target. Compounding matters, there has been a 183 percent increase in websites harboring spyware since January 2007, and SMBs arenâ€™t defending themselves adequately,â€ added Watkins.

In conjunction with the report, Webroot has released A Guide to Security for Small & Medium Business, which provides SMBs with tips and best practices for protecting technology infrastructure and sensitive customer data from malware and cyber criminals.

GFI Software Slashes Prices

Fri, 07 Mar 2008 00:00:00 -0600

GFI Software, an international developer of network security, content security and messaging software, has cut its prices on the majority of products by up to 45 percent.

Apart from reduced prices GFI will also be offering:

Free ReportPacks with every product;
Software Maintenance Agreement (SMA) included for the first year with every product;
Anti-spam and phishing updates included for the first year with GFI MailEssentials; and
New purchasing options for GFI LANguard

The reductions apply to these products: GFI MailEssentials â€“ Anti-spam and anti-phishing; GFI MailSecurity â€“ Email security with multiple anti-virus engines; GFI MailEssentials/GFI MailSecurity suite â€“ Total anti-virus and anti-spam protection; GFI MailArchiver â€“ Email archiving and management; GFI FAXmaker â€“ Hassle-free fax server; GFI EventsManager â€“ Event monitoring, management and archiving.

Web Browsers Under Seige

Fri, 07 Mar 2008 00:00:00 -0600

IBM has released the findings of the 2007 X-Force Security report, detailing a disturbing rise in the sophistication of attacks by criminals on web browsers worldwide. According to IBM, by attacking the browsers of computer users, cybercriminals are now stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet.

The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007, and reached nearly 100 percent by the end of the year. The X-Force believes the criminal element will contribute to a proliferation of attacks in 2008.

Using these techniques, cybercriminals can infiltrate a user's system and steal their IDs and passwords or obtain personal information like National Identification numbers, Social Security numbers and credit card information. When attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.

â€œNever before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on usersâ€™ experiences,â€ said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems. â€œThe Storm Worm provides a microcosm of the kinds of threats users faced in 2007. All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation.â€

In other findings, for the first time ever, the size of spam e-mails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam. This decrease can be counted as a win for the security industry - as anti-spam technologies became more efficient at detecting image-based spam, spammers were forced to turn to new techniques.

The new X-Force report from IBM also reveals that:

The number of critical computer security vulnerabilities disclosed increased by 28 percent, a substantial upswing from years past.
The overall number of vulnerabilities reported for the year went down for the first time in 10 years.
Â·Out of all the vulnerabilities disclosed last year, only 50 percent can be corrected through vendor patches.
Nearly 90 percent of 2007 disclosed vulnerabilities are remotely exploitable.

To access the full report visit: 2007 X-Force Trends Statistics.

Most Reported Threats for February 2008

Fri, 07 Mar 2008 00:00:00 -0600

Fortinet has announced its top 10 most reported high-risk threats for February 2008.

The most definable malware trend for the month was that birds of a feather do flock together and used their collective strength to overtake the Top Ten list, both individually and as a family. The mass-mailer families of MyTob and MyDoom showed strong activity in February and represent a significant portion of this monthâ€™s malware attacks. As an individual contributor, Trojan Pushdo!trâ€™s pornography-laced zip-file attachments pulled out an aggressive two-day attack, allowing the Pushdo variant to make its debut onto the Top Ten. This report was compiled by Fortinetâ€™s FortiGuard Global Security Research Team, using intelligence gathered from FortiGateâ„¢ multi-threat security systems in production worldwide.

â€œWe saw threats on two fronts in February â€“ consistent attacks by malware families that did not let up, punctuated by a periodic rapid-fire approach by individual variants. Mutations of accessible malware code have allowed families, such as MyTob, to thrive and form a visible presence in todayâ€™s threatscape,â€ said Derek Manky, security research engineer for Fortinet.

February primarily showed a shuffling of positions in the most often seen threats while also introducing two malware families to the Top Ten, with MyTob family activity second only to Netsky. For the month of February, rankings for both individual and family threats caught by Fortinetâ€™s FortiGate security appliances are provided:

To read the full February report, click here.

Genetec Goes Down Under

Thu, 27 Mar 2008 00:00:00 -0500

Genetec announced today that the Office of Housing in Victoria, Australia, has adopted Omnicast, Genetecâ€™s IP video surveillance solution, to protect the residents of approximately 7,000 dwellings within the cityâ€™s affordable housing development projects.

Currently, 72 individual sites are being monitored by over 700 cameras, which function over a wireless Ethernet network, linking all buildings back to a central monitoring station. By the end of the project, the Omnicast system is expected to grow up to 1,100 cameras total. Additional archive servers are also in use at the central monitoring station, where at least 28 days of all video recordings are held for video playback.

According to Dean Monaghan, General Manager at Integrators Australia, â€œThere was just no other solution that worked.â€ In fact, it was continuous problems with their previous legacy system which prompted the Office of Housing to shift away from their outdated DVR technology and to look at Genetecâ€™s network-based solution, Omnicast. The new system demonstrates many advantages such as improved image quality through better bandwidth management, increased ease of video footage retrieval, and most importantly significant cost savings from hosting other services over the same wireless network.

Since typically low-income residences are prone to some standard challenges, such as vandalism, violence and crime, Omnicast is primarily being used to ensure the safety and well being of the tenants. â€œIt is just a very streamline process with Omnicast and the Office of Housing is very satisfied with the new system,â€ claims Monaghan.

Symantec Unveils Internet Threat Report

Mon, 14 Apr 2008 00:00:00 -0500

Symantec's latest Internet Security Threat Report (ISTR), Volume XIII rconcludes that the web is now the primary conduit of attack activity, as opposed to network attacks, meaning online users can increasingly be infected simply by visiting everyday web sites.

The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.

In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become a victim of a security threat. Today, hackers are compromising legitimate web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites. However, only 473 (about 4 percent) of them had been patched by the administrator of the affected web site during the same period, representing an enormous window of opportunity for hackers looking to launch attacks.

Phishing also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts â€” computers that can host one or more phishing Web sites. This is an increase of 167 per cent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.

The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information. In the last six months of 2007, 68 perc ent of the most prevalent malicious threats reported to Symantec attempt to compromise confidential information.

Finally, attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. This economy is now characterized by a number of traits common in traditional economies. For example, market forces of supply and demand have a direct impact on pricing. Credit card information, which has become plentiful in this environment, accounted for 13 per cent of all advertised goodsâ€”down from 22 perc ent in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank.

T.J. Maxx Settles Data Breach Case

Mon, 14 Apr 2008 00:00:00 -0500

More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores' operator agreed to have its information audited but avoided paying U.S. federal fines.

TJX Cos. was one of three firms that agreed to settle charges that each "failed to provide reasonable and appropriate security for sensitive consumer information," federal regulators said last week in two unrelated data-breach decisions.

The agreements, which will be finalized after a 30-day public comment period, also require the companies to implement comprehensive information security programs.

"These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information," said Deborah Platt Majoras, outgoing chairwoman of the FTC.

TJX said last March that at least 45.7 million credit cards were exposed to possible fraud in a breach of its computer systems. Court filings by banks that sued TJX estimated the number of cards affected at more than 100 million.

In the other case, personal information about hundreds of thousands of people held by Reed Elsevier's LexisNexis unit may have been accessed in 2005 by unauthorized individuals using stolen passwords and IDs to access Seisint databases.

Sherry Lang, TJX's senior vice president for investor and public relations, said the company disagreed with the FTC's allegations but agreed to the settlement because it "is consistent with the agreements between the FTC and other retailers that have been victimized by cyber crime."

The Framingham, Mass.-based company's 2,500 stores include the T.J. Maxx and Marshalls chains, as well as Winners in Canada.

The FTC cannot impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.

Source: The Associated Press

Stronger Security Solutions Needed

Mon, 14 Apr 2008 00:00:00 -0500

A study carried out by PandaLabs of more than 1.5 million users revealed that 72 per cent of companies with an up-to-date security solution installed had malware on their networks. In end-user environments, the study confirmed that 23 per cent of home computers were infected. Current data indicates that the situation has not improved.

The underlying reason is that traditional security solutions are no longer enough to protect userâ€™s computers from the increasing number of malware samples that appear every day. This means that many users are infected without realizing.

In order to make people aware of this problem, Panda Security has launched the Infected or Not Campaign. Through this initiative, both users and companies will have the possibility to run free security assessment on their PCs and networks, using a malware database with more than 11 million malware samples.

â€œMany users and IT managers believe that all security solutions are the same, and that simply having a traditional antivirus installed provides sufficient protection, yet the truth is quite different. Due to the evolution of malware, a user of a traditional antivirus solution is still significantly exposed,â€ explains Mathieu Brignone, CMO at Panda Security. â€œThis could result in confidential data being stolen, identity theft and ultimately, peopleâ€™s credit cards, bank accounts, etc. being raided.â€

Security Awarness for Free

Mon, 13 Oct 2008 00:00:00 -0500

ISC2 (ISC squared), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, is inviting businesses and consumers to download free security awareness materials that have been provided by some of the organization’s 60,000 certified members worldwide.

The materials are available on the new Cyber Exchange, an online security awareness resource center launched in support of the fifth annual National Cyber Security Awareness Month in October.

The Cyber Exchange houses free security awareness tools from around the world, designed to be used by any organization or individual that wishes to promote online safety at work or within their community. It can also serve as a support tool for private and public sector organizations required to meet cyber security awareness training requirements under directives such as the Federal Information Security Management Act (FISMA).

The Cyber Exchange features a user-friendly layout and navigation, easy search capability, and detailed description of each submission, including file name, file type, file size, and run time if the file is a video. Visitors can also rate each entry to alert other visitors to its quality.

“As a global not-for-profit organization, it is (ISC)2’s responsibility to not only develop information security professionals in all parts of the world, but also to promote best secure computing practices by everyone,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)2. “The materials in the Cyber Exchange, provided by our certified experts, are designed to educate end-users and teach citizens how to better protect themselves.”

Incident Management Service Launched

Mon, 13 Oct 2008 00:00:00 -0500

DigitalDefence, a Toronto-based information security service provider, is introducing a retained incident management service that offers companies a comprehensive alternative to one-off security solutions. DigitalDefence will work with their clients to co-develop their strategy and plans in advance of an incident. Existing controls will be reviewed and tightened where needed. Special attention will be paid to the human element – technical staff complete scenario-based training to ensure that they are prepared to respond to an attack, and all employees receive security awareness training specific to their business.

Because the service is offered on a retained basis, professional DigitalDefence response specialists are available to assist or manage the response for the client on an immediate 24x7 basis. The faster response limits the lost revenue and potential damage from a security breach.

“Hackers target small- and medium-sized businesses that don’t have the luxury of dedicated security staff. Often these companies have only the vendor’s reassurance that networks are safe. I’ve witnessed too many of these businesses spend tens of thousands of dollars more than they needed to because they weren’t prepared” said Jeremy Richards, DigitalDefence’s Senior Vulnerability Researcher.

With the retained incident management service, DigitalDefence aims to provide a security solution to help small business owners worry less about the security and privacy of their data, and focus more on their core business delivery.

Symantec and Dell Expand Partnership

Mon, 13 Oct 2008 00:00:00 -0500

Symantec has announced it is expanding on its decade-long partnership with Dell to deliver the industry's first factory-integrated solution that provides quick and efficient, disk-based backup and recovery. Dell PowerVault DL2000 backup-to-disk appliance is a complete hardware and software data protection solution that includes pre-installed Symantec Backup Exec 12.5 and custom disk management features developed exclusively for Dell, allowing for easier management of backup to disk environments from a single console.

“Symantec and Dell are two industry leaders that have joined forces to engineer, develop, test and certify a single offering that provides IT organizations with a simple, integrated solution for backup and recovery,” said Pat Hanavan, vice-president of product management, Symantec Data Protection Group. “Symantec is the market leader in data protection and Backup Exec is trusted by more than 1.5 million customers to protect and manage their data and systems.”

PowerVault DL2000 powered by Symantec Backup Exec is a disk-to-disk solution that completes backup jobs 50 percent faster and restores data 83 percent faster than tape[1]. The appliance incorporates Symantec’s patent-pending Granular Recovery Technology to allow users to perform a single-pass, application or system-level backup of Exchange, SharePoint, Active Directory, Microsoft Windows Server 2008 Hyper-V and VMware ESX environments while still maintaining the ability to recover individual objects, including files and folders. This technology is unique to the market and eliminates the additional time and storage requirements of a second file-level backup, enabling efficient data protection and faster restores.

As IT organizations continue to deploy virtualization into their production environments, they are faced with new challenges and an additional layer of complexity with managing data protection on virtual machines. Backup Exec 12.5, which is pre-installed on PowerVault DL2000, adds new capabilities to help users reduce their complexity by enabling them to back up an unlimited number of guest machines within a Hyper-V or VMware ESX host environment from a single agent. Backup Exec also uses several VMware technologies including VMware Consolidated Backup (VCB) to reduce the amount of data end users need to backup.

Spain Chooses Enterasys

Mon, 13 Oct 2008 00:00:00 -0500

Enterasys Networks has announced that Renfe-Operadora, part of the Madrid Department of Public Works and provider of passenger and commodities railway services, has selected its solutions to provide secure connectivity and data center infrastructure, supporting more than 4,000 users in 700 locations across Madrid, Spain.

Enterasys solutions were selected as part of an ambitious plan to update Renfe’s infrastructure systems in order to align IT with current business needs. The plan includes a completely overhauled data center, updated switching infrastructure and modernized security services such as Network Access Control (NAC) and identity-based policy management. The project involves two major deployments: a platform for secure connectivity to its new virtualized data center, and a new LAN infrastructure, both of which are supported by Enterasys products.

“One of our most important criteria is that we deploy technology only if it is required by business,” said Pedro Galián, chief of communications at Renfe. “Our mission is a two-way path. On the one hand, we need to know what our business really requires, and on the other hand we have to know what the industry is offering, and be able to turn innovation into added value for our business.”

The new infrastructure has been designed following several requirements, such as identity-based network security, adaptability to support a variety of equipment and functions, and secure remote access for mobile users. The result is a secure network infrastructure and Data Center, which supports always-on connectivity for 4,000 users, distributed across 700 different locations. Specifically, it allows for identity-based security policy and authorization, service-oriented dynamic assignation of resources and support for business applications and converged network services (data, voice and video).

Counterfeit $100 Notes Discovered

Tue, 29 Apr 2008 00:00:00 -0500

The Bank of Canada and the Toronto Police Service are reminding the public and retailers to pay close attention to the bank notes they receive. A number of counterfeit $100 notes have been passed mainly in the Greater Toronto Area in the last few weeks.

"This incident reminds us that we must always remain vigilant against counterfeiting," said Gerry Gaetz, chief of banking operations at the Bank of Canada. "Counterfeiting rates in Canada have declined by over 75 per cent since their peak in 2004, but counterfeiters look for opportunities to pass notes where they can tell people aren't checking them."

These $100 counterfeits can be easily detected when compared with a note that you know is genuine. As always, we are advising retailers and the public to check two or more security features.

All denominations in the latest bank note series (those with the metallic stripe) have the same security features. Once you know how to check the features on one note, you know how to check any denomination. It takes only minutes to learn how and just seconds to check your money. Checking cash is a quick and reliable deterrent to counterfeiting.

Yahoo! and McAfee form Partnership

Wed, 07 May 2008 00:00:00 -0500

Yahoo!, Inc. and McAfee, Inc. have formed partnership to deliver a safer web search experience through Yahoo! Search. Launching in beta a few weeks ago, the new SearchScan feature by Yahoo! Search, powered by McAfee SiteAdvisor technology, provides always-on alerts to users for â€œriskyâ€ sites with security concerns, such as spyware, adware and other malicious software thatcan infect and damage a userâ€™s PC.

SearchScan also identifies sites that have shown bad email practices, flooding user in-boxes with spammy emails. SearchScan is available for Yahoo! Search users in the Canada, the United States, U.K., France, Italy, Germany, Australia, New Zealand and Spain.

By integrating McAfeeâ€™s technology into Yahoo! Search, sites that may harm the userâ€™s computer just by visiting them will be eliminated from appearing in Yahoo! Search results. SearchScan also alerts users to potentially risky sites with a red warning sign in search results, allowing users to proceed with caution. During this beta period, SearchScan displays McAfee alerts optimal for the Yahoo! Search user and does not include all McAfee SiteAdvisor red ratings. (See Diagram 1)

â€œThe advance warning offered by McAfee SiteAdvisor is one of the strongest weapons in the battle against online threats,â€ says Tim Dowling, McAfee vice-president, Web Security Group. â€œResearch indicates that four out of five web site visits start with a search, and consumers who use Yahoo! Search will now be alerted to high-risk Web sites. This protects users from known malicious threats such as browser exploits that will wreck their PC with a single click or spyware that can lead to identity theft.â€

Chile Government Hit by Hacker

Tue, 13 May 2008 00:00:00 -0500

Chile is trying to recover after a hacker broke into government sites mining data from six million people which he then posted on the Internet on two popular servers for several hours,

First reported by the El Mercurio daily, the personal data — taken from Education Ministry, Electoral Service and state-run telephone companies' web sites — included names, street and e-mail addresses, telephone numbers, social and educational background.

The data was displayed for several hours before authorities removed it on the technology information website "FayerWayer" and community website "ElAntro."

The hacker said on the websites he splashed the data "for the whole world to see ... (to) show how unprotected personal data is in Chile ... nobody bothers protecting that information."

Americans Worried About Security

Tue, 27 May 2008 00:00:00 -0500

The latest U.S. results of the Unisys Security Index reveal that Americans are more concerned than they were seven months ago about national security issues and health epidemics. Other key findings indicate an increase in consumer concern about financial security issues and worry over identity theft.

The Unisys Security Index presents a social indicator of how safe consumers feel in relation to four areas of security: national, financial, Internet and personal safety. Unisys conducted the first wave of the U.S. research in August 2007, as part of a bi-annual global research effort that studies consumer sentiment of security issues in 14 countries. The second wave of U.S. research was fielded among more than 1,000 Americans between March 5-10, 2008.

Compared to last year’s baseline study, the overall measure of the Unisys Security Index remains at 151, representing a moderate level of concern about security issues among Americans (the index is measured from 0 to 300, with 300 representing the highest level of perceived anxiety). Within the four specific areas of security, the current Index found a considerable increase in concern among Americans about national and health security issues, offset by a slight decrease in concern about financial, Internet and personal safety.

Other key findings include:

The number of people extremely concerned about national security in relation to the war on terrorism increased nearly 15 percent since August 2007.
While overall personal security concerns decreased slightly from last year, 70 percent of respondents still demonstrated a significant amount of concern about someone stealing their identity and misusing personal information.
The number of people who are extremely concerned about a serious health epidemic rose more than 20 percent from last August, and just under half of all respondents are very or extremely concerned about this issue.
Americans living outside cities are more concerned about terrorist attacks than those living in urban centers.

”The data show us that most Americans feel heightened concern when it comes to physical safety and personal health issues,” says Tim Kelleher, Unisys's vice-president of Enterprise Security. “Even though concern across most indices declined slightly, it’s interesting to note the increase in concern about terrorism and health comes even with a sustained absence of domestic terrorist activity and epidemics in the U.S. But with wall-to-wall news coverage of the presidential election, worsening economic conditions and a particularly harsh flu season, it’s not unreasonable that alarm over macro-security issues is on the rise.”

The Unisys Security Index also shows that financial institutions are not doing enough to protect consumers’ pertinent financial information online and combat debit and credit card fraud.

A majority of Americans are extremely or very concerned (64 percent) about other people illegally obtaining and using their credit or debit cards. Further, seven in 10 Americans expressed the same level of concern about access to or misuse of personal information, remaining steady from the baseline study conducted in August 2007. Unease about online shopping and banking is highest among the baby boomer generation, with nearly half of all respondents between the age of 45-64 expressing apprehension.

Storm Botnet Strikes Again

Tue, 27 May 2008 00:00:00 -0500

On May 19, MessageLabs intercepted a new wave of malware from the Storm Botnet, which showered more than 81,000 victims with amorous messages of love. The e-mails were short in copy but spread the malware via a link to a file â€” iloveyou.exe â€” hosted on a malicious website running the lightweight â€œnginxâ€ web server (version 0.5.17), which has been specially ported to Windows for use by the Storm botnet.

With subject lines including â€œWith All My Love,â€ â€If Loving You,â€ â€œWith Love,â€ â€œWe Belong together,â€ and â€œOur Love is Free,â€ MessageLabs analysis revealed that the main locations of where the spam originated, based on the IP addresses included Peru, the United Kingdom, Vietnam, Russia, Turkey, United States and the Netherlands. This run accounted for approximately one per cent of all spam on this date which suggests that Storm spam is now between one and two per cent of all spam.

Although it doesnâ€™t look like the surge in Storm malware mails has resulted in a surge in spam, this is a typical watch-and-wait scenario as if many more machines become infected with Storm we may see an increase in Storm spam over the coming weeks.

According to Paul Wood, Senior Analyst at MessageLabs, "the impact of this latest Storm attack remains to be seen however as Stormâ€™s authors have proven that they are able to bypass the majority of traditional antivirus tools in order to reach their targets, this attack should serve as a warning shot to those who are not securing both their email and web traffic properly.â€

Helping Businesses Combat Online Fraud

Tue, 27 May 2008 00:00:00 -0500

Symantec has recently announced the availability of Symantec Online Fraud Protection, a program that includes Symantec services, education and ongoing monitoring and management capabilities designed to protect businesses that conduct large volumes of financial transactions and their customers from losses due to online fraud.

The offering is intended to help businesses shield their customers from a variety of online threats, including phishing and pharming. By helping their customers safely conduct transactions online, businesses can boost customer loyalty, minimize financial loss and legal exposure, and reduce risks to their corporate brand.

â€œFraud attacks are becoming more sophisticated and are increasingly targeting businesses and customers with devastating effects,â€ sayes Rob Enderle, president and principal analyst, Enderle Group. â€œOrganizations generally lack an effective comprehensive approach to mitigating online fraud. In addition, the damage that results from fraud now goes beyond just financial damage to impacting the global brand. This combination should make reducing the related risks a primary business objective.â€

Symantec Online Fraud Protection includes:

Phishing Monitoring: Watches for new phishing attacks and other attacks on the clientâ€™s brand.
Transaction Monitoring: Reviews transactions on back-end systems and blocks fraudulent activities.
Online Fraud Incident Response and Countermeasures: Provides rapid response to attacks in order to minimize losses and protect brand reputation, including working with ISPs to curtail the activities of fraudsters.
Malware Intelligence and Analysis: Provides monitoring of malware targeting a specific brand and analysis of new malware behaviour.
Consumer Education and Protection: Helps organizations educate and protect their end-user customers from online threats and minimize the risk of fraud.
Expert Resident: The offering also includes an expert resident from Symantec, with access to a variety of security intelligence data sources, who works with in-house staff to provide security expertise and serve as the primary point of contact leading all online fraud protection efforts.

UK Health Organization Chooses McAfee

Tue, 27 May 2008 00:00:00 -0500

The National Health Service Connecting for Health (NHS CFH) has selected McAfee to provide encryption and port control to protect confidential data on NHS computers and devices. As part of the NHS contract, McAfee Data Protection will provide 700,000 licenses for device encryption, port control, secure content encryption and mobile encryption to NHS organizations and related bodies across England.

McAfee Data Protection's enterprise solution will encrypt confidential staff and patient data, helping to safeguard the NHS from data breaches and protect those whose data resides on NHS systems. Data will be protected on all devices, such as PCs, laptops, PDAs and smartphones, content on hard drives and removable media; and computer ports to prevent unauthorized use of portable media connected to USB, serial and parallel ports.

"Protecting patient data and NHS operational data against data security threats is essential," says Mark Ferrar, director of infrastructure, technology office, NHS Connecting for Health. "The McAfee product is an enterprise class solution that integrates with existing software deployment tools, can be deployed in both standalone and organization-wide scenarios and meets the required stringent security standards."

Security Now a Critical Business Issue

Tue, 27 May 2008 00:00:00 -0500

IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. This is the overall conclusion of the IT Policy Compliance Group's 2008 annual research report entitled “IT Governance, Risk and Compliance – Improving business results and mitigating financial risk.”

Furthermore, the maturity of IT GRC practices and capabilities are having a direct impact on the fortunes of organizations.

“Fundamentally, IT GRC is concerned with two objectives: delivering value to the business and mitigating business risks from IT,” said Everett Johnson, CPA, immediate past president of ISACA and the IT Governance Institute. “Successful organizations accomplish these goals by aligning the business and IT strategy, and embedding accountability for effective IT into the organization, beginning with top leadership.”

Primary benchmark research conducted by the IT Policy Compliance Group shows that the way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources.

The raw scores from the report clearly show that firms with better IT GRC results are enjoying much better performance when it comes to satisfying customers, retaining customers, and growing revenues and profits, than all other organizations. Based on the evidence, from least mature to most mature, the top organizational functions that make the most difference to improving IT GRC maturity include senior management, managers and directors in IT, legal counsel and the audit committee.

“These findings reinforce that information security and privacy are critical business issues that are most effectively and efficiently addressed with well managed IT compliance programs,” said Rocco Grillo, managing director within Protiviti’s IT security practice. “The study’s results support empirically what we are seeing in the marketplace, notably, that protecting sensitive data is becoming the biggest priority in IT compliance. This no doubt is a result of costly data breaches and post-breach remediation requirements, as well as PCI and other regulatory compliance requirements.”

Canadian Businesses Losing Data

Fri, 06 Jun 2008 00:00:00 -0500

The number of Canadian businesses suffering tangible losses as a result of security attacks, including loss of confidential information and intellectual property, has doubled in the past two years, according to a new national survey of Canadian IT security executives by CA Canada.

In the CA Canada 2008 Security and Privacy Survey, more than 20 per cent of organizations, in 2008, reported a loss of confidential information as a result of security attacks and breaches, up from 10 per cent in 2006. Loss of intellectual property as a result of security attacks and breaches has also doubled to 16 per cent during this same timeframe.

Poll respondents indicate one reason for the rise in information and intellectual property loss, among other assets, is the changing nature and source of security threats themselves.

By far, the most dramatic increase in security attacks has come from internal security breaches. In 2008, one-third of survey respondents identified internal breaches as a key security challenge over the past 12 months – compared with less than five per cent in 2003.

“The survey indicates that the consequences of security attacks are increasingly about losing dollars and tangible assets,” said Renee Lalonde, regional vice president, CA Canada. “Internal security breaches can be the most dangerous as they strike at the heart of organizations’ efforts to protect customer and transaction data from within.”

In 2008, 17 per cent of survey respondents indicate they have lost revenue, customers or other tangible assets as a result of security attacks, up from 11 per cent in 2006. Somewhat surprisingly, the number of computer virus attacks has decreased from 75 per cent in 2003 to 62 per cent in the past 12 months.

The CA Canada survey results also show there has been significant growth in the number of organizations suffering known security attacks over the past five years. In the past year, more than four out of five (86 per cent) of large Canadian organizations have suffered an identified security attack compared with only 67 per cent in 2003.

Those polled reported that incidents of the various threats in 2008 is more evenly spread out between virus attacks, network attacks, denial-of-service attacks and internal security breaches than in the past.

More Funding is Needed
Critical to successfully combating security attacks and breaches is an organization’s willingness to invest, but nearly four in 10 Canadian security executives believe their individual organization’s spending on IT security is too low.

The survey results point to Identity Access and Management (IAM) solutions, as a key and growing area of security investment by large Canadian organizations. IAM solutions enable organizations to facilitate and control access by their users to critical online applications and resources — while protecting confidential personal and business information from unauthorized access.

Survey respondents indicate that in 2008 more than 70 per cent of large Canadian organizations are using an IAM solution. Half of those polled who are not currently using an IAM solution plan to implement or roll-out IAM functionality within the next 12 to 18 months. Improved security was identified as the critical, primary benefit of IAM by half of those polled.

The high identification of IAM with security means continuing strong growth for IAM solutions within large Canadian organizations. Based on the respondents’ future security plans, CA forecasts 15 per cent growth in large Canadian organizations’ user base over the next 12 to 18 months.

Adware Continues to be a Threat

Thu, 05 Jun 2008 00:00:00 -0500

Fortinet has announced the top 10 most reported high-risk threats for May 2008.

The strongest development of the month showed adware Vapsup flooding users with advertisements for rogue virus protection software. Vapsup jumped 42 positions to land on the second spot, just .01 percent behind persistent malware leader, Netsky. From using plug-ins that hi-jack control of usersâ€™ web browser navigation to rogue antivirus scanner pop-ups, Vapsup had a bagful of tricks and scare tactics to lure the unsuspecting user into clicking affiliate links. The incentive for all this trickery was the per-click payouts through affiliate marketing programs linking back to servers located mostly in Russia and the U.S.

â€œJudging by the high level of activity by Vapsup in the past month, the cyber criminals behind this adware should be getting a huge payday,â€ says Derek Manky, security researcher for Fortinet.

Additional malware trends observed during this period include the following:

Online gaming Trojan activity continues in Asia, still concentrated in Taiwan and China
An Iframe injection campaign runs strong through Iframe.DN, pointing to Korean servers
Parasitic file infector, Virut.A, which made itself known in March remains in the top five for three consecutive months, showing longevity

Cybercrime on the Rise

Thu, 05 Jun 2008 00:00:00 -0500

Cybercrime is now the most significant challenge facing law enforcement organizations in
Canada, according to a nation-wide survey conducted by Deloitte and commissioned by the Canadian Association of Police Boards (CAPB).

The study â€” with its goal being to determine the magnitude and impact of cybercrime on Canadians â€” indicates that cybercrime is a much more serious threat than previously believed.

â€œWe knew that many law enforcement agencies were seeing impacts but, without good numbers, it was hard to get a true sense of how significant the threat was,â€ says Ian Wilms, chair of the Canadian Association of Police Boards. â€œWe now know, thanks to our survey and the efforts of other organizations, that cybercrime is surpassing drug trafficking and is very close to becoming the #1 crime in the nation.â€

â€œAs a result, the average citizen is now more likely to be a victim of crime through the Internet than on the street or in their home,â€ he adds. â€œEven if they donâ€™t own a computer, their information may be on someone elseâ€™s computer or with a business that uses the Internet which can put them at risk.â€

One of the key recommendations from the CAPB survey is the establishment of a dedicated Canadian centre where law enforcement and various agencies can work together to combat cybercrime.

The CAPB survey was funded by Public Safety Canada, the Government of Alberta Solicitor General and Public Security and the City of Calgary.

Bank Loses Sensitive Data

Fri, 06 Jun 2008 00:00:00 -0500

Sensitive data, including names, addresses and Social Security numbers, of more than four million people owning shares in public companies has been exposed after a box of back-up data storage tapes went missing from the Bank of New York Mellon.

According to various media reports, an unnamed storage vendor was transporting 10 boxes of back-up data storage tapes with shareholder information from BNY Mellon Shareowner Services' facility in New Jersey to an off-site storage facility when one box was discovered missing.

In dealing with the situation, the bank is cooperating with law enforcement and offering customers two years of free credit monitoring and identity theft insurance up to $25,000. In addition, it is reviewing its policies and procedures, in particular the need for confidential data to be transferred in encrypted form when possible to minimize the need for data storage tape.

Level of Spam Reaching Record Highs

Fri, 06 Jun 2008 00:00:00 -0500

In its May 2008 Intelligence Report, MessageLabs reports spam levels are back on the increase with levels reaching 76.8 percent of all e-mails in May, heights not experienced since early 2007.

The rise in spam, according to MessageLabs, is due to the change of tactics adopted by the spammers this month, moving further away from reliance on new and undetectable email attachments and moving toward the exploitation of free, mainstream hosted services, such as Google Docs and Calendar and Microsoft SkyDrive.

â€œThe savvy, intelligent and accurate cybercriminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are now focused on exploiting free hosted applications which have become mainstream in 2008,â€ says Mark Sunner, chief security analyst, MessageLabs. â€œThe spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted; this is one more addition to the growing list of ways the spammers have succeeded in outsmarting traditional detection devices.â€

As for geographical trends, spam levels increased across almost every region. In the U.S., levels reached 73.4 percent, 77.7 percent in Canada and 71.3 percent in the United Kingdom.

In May, MessageLabs intercepted spam e-mails which contained links to spam contained in documents hosted on the Google Docs environment. With traditional spam filters not blocking links to the Google Docs domain, spammers are using this to their advantage, as well as tracking their success through the use of Google Analytics. Google Docs is not the only target of this kind on the spammersâ€™ radar. They are also using Microsoftâ€™s shared file hosting service, SkyDrive. Spam generated using this technique accounted for one percent of all unsolicited mail in May.

In addition to the variety of new spam techniques, MessageLabs also identified several new phishing exploits this month, including one which preyed on a bankâ€™s environmentally conscious customers. Using the Srizbi botnet to launch the attacks, the phishers took advantage of the Central Bank in Missouriâ€™s â€˜Go Greenâ€™ campaign to lure recipients into sharing their bank details in order to register for eStatements. Also in May, MessageLabs uncovered evidence of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via an https, however, closer inspection revealed that this was not the case and was actually a standard http link to a domain pretending to be the actual bank.

Other report highlights include:

Web Security: Analysis of web security activity shows 30.5 percent of all web-based malware intercepted was new in May, a decrease of 5.8 percent since April.
Spam: In May 2008, the global ratio of spam in e-mail traffic from new and previously unknown bad sources, was 76.8 percent (1 in 1.30 emails), an increase of 3.3 percent on the previous month.
Viruses: The global ratio of e-mail-borne viruses in e-mail traffic from new and previously unknown bad sources, was 1 in 170.1 emails (0.59 percent) in May, an increase of 0.13 percent since the previous month.
Phishing: May saw a decrease of 0.11 percent in the proportion of phishing attacks compared with the previous month. One in 265.6 (0.38 percent) e-mails comprised some form of phishing attack. When judged as a proportion of all e-mail-borne threats such as viruses and Trojans, the number of phishing emails rose by 23.4 percent to 64 percent of all e-mail-borne malware threats intercepted in May.

E-mail Leading Cause of Data Leakage

Fri, 06 Jun 2008 00:00:00 -0500

In its fifth-annual study of outbound e-mail and data loss prevention issues, Proofpoint found that large enterprises continue to incur risk from â€” and take action against â€” information leaks over outbound e-mail, as well as newer communications media, such as blogs, message boards, media sharing sites and mobile devices.

Outbound e-mail remains a key source of risk for U.S. enterprises with a record 44 per cent of surveyed companies reporting that they investigated an e-mail leak of confidential information in the past 12 months. 41 per cent of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound e-mail. 22% of these companies said they employ staff primarily or exclusively for this purpose.

Other key findings in the survey include:

40% of companies surveyed investigated an e-mail-based violation of privacy or data protection regulations in the past 12 months.
26% of companies surveyed terminated an employee for violating e-mail policies in the last 12 months.
23% of U.S. companies surveyed said their business was impacted by the exposure of sensitive or embarrassing information in the last 12 months.
34% of the largest companies (20,000 employees or more) reported that employee e-mail was subpoenaed in the last 12 months.

E-mail is not the only source of risk for information leakage. Respondents to the survey indicated significant risk resulting from employee use of blogs, message boards and media sharing sites (e.g., YouTube), as well as mobile devices. Some of the key findings include:

27% of companies surveyed had investigated the exposure of confidential, sensitive or private information from lost or stolen mobile devices in the past 12 months.
11% of U.S. companies surveyed disciplined employees for improper use of blogs/message boards in the past 12 months.
13% of surveyed companies disciplined employees for social network violations and 14% for improper use of media sharing sites in the past 12 months.
14% of publicly traded companies surveyed had investigated the exposure of material financial information (such as unannounced financial results) on blogs or message board postings in the last 12 months.

Facebook Faces Privacy Complaint

Fri, 06 Jun 2008 00:00:00 -0500

The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, Faculty of Law, has asked the Privacy Commissioner of Canada to investigate alleged violations of Canadian privacy law by the Facebook.

CIPPIC's 35-page complaint alleges 22 separate violations by the popular social networking site, including its failure to inform Facebook members of how their personal information is disclosed to third parties for advertising and other profit-making activities and its failure to obtain permission from Facebook members to such uses and disclosures of their personal information.

A team of law students, some of whom are dedicated Facebook users, analysed the company's policies and practices as part of a clinic course this past winter and identified specific practices that appear to violate the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

"Social networking online is growing phenomenon," said Clinic Director Philipp Lawson. "It is proving to be a tremendous tool for community-building and social change, but at the same time, a minefield of privacy invasion. We chose to focus on Facebook because it is the most popular social networking site in Canada and because it appeals to young teens who may not appreciate the risks involved in exposing their personal details online."

Facebook has more than seven million Canadian members, making Canada the third largest user base, after the U.S.A. and the U.K.

"Facebook purports to provide users with a high level of control over their data," says Harley Finkelstein, one of the law students who lodged the complaint. "But our investigation found that this is not entirely true - for example, even if you select the strongest privacy settings, your information may be shared more widely if your Facebook Friends have lower privacy settings. As well, if you add a third party application offered on Facebook, you have no choice but to let the application developer access all your information even if they don't need it."

Jordan Plener, another law student who worked on the complaint, noted that "although Facebook has taken steps to allow for more control over sharing one's information on the site, its default settings are for sharing in most cases. Changing those settings requires a high level of aptitude and experience with the site. We believe that many Facebook Users, especially young people, don't appreciate the extent to which their often sensitive personal information is being shared beyond their social circle."

"We're concerned that Facebook is deceiving its users," said Lisa Feinberg, another law student behind the Complaint. "Facebook promotes itself as a social utility, but it's also involved in commercial activities like targeted advertising. Facebook users need to know that when they're signing up to Facebook, they're signing up to share their information with advertisers."

Under PIPEDA, the Privacy Commissioner has up to a year to investigate and render her findings on the complaint.

Cybercrime Feared More Than Burglary

Mon, 09 Jun 2008 00:00:00 -0500

AVG Technologies has released the results of its own research study that shows U.S. citizens are more concerned about being the victims of cybercrime than burglary or assault.

Of the 1,000 PC users surveyed in March 2008 through Ipsos, a market research company, 57% felt that they will most likely be the victims of cybercrime with only 21% believing they will be victims of burglary.

These results can be linked to two key behavioral trends:

Very high use of the Internet for increasingly sensitive transactions:

74% of users shop online
67% of users bank online
63% of users pay bills online

Low levels of protection with high concerns for cyber-related crime:

15% of users surveyed didn't know when security software was installed on their
computers
91% of users agreed that cyber theft is certainly a concern

While 57% of users surveyed said they would most likely be the victims of cybercrime/theft,
73% felt confident that they were being protected by their Internet security provider.

â€œIt's clear that we still have a considerable amount of work to do to protect computer users against cybercrime,â€ says AVG Technologies CEO J.R. Smith. â€œIn the space of a few years, the nature of the threat has changed from a sport to professional criminal activity. The challenge for us now is to deliver security with a light touch that does not stifle innovation.â€

â€œSecuring the web, by its very nature, should be a collaborative undertaking,â€ he adds. â€œThat's why AVG's threat research incorporates user input as a core component, fostering an environment in which users cooperate with researchers to ensure the protection of all.â€

Cisco Announces New Security Solution

Tue, 10 Jun 2008 00:00:00 -0500

Cisco has announced a video surveillance solution enabled on the Cisco Integrated Services Router (ISR) platform. By incorporating video surveillance network modules into the Cisco ISR, the solution converges physical security over an IP network.

The Cisco Video Surveillance solution is part of Cisco's recently announced business video strategy, which combines systems and services using the network as the platform to enable end-to-end, any-to-any video solutions that create powerful Visual Networking experiences.

The solution It provides integrated management from a central site and/or distributed management from many sites to collect, monitor and view both live and recorded video, with a single all-in-one Cisco ISR platform. Customers can use both traditional analog video cameras and wired or wireless IP video surveillance cameras. Cisco Video Surveillance on the Cisco ISR also provides customers with a single-box embedded storage option as well as third-party video storage and archival capabilities.

It also works with non-IP video surveillance equipment to enable a migration to IP-enabled video surveillance. This will allow the large installed base of over four million Cisco ISR and new customers to deploy video surveillance as part of their existing infrastructure, while helping to reduce the total cost of ownership, improve operational flexibility, combine physical and network security, and enhance performance and reliability.

CDW Releases User IT Security Report

Tue, 17 Jun 2008 00:00:00 -0500

CDW, a provider of technology products and services to business, government and education, has released the CDW User-Proof IT Security Report, a survey of business information technology (IT) professionals, that reveals a disparity between the most common IT security headaches and businesses' deployment of solutions that could relieve them.

Survey respondents said their most common problems stem from employees using the Internet inappropriately, using unapproved software, and circumventing security infrastructure and policies. However, the study found companies lagged in their use of tools such as Internet content filtering or network auditing and visibility systems, which would help IT management spot and sometimes avoid such risky behaviour by network users.

"Security of business information assets remains a top priority among IT professionals, but the study findings suggest that the number, complexity and ongoing evolution of IT security solutions may be so daunting that many organizations are challenged to stay current on their knowledge and deployment," said Ken Grimsley, vice-president of strategic sales for CDW. "When a company does focus on a specific IT security issue, there are excellent solutions available. CDW works continually to anticipate IT security threats as they evolve and bring our customers the most current solutions to address them."

Other finding include:

Inappropriate use of the Internet on company networks is the top IT security headache, but just 56 per cent of companies have Internet content filtering and blocking solutions in place
Installation and use of unauthorized software programs is a top challenge, but just 40 per cent of respondents note that they employ network auditing and visibility systems
IT professionals whose organizations employ content monitoring and filtering, SSL protection, mail gateway security and similar measures to address common headaches give their network users higher grades for overall IT security compliance

CDW surveyed IT professionals at companies with more than 100 employees, focusing exclusively on those who said their organizations have written IT security policies and procedures. The survey asked respondents to grade their IT network users as a group on their understanding of and compliance with their IT security policies, and then asked in-depth questions regarding what security measures their companies employ and how IT security solutions could be improved to
increase user compliance.

Responding IT professionals said their IT security systems are easy to use, but also reported much room for improvement in end-user understanding and compliance with security policies and procedures. Seventy-seven percent of IT professionals said that their IT security systems are very easy or somewhat easy to use, but just 23 per cent gave their users an ‘A' on compliance with IT security policies, procedures and required practices. Asked to assess available security solutions, IT professionals wanted vendors to provide still more user-friendly and easier-to-manage solutions that require less IT staff intervention.

"Clearly, IT departments — and IT security managers in particular — are some of the busiest people in the business world today, and they spend so much time responding to client department needs that they don't always have time or resources to address security priorities," concluded Grimsley. "Outside resources appear to play an increasingly important role in IT security, and having a trusted advisor to lean on for information and counsel may help IT professionals make better decisions more quickly."

For a copy of the complete CDW User-Proof IT Security Report, click here.

Eight Charged in Debit, Credit Card Fraud

Mon, 23 Jun 2008 00:00:00 -0500

Source: The Toronto Star

Eight people have been arrested and face a total of 101 charges after a six-week police investigation into an alleged bank card fraud ring in the Greater Toronto Area.

The suspects developed equipment to place in ATM machines to capture user data and personal identification numbers, according to police.

After the data was captured, it was downloaded to computers and transferred to counterfeit cards and used at ATM machines throughout the GTA to withdraw cash from the victim's account.

Police executed search warrants at several locations in Toronto, York and Peel regions today and located two alleged fraud labs, one in an industrial complex storefront in York and the other in an apartment in Toronto.

They seized $120,000 in cash, computers, skimmers, card-readers, moulding machines, counterfeit cards, cameras and several other tools.

Police were able to identify machines that were frequently compromised, helping to find and arrest suspects and determine their roles in the alleged fraud ring.

Police from Toronto, York, and Peel regions worked with the OPP, RCMP and Canada Border Services Agency during the six-week investigation.

More than $100 million was lost to theft and counterfeit payment cards in 2007, which involved 159,000 card holders.

Notebook Solution Focues on SMBs

Fri, 27 Jun 2008 00:00:00 -0500

No Panic Computing (NPC) is now offering its first secure mobile computing offering for small business.

Designed to alleviate data loss, data breach and business interruptions, NPC — working in conjuction with HP, Intel and Iron Mountain — offers businesses a HP notebook that includes technology that proactively monitors the user’s system for the quality and completeness of the secure data backup, the integrity of the encryption system, and for viruses or tampering attacks. Biometric technology, as well as managed security policies, are also used.

The NPC solution is offered exclusively on HP enterprise notebooks along with office software, back up, security, encryption, accidental damage protection, warranty and unlimited 24/7 support, all pre-configured for a monthly price of $129.95.

Every NPC laptop also features technology that allows NPC to remotely destroy laptop data in the event of theft or loss.

“We know that data security, ease-of-use and business continuity at a manageable cost are primary concerns for small business computer users. No matter what happens, whether a laptop is lost, stolen, malfunctioning or compromised, just one phone call gets our customers back to work,” says Larry Keating, NPC's president and CEO. “Our extensive field pilot proved that knowing their data encryption works and is professionally managed, and their laptop can be replaced at any time with their data restored is the peace-of-mind SMB professionals are looking for.”

According to new NPC-commissioned research conducted in May 2008 by AMI-Partners Research, 70 per cent of Canadian small businesses state that data security is a priority to their business – the highest rate among all categories, eclipsing basic operational services such as business insurance and accounting. In fact, the small business IT security spend in Canada is estimated to grow to $500 million by 2012 from $271 million today.

Although data security is a top priority, according to the research, Canadian small businesses have very low penetration and usage rates of sophisticated security products. Seventy-four per cent of small businesses surveyed do not yet encrypt their data.

Within the almost one million small businesses in Canada, the AMI survey results show the loss of data on a company notebook would have a considerable impact on their business.

NPC customers receive an HP enterprise notebook pre-configured with Microsoft Office 2007, ESET anti-virus/anti-spyware software, Claritude Speedfiler, a carrying case and notebook accessories. Once the notebook is used, all of the data and programs are backed up daily to one of Iron Mountain’s secure data facilities.

Sony Unveils New IP-Based Cameras

Mon, 30 Jun 2008 00:00:00 -0500

Sony of Canada has entered the megapixel marketplace with several new additions to its line-up of IP-based security network cameras.

Sonyâ€™s first megapixel cameras include the SNC-DM110 Megapixel Normal mini-dome, SNC-CM120 Megapixel CS mount Day/Night, and the SNC-DM160 Megapixel Rugged Day/Night mini-dome models.

Each of the megapixel cameras feature advanced complementary colour progressive scan CCDs with Sony ExwavePRO technology. Unlike conventional progressive scan CCD imagers, this colour filter technology provides increased levels of light sensitivity needed to achieve optimal performance from todayâ€™s fixed-type megapixel systems.

The units also feature Light Funnel technology, which combines image data gathered from multiple horizontally and vertically aligned pixels to provide extremely bright image output even when monitoring moving objects. This function can be activated automatically in response to surrounding light conditions or on a pre-specified time schedule.

â€œOur entry into the megapixel marketplace with this new line-up of intelligently designed cameras is the result of a very deliberate and well-planned long-term growth strategy,â€ said Carlos Varela, Marketing Manager, Security, Broadcast Communication Solutions Group, Sony of Canada Ltd. â€œThe leap forward in capabilities provided by ExwavePRO and Light Funnel technologies will provide these new fixed-type megapixel cameras with the capability to output extremely clear and detailed images in even the most challenging lighting environments.â€

The flagship SNC-DM110 network mini-dome camera, the SNC-DM160 mini-dome and the SNC-CM120 mount are all equipped with a 1/3-inch complementary colour progressive scan imager.

Fortinet Expands Security Research

Tue, 08 Jul 2008 00:00:00 -0500

Fortinet has enhanced its FortiGuard Center, an online resource and update centre that provides up-to-the minute information on breaking threats, vulnerabilities and security research.

Fortinetâ€™s FortiGuard Center and team of security research professionals support the companyâ€™s FortiGuard Subscription Services offering, which includes FortiGuard Antivirus, FortiGuard IPS, FortiGuard Web Filtering and FortiGuard Antispam security research and update services.

The FortiGuard Center is Fortinetâ€™s threat update and security research hub, where visitors and customers can find timely threat and vulnerability information, as well as advisories, trend reports, deep threat analysis and the living â€œVirus World Map,â€ which shows the top 10 current threats per country. New FortiGuard Center features include:

Enhanced Vulnerability Coverage â€“ A summary of new and recently-enhanced vulnerabilities, as well as the active exploitation, for customers to evaluate recent IPS updates in their products and focus on active threats
IPS Service Update History â€“ A historical listing of all modifications in the IPS package that includes new and enhanced security content
Anti-virus Top Threats â€“ Top threats in virus/spyware, mobile threats, IM threats and phishing are now included in the updated antivirus page
Mobile Description Index â€“ A listing of the current FortiGuard antivirus coverage on mobile threats

The Psychological Nature of Spam

Tue, 08 Jul 2008 00:00:00 -0500

McAfee has released the results of its S.P.A.M. (Spammed Persistently All Month) Experiment, in which 50 people from around the world surfed the web unprotected for 30 days.

By taking part in the experiment, participants were given permission to go where most Internet users would not dare, in order to discover how much spam they would attract and what the effects would be. Having studied the daily blogs and analyzed the spam itself, McAfee researchers confirm that spammers are as active as ever; they are increasingly using psychological tricks to lure Internet users to part with their contact details, identity information and cash. The experiment clearly shows that spam continues to evolve, utilizing more local languages and cultural nuances, as well as becoming much more targeted in a bid to avoid detection.

In the experiment, the participants from 10 countries received more than 104,000 spam e-mails throughout the course of the experiment. That's 2,096 messages each â€” the equivalent of approximately 70 messages a day.

Many of the spam messages received were phishing e-mails; e-mails which pose as a trustworthy source to criminally acquire sensitive information such as usernames, passwords and bank account details. Other e-mails carried viruses and many allowed malware to be silently installed on the computers by persuading participants to surf unsafe Web sites. A number of participants noted a decrease in their computers' processing speeds, as well as an increased number of pop-ups.

The results of the experiment also reveal a shift away from mass spam e-mails towards more targeted campaigns. Foreign language and social engineering spam are two areas in which participants received a larger than anticipated number of e-mails. France and Germany were the two countries that received the most foreign language spam, with 11 percent and 14 percent respectively, something which McAfee expects to increase substantially across the globe in the future.

The most popular subject received was financial spam. For example, pre-approved loans or credit card offers were common, which may be symptomatic of spammers taking advantage of the current personal finance climate and global credit crunch.

Despite its notoriety, people are still being fooled by the 'Nigerian' spam e-mails, where someone supposedly from Nigeria contacts a user to let them know they are a beneficiary of a long lost relatives' will, in a bid to extract money from them. Internet users in the United Kingdom are most likely to be targeted by a spam e-mail of this nature, with the United Kingdom participants receiving 23 percent of these scams.

The diversity of so-called 'social engineering' e-mails (e-mails that play on people's emotions to manipulate them into divulging confidential information) received during the experiment gave McAfee researchers valuable insight into this type of spam; something that they have seen grow significantly in the last five years.

Top 10 Most Popular Spam Categories:
1. Financial
2. Advertisements
3. Health and medicine
4. Adult
5. Free stuff
6. Credit cards
7. Education
8. Money making, 'get rich quick' schemes
9. IT related
10. Nigerian scams

Check Point Lands in Magic Quadrant

Mon, 13 Oct 2008 00:00:00 -0500

Check Point Software Technologies has been positioned in the Leaders quadrant in Gartner’s recent Magic Quadrant for Mobile Data Protection

According to Gartner, “Leaders have products that work well for Gartner clients in small and large deployments. They have long-term road maps that follow and/or influence Gartner's vision of the developing needs of buyers in the market. Leaders make their competitors' sales staffs nervous and force competitors' technical staffs to follow their lead. Their Mobile Data Protection (MDP) products are well-known to clients, and they encounter little resistance in selling their products.”

As key components of the endpoint suite, Check Point Endpoint Security encryption technology secures enterprise intellectual property and other sensitive data that reside on notebook computers (PC and MAC), smartphones and other mobile devices with a strong, complete set of encryption products — while operating invisibly to the end users.

Teaming up to Fight Phishing

Tue, 08 Jul 2008 00:00:00 -0500

eBay and PayPal have announced a collaborative effort with Googleâ€™s webmail service Gmail to better protect consumers against fraudulent e-mails and phishing attacks.

Starting today, eBay and PayPal customers with Gmail accounts will have a safer e-mail experience because they will receive fewer fake e-mails claiming to be sent by eBay and PayPal.

Through the use of DomainKeys and DomainKeys Identified Mail (DKIM) e-mail authentication technology, Google is able to prevent the delivery of fraudulent eBay and PayPal messages into Gmail usersâ€™ inboxes. The initiative protects Gmail, eBay and PayPal customers worldwide.

â€œThe Gmail teamâ€™s decision to work with eBay and PayPal on this issue is a significant step forward in our fight to keep consumers safe from phishing and cybercrime,â€ said Michael Barrett, chief information security officer of PayPal. â€œTodayâ€™s announcement will enhance online safety for millions of eBay and PayPal customers who use Gmail.â€

DomainKeys technology adds another layer to spam and phishing protections by allowing Internet service providers to determine if messages are real and decide if they should be delivered to a customerâ€™s inbox. The collaboration between eBay, PayPal and Gmail will lower consumersâ€™ risk of being victimized by phishing attacks through the reduction of fraudulent e-mail consumers receive.

â€Weâ€™re always looking for ways to eliminate unwanted e-mail from our usersâ€™ inboxes,â€ said Brad Taylor, senior staff software engineer in charge of Gmailâ€™s anti-spam efforts. â€œPhishing is an especially nasty form of spam, so we appreciate having another weapon in our arsenal against it. Weâ€™re glad to be working with eBay and PayPal to protect our users.â€

â€œIndustry cooperation represents a pivotal part of stamping out phishing and other e-mail scams,â€ said Dave Cullinane, chief information security officer at eBay. â€œGoogleâ€™s commitment to this battle will undoubtedly encourage others to join in the fight to keep consumers safe online.â€

Onslaught of fake Microsoft patch spam

Tue, 08 Jul 2008 00:00:00 -0500

Websense Security Labs ThreatSeeker Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update.

The message uses an open redirect at the legitimate shopping site shopping.***.com; the redirect forwards users to a malicious URL offering to download a malicious executable. The malicious hostname is a lengthy one embedding 62 characters, and uses the sub-domain update.microsoft.com. Users who open this file will have their desktop infected with a Backdoor.

An interesting trait of this particular attack is that the malicious top level domain is pointing to the government site of the United States Secret Service - The Electronic Crimes Tasks Forces Web site in an apparent attempt to work around IP reputation-based systems.

It is important to add that Microsoft never sends security update notifications through emails.

Malware Found on PlayStation Website

Tue, 08 Jul 2008 00:00:00 -0500

Researchers at IT security firm Sophos have warned video game enthusiasts that pages on the U.S.-based Sony PlayStation website have been compromised by hackers.

Experts at SophosLabs have discovered that cybercriminals have successfully used an SQL injection attack to plant unauthorized code on pages promoting the PlayStation games "SingStar Pop" and "God of War."

At the time of writing the hacker's code attempts to dupe web surfers by running a fake anti-virus scan and displaying a bogus message that their computer is infected with a variety of different viruses and Trojan horses.

The hackers' aim is to scare unsuspecting computer users into purchasing a bogus security product. Sophos warns, however, that it would be trivial for the hackers who have compromised the webpages to alter the payload so that it became more malicious, and installed code designed to turn Windows PCs into a botnet or to harvest confidential information from users.

"There are millions of video game lovers around the world, many of whom will visit Sony's PlayStation website regularly to find out more about the latest console games. Most would never expect that surfing to a website like this could potentially infect them with malware. If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals," says Graham Cluley, senior technology consultant for Sophos. "It is essential that all websites, especially when they are high profile like this or receiving a large level of traffic, have been properly hardened to prevent hackers from injecting malicious code on to what should be legitimate webpages."

Security Patches Issued by Apple

Tue, 08 Jul 2008 00:00:00 -0500

Apple has recently released an update to its operating system, Mac OS X Leopard.

According to Apple, the Mac OS X 10.5.4 update includes a number of fixes that enhance the stability and security of Mac computers, and recommends that Mac OS X Leopard users install it at their earliest convenience.

The series of security fixes are designed to prevent hackers from taking advantage of vulnerabilities in various pieces of Apple's software, including Mac OS X, iChat and the Mac version of the Safari web browser.

Facebook Suffers Security Slip Up

Wed, 16 Jul 2008 00:00:00 -0500

Sophos has warned computer users that Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. Earlier this week, the full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential.

According to Graham Cluley, senior technology consultant at Sophos, a security slip-up by the website during the process of a public beta test of its new design for members' profiles left birth date information exposed.

Sophos has published a video on YouTube demonstrating the security hole.

"I was shocked to see people's full date of birth revealed, even though I knew they had their privacy set up correctly to supposedly hide the information," said Cluley. "It's essential that users of social networks should have confidence that their privacy will be protected - and it's especially important with information like your date of birth, which can be a golden nugget for a committed identity thief."

Cluley says he informed Facebook as soon as he discovered the flaw, which now appears to have been fixed.

MessageLabs Discovers New Virus

Fri, 25 Jul 2008 00:00:00 -0500

Since July 16, MessageLabs has identified and intercepted e-mails from 25,000 IP addresses containing a new virus that arrives from sender postcards@hallmark.com with the subject line, "You've received a Hallmark E-Card!" and an attachment entitled postcard.zip.

The Storm botnet popularized postcard/e-card attacks last year and this attack is another variation. The difference is that instead of linking directly to the malware hosted on a compromised web server somewhere, the malware is disguised as an attachment.

When executed, the Trojan copies itself to the Windows system directory as a file called postcard.exe and adds a run key to the windows Registry so that it will run itself when the computer re-boots. The Trojan recruits the victim computer to an IRC botnet. It then immediately sends out emails with the virus attached to other email addresses, some of which are found by scanning the victim's computer.

The e-mails were sent in bursts and peak interception rates were recorded on July 23. A sample of the offending email can be seen below:

"As long as recipients continue to fall for these old tricks, malware authors and spammers will continue to use them," according to Matt Sergeant, Senior Anti-Spam Technologist, MessageLabs.

GE Security Passes Muster

Fri, 25 Jul 2008 00:00:00 -0500

GE Security's IP-based fire alarm receiver/transmitter has recently met the Canadian CAN/ULC-S559-04 fire alarm monitoring standard.

The receiver/transmitter is one of the first implementations of always-on active communications allowed by the Canadian standard. Most such systems use passive communications and require building owners to incur the cost of multiple carrier connections or use expensive leased lines.

GE Securityâ€™s IP technology, designed and developed by LoBenn Inc. of Ottawa, Ont., provides secure encrypted data transport over either public Internet or secure corporate/institutional networks and provides a universal interface for existing panels and receivers. GE Securityâ€™s IP monitoring solution can help protect the customerâ€™s investment by upgrading both types of installations to work with existing equipment.

â€œThis product is going to create opportunities for our customers that will help them better serve their customers and grow their businesses,â€ said Flavian Quiquero, general manager, GE Security Canada. â€œThe industry has been waiting for such an IP-based solution that delivers against requirements and helps to control costs in a variety of situations and we are excited to be able to deliver it along with LoBenn.â€

â€œWe are excited about the relationship we have formed with GE Securityâ€™s fire and life safety group and their confidence in bringing IP technology to the industry,â€ said David Brown, president, LoBenn Inc. â€œWith ULC approval, GE Security is leading the market in how IP will shape fire alarm communications into the future.â€

Canada Set to Fight Cyber Crime

Fri, 25 Jul 2008 00:00:00 -0500

Bell Canada, the Competition Bureau of Canada, Concordia University, Rogers Communications and Microsoft Canada Co., are working towards the establishment of the National Cyber Forensics Training Alliance Canada (NCFTA Canada).

"There is a recognized need for industry, academia, and law enforcement to work together and share information about cyber incidents in a neutral venue to identify and mitigate threats" said Dr. Louise Dandurand, Vice-President, Research and Graduate Studies, at Concordia University. "NCFTA Canada is the appropriate and relevant response to such a need and Concordia is proud to host such an important organization."

"Online security is one of the most important realities facing our industry today", said Michael Freeman, Director of Product Management at Bell, speaking on behalf of the industry partners. "The NCFTA's collective approach provides an excellent opportunity to address these issues in a comprehensive way and on an industry-wide basis. Bell is happy to play a role in this important initiative."

NCFTA Canada - hosted by Concordia University in Montreal - will enable and develop partnerships between the public sector, law enforcement agencies, the private sector and academic organizations that will reduce the impact of cyber-crime affecting Canadians.

NCTFA Canada will combine resources, intelligence, expertise and R&D efforts to effectively and cooperatively work on:

promoting information security in Canada;
investigating mutually defined cyber-crime targets to gather
intelligence, define prevention methods, and develop counter-measures;
developing and publishing information or processes that will help
protect organizations or individuals from cyber-crime;
carrying well-focused collaborative research and development initiatives;
developing and sharing tools that aid in the investigation or prevention of cyber-crime;
building relationships with organizations having similar vision both nationally and internationally;

"The Competition Bureau is pleased to be participating in the establishment of NCFTA Canada," said Andrea Rosen, Deputy Commissioner, Competition Bureau. "Given the increase in high tech crimes targeting businesses and consumers, collaboration with our Canadian partners in the creation of this task force is essential."

Symantec and Toshiba Team Up

Fri, 25 Jul 2008 00:00:00 -0500

Symantec Corp., has announced that Toshiba America Information Systems, Inc., Digital Products Division and Toshiba of Canada Limited will include Norton 360 or Norton Internet Security 2008 on all of its laptop computers.

Toshiba will offer a full-featured complimentary 60-day introductory subscription of Norton security software in English, Spanish and French to its laptop customers in North and South America.

â€œTo our customers, Norton means trusted and comprehensive security for their laptop computers,â€ said Jeff Barney, general manager and vice president, Digital Products Division, Toshiba America Information Systems, Inc. â€œBy pre-installing Nortonâ€™s security solutions on all of our laptop computers, we will offer our customers a world-class security solution to help protect their laptop in terms of PC security, identity protection, tune-up technologies and backup capabilities.â€

Norton 360 or Norton Internet Security will ship on all Toshiba laptop models including SatelliteÂ®, Satellite ProÂ®, TecraÂ®, QosmioÂ® and PortÃ©gÃ©Â® in North and South America, with the exception of Brazil.

Phony UPS E-mails Used as Bait

Fri, 25 Jul 2008 00:00:00 -0500

PandaLabs has detected the appearance of a series of emails used to spread the Agent.JEN Trojan.

These messages, with subjects like â€œUPS packet N3621583925â€, connotes that it is come from the package delivery company UPS. The message body informs the recipient that it was impossible to deliver a postal package sent by them and advises them to print out a copy of the attached invoice copy.

The invoice is included in an attached â€œ.zipâ€ file that contains an executable file disguised as a Microsoft Word document with names like â€œUPS_invoiceâ€. However, if the targeted user runs the file, they will be introducing a copy of the Trojan into their computer.

The malicious code copies itself to the system, replacing the Userinit.exe file in the Windows operating system. This file runs the Internet Explorer browser, the system interface and other essential processes. For the computer to continue working properly and in order to avoid raising suspicion of the infection, the Trojan copies the system file to another location under the name userini.exe.

â€œAll this effort not to be noticed is in consonance with the current malware dynamic: cyber-crooks are no longer interested in fame; they are out to get financial returns as silently as possibleâ€, says Luis Corrons, Technical Director of PandaLabs.

Finally, Agent.JEN connects to a Russian domain (already used by other banker Trojans) and uses it to send a request to a German domain to download a rootkit and an adware detected by PandaLabs as Rootkit/Agent.JEP and Adware/AntivirusXP2008. This increases the risk of infection even more.

â€œWe had seen cyber-crooks use erotic pictures, Christmas or romantic cards, fake movie trailers, etc. as bait to make users run infected files, however, it is not usual to see baits like this oneâ€, explains Corrons. â€œThis clearly indicates that cyber-crooks are trying to use baits that do not raise suspicion to spread their creations.â€

The State of IT Security in Canada

Mon, 28 Jul 2008 00:00:00 -0500

A new study from TELUS, in partnership with Rotman School of Management, shows that IT security breaches are costing publicly traded Canadian companies an average loss of more than $637,000 annually. In government, the cost is $320,000 per organization, while the cost to private companies is $294,000 a year to cyber crime.

Similar studies in the U.S. show the cost of data security breaches more than doubling year over year, rising to an average of $345,000 US in 2007 from $167,713 US in 2006 for public companies.

There is no similar benchmark data for Canada, but Rotman business economics professor Dr. Walid Hejazi says the trend towards increased loss is likely similar here.

â€œIT security is a C-suite level business issue,â€ sayss Hejazi. â€In an increasingly information-based society, managing data security is fundamental to business strategy. Security breaches come with indirect and direct costs. The damage to brand and customer confidence can last a very long time, and as our study shows, while direct costs are significant and measurable. Simply put, our study clearly shows that lacking the ability to collect and store information safely will severely limit the success and growth potential of any business.â€

To better understand the nature of IT security in Canada, TELUS and the Rotman School of Management partnered in the Rotman-TELUS Joint Study on Canadian IT Security Practices to provide clarity on the state of IT security specifically in Canada. The study examines the IT security practices of more than 300 Canadian businesses.

â€œAt TELUS, we are committed to helping Canadian companies use technology to realize limitless opportunities for competitive advantage,â€ said Yogen Appalraju, vice-president, TELUS Security Solutions. â€œIT security is a technology cornerstone for business. To successfully protect incoming and outgoing information from breaches, customers need to be able to measure, evaluate and improve the effectiveness of their security investments. This new study in partnership with Rotman provides Canadian organizations with insights into building an effective security program.â€

Other key findings from the study include:

Not every industry fares the same in terms of IT security performance. Those performing above the average include IT companies, healthcare and financial institutions.
Canada has caught up with the U.S. in terms of IT security investment. This has been driven by requirements to comply with Canadian regulations such as Payment Card Industry (PCI) and Personal Information Protection and Electronic Documents Act (PIPEDA).
The best practices for IT security include having a focus on performance measurement, balancing staffing investments in proportion to the growth of technology, and utilizing application security outside of the network, like encryption, to protect customer data.

Flaws in Online Banking Widespread

Mon, 28 Jul 2008 00:00:00 -0500

More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity.

Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science and doctoral students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006.

These design flaws aren't bugs that can be fixed with a patch. They stem from the flow and the layout of these Web sites, according to the study. The flaws include placing log-in boxes and contact information on insecure web pages as well as failing to keep users on the site they initially visited. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.

"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said. "Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking."

The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The FDIC says computer intrusion, while relatively rare compared with financial crimes like mortgage fraud and check fraud, is a growing problem for banks and their customers.

The design flaws Prakash and his team looked for are:

• Placing secure login boxes on insecure pages: A full 47 percent of banks were guilty of this. A hacker could reroute data entered in the boxes or create a spoof copy of the page to harvest information. In a wireless situation, it's possible to conduct this man-in-the-middle attack without changing the bank URL for the user, so even a vigilant customer could fall victim. To solve this problem, banks should use the standard "secure socket layer" (SSL) protocol on pages that ask for sensitive information, Prakash says. (SSL-protected pages begin with https rather than http.) Most banks use SSL technology for some of their pages, but only a minority secure all their pages this way.

• Putting contact information and security advice on insecure pages: At 55 percent, this was the flaw with the most offenders. An attacker could change an address or phone number and set up his own call center to gather private data from customers who need help. Banks tend to be less cautious with information that's easy to find elsewhere, Prakash says. But customers trust that the information on the bank's site is correct. This problem could be solved by securing these pages with the standard SSL protocol.

• Having a breach in the chain of trust: When the bank redirects customers to a site outside the bank's domain for certain transactions without warning, it has failed to maintain a context for good security decisions, Prakash says. He found this problem in 30 percent of the banks surveyed. Often the look of the site changes, as well as URL and it's hard for the user to know whether to trust this new site. The solution, Prakash says, is to warn users they'll be moving off the bank's site to a trusted new site. Or the bank could house all of its pages on the same server. This problem often arises when banks outsource some security functions.

• Allowing inadequate user IDs and passwords: Researchers looked for sites that use social security numbers or e-mail addresses as user ids. While this information is easy for customers to remember, it's also easy to guess or find out. Researchers also looked for sites that didn't state a policy on passwords or that allowed weak passwords. Twenty-eight percent of sites surveyed had one of these flaws.

• E-mailing security-sensitive information insecurely: The e-mail data path is generally not secure, Prakash says, yet 31 percent of bank Web sites had this flaw. These banks offered to e-mail passwords or statements. In the case of statements, users often weren't told whether they would receive a link, the actual statement, or a notification that the statement was available. A notification isn't a problem, but e-mailing a password, a link or a statement, isn't a good idea, Prakash says.

New Worms Target Facebook Users

Thu, 31 Jul 2008 00:00:00 -0500

Kaspersky Lab has detected two variants of a new worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, which attack MySpace and Facebook, respectively. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.

Even though the worms are currently only infecting MySpace and Facebook users Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.

Net-Worm.Win32.Koobface.a spreads when a user accesses his/ her MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.

â€œUnfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very highâ€, says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. â€œAt the beginning of 2008, we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity.â€

New Study Looks at Identity Theft

Wed, 06 Aug 2008 00:00:00 -0500

ID Analytics has released the results of its internal data theft study, which provides an analysis of the criminal behaviour patterns associated with the misuse of identities stolen from the workplace by employees.

ID Analytics' study, Analysis of Internal Data Theft, seeks to expose how, where and when employees misuse data stolen from the workplace. The research examined more than a dozen incidents of internal data theft involving more than five million identities from consumer and employee files across organizations in the government, education, and commercial sectors. Of these, eight incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card, and wireless providers.

Key findings from the study include:

In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.
The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.
Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.
Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.
Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very brieflyâ€”over a period of two weeks. The internal theft activities also focused mainly on online channels. In five of the eight internal data breach cases, 80% of the fraudulent application activity was online.

"In today's data rich environment, organizations continue to struggle with the human element at the heart of data security," said Mike Cook, co-founder and chief operating officer, ID Analytics, Inc. "Companies should be on the alert for what may be the biggest security threat to their customers â€” employees with access to sensitive customer data. Given the balance between the need to grant employees access to information to complete their job functions and the need to protect sensitive customer data, we encourage companies to implement strategies that increase visibility and reduce the risk of data loss."

Protecting Computers in the Summer

Wed, 06 Aug 2008 00:00:00 -0500

Panda Security has prepared a series of tips to help users surf the Internet securely this summer.

Over the vacation period, services such as chats, online games, software downloads and online stores are used more frequently as users have more time on their hands. Yet cyber-criminals are aware of this and exploit the situation to obtain new victims.

Here is a series of recommendations to help you keep your computer protected this summer:

Make sure your computer has an active and up-to-date security solution at all times. Ensure the solution not only includes signature-based detection of viruses but also proactive technology to detect unknown threats. It should also include a firewall.
Take special care with email, as this is an entry point for many threats including phishing or scams sent in spam. Ignore any supposed notifications from your bank requesting confidential information, or any other mass-mailed offers, no matter how interesting they seem. Also, make sure your antivirus is configured to scan both inbound and outbound mail. You should also ignore email messages from unknown senders.
Install all the latest security patches immediately. Cyber-crooks often use security holes in popular programs to launch attacks. Developers normally make patches available to users to resolve problems detected. If your applications do not advise you automatically of the availability of such patches, go to the developerâ€™s Web page to check if any updates are available. It is a good idea to update your computer just before going on vacation and when returning.
Avoid downloading programs from dubious Internet sites, as they could be infected. This also applies to downloads made over P2P networks. Many threats are disguised in the form of files with enticing names to encourage users to download them and run them on their computers.
Reject any files you havenâ€™t requested in chats or newsgroups, as they could contain malicious code.
Never reveal personal or confidential details to people you have just met on chats, IRC, etc. You cannot be sure of the true identity of the person on the other side. For that reason, avoid giving any information away that could be used to locate you.
Only buy from online stores with a solid reputation, and never buy from websites that donâ€™t offer secure transactions, encrypting the information that you send. You can check whether a Web page is secure by looking for the security certificate, represented by a yellow padlock icon in the browser bar or at the bottom right of the screen.
Donâ€™t use shared computers to perform transactions that require you to enter passwords or personal details.
Use parental control programs. Children are more likely to use the computer over the summer period. It is important to teach them how to use the Internet responsibly, establishing timetables, watching over them and blocking any pages or content that could be unsuitable.

Cyber Threats On the Rise

Wed, 06 Aug 2008 00:00:00 -0500

IBM has released results from its X-Force 2008 Midyear Trend Statistics report that indicates cyber-criminals are adopting new automation techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.

The new tools are being implemented on the Internet by organized criminal elements, and at the same time public exploit code published by researchers are putting more systems, databases and ultimately, people at risk of compromise.

According to the X-Force report, 94 percent of all browser-related online exploits occurred within 24 hours of official vulnerability disclosure. These attacks, known-as "zero-day" exploits, are on the Internet before people even know they have a vulnerability that needs to be patched in their systems.

This phenomenon is being driven by sophisticated cyber-criminals' adoption and evolution of automated tools for creating and delivering exploit tools, as well as the lack of a set protocol for disclosing vulnerabilities in the research industry. The practice of disclosing exploit code along with a security advisory has been the accepted practice for many security researchers. However, according to the X-Force report, vulnerabilities disclosed by independent researchers are twice as likely to have zero-day exploit code published, calling into question how researchers practice vulnerability disclosure and signifying the need for a new standard in the industry.

"The two major themes in the first half of 2008 were acceleration and proliferation," said X-Force Operations Manager Kris Lamb. "We see a considerable acceleration in the time a vulnerability is disclosed to when it is exploited, with an accompanying proliferation of vulnerabilities overall. Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity. There's a reason why X-Force doesn't publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

Key findings from the X-Force report include:

Browser plug-ins are the newest target-of-choice;
One-off manual attacks are growing into massive automated attacks;
Russia continues to be origin of most spam;
Online gamers are target;
Financial institutions remain key targets for phishers;
Secure virtualization grows in importance.

Olympic Visitors Face Cyber Threats

Mon, 11 Aug 2008 00:00:00 -0500

Sophos is warning the tens of thousands of athletes, coaches, journalists and tourists travelling to Beijing for the 2008 Olympic Games to be on their guard against cybercriminals when using their notebooks, PDAs and smartphones.

Experts at Sophos are highlighting the need for visitors to the Games not to forget their usual security measures in their haste to access the web from Wi-Fi hotspots, internet cafés and hotels.

Cybercriminals, including hackers, spammers and phishers, are known to take advantage of major events, whether they be political, environmental or sporting, taking advantage of the excitement and tricking unsuspecting computer users into accidentally clicking links in spam messages, visiting bogus web pages, and inadvertently downloading malware.

With the web now being hackers' preferred vector of attack and with China now hosting the second largest proportion of infected webpages in the world, the risks are even higher for the average computer user wanting to connect to web. This problem is compounded in China, as many security companies find it more difficult to monitor Chinese sites when compared to other countries, and even when infected sites are identified, finding the appropriate contact and communicating the problem can prove challenging.

"Desperate to read the latest news from the Games and send reports back home, sports fans might fall at the first hurdle, giving hackers the advantage," said Carole Theriault, senior security consultant at Sophos. "Of course hackers will do their best to capitalise on this event - the most effective way to avoid the pitfalls is to make your device an unattractive target. We've published top ten tips to remind users to not throw caution to the wind. After all, the last thing any visitor wants is to find their bank account emptied while they enjoying the Games abroad."

Sophos's top tips to stay safe on the web at the Olympics:

Turn off administrative rights when accessing the internet - a hacker will get a lot further with an administrator's password and username.
Before you send email or surf the web, check that your anti-virus software is fully up to date. Just because you are out of the country doesn't make you a more difficult target for hackers.
Ensure all security patches for your browser, operating system, and other applications are downloaded and installed as soon as they are made available.
Have an active personal firewall to help block unauthorised access to your computer.
Do not leave your laptop or mobile phone unattended. Old fashioned theft in events like these is still a serious problem.
Make sure your VPN connection is secure when sending emails or downloading data.
All confidential data should be encrypted, whether it is stored on notebooks, mobile phones or USB stick. Should your computer or data fall into the wrong hands, it will be blocked from prying eyes.
Only use your own USB sticks or external storage devices - hackers have been known to plant malware on these items in the past.
Turn on your wireless functions such as WLAN and Bluetooth only when you need them, and make sure to turn them off when you have finished sending mail to looking for web content.
Back up all important data: even if all precautions are taken, it is still possible for your computer to be stolen or compromised. Ensure you have copies of all the latest data backed up on another device, such as a USB or CD. If the worst happens, at least you can retrieve your information.

SMBs Not Adequately Protected

Fri, 15 Aug 2008 00:00:00 -0500

New research released by McAfee Inc. reveals that most small to medium sized businesses are not adequately protected against cyber attacks. Many of these businesses feel that they are too small to be targeted by cyber criminals.

Five hundred companies with 1,000-2,000 employees were surveyed. The report shows that one third of the businesses in the U.S. and Canada have been attacked online more than four times in the past three years. In Canada, 36 percent took at least a week to recover from these attacks.

Most small to medium sized businesses feel that they are too small to be of interest to cyber criminals. Almost half of the businesses surveyed did not think that they could turn a profit for cyber criminals.

â€œJust because a business is small does not mean it is immune to security threats,â€ said Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee.

Many SMBs are simply not devoting enough time to online security. Forty-two percent of those surveyed said that they spend one hour a week on security. However, one fifth said that a cyber attack could shut down their operations.

â€œChoosing a managed solution and outsourcing security helps SMBs [small to medium sized businesses] free up their time to focus on other priorities and feel confident that their IT [internet technology] security needs are being covered by an expert,â€ said Rodenbaugh, adding outsourcing can make expensive technologies more accessible.

One of the problems is that many businesses do not customize their IT equipment. Proof of this is that 43 percent of those surveyed by McAfee said that they accept the default settings even if they are not optimal for their business.

Internet DNS Still Vulnerable

Fri, 22 Aug 2008 00:00:00 -0500

MessageLabs ha revealed that an intricate flaw in the underlying design of the Internet's DNS (domain name system) protocol is still vulnerable several weeks after patches were made available.

MessageLabs recorded a 52 per cent increase in suspicious DNS traffic between July and August, indicating that the online underworld is poised to launch targeted attacks in the coming weeks.

The vulnerability was initially discovered by computer researcher, Dan Kaminsky, who informed the IT security industry six months ago, but it wasnâ€™t patched until early August.

The flaw left almost every DNS server vulnerable to a 'poisonous' attack which could result in the server redirecting its users to a malicious server instead of the real server requested. Attackers may be able to use these 'poisoned' DNS servers to intercept and redirect confidential emails before forwarding it on to the intended recipient.

Patches were released in early August, however at the same time details of the vulnerability were made public and it has since been discovered that patched servers which sit behind certain firewalls remain vulnerable. The domain name system (DNS) is the way the Internet domain names are located and translated into Internet Protocol addresses.

To avoid falling victim to these types of attack MessageLabs advises people deploy e-mail encryption, particularly for sensitive communications, to safeguard e-mail traffic to ensure that this type of attack cannot be used to gather personal information or intellectual properly.

The Importance of E-mail Archiving

Fri, 22 Aug 2008 00:00:00 -0500

According to new research by GFI Software, 49 per cent of United Kingdom IT managers, directors and consultants working in small to mid-size companies have fully implemented e-mail archiving in their organizations, while 31 per cent are regularly taking less than one hour to find business-critical email correspondence on request.

However, the primary concern evident from the research is that of the remaining 51 per cent of organizations who have not implemented e-mail archiving, it appears that this is principally through lack of education. With budget restraints being the most popular reason for not purchasing (28%), a further combined 32% of those surveyed perceive it as unnecessary to their particular needs or feel too ill-informed to purchase.

â€œE-mail archiving is clearly proving its worth and we are delighted to see its uptake so pervasive and successful, and especially that only 1% of the people we surveyed reported any negative experiences or attitudes towards email compliance," sates David Vella, GFIâ€™s Director of Product Management. "However, while the lack of appreciation of its utility is concerning, what is perhaps more alarming is the relatively widespread assumption that email archiving is not important or necessary to the business.â€

â€œWherever e-mail is the principal form of communication within the business, email archiving is essential. Too many businesses fail to realise that each email communication sent or received is probably the only record they have of important transactions with a customer or between members of staff. According to Osterman Research, email contains nearly 75% of the information that individuals use on a daily basis, making the sheer amount of corporate knowledge stored in email enough to justify its safekeeping over long periods of time.â€

IndigoVision Wins Two Awards

Mon, 13 Oct 2008 00:00:00 -0500

IndigoVision, a supplier of complete IP CCTV security solutions, recently won two awards at the 2008 ‘Security Excellence Awards.. IndigoVision beat off stiff competition to win the ‘International Achievement’ and ‘Security Manufacturer of the Year’ categories. The awards were judged by a panel of leading industry figures and editors from the UK’s top security publications. Uniquely, however, the winner of the ‘Security Manufacturer of the Year’ award was chosen by the industry itself from a group of 20 leading security companies, using an online vote.

The ‘International Achievement’ award recognized IndigoVision’s export success for IP Video in the worldwide Casino market. Since entering this market in 2006, IndigoVision has won contracts to supply fully digital IP-CCTV solutions for 25 casinos in 7 countries, including a recent project involving 9 casinos in Chile. All these have been in full compliance with local Gaming Boards’ strict regulations and represent a total of 8000+ cameras.

Commenting on the awards Oliver Vellacott, IndigoVision's CEO said "I am delighted with the awards and in particular that they recognize the hard work that all the staff have put into IndigoVision’s recent success."

Key Management to Improve at Casinos

Mon, 13 Oct 2008 00:00:00 -0500

Deister Electronics and KeyTracer Systems of Maple Ridge, B.C., have announced a business partnership agreement which will cover key management system needs in hotels, casinos, and other select markets in the USA, Canada, and Mexico.

Deister’s proxSafe key management and asset control products help clients to manage possession of keys and other valuables. The casino and hotel market is one in which the company has been focused for some time, having recently announced a new version of their Commander software which was specifically geared for that market.

KeyTracer Systems, a division of CTS, Inc., is a specialist in key management applications. Since the early 1990’s, the company and their affiliates have installed and continue to support hundreds of key management systems throughout North America. They have earned a considerable respect for their key management expertise, particularly in the casino/gaming, hospitality, educational, correctional, and retail industries.

“KeyTracer understands electronic key management and is also very client-focused,” according to Glenn Burger, Director of proxSafe Sales at Deister. “Their knowledge of the needs/wants of the casino and hotel industry made them the natural choice for selling, installing, and supporting proxSafe® and its RFID based key control technology.”

According to Mike French of KeyTracer: “Deister’s proxSafe has two distinct advantages in the market. One, they have steered their Commander software development to specifically address the needs of casino and gaming clients, and the regulatory environment. Two, the RFID technology means no maintenance of the keyTags (key fobs), which means less downtime and lower cost over time for the client.

Genetec On the Rise

Mon, 13 Oct 2008 00:00:00 -0500

Genetec, a Quebec-based provider of IP-based security solutions, has been ranked among the Deloitte Technology Fast 50, a ranking of the 50 fastest growing technology companies in Canada, based on the percentage of revenue growth over five years. Genetec's increase in revenues of 799% percent from 2003 to 2007 resulted in a 24th ranking.

For over a decade, the Deloitte Technology Fast 50 program has tracked the successful growth of Canadian-grown global leaders. Now Canada’s pre-eminent technology award program, the Deloitte Technology Fast 50 augments the broader Deloitte North American Technology Fast 500 initiative, with winners automatically eligible for this elite ranking.

“Transforming technological innovation into business success is hard, and it’s especially difficult to sustain such rapid revenue growth over five years. Genetec has rapidly built a highly successful company in the Canadian technology industry and we applaud their dedication and ability to transform their vision into reality,” said John Ruffolo, National Leader, Technology, Media & Telecommunications Industry Group, Deloitte.

Alain Coté, Genetec's Executive Vice President, credits the fact that the company maintains very close collaboration with the user base, often integrating their customers’ input in the development of their solutions and the fact that there is a very high-level of attention spent on recruiting top talent within the organization, with the company's 799% percent revenue growth. He said “The expertise and knowledge that is generated from our team, as well as the long-standing partnerships that we have developed with our customers has allowed us to further enhance our solutions and consequently grow our business into new markets.”

“Canadian technology companies have some of the highest revenue growth in North America, while playing in some of the world's largest, most competitive and exciting market sectors,” explains Ruffolo. “Outstanding companies such as Genetec demonstrate the incredible business acumen and entrepreneurial spirit that fuel the Canadian technology industry.”

Axis Watching Over Artwork

Mon, 13 Oct 2008 00:00:00 -0500

The Art Institute of Chicago has chosen Axis network cameras to monitor the museum’s approximately one million square feet for the safety of its visitors and art holdings. Axis partner Honeywell Building Solutions is providing the video management system and assisting the Art Institute in the network camera installation.

“We are excited about our new Axis network cameras and our increased ability to protect artwork while maintaining visitor accessibility to it,” said Michelle Lehrman Jenness, associate vice president for protection services for the Art Institutue of Chicago. “With this new system, we are confident of our ability to serve our visitors while protecting our collection.”

The Art Institute previously had an older analog system in place, which did not provide the same level of quality or coverage as its new network camera system. Nor did it enable the museum to monitor any location from multiple review points on the network or easily share incidents on video.

Lehrman Jenness noted that the new surveillance system is expected to increase the productivity of current security staff, who can more easily observe museum activities. The Art Institute is using the lower-light and megapixel capabilities of Axis network cameras, including the AXIS 225FD, AXIS 223M, AXIS 233D and AXIS 209MFD-R, to alert staff monitoring the museum of notable occurrences and enable them to observe specific artworks more closely. Should problems arise, monitoring staff can be in immediate communication with museum officers nearest to the situation.

Security & Innovation Go Hand in Hand

Mon, 13 Oct 2008 00:00:00 -0500

RSA, The Security Division of EMC (NYSE: EMC), has released the results of a new research initiative that explores the volatile relationship between information security and business innovation. The survey - conducted by global market intelligence firm IDC - reveals a growing chasm between security and innovation and examines the business impact of this disconnect on leading companies around the globe.

“The inextricable link between security and innovation is clear, but organizations are still really struggling with how to strike the right balance between driving new innovations to market and instituting effective IT security practices,” said RSA President Art Coviello. “Security has long been a global business issue and this research tells us it is a top priority for today’s senior management teams. There has never been a better time for companies to make the cultural, philosophical and technological shifts required to better align their security and business innovation strategies.”

Commissioned by RSA, an IDC survey of nearly 200 top business executives and security professionals titled, “Innovation and Security: Collaborative or Combative*,” showed that the majority of organizations believe creating an environment ideal for innovation is critical to staying ahead of the competition. However, survey respondents revealed that in spite of their best intentions, IT security risk is impeding business innovation. In fact, 80 per cent of those surveyed, admitted that their organizations have backed away from new innovation opportunities because of information security concerns.

IDC also found that although 80 per cent of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation, only 44 per cent of security leaders believe they are being measured on their contributions to innovation.

“Today’s businesses cannot grow in the absence of a healthy environment for the realization of new innovations,” says Chris Christiansen, Vice President, IDC. “It is evident that in spite of some good progress, the relationship between innovation and security is still very strained. The reality is that innovation and security don’t need to be competing priorities; they are in fact complementary. In the end, we believe organizations that demand early IT involvement in business innovation efforts and lay out explicit business innovation metrics for their security teams have a much better
chance of advancing their overall organizational goals.”

Rogue Security Apps Strike Again

Mon, 13 Oct 2008 00:00:00 -0500

Fortinet has announced the top 10 most reported high-risk threats for September 2008. For the second consecutive month, rogue security applications have dominated cyberspace, making up 61.5 percent of total activity for September.

Most notable is a six-day period between September 9 and 15, when W32/Inject.GZW!tr.bdr – the most prolific variant of the rogue security Trojans – launched an all-out campaign with volumes not before observed by Fortinet researchers. Only the Storm botnet attacks in January/February 2007 came even close to the volume generated by W32/Inject.GZW!tr.bdr this past month.

Not surprisingly, with rogue security malware claiming the top four positions in this month’s Top 10 list, it also propelled the RogueSecurity family into the No. 1 position among malware family activities for the entire month. As they were in last month’s report, AntiVirus XP 2008 (55.5%) and XP Security Center (6%) were the two main applications that fronted the security scams in September.

“When we see unprecedented volume, as in the case of these rogue security applications, it usually indicates that the attacks are working and cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organization,” said Derek Manky, security researcher for Fortinet. “In order to not fall into these traps, consumers should ensure that the source of their security application purchases are legitimate. Consumers should look out for unsolicited system messages which typically claim to find hundreds of infections, followed by purchase requests to cleanse.”

Symantec Releases Spam Report

Mon, 13 Oct 2008 00:00:00 -0500

The October 2008 edition of Symantec’s Monthly Spam Report indicates between June and September the amount of malware detected in scanned e-mail messages increased from a tenth of a percent (0.1%) in June to 1.2 % in of September. This represents a 12-times increase.

Other highlights from the October 2008 edition include:

Spam Watch: Monitoring the Increasing Link Between Spam and Malware – The previous two State of Spam Reports for August and September have shown a recent increase in the number of spam messages containing URL links to malicious code. Rather than simply promoting a spam product, these emails contain links to malware designed to infect other computers with viruses and Trojans
Zombie Activity Continues with the Help of their Voodoo Sorcerers (Spammers) – Zombie is a term given to a computer that has been compromised and is being used for various criminal-related interests such as sending spam, hosting Web sites that advertise spam and acting as DNS servers for zombie hosts. In the past three months Symantec has noticed an interesting trend with the number of active zombies and their presence around the world
Spammers Feed Off Economic Worries – Symantec continues to see spammers leveraging the housing market downturn and the general economic instability in the U.S. as a vehicle to promote their spam attacks. Leveraging the intense interest in these current events, spammers hope to collect personal information from their targets
Spammers ‘Rock the Vote’ in the U.S. Presidential Election – As the November 4th U.S. presidential election draws near, spammers are leveraging the interest and scrutiny of candidates in their attacks. During August and September 2008, Symantec noted that the activities of the candidates were being used to spread malware
Spammers’ Hall of Shame – In September 2008, Symantec observed a particular spam trend in which spammers offered a device that claimed would allow the user to see through clothes

ioimage & Genetec Form Partnership

Wed, 29 Oct 2008 00:00:00 -0500

ioimage, a provider of intelligent video appliances, announced it has entered into a technology partnership with Genetec, a leader in innovative networked security solutions.

As a result of this partnership, ioimage’s video analytics devices can now be seamlessly integrated into Omnicast, Genetec’s IP video surveillance solution, enabling surveillance video to be easily viewed, archived and mined.

Omnicast provides seamless management of digital video, audio and data across IP networks for a wide range of markets including transportation, education, retail, gaming, government and more. ioimage’s intelligent video encoders and cameras complement Genetec’s solution by providing real-time detection, alert and tracking of intruders, vehicles and threats, transforming video surveillance into a proactive, event-driven process.

“The seamless integration of our IP solutions with ioimage advanced edge and centralized devices leverages the numerous benefits of networked security,” said Michel Chalouhi, Director of Product Management at Genetec. “This joint solution gives our customers a very efficient way to strengthen and streamline their operational security as well as a pro-active approach through a unified security interface.”

“Our alliance with Genetec underscores ioimage’s commitment to provide easily configurable, highly reliable, interoperable intelligent video solutions that deliver added value and reduce the total cost of ownership for businesses of all sizes,” said Dvir Doron, vice-president of marketing for ioimage.

Best Buy Chooses Verint

Wed, 29 Oct 2008 00:00:00 -0500

Verint Systems has announced its Nextiva Retail Traffic Analysis solution is being used by Best Buy Co. – a multi-national retailer of technology and entertainment products and services – as part of a program designed to help analyze and optimize customer experiences associated with product placement and promotions.

Already a Verint customer with over 60 per cent of its retail stores being monitored with Verint equipment, Best Buy deployed Verint’s retail traffic product on a 45 camera platform in one of its 45,000 square foot retail stores to evaluate the value-added solution. Designed to leverage existing video surveillance applications, Nextiva Retail Traffic Analysis provides real-time information regarding customer count, traffic patterns, dwell-times and broad information regarding customers’ in-store shopping behaviors.

“We are already impressed with the value Nextiva Retail Traffic Analysis has shown for Best Buy in the areas of product placement, and the effectiveness of displays and promotional positioning,” says Tim Fisher, director of loss prevention and safety, Best Buy. “Within hours of the installation, store management was working actively with the solution and modifying product placement based on the information. Store operations found the user interface to be intuitive and easy to use, and we are very encouraged about the possibilities the solution can deliver.”

Nextiva Retail Traffic Analysis helps retailers understand shopper behaviors and trends by providing insight into in-store promotions and advertising campaigns, identifying traffic flow patterns and measuring dwell-time, and helping to ensure proper product placement on shelves and aisles. By using a video analytics tool, retailers can extract and search customer behaviors through an easy-to-use video management application. In addition, the analysis can be used along with point-of-purchase data to further understand buying patterns. Armed with this type of information, retailers can determine the success rate of promotions and optimize store layout and design to help improve the customer experience and maximize sales.

Police Department Goes IP

Wed, 29 Oct 2008 00:00:00 -0500

The Easton Police Department in Pennsylvania has become the latest police authority to adopt IndigoVision’s complete IP Video solution for its in-house CCTV surveillance.

The system was installed by IndigoVision’s local approved partner SST using the Department’s existing network. All the original analogue cameras were re-used, together with a number of new IndigoVision IP domes, including vandal-resistant models. The cameras monitor all areas of the Department’s operation including booking areas, holding cells, interview rooms, parking garage and the public entrance.

Easton PD’s officers and staff use six CCTV workstations, running ‘Control Center’, IndigoVision’s IP Video and alarm management software to view live and recorded video and prepare evidential footage for court. An IndigoVision standalone Network Video Recorder (NVR) is used to record 30+ days of continuous full-frame rate video from all the cameras, including synchronized audio from two cameras. IndigoVision’s system now provides the Department with a fully documented audit trail for the time spent at the facility by any suspect or prisoner.

Easton PD’s original CCTV was based on outdated analog/DVR equipment that couldn’t synchronize the video and audio and the video could only be viewed at the DVR. IndigoVision’s solution provides the Department with a truly distributed system where video can be viewed on any ‘Control Center’ workstation at any point on the network. Audio and video are fully synchronized and guaranteed to not drop frames, even at maximum frame rate – an important benefit for law enforcement as unsynchronized video and audio is not admissible as evidence in court.

Employees Ignoring Security

Wed, 29 Oct 2008 00:00:00 -0500

Cisco has eleased a second set of findings from a global study on data leakage, revealing the prevalence and effectiveness of corporate security policies within companies and the reasons employees break or comply with them.

The latest security findings follow the first wave of research announced last month on common employee data leakage risks and mistakes around the world. The findings on corporate security policies stem from surveys of more than 2,000 employees and IT professionals in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil. Conducted by InsightExpress, a U.S.-based market research firm, the security study was commissioned by Cisco at a time when data loss (www.cisco.com/go/dlp) is one of the most prominent concerns of businesses. As lines blur between work and home, and as employees use collaborative applications and mobile devices, the role that security policies play in protecting sensitive data becomes increasingly critical.

"This study reinforces the need to revisit corporate security policy and how that policy is communicated", said John N. Stewart, chief security officer for Cisco. "When employees believe that security policy is unfair, in the way of them doing their jobs and don't grasp the 'why', then policies quickly lose their efficacy. Too often we write policies as rules, not as reasons, and if brought together with awareness, education and communication, then it unmasks why policies are necessary, critical and help. By engaging with employees and understanding what they need to do their jobs, we can develop realistic policies that work more cohesively and effectively with corporate security, ultimately resulting in a more secure environment."

The Findings: A Matter of Policy
Fortunately, the research found that a majority of businesses (77 percent) have security policies in place. However, for the one business in four that does not, the trends of mobility, collaboration and workforces without borders present a more urgent concern as those businesses attempt to set official policies for how and when to access corporate data, applications and networks. The absence of security policies is most prevalent in Japan (39 percent) and the United Kingdom (29 percent).

But even when companies have security policies, the research reveals that employees often defy or ignore them. More than half of the employees surveyed admitted that they do not always adhere to corporate security polices. Of all the countries, France (84 percent) has the most employees who admitted defying policies, whether rarely or routinely. In India, one in 10 employees (11 percent) admitted never or hardly ever abiding by corporate security policies. Several factors influence employees' decisions to adhere to or break corporate security policies:

* Awareness: One of the most noteworthy findings was the gap between the number of employees and IT professionals who are aware of policies. Depending on the country, the number of IT professionals who knew a policy existed was 20 to 30 percent higher than the number of employees. The largest gaps (31 percent) were in the United States, Brazil and Italy. This finding raises the question of if and how IT communicates policies to employees.

* Communication: Eleven percent of employees said IT never communicates or educates them on security policies. This finding is especially prevalent in Europe, where the United Kingdom (25 percent) and France (20 percent) featured the greatest number of employees making this claim. When IT communicates policies to employees, they often use non-verbal and indirect vehicles - email, messages during computer login processes, and voicemail.

* Updates: Three of four IT professionals (77 percent) believed their policies require more frequent updates, while half of the employees (47 percent) echoed that sentiment. China (91 percent) and India's (89 percent) IT respondents were the most vocal. When matched with the employee behavior findings in the first set of research, the need for a corporate security structure is clearly greater in countries with burgeoning economies and growing workforces that are connecting to Internet-based networks for the first time.

* Fairness: The majority of employees believe their companies' policies are unfair. This is the case in eight of 10 countries; only employees in Germany and the United States did not agree. As businesses become more collaborative, spurred by the adoption of interactive Web 2.0 applications, video and mobile devices, the desire to protect employees as they embrace new technologies without frustrating them with rigid policies becomes a diplomatic balancing act for IT departments.

* Non-compliance: One of the most significant findings was the difference in employee and IT perspectives on policy non-compliance. According to IT, employees defy policies for a variety of reasons, from failing to grasp the magnitude of security risks to apathy. However, employees said the top reason for non-compliance is their belief that policies do not align with the reality of what they need to do their jobs. More than two of five employees (42 percent) made this claim globally. In Germany, even though the majority of employees felt their companies' policies were fair, more than half of them (55 percent) said they would break them to complete their jobs.

"This decision employees make to either adhere to policies or sidestep them to complete their jobs presents a noteworthy challenge to IT," said Marie Hattar, vice president of Network Systems and Security Solutions for Cisco. "IT needs to reshape security policies to meet the real needs of businesses and employees, or they risk a policy breakdown and a greater risk for data loss and breaches."

According to the research, breaches affect more than just companies in question. One of the more sobering findings is that of the IT respondents who dealt with employee policy violations, one in five reported that incidents resulted in lost customer data.

Third Brigade Wins Government Contract

Wed, 29 Oct 2008 00:00:00 -0500

Third Brigade, a security software company specializing in host intrusion detection and prevention systems (IDS/IPS), announced it has been awarded a Government of Canada National Master Standing Offer (NMSO) contract in the category of Communications Security Equipment and Components.

Using the NMSO contract number E60QE-08BIO6/001/QE, Government of Canada departments and agencies can now swiftly acquire and deploy Third Brigade’s best-of-breed security software to meet the relentlessly increasing online threats challenging governments around the world. The NMSO includes Third Brigade services and Third Brigade Deep Security software, which this year achieved the highest Common Criteria certification level (EAL 3+) across numerous platforms.

“This Canadian government NMSO validates the increasing demand for server security software as a last line of defence against the latest online threats,” said Wael Mohamed, president and CEO at Third Brigade. “Government departments and agencies will be well served by our scalable product architecture, ongoing security updates and the ability for Third Brigade Deep Security to work equally well across traditional servers, virtual machines and in cloud computing environments.”

The NMSO award confirms that Third Brigade Deep Security has passed rigorous security evaluation criteria defined by the Communications Security Establishment Canada (CSEC) and has been qualified by the CSEC’s Information Technology Security (ITS) branch under its ITS Pre-Qualified Vendors program (http://www.cse-cst.gc.ca/services/industrial-services/category/intrusion-detection-e.html). This contract award also reflects the value analysis performed by Public Works and Government Services Canada to ensure compliance with the laws, regulations and policies affecting public sector procurement in Canada.

“We congratulate Third Brigade on its new NMSO contract,” said Shekar Ayyar, vice president of infrastructure alliances at VMware. “Third Brigade shares VMware’s unwavering commitment to information security. With VMware virtualization, customers benefit from the hardened security architecture that is part of the VMware platform. Third Brigade’s virtual machine-ready solution builds on top of the VMware platform to enable end-to-end security across physical and virtual environments.”

Economic Cyber Crime On the Rise

Wed, 29 Oct 2008 00:00:00 -0500

PandaLabs, Panda Security’s malware analysis and detection laboratory, issued a security alert that reveals a direct correlation between the recent stock market volatility and the growth of new threats. According to PandaLabs, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts at PandaLabs believe the recent spike in malware could be related to cyber-criminals now having fewer possible targets as a result of consolidation within the banking industry.

“When we began looking into the specific effects cyber-criminals had on the economy during times of duress we found a startling connection: the criminal economy is closely interrelated with the economy,” said Luis Corrons, Technical Director at PandaLabs. “Based on our extensive research and analysis of emerging malware patterns, we believe that criminal organizations are closely watching market performance and adapting as needed to ensure maximum profit.”

According to PandaLabs, the new strategy appears to be developed in response to banking industry consolidation brought on by the multi-million-dollar bank bailout packages introduced by several governments around the World. As a result of this consolidation, fewer banking entities will exist in the long term and the perception of instability in the financial community makes for a less attractive target. This situation has increased the volume of other types of malware such as adware, which under normal circumstances would be second to Trojans.

“Cyber-criminals have to increase their activity to reach more users with campaigns designed to put money directly into their pockets, especially during times of economic instability. For example, we have seen a surge in the number of fake antivirus software scams that trick unsuspecting consumers into making an online transaction, instead of criminals relying heavily on phishing the credentials for banks,” explains Corrons. “Our data also shows that these fake antivirus campaigns are generating over 10 million euros in profit each month for the underground economy.”

The following are highlights of PandaLabs’ key findings:

On average, the US stock market experienced between a 3 to 7 percent decline from Sept. 1st to Oct. 9th. However, activity on the “malware markets” was the opposite: it grew substantially as the stock markets declined.
From Sept. 5th to 16th, the Dow Jones Industrial Average, NASDAQ, S&P 500 and Composite Index all dropped from the plus 0.0 percent range to approximately negative 3.0 percent or lower (See Figure #1). In the same period the Spanish IBEX 35 index and the London FTSE 100 also suffered major losses. The same timeframe witnessed a significant surge in daily malware threats; for example from Sept. 8th to Sept 10th the volume of daily threats grew from 10,150 to well over 24,000.
From Sept. 14th to 16th, stock markets dropped from -0.5 to -5.5 percent while daily threats grew 50 percent each day, from 8,276 on the 14th to over 31,404 on the 16th

“As evidenced by this compelling data, there will be no end to the persistence and pervasiveness of cybercriminals and their attempts at exploiting malware for financial gain,” said Corrons. “Regardless of the economic state we’re in, cybercriminals are continually adjusting their strategies and, from this evidence, are capitalizing on economic lows to prey on unsuspecting victims. By remaining vigilant and aware of these findings, we are better prepared to protect ourselves and the economy from the very real dangers of malware.”

Ontario Getting More Police Officers

Wed, 29 Oct 2008 00:00:00 -0500

Ontario's share of the federal Police Officers Recruitment Fund will put up to 329 new police officers in Ontario communities.

The province will receive $156 million in federal funding over five years to hire more officers as its share of the federal commitment of $400 million for all of Canada. Under the province's plan:

$78 million will go to employing 125 new Ontario Provincial Police (OPP) officers;
$58 million will help municipal police services hire up to 164 new officers; and
$20 million will fund 40 new police officers for First Nations police services.

In 2006, the federal government pledged to put 2500 new officers on Canadian streets. Ontario will continue to urge the federal government for its fair share of funding.

"We will continue to lobby the federal government to fully fund the additional police officers and to make the funding permanent," said Community Safety and Correctional Services Minister Rick Bartolucci. "In the meantime we will use the limited funds to increase the number of OPP officers, help municipal police services hire more officers and address the special needs of First Nations police services."

IndigoVision Protecting Auto Plant

Wed, 29 Oct 2008 00:00:00 -0500

IndigoVision’s complete IP Video solution is providing site-wide surveillance for Faurecia’s new automotive plant in Mexico. Located in a high-technology industrial park in San Luis Potosí, the new plant manufactures seats and other automotive components for many of the world’s top car makers. The Faurecia Group has 190 plants in 28 countries around the globe and employs 60,000 people.

The IP-CCTV system was designed and installed by IndigoVision’s local partner Multielectron SA de CV and consists of both PTZ dome and fixed cameras covering the exterior of the plant as well the general manufacturing areas inside.

“Following analysis of similar IP video systems we chose IndigoVision’s solution because of its superior performance and video quality,” explains Arturo Gutiérrez, Faurecia’s HSE Coordinator. “To provide the local authorities and police with high-quality evidential video exported from the system following an incident was another important requirement.”

CCTV monitoring workstations running ‘Control Center’, IndigoVision’s IP Video and alarm management software, are used throughout the plant to view live and recorded video from the cameras. The distributed nature of IndigoVision’s IP Video system means that any system component (camera, workstation, etc) can be located anywhere on the network. The system is thus very scalable, allowing additional cameras or workstations to be easily and cost-effectively added in the future, unlike traditional analog CCTV systems. ‘Control Center’ is also license-free enabling workstations to be deployed for no more than a cost of an entry-level PC. This flexibility has allowed Faurecia to install CCTV workstations not only for the security team in the main control room but also for the Plant Manager, HR department and the maintenance team.

The video is recorded continuously at 4SIF, 30fs for 15 days using an IndigoVision Windows Network Video Recorder (NVR) server with 1.5TB of storage and NAS backup, all located in the control room. With the correct access permissions any ‘Control Center’ workstation in the plant can view and analyze recorded video from the NVR.

Yahoo! Chooses VeriSign

Tue, 11 Nov 2008 00:00:00 -0600

VeriSign announced that Yahoo! Shopping merchants can now enhance their listings so that shoppers can more easily identify which merchants have safeguarded their sites and whose identities have been verified by VeriSign.

Now available on Yahoo! Shopping, the VeriSign Verified Seal for Comparison Shopping identifies merchants who secure their site with a VeriSign Secured Sockets Layer (SSL) Certificate. Because they've deployed VeriSign SSL protection, these merchants can choose to have a VeriSign Verified Seal appear in connection with their listings on Yahoo! Shopping, the most popular online comparison shopping engine (comScore, September 2008).

The seal helps merchants indicate to consumers that VeriSign has verified the identity of the merchant and that the merchant owns or has a right to use the website to do business, and that the Web site is secured with a VeriSign SSL certificate. As 85 percent of online shoppers will turn to online tools to find bargains this holiday season(1), the VeriSign Verified Seal for Comparison Shopping is another tool to help merchants help customers feel confident when they shop online.

"The driving focus of Yahoo! Shopping is to provide people with an efficient way of finding the best products at the best prices online," said Greg Hintz, General Manager, Yahoo! Shopping. "By displaying the VeriSign Verified Seal for Comparison Shopping, we want to make sure our users have everything they need to make an informed purchase. This new feature delivers a valuable service to our merchants and online shoppers alike, as we all prepare for another busy season of online holiday shopping."

Obama Popular with Spammers

Tue, 11 Nov 2008 00:00:00 -0600

Barack Obama was chosen by Americans as their new president – and by spammers as their subject of choice, according to MessageLabs.

Spam messages with Obama’s name in the subject dominated with 82 percent of election-themed spam. McCain’s name wasn’t used nearly as often, but did receive a big boost on the day of the election itself: the amount of McCain spam grew from 5 percent before the election to 18 percent after.

Using headlines like “Obama Six Pack?” and “Obamamercial”, the e-mails did not have a political theme and were sent out with the goal of selling products and spreading malware.

Obama wasn’t the only “winner” of the spam wars as the Srizbi botnet led the pack with 77.4 percent of election-themed spam. The other sources of election spam were:

Mega-D -- 10.1%
Cutwail -- 9.5%
Rustock -- 2.0%
Grum -- 0.4%
Gheg -- 0.2%
Kraken/Bobax -- 0.3%

Aimetis Wins Product Innovation Award

Tue, 11 Nov 2008 00:00:00 -0600

Aimetis Corp., a Waterloo, Ont.-based provider of integrated intelligent video software has won the Frost & Sullivan's 2008 Global Video Analytics Procuct Innovation of the Year Award. The award is in recognition of the company's strategic video surveillance product developments for Aimetis Symphony Intelligent Video Management Software and its ability to provide a highly reliable and technologically innovative video analytics solution to its end-users.

"Aimetis Symphony™ addresses many of the critical issues in relation to the adoption of widespread video analytics deployments," explains Julian Harris, Senior Research Analyst, Frost & Sullivan. "Aimetis Symphony™ gives end-users the flexibility to migrate from analog cctv video to IP and intelligent video solutions at their own pace, alleviating the requirement to have separate systems for video management and video analytics."

As a combined video management and analytics software platform, Aimetis Symphony provides end-users with a video surveillance solution that utlizes the full value of analytics. This includes expanding a robust video management interface with intelligent driven features such as alarm management, smart-search, and event-driven, interactive timelines.

Aimetis Symphony™ analytic algorithms include motion tracking, object classification, people counting, virtual fence, left or removed items, auto-PTZ tracking and loitering. "The accuracy and reliability of the analytical algorithms receive some of the highest customer satisfaction in the industry," adds Harris.

"We expect that within the next five years, every video stream will utilize video analytics and be part of an integrated and intelligent system," said Marc Holtenhoff, CEO, Aimetis Corp. "We are very proud that Aimetis Symphony has been recognized for meeting the needs of this growing market."

Canadians Warned of Mail Scam

Fri, 28 Nov 2008 00:00:00 -0600

The Canada Revenue Agency (CRA) is warning taxpayers to beware of a recent scam where some Canadians are receiving a letter fraudulently identified as coming from the CRA and asking for personal information. The letter is not from the CRA. A PDF version of the letter is available on the CRA Web site at www.cra.gc.ca/alert.

The letter claims that there is “insufficient information” for the individual’s tax return and that in order to receive any “claims,” they will have to update their records. The letter attaches a form specifically requesting the individual’s personal information in writing, via fax or email, including information on bank accounts and passports. This letter is not from the CRA and Canadians should not provide their personal information to the sender.

All taxpayers should be vigilant when divulging any confidential information to third parties. The CRA has well established practices to protect the confidentiality of taxpayers’ information.

The CRA has notified the proper law enforcement authorities of this scam.

For information about this and other similar scams, or to report deceptive telemarketing activity, visit
www.phonebusters.com.

PayPal Canada Steps up Security

Fri, 28 Nov 2008 00:00:00 -0600

PayPal Canada has announced a new security measure for Canadian e-commerce enthusiasts. The PayPal Security Key offers members an extra level of protection in two formats: token and mobile.

The PayPal Security Key token is a portable device that generates a one-time six-digit security code every 30 seconds, providing PayPal users with an extra layer of security. Members use the temporary code along with their standard username and password to sign in to their accounts from anywhere in the world.

The mobile version uses the same infrastructure as the token format, but delivers the unique six-digit security code via text message to the member's mobile device.

This type of additional security, known as two-factor authentication, is used by leading financial institutions as an additional means to protect consumers and reduce losses from online fraud such as phishing attacks.

"Unfortunately, identity theft is still an issue both offline and online. But the good news is that customers can protect themselves by practicing safer online habits and using new tools like the Security Key," says Darrell MacMullin, country manager for PayPal Canada. "PayPal has always protected our members' sensitive financial and personal information; and now with the launch of the Security Key, we offer Canadians another way to help combat fraud."

An increase in the number of retailers offering online shopping and the growing adoption of e-commerce by Canadians has created a demand for greater consumer protection online. A recent Statistics Canada e-commerce study found more than 8.4 million Canadians (aged 16 and over) made an online purchase in 2007, up from nearly 6.9 million in 2005. The same study also found 50 per cent of all Canadians were very concerned about online credit card use.

"PayPal was built from the ground up with security in mind, and we've always been committed to using cutting-edge technology and expertise to protect our customers' accounts," said Michael Barrett, chief information security officer for PayPal. "Now, we're taking the additional protection provided by two-factor authentication and delivering it to something most people don't leave home without - their mobile phones."

Both the PayPal Security Key token and the SMS security codes are now available to customers in the U.S., Australia, Austria, Canada and Germany. PayPal does not charge for delivery of security codes to a mobile device; however, the mobile provider's standard text messaging charges will apply. To use the service, customers need a mobile device and wireless service set up to receive SMS text messages.

The PayPal Security Key is part of the VeriSign Identity Protection (VIP) Network. As part of this network, consumers can use the security codes to protect their accounts on a variety of financial services and e-commerce Web sites. The new SMS functionality is provided by VeriSign's messaging and mobile media division, which connects to more than 600 carriers and reaches more than 2.4 billion wireless subscribers in 150 countries.

Mexican Bank Selects March Networks

Fri, 28 Nov 2008 00:00:00 -0600

March Networks, a provider of intelligent IP video and business analysis applications, has announced that a major financial institution in Mexico has selected the Company’s Managed Video Network Services to ensure the optimal performance of its IP video surveillance systems.

The financial institution is currently using March Networks’ video management platform across more than 1,300 retail branches. It will now outsource the ongoing health monitoring and management of that surveillance solution to the Company’s network operations center (NOC). Part of the VideoSphere™ Intelligent Video Management portfolio, the managed service supports an organization’s ability to benefit from advanced IP video technologies and applications while extending existing resources.

Using intelligent management tools central to the Company’s enterprise-class solution, NOC personnel will remotely monitor the customer’s network of cameras, NVRs and disk drives. They will track system metrics and proactively diagnose and address potential issues before they affect performance, working remotely with a local certified provider for onsite service requirements. Managed Video Network Services maximize surveillance uptime and help ensure video evidence is available whenever it is needed. In addition, the offering includes ongoing software maintenance and updates that provide customers with the latest functionality available in the Company’s portfolio.

IronKey Launches Anti-Malware Initiative

Fri, 28 Nov 2008 00:00:00 -0600

IronKey has announced an initiative to protect portable and mobile media from viruses, worms, trojans, botnets, crimeware and other malware threats.

The IronKey Anti-Malware Initiative includes:

Always-on hardware encryption. IronKey USB flash drives encrypt all stored data with military grade AES CBC mode encryption without installing software or drivers. Malware cannot circumvent or disable the encryption of sensitive stored data, making this a safe repository for storing confidential information, intellectual property and protected personal information.

Malware-protected software and firmware updates. IronKey devices can be updated remotely via a secure update service. All firmware and software is validated by industry leading 2048-bit RSA digital signatures, preventing the installation of malicious software or firmware onto IronKey devices.

Secure manufacturing processes. Unlike many computer hardware products that are manufactured in offshore, uncontrolled factory environments, all IronKey devices are designed and manufactured in the USA, which dramatically reduces that risk of hostile factories implanting malware onto silicon or memory chips during the manufacturing process.

Secure provisioning and quality assurance processes. IronKey devices will not function without secure and digitally signed and verified firmware and software. These software and firmware images are developed, security scanned, anti-malware scanned, and digitally signed at IronKey premises in the USA. All IronKey devices are inoperable until they are loaded with verified and scanned software and firmware from IronKey headquarters. This provides a security validation that is unmatched in the industry, ensuring that IronKey devices have not been tampered with in the manufacturing or supply chain process.

Real-time anti-malware scanning. IronKey is integrating best-of-breed anti-malware scanning technology to prevent malware from untrusted computers from infecting IronKey secure storage devices, and then spreading into corporate and government networks. IronKey has numerous patent-pending technology innovations that leverage the power of the on-board crypto processor to enable anti-malware protection in the hardware on the IronKey device to protect data and networks without requiring the installation and operation of software or drivers on host computers.

IBM Introduces Cloud Computing Services

Fri, 28 Nov 2008 00:00:00 -0600

IBM has announced new cloud computing services to help businesses take advantage of the growing computing model.

One aspect of the service focuses on cloud security. The service is aimed at re-architecting and re-designing technologies and processes, to infuse security and shield against threats and vulnerabilities in the cloud.

The effort, which spans Systems, Software, Services and IBM's lauded Research and X-Force arms, is aimed at re-architecting and re-designing technologies and processes, to infuse security and shield against threats and vulnerabilities.

The project incorporates next-generation security and cloud service management technologies, as well as simplified security management and enforcement, offering enterprise customers the same security and compliance guarantees that are equivalent or better than what they can expect in traditional computing environments.

Underground Economy Booming

Fri, 28 Nov 2008 00:00:00 -0600

Symantec has released its Report on the Underground Economy, which details an online underground economy that has matured into an efficient, global marketplace in which stolen goods and fraud-related services are regularly bought and sold, and where the estimated value of goods offered by individual traders is measured in millions of dollars.

The report is derived from data gathered by Symantec’s Security Technology and Response (STAR) organization, from underground economy servers between July 1, 2007 and June 30, 2008.

The potential value of total advertised goods observed by Symantec was more than $276 million for the reporting period. This value was determined using the advertised prices of the goods and services and measured how much advertisers would make if they liquidated their inventory.

“As evidenced by the Report on the Underground Economy, today’s cybercriminals are thriving off of information they are gathering without permission from consumers and businesses,” said Stephen Trilling, vice president, Symantec Security Technology and Response. “As these individuals and groups continue to devise new tools and techniques to defraud legitimate users around the globe, protection and mitigation against such attacks must become an international priority.”

Credit card information is the most advertised category of goods and services on the underground economy, accounting for 31 percent of the total. While stolen credit card numbers sell for as little as $0.10 to $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4,000. Symantec has calculated that the potential worth of all credit cards advertised during the reporting period was $5.3 billion.

The popularity of credit card information is likely due to the many ways this information can be obtained and used for fraud; credit cards are easy to use for online shopping and it’s often difficult for merchants or credit providers to identify and address fraudulent transactions before fraudsters complete these transactions and receive their goods. Also, credit card information is often sold to fraudsters in bulk, with discounts or free numbers provided with larger purchases.

The second most common category of goods and services advertised was financial accounts at 20 percent of the total. While stolen bank account information sells for between $10 and $1,000, the average advertised stolen bank account balance is nearly $40,000. Calculating the average advertised balance of a bank account together with the average price for stolen bank account numbers, the worth of the bank accounts advertised during this reporting period was $1.7 billion. The popularity of financial account information is likely due to its potential for high payouts and the speed at which payouts can be made. In one case, financial accounts were cashed out online to untraceable locations in less than 15 minutes.

During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. The potential value of the total advertised goods for the top 10 most active advertisers was $16.3 million for credit cards and $2 million for bank accounts. Furthermore, the potential worth of the goods advertised by the single most active advertiser identified by Symantec during the study period was $6.4 million.

The underground economy is geographically diverse and generates revenue for cybercriminals who range from loose collections of individuals to organized and sophisticated groups. During this reporting period, North America hosted the largest number of such servers, with 45 percent of the total; Europe/Middle East/Africa hosted 38 percent; followed by Asia/Pacific with 12 percent and Latin America with 5 percent. The geographical locations of underground economy servers are constantly changing to evade detection.

Protecting the Pope

Fri, 28 Nov 2008 00:00:00 -0600

The Vatican has selected ioimage's intelligent video appliances to detect intruders along a 60-kilometer perimeter of sensitive areas, entry and exit gates and the wall surrounding the small, independent country.

The first unit was installed in 2005 following a year of intensive testing. Additional ioimage units are currently being installed. These units - composed of ioimage's IP camera with built-in self-sustained video analytics, the ioicam wdc100dn and ioibox video encoders using autonomous PTZ (Pan Tilt Zoom) tracking - will be centrally monitored and managed by the "Corpo della Gendarmeria", the Vatican's security force from their control room.

Millions of people visit the Vatican's public areas every year. Its library and museum collections, which belong to the extra territorial part of the Vatican state, are of the highest cultural significance, while buildings such as St. Peter's Basilica and the Sistine Chapel house some of the world's most famous art, including works by Bernini, Botticelli, Michelangelo and Raphael.

"As one of the world's most important sites, the Vatican presented unique challenges," said Boaz Harpaz, CEO of Picksec International Group, the system integrator. "The security system had to be extremely reliable 24/7 in very crowded, surroundings and under varying weather conditions. It also had to be capable of automatically adjusting to frequent changes in public access schedules while ensuring a low incidence of false alarms. Last but not least, it needed to be easy to install and maintain. After extensive testing of a number of different video analytics products, we found that ioimage offered the optimal solution for this critical site."

Younger Generation Threat to Security

Fri, 28 Nov 2008 00:00:00 -0600

Millennial generation students and employees (those aged 14 to 27) expect to use their own technology and mobile devices for work and are increasingly choosing their place of employment based on how accommodating companies are to their personal technology preferences, according to a survey released today by Accenture.

In addition, more than half (60 percent) of Millennials are either unaware of their companies’ information technology (IT) policies or are not inclined to follow them.

The survey, which queried more than 400 U.S. students and employees across three age groups — 14-17 (“younger Millennials”), 18-22 (“mid-Millennials”) and 23-27 (“older Millennials”) — found an increasing demand for high-tech devices to connect with colleagues, peers, friends and family, rather than face-to-face contact. The findings point to a disconnect between the technology that organizations provide their workers and how young workers actually want to use technology and collaborate in the workplace.

The survey’s key findings highlight specific workplace implications for today’s employers that affect corporate IT:

Millennials want to choose their technology. Young people both in the workplace and in school say they expect to use their own technology and mobile devices for work rather than those supplied by their employer.

No need to seek corporate approval. When asked which technologies they currently use or access for work-related activities that are not supported by their employers, mid-Millennials cited mobile phones (selected by 39 percent), open source technology (19 percent), instant messaging (27 percent), online applications (12 percent) and social networking sites (28 percent). Similarly, they regularly download non-standard technology from free public websites such as open source communities, “mashup” and “widget” providers.

Lack of workplace education on corporate policy. Only 40 percent of all respondents said that their employers have published detailed policies related to posting work or client information on public websites. Nearly one-third (31 percent) of respondents said they don’t know if their company has such a policy; 17 percent said their employer hasn’t published such a policy, 6 percent said that whatever policy their company has published is too complex to understand, and 6 percent said they will post work or client information on public sites regardless of any policy, at least when communicating with colleagues.

Younger employees insist on state-of-the-art technology. More than half (52 percent) of all Millennials surveyed said that state-of-the-art technology is an important consideration in selecting an employer.

Organizations will need to provide new communication and collaboration channels. Millennials expect employers to provide communication channels such as online chat, instant messaging, mobile text messaging and RSS feeds to communicate with their customers and clients. However, only 6 percent say their organization provides online chat and instant messaging, while 21 percent say they should and similarly 5 percent said their organization supports text messaging, though 18 percent felt they should since it is an important channel. In addition, just 5 percent said their organization provides RSS feeds versus 12 percent who felt they need to.

Privacy may be melting away. One out of four (26 percent) working Millennials said that they write openly about themselves and friends online, and one in six (17 percent) share openly details of their life online.

Coming to the end of e-mail as we know it. While older Millennials say they spend an average of 9.5 hours a week writing or receiving work-related emails, mid-Millennials already in the workforce spend only 7.7 hours a week on e-mail. High school and young college students spend less than two hours a week e-mailing, instead preferring text and instant messaging and communicating on social networking sites.

Blogging is more myth than reality. Regardless of age, Millennials spend an average of only 30 minutes a week blogging. This is far less than the time they spend searching for information on the Internet, listening to portable devices, text messaging, instant messaging, communicating on social network sites or interacting in virtual communities.

“The message from Millennials is clear: to lure them into the workplace, prospective employers must provide state-of-the-art technologies,” said Gary Curtis, managing director of Accenture Technology Consulting. “And if their employers don’t support their preferred technologies, Millennials will acquire and use them anyway. In order to acquire and retain the best talent, organizations must understand the technologies that the new workforce expects and then find a way to support their employees without compromising enterprise security.”

IBM Reacts to Rise in Cybercrime

Thu, 04 Dec 2008 00:00:00 -0600

IBM has announced a set of actions to bolster its security solutions that can help clients save costs while navigating the “perfect storm” of security threats created by a global economic slowdown, unprecedented cybercriminal activity, and costly and complex legacy security infrastructures.

The actions by IBM’s Internet Security Systems (ISS) division were prompted after IBM X-Force, an elite team of security experts, detected two startling developments. First, they identified a 30 percent increase in network and web-based security events over the last 120 days, with the total number rising from 1.8 billion to more than 2.5 billion worldwide per day, according to data pulled from its managed security services client base of approximately 3700 clients worldwide. Second, IBM detected a 40 percent increase within the last 120 days in its client’s access of IBM virtual security operations centers. IBM’s managed security services clients – businesses and governments around the world – can use the virtual operations centers (VSOC’s) to monitor and verify network and web-based attacks. A significant portion of the increase came from clients that had not previously logged in to the security operations centers in more than six months.

In response to these findings, IBM ISS will introduce new identity and access management services that help combat online threats. These services help organizations define system users and manage who has access to sensitive data and applications, increasingly vital as the IBM X-Force Quarterly Report released in early December shows more than 42 percent of vulnerabilities are caused by weaknesses in access and identity management.

“We are currently in a perfect storm of security threats as businesses are cutting costs, insider threats are rising, and cybercriminals are using the ensuing confusion to create opportunities for themselves,” said Val Rahmani, general manager of IBM’s Internet Security Systems. These services, in conjunction with our new and evolving security products, are unique in helping our clients successfully navigate this storm by reducing costs while improving overall security and compliance posture.”

Top Security Trends Released

Thu, 04 Dec 2008 00:00:00 -0600

Symantec Corp has announced the launch of its MessageLabs Intelligence 2008 Security Report, which details how 2008 was a pivotal year for the cyber security landscape as revolutionary advances in malware and spam techniques made their mark on the underground “shadow” economy.

Total spam levels peaked at 82.7 percent in February 2008 and averaged 81.2 percent for the year, compared with 84.6 percent in 2007. As much as 90 percent of spam was being distributed by botnets,

In 2008, spammers developed an affinity for spamming from large, reputable web-based email and application services by defeating CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) techniques to generate massive numbers of personal accounts from these services. In January, 6.5 percent of spam originated from these hosted webmail accounts, peaking in September when 25 percent of spam originated from these sources, averaging about 12 percent for the remainder of the year.

“2008 was an important year for the security industry as new threats emerged and old threats evolved while the Internet gained sophistication and its users became more web-savvy than ever before,” said Mark Sunner, chief security analyst, MessageLabs. “CAPTCHA breaking became one of the best ways to spam and a wide variety of spam ensued emanating from free web-mail and social networking sites, which require personal accounts for access.”

Complex web-based malware targeting social networking sites and vulnerabilities in legitimate websites, became widespread in 2008, resulting in malware being installed onto computers with no user intervention required. The daily number of new websites containing malware rose from 1,068 in January to its peak at 5,424 in November. The average number of new websites blocked daily rose to 2,290 in 2008 from 1,253 in 2007, largely due to increased attacks using SQL injection techniques.

As web-based attacks became more popular during 2008, email-based attacks rose by .15 percent compared with 2007. In 2008, 1 in 143.8 (0.70 percent) emails were malicious, compared with 1 in 117.7 (0.85 percent) for 2007. In addition, two distinct targeted attack patterns emerged during 2008. MessageLabs Intelligence noted the number of targeted Trojan attacks intercepted rose to 53 per day in 2008, peaking at 78 per day in April 2008, compared with one to two per week in 2005, 1 to 2 per day in 2006 and 10 per day in early 2007.

“Web 2.0 offers endless opportunities to scammers for distributing their malware - from creating bogus social networking accounts to spoofed videos - and in 2008 the threats targeting social networking environments became very real,” Sunner said. “Web 2.0 thrives on user-generated content, as do the spammers. The ability to adapt to new mediums and upload enticing content as ‘snake oil’ to persuade an information-hungry user to activate it, is one of the cybercriminals’ strongest talents and has made them successful in transforming deception into a fully scalable business model within the underground shadow economy.”

Top Trends in 2008
Web Security: For 2008, the average number of new malicious websites blocked each day rose to 2,290 compared with 1,253 for 2007, an increase of 82.8 percent owing mostly to an increase in SQL injection attacks.

Spam: In 2008 the annual average spam rate was 81.2 percent, a decline of 3.4 percent on the 2007 statistic of 84.6 percent. In 2008, the majority of spam was made up of text-only or HTML content and an increasing proportion of spam originated from reputable web-based email and application service providers.

Viruses: The average virus level for 2008 was 1 in 143.8 emails (.70 percent) reflecting a .15 percent decrease on 2007 where levels averaged at 1 in 117.7 (.85 percent) emails. The decline can be attributed to the transition to spreading malware using malicious content hosted on websites and drive-by installs rather than favoring email as the primary means of distribution.

Phishing: The number of phishing attacks was 1 in 244.9 (.41 percent) emails across 2008, compared to 1 in 156 emails in 2007. Phishing activity peaked in February at 1 in 99.1, due partly to the increase in plug- and- play style phishing kits and the increased use of specialized botnets for phishing activity.

Data Protection Turning to Biometrics

Thu, 04 Dec 2008 00:00:00 -0600

A recent survey conducted by Unisys finds a majority of Americans are comfortable using common biometric technologies for authentication. More than 70 percent of respondents will trust banks and government agencies to ask them for biometric data for identity verification. Additionally, fingerprints nearly tied personal passwords as the primary preferred authentication method, 73 percent to 72 percent, respectively.

The biometrics survey was conducted alongside the latest installment of the Unisys Security Index, which found that a majority of Americans continue to have strong concerns about identity theft and fraud with their credit and debit cards. Sixty-two percent of Americans said they were extremely or very concerned about the safety of their personal information, and 60 percent expressed serious concern about credit and debit card fraud.

“Despite ongoing fears about identity theft and fraud, and a willingness by consumers to adopt biometric technology, many organizations have yet to embrace this technology as an effective way to protect data and identities,” said Mark Cohn, vice president of enterprise security at Unisys. “Risk management only gets more challenging with the current financial crisis. Sophisticated cybercriminals know how to take advantage of increasing consumer anxiety as well as perhaps weaker internal controls at banks as result of layoffs and reorganizations. Adoption of advanced biometric technologies as a critical security measure is a possible solution, but it also must be augmented with best practices and stringent policies and procedures.”

The Unisys Security Index is a biannual study that gauges consumers’ views about key security issues. Each survey also includes supplemental research on a security niche topic such as the current data on biometric authentication methods.

The Top 12 Scams of Christmas

Wed, 24 Dec 2008 00:00:00 -0600

According to researchers at McAfee, here are the top 12 scams for this year's holiday season:

1. Charity Phishing Scams. Many popular charitable organizations encourage consumers to think of others during the holiday season through emails asking for year-end donations. In fact, according to McAfee’s recent holiday survey, almost 30% of North American consumers plan to donate online this year.

Unfortunately, hackers also know consumers are in the giving spirit during the holidays and prey on their generosity through fake charity phishing emails.

Here’s how it works: The hackers send fictional emails that appear to be from well known charitable organizations, such as the Red Cross, the Salvation Army, and Oxfam that direct consumers to fake Web sites designed to steal their money. The Web sites are generally very professional with a fairly high amount of graphical content and a good amount of verbiage designed to make the reader feel upset or guilty. Sometimes the layout and content of these fraudulent sites are copied directly from legitimate charity Web sites with simply a name and a logo changed.

To determine if an organization’s site is legitimate, go directly to their Web site to donate. Don’t ever click on a link sent in email. To learn more about phishing, click www.mcafee.com/advice.

2. Email Banking Scams. The current economic climate is not only forcing over 95% of us to spend less money and buy fewer holiday gifts this season, but prompting hackers to take advantage of our bank account balance concerns to bah-humbug the holidays with another common phishing scam.

Financial institutions are the most common phishing scam targets. According to the Anti-Phishing Working Group, during the first quarter of 2008, 92% to 94% of all phish scams were financial-services related.

With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.

With these scams, the bad guys send an official-looking email that asks consumers to confirm account information, including their user name and password. These emails often try to fool consumers into thinking that if they don’t comply with the instructions, their account will become invalid.

So remember, call your bank by telephone if you’re concerned about your account. Never give your account details out as a result of an email request or you could fall victim to a popular phish scam designed to empty your wallet. And with the stress of the holidays, your guard might just be down enough that you fall for one of these scams.

3. Holiday e-cards. Most people never consider the dangers of e-cards -- but unfortunately, there are plenty of dangers, especially during the holiday season. For example, a scam that was popular in 2007, was a New Year’s e-card that included a nasty surprise. When the consumer clicked on the link, they were brought to a malicious Web site that attempted to download Trojan software.

Here's another tricky example: Scammers may send you an e-card that appears as if it’s coming from Hallmark asking you to download an attachment to pick up your e-card. However, the attachment isn't really an e-card -- it's a Trojan. This particular Trojan then waits for you to sign onto AOL. If and when you do, it displays a pop-up window that looks like an AOL form, but asks you to verify/update your AOL billing info by providing your credit card, checking account info, and Social Security number.

A few clues that an e-card is not legit are spelling mistakes, errors in the message, unknown senders or senders with bogus names and odd-looking URLS.

Remember – if in any doubt about the legitimacy of an e-card, don’t open it. Never click on anything from an unknown source.

4. Fake Invoices. During the holidays, lots of friends and families order and send gifts online. This is no secret to stealthy Scrooges who try to trick consumers into giving away personal financial details through fraud invoices.

Here’s how this scam works: The bad guys create a fake invoice or waybill and send it via email as an attachment. Once the consumer opens the email attachment there are a few variations - the recipient may be asked to confirm or cancel an order, they may be told that the parcel service was unable to deliver a package due to having an incorrect address, or the recipient may receive a customs notification about an international package.

In every instance, the email either asks the consumer for their credit card details so that their account can be credited or requires the recipient to open an invoice or customs form to receive the package.

Pretty tricky, huh? This kind of scam has been played on many consumers who believed they were receiving emails from FedEx or UPS but instead were delivered a deadly Trojan program or other threat that can lead to identity theft or hacker control of a computer.

To protect yourself, never give your financial details over email to an unknown recipient or open a suspicious attachment. If you want to ensure you are reaching shipping sites like FedEx or UPS, open a browser and directly access the Web site. Also, ensure that your Internet security software is up to date to help spot Trojans and other forms of malware if you have opened a bad attachment.

5. You’ve Got A New Friend! As the joy of the holiday season brings people together and reignites old friendships, many of us are excited when alerted with a message that says, “You’ve got a new friend!” when using popular social networking sites.

Sadly, in some cases, after clicking on the notice, you NOT only do not have a new friend—you have downloaded malicious software that you can’t even detect. Of course, it’s designed to steal personal and financial information. Stay away from “friends” you don’t know.

6. Dangerous Holiday-Related Search Terms. We love Santa too, but when clicking on the results of a “free Santa download” search, in addition to the Christmas-themed screensavers, puzzles, and pictures you find, you also could be clicking on adware, potentially unwanted downloads, and spyware.

In fact, McAfee’s free and award-winning safe search tool, McAfee® SiteAdvisor® software, found that all of the following holiday-related search terms are risky:

Free Santa holiday screensaver
Free holiday screensaver
Free Christmas screensaver
Free holiday downloads
Christmas tree download
Free Christmas wallpaper
Santa wallpaper
Santa screensaver
Santa ringtones
Santa mail download
Santa download
Free Santa music downloads

When searching for fun holiday-themed downloads, make sure your holiday searches are guided by McAfee SiteAdvisor software– the simple green, yellow and red rating system will help you avoid any unwanted gifts you may get along with your Christmas downloads.

7. Coffee Shop Cybercriminal. While everyone enjoys a warm gingerbread latte while surfing the Net at their local coffee shop, most are not aware of the dangers in surfing on unsecured networks. Attackers can jump on an unsecured wireless Internet connection with a program called a packet sniffer to see what Web sites users are visiting, the passwords they are using, and what bank accounts they are accessing.

Also, an attacker might set up a rogue wireless access point nearby a coffeehouse. If somebody unwittingly connects to the attacker’s network, the miscreant can watch just about everything that goes on while that connection is in use and can redirect traffic, sending the unknowing user to the dark alleys of the Internet.

McAfee advises consumers to make sure they have updated security software including a firewall, they’ve updated the patches on their system—and most importantly, they check bank accounts and shop online from a known, secure wireless Internet connection.

8. Password Stealers. The McAfee North American holiday shopping survey found that 53% of consumers admit they use the same password for multiple Web sites or online services. Consumers need to know that free and low-cost tools exist that make it easy for bad guys to guess passwords and hack into users’ PCs. That’s a holiday visit no one wants.

McAfee Avert® Labs found that attackers go after passwords for banks and e-commerce sites, multi-player online role playing games, instant messaging and finally, social networking sites.

As tricky as getting malware that’s delivered invisibly via spam, consumers could get a password stealer downloaded to their PC without even knowing it.

By using the same password, an attacker only has to nab one password to hit all of a user’s accounts. So this holiday season, be sure you use have an updated comprehensive security software suite to help prevent access to password-stealing malware. This includes anti-virus, anti-spyware and a two-way firewall. Remember to check to make sure your subscription software is current – and not just trial software that might be expired.

9. Fraud Via Auction Sites. As nearly 40% of North American consumers are expected to visit auction sites to find gifts this holiday season, shoppers must be aware of scammers who will use the increased activity of the holiday season to prey upon new victims. Be sure to read the security and safety policies from such sites as eBay (click here.) You’ll learn how to protect your account and buy safely.

10. Holiday-themed email attachments and spam. The bad guys know that emails with holiday-inspired subject lines are intriguing to most consumers. The recent McAfee holiday survey found that 49% of consumers have opened or would open an email with a holiday themed attachment.

Consumers should beware of emails that prey upon their holiday spirit, inviting them to look at homes bedecked with lights or PowerPoint presentations with vague holiday-related subjects. For example, last year an email made the rounds with a Microsoft PowerPoint called “Christmas Blessings” that contained malicious software.

Some examples of subject lines bad guys use to lure consumers into opening a friendly-looking email are “happy 2008 to you!”, “happy 2008!” and “new hope and new beginning”. Be wary when you see these titles and don’t open attachments with odd-looking URLs.

11. Online Identity Theft. Online shopping offers the 3 Cs: cost, convenience and choice, but there’s one more we learned about from the McAfee Shopping Survey: Concern.

90% of consumers have some level of concern about shopping online. Unsure of where to shop, they rely on friends and family to determine the safety of a Web site, but friends can only advise on personal experiences, and some sites may have security issues that aren’t readily apparent.

For example, sites that store your personal information can be vulnerable to cybercriminals who hack in to steal your identity. In fact, research shows that as many as 80% of Web sites have known vulnerabilities.

McAfee can help. The McAfee SECURE™ trust mark appears on more than 80,000 sites that pass daily testing for more than 10,000 known hacker vulnerabilities. Your personal information is safer on sites tested by McAfee SECURE because daily scanning for known threats can prevent Web sites from falling prey to the vast majority of hacker crime. Only valid sites that pass the McAfee SECURE service of daily testing can display the trustmark.

12. Laptop Theft. And the last way the bad guys can take the merry out of your Christmas is by outright stealing your laptop! According to the FBI’s State of the Net Report (2007), chances of having a laptop stolen are 1 in 10, and according to the research firm Gartner, 97% of laptops are never recovered.

While you are out enjoying the festivities of the season, make sure to be particularly vigilant at this time of year and never leave your laptop in sight in your car.

IBM Predicts 2009 Security Trends

Wed, 24 Dec 2008 00:00:00 -0600

IBM Internet Security Systems (ISS) today warned of five security trends it predicts will impact enterprises and consumers in the coming years. These trends include:

Web 2.0 wakes up with a hangover – The meteoric growth (and hype) around social networking and other “Web 2.0” communities will cause a major headache for consumers in 2009. With consumers storing an unprecedented amount of personal information on these sites, 2009 will see the launch of a new wave of malware targeting account credentials at sites like Digg, Twitter, Facebook/Facebook Connect and MySpace, as well as Google, Yahoo! and other major online portals. These sites will be a major target for identity thieves and other criminals in 2009.
Mobile Malware Comes of Age – 2008 was the year when smart phones (Blackberry, iPhone, Google Android, etc.) made the full transition from “phone that’s also a computer,” to “computer that’s also a phone.” 2009 will be the year when mobile malware begins to come of age. The number of consumers owning smart phones, and the commensurate rise in valuable information stored on them, will begin to reach the critical mass required for cyber-criminals to make smart phones a primary target of their operations. Once this happens, there will be a new generation of malware designed specifically for smart phone users.
Security Analysis Changes from Technical to Financial Prioritization – The evolution of the cyber-threat landscape from amateur hackers to sophisticated international criminal organizations is causing a shift in the way that computer security needs to be prioritized. Historically threats were prioritized on an entirely technical basis: the ease of exploitation and the level of access granted. In 2009 there will be a shift to economic analysis: what is the economic impact associated with an attack.
Web Threats Rise with Anonymous Proxy – According to IBM ISS data, the number of anonymous proxies (sites where people can enter URLs and surf the Web anonymously) doubled in 2008. IBM ISS expects this trend to continue in 2009, and it will render many challenges for businesses that monitor sites employees can surf. Businesses will need to fine tune web filtering technologies to monitor anonymous proxy or be prone to various malware. This will not only be a problem for employers and parents, but also for law enforcement surveillance efforts. The “anonymous Web” will become a reality in 2009.
What’s old is new again – 2008 saw a new vendor phenomenon: announcing old security vulnerabilities as “new” in the interest of gaining marketing buzz. The most glaring example of this in 2008 was the widespread hype surrounding “clickjacking,” which was simply an old vulnerability that vendors gave a new name and publicized as a new development. IBM ISS expects this phenomenon to continue in 2009 as security marketers continue to muddy the security information landscape with questionable discoveries and observations.

Malware on the Rise

Wed, 24 Dec 2008 00:00:00 -0600

According to MessageLabs Intelligence data, spam levels peaked at 82.7% of all e-mail in February 2008 and spam made up an average of 81.2% for the year.

The daily number of new websites containing malware - software designed to infiltrate or damage a computer system - rose from 1,068 sites in January to its peak at 5,424 in November.

The ‘Naughty Nine,’ a listing of the Top Cybercrimes of 2008 developed by MessageLabs, now part of Symantec, showcases the most notable and destructive malware attacks over the past year. The listing also includes photos and screenshots that you are free to use.

Storm worm
Search Engine spam
CAPTCHA Breaks
Targeted Trojans
Web-based malware
Hosted Applications Spam
Srizbi
Obama spam
Credit crisis phishing scams

Ontario Government Seeks Data Recovery Training

Tue, 27 Jan 2009 00:00:00 -0600

CBL Data Recovery Technologies has announced that the Ontario Ministry of Community Safety and Correctional Services has chosen it to provide Centre of Forensic Sciences staff with computer hard disk drive repair and recovery training. The data recovery company will train staff members of the Electronics Section at the Centre of Forensic Sciences facility in Toronto with the necessary knowledge and skills to recover data from altered or damaged media to assist with official investigations.

“Data recovery requires intimate knowledge of hard drive technology and the ability to analyze the physical problems that prevent access to the data contained on a hard drive’s platters,” states Tim Margeson, General Manager of CBL Data Recovery Technologies Inc. “Despite what we see on television, the platter surfaces of a hard drive cannot be scanned or read by lasers or other external means. While there is research in the academic sector, this technology is largely theoretical, and currently not used for commercial data recovery. Successful recovery of data still requires skilled staff.”

Under the terms of the agreement, on completion of the training, CBL will provide a data recovery support service to the Centre of Forensic Sciences staff as required.

Ontario's Centre of Forensic Sciences is one of the most extensive forensic sciences facilities in North America. The central laboratory is located in Toronto, and the smaller Northern Regional Laboratory is located in Sault Ste. Marie. Highly specialized forensic examination and analysis are conducted in the following areas: biology, chemistry, document and photographic analysis, electronics, firearms and tool mark, as well as toxicology.

Symantec Releases Cloud Computing Solution

Tue, 27 Jan 2009 00:00:00 -0600

Symantec has announced the availability of the Symantec GoEverywhere beta, a secure online workspace that allows users to access their Web applications anytime, anywhere, using most any device enabled with a Web browser. GoEverywhere is an innovation from the new business incubator, a Symantec organization that invests and develops emerging business opportunities.

The GoEverywhere beta provides small businesses and individuals a secure, scalable and worry-free computing environment that reduces costs relating to hardware, software, storage and IT management. The beta service allows customers to reach their online Web applications from a centralized location and choose from a selection of third-party Web-based applications for word processing, slide making, spreadsheet work and Web-based email. GoEverywhere removes the need to switch between multiple websites to access preferred Web-based applications and eases online file management by providing a single aggregated view of multiple third-party online storage accounts. Other benefits include:

•          Anytime, anywhere availability – workspace accessed 24x7 on almost any browser enabled device,
•          Hardware and operating system independent – only an Internet browser is required,
•          Maintenance free – no need for ongoing IT management to backup, install or update,
•          Low cost – access free software and rich media content.

GoEverywhere’s approach to secure computing uses multi-level password encryption and two-factor authentication to access the GoEverywhere workspace from any computer location. GoEverywhere’s ‘Single Sign-On’ functionality provides simplified password management making access to online services convenient and easy to manage. Single Sign-On allows customers to securely log onto their workspace and immediately access most of their Web applications and accounts without additional log-ins or passwords.

“As the use of Web-based applications increase, there is a need for our desktop or computing environment to also adjust and become web-based. We believe this will lead to a paradigm shift in desktop computing,” said Don Kleinschnitz, vice president and general manager Symantec GoEverywhere. “The GoEverywhere beta is incorporating next-generation cloud computing and Web 2.0 concepts in innovative ways to enhance customers’ choice of how and when they want to access information.”

Using Barack Obama to Spread Malware

Tue, 27 Jan 2009 00:00:00 -0600

The U.S. presidential election and inaugurations may be over, but that's not stopping attackers from using Barack Obama's win to spread information-stealing malicious code -- this time using his Web site and all its Web 2.0 / social networking tools that helped galvanize his base and him get elected.

Websense Security Labs ThreatSeeker Network has detected that hackers have registered multiple bogus user accounts on My.BarackObama.com (an online community for citizens to rally behind President Obama), in order to spread malicious code around the Web.

A My.BarackObama.com social-networking account empowers the user with tools to join groups, raise funds, and even create his or her own blog. The option to create your own blog is a common feature provided by most of the popular Web 2.0 social sites today, driven by user-generated content.

Cybercriminals Getting Nastier

Tue, 27 Jan 2009 00:00:00 -0600

In Symantec's January 2009 MessageLabs Intelligence Report, analysis indicates an increase in spam levels of 4.9 percent since December 2008 to 74.6 percent, reaching levels close to those experienced before Internet Service Provider McColo was taken down in November 2008.

Among the top 10 botnets responsible for distributing spam, Mega-D (Ozdoc) had the highest throughput in January, sending more than 26 million spam emails per minute whilst Cutwail (Pandex) remains the largest botnet with more than one million active IPs this month. Some of the top ten most active botnets contributing to the spam increase are new to the threat landscape, including Xarvester, Donbot and Waledac.

“The potential of these botnets to spam in large volumes is a major concern,” said Paul Wood, MessageLabs Intelligence Analyst, Symantec. “In particular, Waledac is believed to be the next generation of the infamous botnet Storm (Peacomm). Whilst Waledac malware was spread at an alarming rate in January, it was dispersing spam in relatively small volumes. For now, the botnet controllers are clearly focusing on growing and developing this new botnet resource rather than using it to spam. It will be one to watch as 2009 progresses.”

With the increase in spam came a resurgence of stock spam. Since the indictment of notorious stock spammer Alan Ralsky in January 2008, stock spamming has been relatively scarce. But with the help of CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart)-breaking tools aimed at major email providers and the shaky economic climate, MessageLabs Intelligence research identified many examples of spam messages sent from legitimate-looking email addresses touting penny stocks, an opportunity to hook consumers who may be finding it difficult to obtain credit by traditional means with the promise of big returns for little investment.

Other new topics used by spammers this month included the US Presidential Inauguration and, separately, the unrest in the Middle East was used to draw attention to messages which appeared to be used to further the aims of terrorist organizations.

“Just one month into 2009 and the threat landscape already appears to be in full swing,” Wood said. “Toward the end of 2008, the MessageLabs Intelligence team predicted a botnet renaissance in which the cybercriminals would improve the technology behind their botnets, creating a new vanguard. Based on the increase in power, numbers and new bots, the cybercriminals seem to be living up to the prediction.”

Other report highlights:

Web security: Analysis of Web security activity shows that 11.5 percent of all web-based malware intercepted was new in January. MessageLabs Intelligence also identified an average of 1,208 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 6.2 percent since December 2008.

Spam: In January 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 74.6 percent (1 in 1.92 emails), an increase of 4.9 percent since December 2008.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 257.3 emails (.39 percent), a decrease of 0.12 percent since December 2008. In January, 11.8 percent of email-borne malware contained links to malicious sites, an increase of 9.1 percent since December 2008.

Phishing: January saw a decrease of 0.14 percent in the proportion of phishing attacks compared with December 2008. One in 396.2 (.25 percent) emails comprised some form of phishing attack. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 11.2 percent to 64.9 percent of all email-borne malware threats intercepted in January.

The January 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

Munich Airport Turns to IP Video

Tue, 27 Jan 2009 00:00:00 -0600

Aimetis Corp. , a provider of intelligent IP video surveillance software, announced that Aimetis Symphony will be installed as the video surveillance software platform in Munich Airport's Terminal One.

Aimetis Symphony provides the airport with a single platform for upgrading the existing analog CCTV system to operate over an IP network and for integrating the video surveillance system with other systems also operating on the network, such as, the command center software, burglar alarm and fire alarm systems.

"The upgraded video surveillance system is a critical component of the airport security and operations," said Michael Zaddach, Manager IT Service, Munich Airport. "Aimetis Symphony™ will assure the smooth flow of operations, help to prevent and solve crimes and will provide emergency crews with the information they need in special situations."

Aimetis has partnered with Alcatel-Lucent, who will provide system integration and project management to deliver a turnkey solution for the largest and most innovative IP CCTV project in Germany. "Aimetis Symphony™ is the centerpiece of our solution offering," said Carsten Smago, Manager Services, Alcatel Germany. "It allowed us to meet all the client's video surveillance requirements for scalability, performance and price."

Initially, Munich Airport will install Aimetis Symphony™ Professional licenses for approximately 800 new and existing analog and IP cameras. The number of cameras is estimated to increase to 3000 as the airport grows and expands. Aimetis Symphony™ also provides the airport with the ability to upgrade individual cameras with video analytics as required.

Munich Airport is among the top 30 airports in the world in terms of passenger volume, handling approximately 34 million passengers in 2007. It has been named Best Airport in Europe for the last four years and ranked fifth worldwide in 2008 for high quality and efficiency in an annual survey of over eight million passengers conducted by independent aviation market research firm, Skytrax.

Verisign Acquires Certicom

Tue, 27 Jan 2009 00:00:00 -0600

VeriSign and Certicom have announced they have entered into an arrangement agreement whereby VeriSign will acquire all of the outstanding common shares of Certicom for C$2.10 per share.

With the acquisition of Certicom, VeriSign will gain a leadership position in Elliptic Curve Cryptography (ECC) technology, which is generally recognized as a highly efficient form of public-key encryption. Together, VeriSign and Certicom expect to leverage VeriSign’s reach to pursue emerging market opportunities in which ECC can efficiently enable secure data communications.

"This transaction combines the strengths of both companies in a unique, strategic fit,” said Jim Bidzos, executive chairman and chief executive officer on an interim basis of VeriSign, Inc. “Certicom's leadership in Elliptic Curve Cryptography technology allows VeriSign to develop adjacent market opportunities closely aligned with our core SSL business. We expect our customers and the market will benefit from the combination of Certicom's high quality encryption technology and VeriSign's proven certificate services infrastructure."

Spam Contines to Rise

Tue, 27 Jan 2009 00:00:00 -0600

Sophos has published its report on the latest trends in spam, and revealed the top 12 spam-relaying countries for the final quarter of 2008.

Cybercriminals have shown an increased attraction to social networking sites like Facebook and Twitter during this last quarter, indicating that spammers are successfully adapting their methods to suit the current environment. These sites have become part of many computer users’ daily routine – whether it’s logging on to see what their friends are up to, viewing photos, or updating their status, masses of personal information are updated every minute. Such frequent use makes social networking sites a prime target for spammers and malware authors who typically attempt to break into innocent users’ accounts and take advantage of trusted social networks to send spam and malware.

For example, in November, Sophos reported that Facebook had won an $873 million judgment against a Canadian man who bombarded millions of Facebook members with unsolicited spam messages. The spammer tricked users into revealing their passwords and usernames, and then used the information to gain access to their personal profiles. Facebook claimed that the man then sent out more than four million messages promoting products from marijuana to sexual enhancement drugs.

“Spammers really took to using sites like Facebook and Twitter as a vehicle for their spam antics during the last three months of 2008,” continued Cluley. “Cybercriminals have cottoned onto the fact that social networking users can be more easily fooled into clicking on a link that appears to have come from a trusted Facebook friend, than if it arrived as an unsolicited email in their inbox. The notorious Nigerian 419 scammers have even evolved, masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information. Ultimately, while users are still falling for these scams, the fraudsters will continue. And while the authorities are making great progress, everyone must take steps to ensure they don’t fall victim.”

UNITED STATES RETAINS ITS CROWN AS SPAM KING

Between October and December 2008, the United States relayed most of the world’s unwanted emails. China has leapt back into second place, relaying a larger proportion of spam than it did in 2004, and Russia retains third position. In contrast, other nations like Canada, Japan and France – serial offenders five years ago – appear to have made progress and are no longer present in the list of spam reprobates.

“Although there’s no denying that some countries have significantly reduced their contribution to the spam epidemic over the past five years, the United States still holds the crown,” said Cluley. “Though its spam contribution has significantly decreased since Bill Gates’ proclamation – falling from almost half of all spam relayed at the end of 2004, to 21.3 percent by the end of 2007, and now resting at 19.8 percent – this shows there’s certainly no quick fix.”

Sophos identified the top twelve countries responsible for relaying spam across the globe between October-December 2008:

United States 19.8%
China (incl. HK) 9.9%
Russia 6.4%
Brazil 6.3%
Turkey 4.4%
South Korea 4.1%
India 3.6%
Italy 3.0%
Spain 2.9%
United Kingdom 2.7%
Germany 2.4%
Argentina 2.1%
Other 32.4%

A Valentine's Day Gift No One Wants

Wed, 11 Feb 2009 00:00:00 -0600

Since the beginning of February, according to MessageLabs, now part of Symantec, the proportion of spam relating to Valentine's Day has risen from two to three percent of all spam to nine percent this week alone.

The vast majority of this spam (6.5 percent) originates from the Cutwail botnet. Although Xarvester is not far behind with one to two percent of all spam; interestingly, Mega-D, which is currently the most active botnet, has not been involved in sending St. Valentine’s related spam so far.

In 2008, Valentine's spam originated from the infamous Storm botnet and accounted for only two percent of daily spam levels. Comparable to this year’s approach, Storm Valentines spam pointed to websites for VPXL, an herbal enlargement formula. Other botnets sharing the love this year include Waledac, which continues to pump-out large volumes of malicious Valentines-themed emails that contain links to the Waledac malware.

Cutwail’s spam campaign consists of very simple email messages with either Valentine-related subject lines such as "St. Valentine's Bonus" or "Make this Valentine's Day the most memorable ever" or messages in the body containing a link to a .cn website touting male enhancement products, (examples available on request).

"With one in every fifteen spam emails being a Valentine’s message from Cutwail, this botnet loves this romantic time of year," said Paul Wood, MessageLabs Intelligence Analyst, Symantec. "Dedicating approximately ninety percent of its output to Valentine-related spam, Cutwail is generating an estimated seven billion spam emails each day. This is possibly the largest volume of Valentine’s Day spam even seen.”

Websense Releases Cloud-Computing Services

Wed, 11 Feb 2009 00:00:00 -0600

Websense has unveiled Websense Hosted Email Security and Websense Hosted Web Security, on-demand security services that help protect users from emerging Web 2.0 and converged threats.

Websense's cloud-based security solutions feature a completely redesigned user interface and a single sign on for both Web and e-mail that IT managers can access at any time and from anywhere. Quarantine management in Websense Hosted Email Security has also been enhanced, allowing end-users to easily view blocked email, release messages, and whitelist or blacklist senders.

Analyst firm IDC forecasts that the hosted web security market will grow 49 percent and the hosted email security market will grow 32 percent through 2012.

“Organizations are faced with a deluge of blended threats, as well as Web 2.0 sites used by criminals to spread spam and malicious code and drive phishing and fraud scams,” said Devin Redmond, vice president product management for Websense. “Delivered over the Internet, Websense Hosted Security services tackle these emerging threats in the cloud, ensuring spam and malicious content never reach the customer’s network, keeping their employees and essential information secure.”

“We’ve seen significant interest in Websense Hosted Security Services largely due to the immediate benefits organizations receive after turning on the services,” said Websense Partner Steve Kedzior, senior vice president, Client Solutions for Insight. “The hosted platform provides clients an easy, lower-cost approach that doesn't require hardware or software. Additionally, the hosted platform is easy to deploy and can be managed from a single Web interface.”

McAfee Seeks to Help Companies with Compliance

Wed, 11 Feb 2009 00:00:00 -0600

McAfee's new Total Protection for Compliance solution combines agentless and agent-based IT policy auditing.

McAfee Total Protection for Compliance combines the McAfee Vulnerability Manager appliance and the McAfee Policy Auditor software with McAfee ePolicy Orchestrator software to create a single platform for deployment, management, risk analysis, and compliance reporting. This solution also includes a new capability for correlating the latest threats with vulnerabilities, asset values and existing security protection.

"Regulations and standards are growing in number, and IT audits are increasing in complexity and cost," said George Kurtz, senior vice president and general manager, Risk & Compliance Business Unit at McAfee. "With the release of Total Protection for Compliance, we continue to drive innovation into our products and meet the high standards of excellence our customers expect. By ushering in a new era of risk management and compliance automation, we are changing the audit paradigm in order to help improve return on IT investments and reduce the learning curve costs for users."

The Total Protection for Compliance solution utilizes the existing McAfee ePO security management infrastructure to increase efficiencies and allows users to extend their compliance coverage without the costly burden of adding more overhead. McAfee integration through the ePO software also results in improved metrics and communications about where vulnerabilities exist and which systems need priority attention.

"McAfee ePolicy Orchestrator software and McAfee Vulnerability Manager appliance integration truly boosts the value of our investments, as we now can truly harness all integrated features to support our security organizations," said Tomi Behm, Security Services Designer at Tieto. "With all the McAfee solutions working together in the same console, we get real time view of security and compliance status from different aspects of our business. This helps our organization to ensure our business critical assets are safe and comply with our security policies."

Using Security to Drive Business

Wed, 11 Feb 2009 00:00:00 -0600

RSA, in conjunction with the Security for Business Innovation Council, has released the results of their third report, “Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy.”

In this report, security leaders from around the globe examine the information security challenges created by the current economic crisis, and offer concrete strategies for achieving more with less in 2009.

"In a tough economy, it’s tempting for enterprises to rein in business innovation," said RSA President Art Coviello. "However, strategic initiatives that enable revenue growth and operational transformation are more critical than ever. Security practitioners can help business leaders safely pursue the most lucrative business opportunities by understanding the risk picture and identifying the right trade-offs. At the same time, security teams must find ways to
squeeze the most out of every dollar. For example, EMC’s Chief Security Officer and council member Roland Cloutier recently freed 25 per cent of EMC’s monitoring and response operational resources and achieved a four-fold improvement in alert performance by consolidating device, application and technology monitoring into a centralized SIEM solution.”

The report provides five recommendations for managing security programs for business success in 2009:

1) Prioritize Based on Risk/Reward: The Security for Business Innovation Council members call on security professionals to sharpen their ability to make tough judgment calls based on risk.

2) Have the Right Mix of People on Your Team: In lean times, all security team members must have “the right stuff.” They should be able to partner with business owners, offer alternative solutions and speak to issues beyond security. In this report, Council members offer detailed advice for managing human resources, using consultants and
extending teams through decentralization.

3) Build Repeatable Processes: In most organizations, there are many opportunities to rationalize processes and achieve economies of scale. Council members recommend that security leaders improve efficiencies by applying traditional operational metrics to their security programs. They recommend working to embed security into core business processes to increase organizational productivity and drive down standalone security costs.

4) Create an Optimal Shared Cost Strategy: Costs for security are often shared between the centralized security organization and the various business units and departments that need to protect information assets. While the formula varies from one enterprise to the next, Council members offer insight on how to ensure spending matches objectives and needs.

5.) Automate and Outsource Wisely: Using technology to automate manual processes and outsourcing some security functions may provide significant efficiencies and cost reductions, but it’s important to plan and manage these efforts carefully to maximize benefits. Council members share guidance on how to proceed for optimum business impact.

Beware the Valentine's Day E-Card

Wed, 11 Feb 2009 00:00:00 -0600

CA has issued a warning to computer users around the world that the Win32/Waledec trojan is being readied for launch via spammed Valentine’s Day e-cards. Once a computer is infected with the trojan, it can use the machine as a spam bot while gathering information about the host system and sending the data to accomplice Web servers.

CA researchers note that Waledac’s affiliated e-card scam web sites have updated their content with a Valentine’s Day theme—an indication that attacks are being prepared. Currently Waledec-related Web sites distribute trojan executables with filenames such as love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe, but there could be new filenames that surface at any time.

“This threat is to be expected with any card-sending type of holiday, but there often is a new twist each year on delivery,” said Brian Grayek, vice president of product management for CA’s Internet Security Business Unit. “With a combination of awareness and ensuring your security software is current, individuals can be safe. Knowing about the threat early—before you find the email in your inbox or get the alert from your IT department—helps ensure individuals don’t open the email and click on links that launch the malware.”

To stay safe online, CA researchers urge users to make sure they:

Exercise caution when downloading and running unknown executable files, and if in doubt, don’t.
Update their anti-virus software to the latest signatures.
Update their Internet browser to the most current version.
Schedule automatic Microsoft Windows updates if using the Windows operating system.

Kaspersky Opens Shop in Canada

Wed, 11 Feb 2009 00:00:00 -0600

Kaspersky Lab has officially opened its newest North American office in Toronto, Ont.

Introduced in the Americas four years ago, Kaspersky Lab has grown from a small start-up to a major player in the anti-malware industry. The new Canadian office is headed by Kevin Krempulec, vice-president, sales, Canada.

“Kaspersky Lab’s growth in North America during the last three years has been nothing short of remarkable," says Steve Orenberg, president, Kaspersky Lab, Americas. "We’ve been listening to our customers and partners and the next logical step is opening a direct presence in Canada. This will enable Kaspersky to get that much closer to each of our Canadian customers and business partners to provide the level of support that we have made the hallmark of our company.”

Canadian Tire Experiences Data Breach

Wed, 11 Feb 2009 00:00:00 -0600

According to a recent article in The Toronto Star, a widespread security breach disclosed by a U.S. credit card transaction processor has prompted Canadian Tire to cancel and re-issue 16,000 Mastercard credit cards issued by its financial services arm over security concerns.

Late last week, Heartland Payment Systems said it had closed a security hole in its computer network that may have exposed shoppers to one of the biggest data breaches on record.

Shortly afterward, Canadian Tire launched an investigation of its own, said spokeswoman Lisa Gibson.

Any card that was used in the U.S. during a specific period of time was deemed to be at risk, said Gibson, whose own personal card was affected. Canadian Tire Financial Services manages the country's second-largest MasterCard franchise, with more than five million accounts.

Heartland processes 100 million payments a month, but it's not yet clear how many people's information was compromised by the leak, which occurred in 2008.

The company has said its Canadian operations were not affected by the security breach.

Super Warm Tops Threat List

Sun, 08 Mar 2009 00:00:00 -0600

In Fortinet's February 2009 Threatscape Report, a super worm, an emerging botnet, a sexy mobile threat and a steady uptick in spam, featuring Valentine’s and economy-related themes, top the list of threats that impacted global busineses. Here are the highlights:

Exploits in high volume, but a little less active — most notable was a three-fold increase in the number of vulnerabilities; however, the active exploit rate was down to 25.6 percent from 30.2 percent last month. Conficker, the latest super worm to spread around the Internet, is still running strong. Fortinet systems showed exploitation of the well-known MS08-067 vulnerability, displaying the highest recorded activity to date on February 14th, 2009. As of this writing, volume levels are still quite high.

Malware stable and steady — activity level remains similar to last month with no new variants introduced in the Top 10 for two consecutive months. Waledac, a relatively new botnet in town, went on a long run using a Valentine’s Day campaign to dupe users into downloading a malicious executable which was a copy of the Waledac Trojan. The campaign used a variety of domain/sub domain names, safe-haven registrars and fast flux. As of this writing, the campaign is still alive but is using a different theme dubbed as the ‘Couponizer.’ The U.S. was the top recipient of malware activity regionally, with 51.07% of worldwide activity. Japan (42.11%), China (22.26%), India (21.62%) and Canada (19.91%) made up the rest of the top 5 regions.

Mobile threats taking shape — after new variants of Flocker surfaced in January, targeting accounts with Indonesian operators, Fortinet reported on Yxes.A in February -- the latest SymbianOS threat -- aka “Sexy View.” While mobile threats are certainly low profile in terms of prevalence (compared to non-mobile threats), this is an area to monitor with the growing adoption of 3G networks and the increased use of handheld devices. The biggest threat posed by SymbOS/Yxes.A is its ground-breaking propagation function; with the capability to spread through SMS by providing malicious URLs, a bridge is created from mobile telecommunications to the Internet. In turn, this opens up a range of possibilities, effectively allowing the authors more control over their creation. With more control and functionality added, Yxes.A indicates that we may not be far away from a mobile botnet.

Spam levels remained consistent — spam rates in February peaked at 55 percent of the global email rate, inching back up from a sharp decrease late 2008, due largely to the McColo take-down in November 2008. Cyber criminals could not let Valentine’s Day pass without the requisite eCard spam campaign (courtesy of Waledac this year). In addition, phishing and scam emails are as popular as ever in play with the economic crisis, as Fortinet’s spam traps harvested loan and job scams showing up in localized languages to various regions. Highest spam rates by region are as follows: U.S. (22.16%), Japan (10.69%), Taiwan (10.63%), Italy (7.35%) and Canada (5.30%).

“The economy will likely remain a strong theme in upcoming months as cyber criminals tap into fear-mongering tactics to take advantage of the global economic downturn; in the criminal underworld, both online and off, illegitimate jobs are created as legitimate ones are eliminated,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “Mobile threats are also likely to be a recurring theme. We are just starting to see the tip of the iceberg in this threat vector with the latest SymbianOS threat, Sexy View, but we predict much more to come as criminals redirect their focus with the growth of mobile platforms, applications and broader bandwidth.”

Stealing Company Data Not So Uncommon

Sun, 08 Mar 2009 00:00:00 -0600

Symantec Corp. and the Ponemon Institute, a leading privacy and information management research firm, have recently announced the findings of a joint survey of employees who lost or left a job in 2008. It revealed 59 percent of ex-employees admit to stealing confidential company information, such as customer contact lists. The results also show that if respondents’ companies had implemented better data loss prevention policies and technologies, many of those instances of data theft could have been prevented.

Of respondents who admitted to taking company data, 61 percent also reported having an unfavorable view of their former employer. The most commonly identified kinds of records taken included e-mail lists, employee records, customer information including contact lists, and non-financial information. Although respondents were spread across many different industries, the highest percentage of survey responses came from the financial services industry.

Additional survey findings include:

53 percent of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive and 38 percent sent attachments to a personal e-mail account.
79 percent of respondents took data without an employer’s permission.
82 percent of respondents said their employers did not perform an audit or review of paper or electronic documents before the respondent left his/her job.
24 of respondents had access to their employer’s computer system or network after their departure from the company.

“The survey’s findings should sound the alarm across all industries: your sensitive data is walking out the door with your employees. Even if layoffs are not imminent, companies need to be more aware of who has access to sensitive business information,” said Larry Ponemon, chairman and founder, Ponemon Institute, LLC. “Our research suggests that a great deal of data loss is preventable through the use of clear policies, better communication with employees, and adequate controls on data access.”

Top 5 Pitfalls for Securing Retail Data

Thu, 19 Mar 2009 00:00:00 -0500

Cloakware Inc., a provider of software solutions for securing consumer and enterprise digital assets, have identified the top five pitfalls that the retail industry needs to be aware of when it comes to protecting their most valuable asset – cardholders’ personal data.

“Many retailers have neglected to secure their payment systems and processes,” said Richard Stiennon, founder of security advisory firm IT-Harvest. “Without a diligent approach to managing credentials and privileged access, retailers leave themselves vulnerable to data loss incidents, which are happening far too frequently.”

Recognizing the need for stronger protection against security threats, the Payment Card Industry (PCI), a consortium of retail and credit card leaders, published Data Security Standard Version 1.2 (PCI DSS V1.2), outlining best practices for protecting privileged card data. Understanding the intricacies of PCI guidance, Cloakware has outlined the top five common missteps retailers fail to address, leaving them susceptible to data breaches:

Using Vendor-Supplied Default Passwords – With access to internet search engines, hackers and insiders can download manufacturers’ default passwords and gain access to company’s vital information. Retailers must make sure to change passwords upon program installation and update these passwords regularly.
Unsecured Access to Cardholder Data – Often, companies keep a master spreadsheet with all administration passwords, making it easy for unauthorized individuals to access cardholder data and take advantage of unsuspecting customers. They need to eliminate the use of insecure password storage in favor of a secure, managed password management solution.
Over-Assignment of Rights – Typical access control systems lend themselves to the over-assignment of rights in order to simplify individual administrator rights management. At a minimum there needs to be a separation of duties based on groups and roles to restrict access among employees. Not all IT staff members should have access to every application and database.
Lack of Traceability – Shared account usage eliminates the ability to trace activity to an individual. The assignment of unique IDs solves this issue but multiplies the number of accounts that must fall under management. The adoption of an automated password management approach solves this issue.
Leaving Access Unmonitored – Putting access controls in place is not enough – companies need to actively monitor access to make sure that no one is illegally gaining access to their cardholder data. Actively monitoring access is an appropriate control to help minimize the extent of a potential breach.

Israel Opens Homeland Security Institute

Thu, 19 Mar 2009 00:00:00 -0500

The Ben-Gurion University of the Negev Institute for Homeland Security is being established to address the current need for interdisciplinary research that will supply technological, strategic and social solutions for western societies and governments in the field of homeland security.

The goal is to ensure that the HLSI be the first and most comprehensive institute in the world to address the diverse issues of homeland security using a multidisciplinary approach.

The BGU Homeland Security Institute, now in its formative stage, will be an integrative, multi-disciplinary institute, embracing a range of fields related to homeland security, and thus one of the first research institutes of its kind worldwide. It combines technological sciences such as cyber-technologies with scientific research in the fields of physics, chemistry, and biology (weapons of mass destruction), and other disciplines, such as economics, communications, crisis management, law, strategic analysis and even medicine.

McAfee Supporting Windows 7 Beta

Thu, 19 Mar 2009 00:00:00 -0500

McAfee has announced support of Windows 7 Beta by releasing compatible versions of its anti-virus, anti-spyware and firewall technologies through a Beta version release of McAfee Total Protection for home users.

Consumers who are interested in testing the McAfee Total Protection Beta version of anti-virus, anti-spyware and firewall to use with Windows 7 Beta can find upgrade and installation instructions by visiting the McAfee Beta Web site at http://beta.mcafee.com.

McAfee continues to test the compatibility of the consumer products with Windows 7. When Microsoft Corp. releases Windows 7 to consumers, customers with active McAfee subscriptions will be eligible for a free upgrade or installation that supports Windows 7.

Vaccine Discovered for USB Drives

Thu, 19 Mar 2009 00:00:00 -0500

Panda Security is now offering users Panda USB Vaccine, a free security solution designed to block malware which spreads through removable drives such as pen drives, CD/DVDs, MP3 players, etc. This free tool can be downloaded by visiting Panda Vaccine.

There is an increasing amount of malware which, like the dangerous Conficker worm, spread via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. The basic technique used is as follows:

Windows uses the Autorun.inf file on these drives or devices to know which action to take when they are connected to the computer. This file, which is on the root directory of the device, offers the option to define a program to automatically run part of the content stored on the device when it connects to the computer. This feature is being used by cyber-crooks to spread viruses, through the modification of Autorun.inf with commands so that malware stored on the USB drive, for example, is run automatically when the device connects to a computer. This will immediately infect the computer in question.

To prevent this, Panda Security, through its Panda Research division, has developed Panda USB Vaccine, a free product which offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices.

“This is a very useful tool as there is no easy way of disabling the AutoRun feature in Windows. This tool makes it simple for users, offering a high level of security against infections through removable drives and devices”, explains Pedro Bustamante, Senior Research Advisor at Panda Security.

IBM Introduces Endpoint Security Offering

Thu, 19 Mar 2009 00:00:00 -0500

IBM has announced the Proventia Endpoint Secure Control (ESC), endpoint security management designed to address two major problems in the industry today: the escalating cost of security and the growing complexity of endpoint security management.

According to the 2008 IBM X-Force Annual Trend and Risk report released in early February, client-side vulnerabilities are at an all time high and end-users are key targets to fall prey to attacks. In fact, the report indicates that the number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Seemingly innocent applications such as document readers and editors experienced a 162 percent increase in vulnerabilities, while vulnerabilities in often used multimedia applications increased by 127 percent. As employees unknowingly access these malicious web sites and applications through their corporate machines, endpoint security is critical. With IBM Proventia ESC, IBM ISS will leverage the endpoint offering to help deliver ‘ahead of the threat’ X-Force security content.

IBM Proventia Endpoint Secure Control combines many of the key areas of security endpoint management -- including intrusion prevention systems (IPS), firewall and network access control; data protection such as device control, data loss prevention and endpoint encryption; security configuration, and compliance management; as well as IT security operations such as security patch management, and deployment/removal of security tools

“The killer application in endpoint security is management,” said Dan Powers, vice president of business development at IBM Internet Security Systems. “Historically, enterprises have had to make tradeoffs between consolidated security management and best-of-breed technology for endpoint security. With IBM Proventia Endpoint Secure Control, enterprises can benefit from best-of-breed security technology and consolidated management of the security products at the endpoint for the first time. This solution illustrates IBM’s commitment to lead the next wave of innovation in the industry while helping to reduce the cost and complexity of security for our customers.”

McAfee Provides Conficker Help

Wed, 01 Apr 2009 00:00:00 -0500

Even if the calendar says April 1, security isn’t a joking matter. A worm called Conficker may come back with a roar on April Fool’s Day. While this may be a prank and the actual event could be immaterial, you should make sure your computer systems are protected against this pest.

For many security professionals, including us at McAfee, Conficker is a déjà vu. It brings us right back to the late nineties and earlier this millennium when worms such as Blaster and Sasser wreaked havoc on the Internet by infecting one computer after the other without requiring any user action. It is important to note though that Blaster and Sasser were much more widespread than Conficker.

Conficker first surfaced late last year, taking advantage of a security flaw in Microsoft’s Windows operating system to spread. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. However, because many systems were not patched and not properly secured Conficker has slithered onto as many as 12 million Windows computers, according to some estimates.

Several variants of Conficker have surfaced since the original. One variant, Conficker.C, could activate on April 1 and start another assault on Windows computers. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities.

Additionally, once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotaging tools to remove it. If you notice that you’re unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was taken by Conficker.

The good news is that protecting against Conficker isn’t hard. There are two basic things that will ensure a Windows computer is shielded against the worm.

Install Microsoft’s Security Update MS08-067
Run up-to-date antimalware software

Systems that for some reason cannot be updated or run antimalware software should be isolated. For enterprises, McAfee’s intrusion prevention products including McAfee’s Network Security Platform and McAfee Host Intrusion Prevention also protect systems from getting hit by Conficker.

Should your computer be infected by Conficker and there is no antimalware solution, McAfee Avert Labs’ Stinger tool can remove the malware. In addition, McAfee Avert Labs has published a technical document to help find Conficker on your systems in case there has been a compromise.

McAfee Avert Labs will monitor the state of the Internet on April 1 and report on any Conficker activity on the Avert Labs blog. Meanwhile, if you have any indication who is behind Conficker, report them to the authorities and you may be eligible for a $250,000 reward offered by Microsoft.

HP ProCurve Expands Security Portfolio

Mon, 27 Apr 2009 00:00:00 -0500

HP ProCurve has announced the expansion of its security portfolio with firewall and intrusion prevention.

As part of the HP ProCurve ProActive Defense security portfolio, HP is introducing the new HP ProCurve Threat Management Services Module, which provides firewall, virtual private network (VPN) and intrusion prevention (IPS) functionality. This multifunction security module eliminates the need for a separate appliance by physically integrating into the HP ProCurve 8212 and 5400 series switches.

HP also unveiled a new version of the HP ProCurve Manager Plus product suite, designed to help businesses secure and simplify network management. HP ProCurve Manager Plus allows businesses of all sizes to prevent security breaches by centrally managing user access for both wired and wireless networks.

“Customers are able to reduce overall security costs while simplifying the complexity of network security with HP ProCurve’s switch and mobility products,” said Mauricio Sanchez, chief security architect, HP ProCurve. “These new security solutions help customers secure their businesses by effectively managing and securing their networks.”

The HP ProCurve ProActive Defense network security strategy provides customers security solutions that can adapt to users, applications and changing business environments. ProActive Defense secures customer networks by combining pre-emptive techniques including comprehensive access control with innovative defensive methods such as automated threat detection.

McAfee Unveils "Predictive Security" Vision

Mon, 27 Apr 2009 00:00:00 -0500

At RSA Conference 2009, David Dewalt, McAfee's president and chief executive officer, released thDave DeWalt in a keynote address unveiled McAfee's vision for the future of digital security.

"The traditional approach to enterprise security simply doesn't work - it leaves security holes, its unmanageable and is too costly," said DeWalt. "Many companies still wrestle with a patchwork of incompatible products from multiple vendors, which leaves them exposed. To provide the best security in today's world of increased cybercrime, a myriad of compliance requirements and staggeringly complex networks, we need to move to an approach where all security products exchange intelligence and provide real time, all the time visibility."

Dewalt sees predictive security as the future. This approach comprises interconnected security technology at multiple layers in the technology stack, backed by global threat intelligence. Predictive security will allow security products to intelligently block attacks much sooner than is currently possible with traditional approaches. A real-time, in-the-cloud foundation will allow multiple security products to communicate with each other, leading to new levels of security.

DeWalt drew a parallel with advances in meteorology as an example of where digital security should move. Weather sensors everywhere, from oceans to satellites, gather information that is brought together, analyzed and distributed as a weather forecast, allowing people to know days or weeks ahead to get ready to "hunker down for a storm," or "pack for the beach."

Security technology in the future should be embedded everywhere, from silicon to satellite. All these security "sensors" would report threat data to a Global Threat Intelligence system for analysis. Going beyond meteorology, the Global Threat Intelligence system would then send back data to the sensors to provide smarter security. Reputation management is a key part of global threat intelligence, assigning reputation scores to Internet hosts, senders, domains, URLs and messages based on behaviour, much like a credit bureau assigns credit ratings to consumers.

As an example, DeWalt discussed how intelligence learned from a simple spam e-mail can allow a threat intelligence system to update security protection across an enterprise. For example, the firewall could block attacks emanating from the IP address used to send the e-mail, a Web gateway can blacklist the Web site advertised in the spam message and antimalware protection can be alert on any potentially included pests.

Increased Threats, Less Budget

Mon, 27 Apr 2009 00:00:00 -0500

Corporations adjust to deal with information security to survive increased threats and reduced budgets says the ISF

The worst downturn in a generation is forcing organisations to adapt to reduced budgets at the same time as facing increased threats and greater scrutiny through new regulations says the Information Security Forum in its latest briefing report: Managing Information Security in a Downturn.

The pressure is on with 63% of ISF Members – comprising many of the world’s largest companies and public sector organisations – reporting that they expect to face reduced budgets in 2009. According to the report, the financial crisis has also accelerated the change and sophistication of new threats to information security. Many emerging longer term threats now pose a real challenge today and present serious legal, financial and reputational consequences.

The ISF identifies five major challenges that currently face information security professionals: responding to the changing information risk profile, managing the greater impact of incidents, keeping up with business change, surviving budget and staff cuts, and not losing sight of longer term risk and compliance demands in favour of short term measures.

Specific threats highlighted by the ISF include the rapid increase in targeted and organised cybercrime, espionage and the risk to intellectual property, internal and external fraud and embezzlement, and sabotage or theft of sensitive information through disgruntled employees.

“Right now, both the internal and external threats are higher with increasing staff turnover and dissatisfaction coupled with a trend to more organised profit-driven crime,” says Jason Creasey, Head of Research at the ISF. “Changes in risk and the way the attacks occur mean that their effects are harder to predict and that their impact may be greater.”

“We need to change the way we think about risk,” says Creasey. “We are in an era where reliance on tried and tested past experiences to predict the future is not always sufficient; instead we also need to approach each instance as something new and be rational and flexible in providing the solutions.”

“It is not just the risks themselves that change,” says Adrian Davis, Senior Research Consultant at the ISF and author of the ISF report on Information Security in a Downturn. “Businesses will face other unexpected changes that may force a rapid alteration in strategy and operations. These in turn will effect an organisation’s risk profile and will require information security to take a more proactive and agile role and adapt quickly.” The report also warns that reduced information security budgets and loss of experienced staff could take longer than the recession to recover from.

However, despite the warnings, ISF president and CEO Prof Howard A. Schmidt, remains convinced that organisations are in a better position to deal with the current crisis than ever before. “Security is no longer an add-on but is ingrained within the IT infrastructure, business processes and strategic planning from the outset. Working more closely together and adopting new methods to analyse and tackle the changing dynamics of security risk will help us through the tough times of the downturn and emerge stronger,” says Prof Schmidt.

The ISF is a not-for-profit, international association of some 300 leading companies and public sector organisations dedicated to reducing risk and resolving information security challenges. In addition to researching over 200 authoritative reports, the ISF has also developed advanced information risk methodologies and benchmarking tools.

Cloud Security All the Rage

Mon, 27 Apr 2009 00:00:00 -0500

The information security industry is taking on the task of providing guidance to enable secure Cloud Computing with the formal launch of the Cloud Security Alliance's inaugural whitepaper, Security Guidance for Critical Areas of Focus in Cloud Computing.

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The founding thought leaders behind the formation of the Cloud Security Alliance are leading security practitioners from a range of private and public organizations and leading security companies PGP Corporation, Qualys, Inc. and Zscaler, Inc.

"Aggressive adoption of cloud computing is clearly underway. The convergence of inexpensive computing, pervasive mobility and virtualization technologies has created a platform for more agile and cost effective business applications and IT infrastructure," said Jerry Archer, Chief Information Security Officer at Intuit, Inc. and part of the CISO leadership at the Cloud Security Alliance, "The cloud is forcing thoughtful adaptation of certain security controls, while creating an even greater demand for best practices in security program governance."

The whitepaper being presented at the recent RSA Conference in San Francisco, Ca., outlines key issues and provides advice for both Cloud Computing customers and providers within 15 strategic domains. According to Alliance co-founders Nils Puhlmann and Jim Reavis, the several months of collaboration was worth the effort, "We would like to thank the many contributors to this initial effort. The great diversity of services offered via cloud computing requires careful analysis to understand the risks and mitigation appropriate in each case. At the same time, we see enormous potential for the cloud model to eventually simplify many difficult security problems. This initial deliverable is just the beginning of our efforts, and we would like to extend an open invitation to industry experts to help us create additional best practices for practitioners and the industry."

SickKids Selects Encryption Solution

Mon, 27 Apr 2009 00:00:00 -0500

The Hospital for Sick Children (SickKids) in Toronto, Ont., has selected WinMagic's SecureDoc full-disk encryption software to protect hospital data. SecureDoc is being installed on more than 300 Windows laptops and the testing of the newly-released Mac version of SecureDoc is underway. In addition, SickKids is issuing MXI hardware encrypted USB keys to transfer confidential data.

Having researched available full-disk encryption solutions, SickKids selected SecureDoc, SafeBoot and Utimaco for a comprehensive "Proof of Concept." As well as scrutinizing each solution for high-level data protection capabilities, SickKids' thorough evaluation process included testing for Windows compatibility, simplicity for the user, ability to unencrypt data, data recovery capabilities, ability to support security policy protocols, client management and monitoring capabilities, auditing and reporting capabilities and preboot authentication functionality.

"SickKids is a complex organization with unique data security requirements," said Daniela Crivianu-Gaita, Chief Information Officer, SickKids. "SecureDoc was the only solution that integrated with our technical environment, and this was absolutely critical to the security of hospital data," Crivianu-Gaita continued. "Administrators can manage Windows laptops as well as MXI keys from a single central console, and SecureDoc runs transparently in the background so that busy medical staff are not distracted from providing the top quality patient care for which SickKids is recognized."

SecureDoc enables SickKids to centrally deploy enterprise-class 'always-on' full-disk encryption to all its physicians, administrative staff, support staff, clinical staff, IT support staff and researchers. And, in the event a staff member is unavailable, or if they have simply forgotten their password, centralized escrow and management of encryption keys ensures critical data can still be accessed - because in urgent situations access to medical data simply cannot wait for a particular person or password.

"WinMagic has developed the first full-disk encryption software that fully integrates with Windows and Mac from a central console to enable organizations like SickKids to protect all data residing on Windows laptops, Mac laptops or a combination of the two," said Thi Nguyen-Huu, CEO of WinMagic Inc. "Obviously, it is imperative that hospitals protect medical data," Nguyen-Huu continued. "In the past, security has usually been gained at the expense of usability, but SecureDoc's transparent operation ensures that SickKids' laptops operate exactly the same with the encryption installed as they did without encryption - ensuring that medical staff can fully focus on looking after patients rather than securing data."

St. Lawrence Seaway Upgrades CCTV

Mon, 27 Apr 2009 00:00:00 -0500

IndigoVision’s IP video technology is at the heart of a major 4-year CCTV upgrade to the Welland Canal section of the St. Lawrence Seaway. Dubbed Highway H2O, the Seaway is the safe, reliable and environmentally friendly transportation route of choice to the heart of North America. IndigoVision’s position as a technology leader in IP Video is underpinned by the numerous projects that have been field proven over a number of years, such as the one for the Welland Canal.

The all-Canadian Welland Canal is 27 miles long and connects Lake Ontario and Lake Erie. Eight giant locks along its route lift ships 326 feet between the two lakes. Remote surveillance of the vertical lifts is fundamental for traffic management and the safe operation of the locks for shipping and the public. The St. Lawrence Seaway Management Corporation monitors the entire canal system from a state-of-the-art traffic control center.

A number of IndigoVision 8000 IP Video transmitter/receiver units were initially installed in 2004 under specific projects to support remote bridge control along the Welland Canal. Since that time the Seaway has continued to deploy additional 8000s as well as installing a number of IndigoVision’s Windows based Network Video Recorders (NVRs). The various elements of the IndigoVision based IP video system installed along the Seaway are transported via a high-bandwidth routed network using both layer 2 & 3 segments. Network connections use a combination of both TCP and UDP Multicast transports dependant upon bandwidth availability. The Seaway now utilizes 8000s throughout its extensive canal systems between the Port of Montreal and Lake Erie.

The entire CCTV system is now managed using ‘Control Center’, IndigoVision's IP Video and alarm management software. Live video is viewed by a mix of ‘Control Center’ workstations, or where needed by using 8000s as transmit / receive pairs with analog monitors. For certain applications, ‘Control Center’ salvos are used to switch video views and control cameras as dictated by other Seaway canal control systems. The salvos are triggered by canal control PLCs, which make input changes to I/O incorporated in the 8000.

Windows based NVRs with about 8TB each of recording space have been deployed to assist in security and incident management over extended archive periods. Each server is used to record 30fps 4SIF live video from remote locations with each easily handling about 32 video streams and providing an archive period of approximately 15 days. The servers and direct attached SAS arrays can easily be expanded using inexpensive high-capacity SATA drives for a total storage space on each NVR of about 30TB.

Apart from very high quality video, IndigoVision’s compression and transmission technology ensures minimum impact on network bandwidth providing ample spare capacity for the future. The cost benefits of the adopted technology compared to traditional analog solutions for the existing project and future expansion are significant.

Trend Micro Buys Third Brigade

Wed, 29 Apr 2009 00:00:00 -0500

Trend Micro Incorporated, a network antivirus and Internet content security software and services, has signed a definitive agreement to acquire Third Brigade, a privately-held security and compliance software company headquartered in Ottawa, Ont. Financial terms are not disclosed.

Trend Micro is buying the business to accelerate its dynamic datacenter security strategy, and to provide customers with access to critical security and compliance software and vulnerability response services. These all contribute to protecting physical, virtual and cloud servers, and corporate endpoints, from sophisticated malware and malicious activity. The acquisition is subject to certain approvals, and is expected to close in the 2nd quarter of 2009.

"Trend Micro has been a pioneer and global leader in server protection software for over ten years," said Eva Chen, CEO, Trend Micro. "This acquisition underscores our commitment to maintaining that leadership position, and accelerates our ongoing efforts to deliver innovative new solutions that are uniquely suited to dynamic datacenters, as they expand from physical to virtual and public/private cloud-computing environments."

Third Brigade products and technology complement and extend Trend Micro malware protection for dynamic datacenter environments. They offer increased security, improved performance and deployment convenience to organizations and service providers using virtualization in datacenters, including private and public cloud environments. And they allow datacenter administrators to use and protect their virtualization investments, and maximize their costs savings through higher consolidation rates, more timely and efficient patching, and reduced compliance costs.

Panda Enters Cloud Security

Wed, 29 Apr 2009 00:00:00 -0500

Panda Security, a provider of IT security solutions, has released a global beta version of Panda Cloud Antivirus, a free cloud-based antivirus thin-client with 50 percent less impact on PC performance compared to the industry average. Consumers can download the free product from www.cloudantivirus.com.

With Panda Cloud Antivirus, Panda Security is introducing a new protection model that utilizes a thin-client agent and server architecture which processes and blocks malware more efficiently than locally installed signature-based products. By moving the entire malware scanning and determination process to the cloud and applying non-intrusive interception techniques on the client architecture, Panda Cloud Antivirus is able to provide advanced protection against new and unknown viruses with a lightweight thin-client agent that barely consumes any PC resources.

“We truly believe that Panda Cloud Antivirus represents a quantum leap in protection over the traditional approach to antivirus architecture,” said Juan Santana, CEO for Panda Security. “Panda Cloud Antivirus offers consumers a truly install-and-forget solution that delivers the industry’s fastest protection against the newest malware with literally half the performance impact. We’re excited to make it available today for free, which is Panda’s way of paying back to the community and growing our Collective Intelligence network so that we can deliver even greater protection to all customers.”

Traditional antivirus products for PCs rely on multiple locally installed technologies which intercept each file at different layers (entry vector, file system and execution) and scan them using various techniques (antivirus, heuristics, intrusion prevention, behavioral analysis, etc.). This process results in heavy usage of local PC memory and CPU resources, negatively impacting performance. The Panda Cloud Antivirus thin-client agent introduces a new philosophy for on-access asynchronous cloud-scanning. It combines local detection technologies with real-time cloud-scanning to maximize results while minimizing resource consumption. This optimized model blocks malicious programs as they attempt to execute, while managing less dangerous operations via non-intrusive background scans.

Panda Cloud Antivirus includes local and remote antivirus, anti-spyware, anti-rootkit, heuristics and goodware cache, while only consuming an average of 17 MB of RAM and 50 percent of the PC performance impact as compared to the industry average.

Utilizing Panda’s proprietary cloud computing technology called Collective Intelligence, Panda Cloud Antivirus harnesses the knowledge of Panda’s global community of millions of users to automatically identify and classify new malware strains in almost real-time. Each new file received by Collective Intelligence is automatically classified in under six minutes. Collective Intelligence servers automatically receive and classify over 50,000 new samples every day. In addition, Panda’s Collective Intelligence system correlates malware information data collected from each PC to continually improve protection for the community of users.

Juniper Lands in Magic Quadrant

Wed, 29 Apr 2009 00:00:00 -0500

Juniper Networks has been positioned in the “Leaders” quadrant of Gartner’s recently published Magic Quadrant for Network Intrusion Prevention System (IPS) Appliances.

“We believe that being recognized in the Leaders Quadrant of Gartner’s Magic Quadrant for IPS Appliances reflects our ongoing commitment to delivering market-leading solutions that offer the highest levels of security, quality of service and return on investment,” said Doug Murray, vice president and general manager, High-End Security Systems, Juniper Networks. “Juniper has a long history of delivering the latest IPS capabilities that enable customers to stay one step ahead of new viruses and attacks. Our IDP Series Intrusion Detection and Prevention Appliances and new integrated SRX Series Services Gateways proactively protect the network so businesses can adapt to ever-changing security threats with minimal effort.”

The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Halo Launches Web Store

Wed, 29 Apr 2009 00:00:00 -0500

Halo Metrics Inc., a Canadian-based provider of retail security and merchandising solutions, has launched a brand new e-Commerce website.

Halo Metrics, in business since 1988, has been working with Canadian retailers for more than 20 years providing solutions that reduce theft and increase sales. Halo’s new online store lets consumers shop an ever growing list of security and fixture products designed for the retail environment.

"We are very excited about our new e-commerce website," said Ravinder Sangha, Marketing Manager for Halo Metrics. "We have always taken pride in providing the best products coupled with enhanced customer service and our newly created online store should make the customers experience even more enjoyable”.

The store currently has products for PIN Pad, computer, clothing, and display security. You will also find fixture solutions that increase selling space for retailers.

Red Condor Takes Top Honours

Wed, 29 Apr 2009 00:00:00 -0500

Red Condor, a provider of fully managed email security solutions, has announced the results of a third-party anti-spam effectiveness and feature comparison test that evaluated Red Condor, Barracuda Networks’ Spam Firewall 300, Google Inc.’s Message Security powered by Postini and Cisco System Inc.’s IronPort C150 Email Security Appliance.

The test, conducted by The Tolly Group, found that Red Condor’s Message Assurance Gateway 2700 (MAG2700) network appliance achieved a higher percentage of spam detection than Barracuda and Postini’s offerings and delivered an on par performance with the IronPort device. While finishing on par with IronPort, Red Condor’s smallest model MAG costs $4.80 per mailbox for a 500-user scenario versus IronPort’s $23.50 per mailbox.

During the week-long test, the MAG2700 generated one false positive in more than 190,700 inbound messages, compared with one in every 6,720 emails for the Barracuda’s Spam Firewall 300 and one in every 527 emails for Postini’s hosted service. Of the 762,962 emails processed using Red Condor’s MAG appliance, 72 spam messages were misclassified as legitimate messages for a spam block percentage of 99.991 percent. Barracuda missed 101 spam messages out of 262,088 total emails for a spam detection rate of 99.961 percent, while Postini classified 507 spam messages out of 13,187 total emails as legitimate for a spam detection rate of 95.397 percent. IronPort misclassified 102 spam messages out of 1,564,526 total emails for a spam detection rate of 99.993 percent.

“With any of our tests, it is important that we put the solutions through practical use to show how they would perform under real-world conditions,” stated Kevin Tolly from The Tolly Group. “As we evaluated the four anti-spam solutions, it was clear to us which solutions were outperforming the others, particularly in the areas of overall spam filtering, and false negatives and positives. Of course, cost is a major factor in today’s economic climate, so companies are looking to get performance for a great price. Red Condor combines low cost and control of an onsite appliance with the proactive monitoring and reliability of a hosted service.”

Texas School Chooses Axis

Wed, 29 Apr 2009 00:00:00 -0500

Axis Communications, a provider of network video market, has announced that the Deer Park Independent School District in Texas is using its network cameras to enhance the security and safety of public school students and facilities.

Located about 20 miles south of Houston, the school district serves more than 12,000 students. More than 700 fixed, fixed dome and PTZ network cameras have been installed in 16 of the district’s elementary, middle and high school hallway interiors as well as some exteriors. In addition, the district has placed network cameras in several support buildings. The school selected the Axis’ integrator and application developer partner Lensec for this project because of its vast public school experience.

According to Deputy Superintendent for Administration Don Dean, “Like any public school, we want to ensure that non-students aren’t in our facilities and that our students and staff remain safe. Axis network cameras provide us with high-resolution images and the flexibility to access images from any location required. From experience, we know that our schools are safer and we can resolve student issues much more quickly and accurately than before. In addition, taxpayers appreciate how cost-effective the system has been while keeping students and staff safer. I give LenSec high marks for examining our situation and making the system work well.”

Nearly ten years ago, Deer Park installed analog cameras in many of its schools. While that system provided some benefits, it could take hours to track down specific incidents on VHS tapes, and the image quality made it difficult to identify students. Since the school district implemented network video systems, school personnel can get at specific incidents of interest within minutes. In addition, higher quality images enable staff to clearly identify students. Video is often archived for several weeks to enable the school to view incidents that aren’t reported or uncovered immediately.

Before school, between classes, at lunch and after school staff monitor school activities real time. Rather than deploying dedicated safety staff, the district makes it the responsibility of individual assistant principals, secretaries and other paraprofessionals to observe small segments of each school campus via multiple camera views on each monitor during peak times. Should any incidents occur, they can report them immediately to roaming staff. In this manner, the school can often stop inappropriate activity before it becomes a problem. This also serves as a deterrent, since students know that bullying or vandalism can be identified immediately. In addition, the school has resolved break-ins, including identifying a contract worker who stole musical instruments from a middle school (The instruments were recovered and he was later charged with a felony.).

In addition to indoor activity, the school mounted outdoor cameras to view sports fields and an area along the nearby shipping canal in case of an industrial event that might require an evacuation. The district’s schools are networked together via fiber, which enables key staff, including Dean, to monitor schools at any time from any school facility.

Dean noted that when he learns of serious incidents, he can also have videos emailed immediately to him so that he can review them and take appropriate action. Being able to clearly identify what has taken place and who was involved has enabled him to resolve issues quickly and fairly.

ISPs Applaud Canadian Anti-Spam Legislation

Wed, 29 Apr 2009 00:00:00 -0500

The Canadian Association of Internet Providers (CAIP) is pleased that the Conservative government has taken action to address junk e-mail. With more than 97 per cent of all email considered to be spam, it will also be welcome news for Canadian Internet users.

In May 2004 the then-Liberal government announced the launch of an Anti-Spam Action Plan for Canada and established a government-private sector task force to oversee and implement the plan.

"In 12 short months we brought together a broad group of stakeholders to do what had never been done before," states Tom Copeland, Chair of CAIP and a member of the federal task force. "We were able to create a plan that involved virtually anyone who sends or receives email. Our recommendations have been adopted around the world and now, I'm glad to say, will be recognized in Canada through the legislation presented today in the House of Commons."

In the four years that have passed since the task force issued its report and recommendations, spam has grown to be an international problem costing businesses billions of dollars each year in lost productivity, added network management expense and fraud.

Spam is more than just unwanted email messages. It has become a platform for highly organized criminal activity involving fraud and identity theft. Much of this activity is the result of computers being infected through spam.

"With millions of infected computers on the Internet sending spam, the problem will spin out of control unless we have additional tools," says Copeland. "Technology has been working well, but without the added clout of civil and criminal liability, spammers and criminals will continue to try to thwart technical solutions."

Today's legislation also helps to fulfill Canada's international commitment to cooperate and coordinate efforts on an international basis. This is viewed as a critical element to battling internationally distributed robotic networks, or botnets, that are the source of most spam and computer infections.

Copeland summarizes, "Today's announcement is good news for Canadian citizens and businesses, and will restore confidence in Internet communications."

Budgets Leveling Off

Wed, 29 Apr 2009 00:00:00 -0500

More than 70 percent of 1,500 U.S.-based information security professionals responding to a survey say their budgets were reduced the past six months due to the economic downturn, while 55 percent said they did not expect any additional cuts for the remainder of the year.

The Web-based survey was sent to members of (ISC)2® (“ISC-squared”), the world’s largest organization of information security professionals and the not-for-profit global leader in educating and certifying information security professionals throughout their careers. (ISC)2 is keeping the survey open to its members through May 15 when final results will be disclosed.

Mirroring the security budget responses, more than 70 percent of survey respondents believe the economic downturn has had a somewhat or significant impact on their purchases of security equipment and technology; however, 53 percent said spending would not decrease for the remainder of 2009.

On the personnel side, roughly half of survey respondents said their information security departments had experienced at least one lay-off in the past few months. Fifty-five percent said no additional personnel cuts would be forthcoming the remainder of the year.

Of the nearly third of respondents who identified themselves as having hiring responsibilities, 44 percent said they were looking to hire additional information security staff this year. The areas of expertise most sought after by those seeking candidates were information risk management, operations security, certification and accreditation, security management practices, and security architecture and models.

The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20th anniversary, (ISC)² has now certified over 60,000 information security professionals in more than 130 countries.

Safer Shopping Experience

Wed, 29 Apr 2009 00:00:00 -0500

McAfee has announced an agreement with PriceGrabber.com, a part of Experian and a provider in online comparison shopping, that enables merchants who use the McAfee SECURE service to add the McAfee SECURE trustmark to their PriceGrabber.com online product listings.

This program is designed to help consumers stay safer when shopping online and is currently available to e-tailers. Each month, the 26 million consumers who use PriceGrabber.com to search and compare information will now have a safer comparison shopping experience.

E-tailers who display the McAfee SECURE trustmark have had their Web sites rigorously scanned and tested for vulnerabilities that pose a threat to sensitive customer information. E-commerce Web sites that pass the required McAfee tests can display the McAfee SECURE trustmark, letting customers and prospects know that the e-tailer has worked hard to ensure its Web site is less vulnerable to hackers. On average, McAfee SECURE sites see an 11% increase in online sales conversions.

By displaying the trustmark in PriceGrabber.com listings (the annotation occurs across all PriceGrabber.com categories), merchants using the McAfee SECURE service stand out from other e-tailers by easily communicating their security status to those consumers who place a premium on safe and secure sites. By annotating the McAfee SECURE trustmark in PriceGrabber.com, merchant partners are able to reinforce their heightened security measures and use this as another competitive advantage that will separate them from other retail stores, especially in these tough economic times.

"Research by VeriSign and Synovate Business Consulting shows that trust often trumps price when consumers shop online," said Tim Dowling, VP and General Manager of McAfee's Web Security Group. "The McAfee SECURE trustmark service provides added visibility for merchants who want to reach the millions of consumers who not only comparison shop, but who want the added assurance that the Web sites where they shop are concerned about the security of their personal and financial information."

"PriceGrabber.com is very pleased to work with McAfee to offer consumers yet another critical piece of information that will help them find the right product from the right merchant at the right price," said Sean Kane, VP, New Accounts and Media Sales. "The McAfee SECURE trustmark will build on PriceGrabber.com's approach to offering consumers a wide range of information crucial to making informed buying decisions from high quality merchants."

To participate, merchants who use the McAfee SECURE service need to have an account with PriceGrabber.com. The McAfee SECURE trustmark can be added to a merchant's PriceGrabber.com product listing directly through the McAfee SECURE service portal. Merchants are able to actively manage their budgets through the portal by turning the service on and off whenever they want.

Swine Flu Hits Spam World

Sun, 03 May 2009 00:00:00 -0500

Spammers have wasted little time to piggy back on the swine flu scare in an attempt to peddle pharmaceuticals.

Researchers at McAfee Avert Labs have recently seen the first spam run that seeks to trick people into opening the e-mail messages by mentioning the swine flu. This first spam campaign amounted to about two per cent of global spam volume, according to McAfee Avert Labs.

So far, the spammers have been advertising drugs and sending links to online pharmacies, using a network of compromised PCs to distribute their messages.

McAfee Avert Labs predicts more nefarious scams are coming, including links malware laden Web sites. Additionally, McAfee Avert Labs has seen an increase in the registration of domain names that mention swine flu, which could indicate a rise in malicious sites that take advantage of the scare.

Subject lines for the swine flu messages include:

First US swine flu victims!
US swine flu statistics
Salma Hayek caught swine flu!
Swine flu worldwide!
Swine flu in Hollywood!
Swine flu in USA
Madonna caught swine flu!

McAfee Avert Labs advises users not to open the spam messages and not to click on the links embedded in the e-mails.

Swine Flu Outbreak Should Trigger Response

Mon, 04 May 2009 00:00:00 -0500

Many events can disrupt business. Power outages, fire, medical emergencies, bomb threats and yes – even the recent influenza virus named the swine flu.

Influenza viruses can be unpredictable like any other emergency, however the challenges of this type of emergency is that it can be drawn out over several weeks or months.

Unlike other known emergencies most people don’t understand why a pandemic is a serious risk. Pandemic strains of influenza are dangerous because their death rate is usually high amongst the healthier age groups in our society. This causes’ a direct impact on workforces and social behaviour.

The best defense against an infectious disease outbreak is vigilance with high emphases on social distancing and hand washing. Business’ need to think about and address issues like self screening procedures for staff, developing a quarantine policy, ensuring they have protective equipment available (if your business relies on face to face interaction with customers), educating staff (to understand the real threats and not panic due to news media frenzies or misinformation) and finally providing assistance on how to deal with sick family members at home.

At the writing of this article we are currently dealing with the H1N1 virus and the World Health Organization has raised its Pandemic Level to a category 5 (which means we have sustained human to human transmission in two countries). The H1N1 virus currently seems to be mild in infected people outside of Mexico however this could change and requires observation until it has been controlled or a vaccine has been developed.

Here's what you can do to minimize the spread and protect your staff.

Wash your hands after contact with people (e.g. shaking hands) or public objects (e.g. door handles)
During influenza epidemic – implement “social distancing” with people. (e.g. do not hug, kiss or shake hands)
Sneeze and/or cough in a tissue (to be discarded in the garbage) or into your arm
Stay home if you are sick to avoid infecting others at work
Avoid touching your eyes, mouth and nose with your hands.
Get plenty of sleep (seven to nine hours a night).
Be physically active.
Reduce your stress with exercise
Drink lots of fluids.
Eat nutritious food (containing vitamin E and other antioxidants including A, C, and B-complex vitamins and minerals all of which enhance your immune responses).
Don't smoke (smoke paralyzes the ‘cilia,’ the hairlike cells lining the nose and airways that filter out incoming viruses before they can infect).
Reduce alcohol consumption.

Infectious disease outbreaks are a real threat to your business and should be taken seriously. Planning is key and education is paramount. A little preparedness will go a long way.

Dr. Kristian Davis is the medical director of Respond Solutions Inc.

Beware of Mother's Day

Wed, 06 May 2009 00:00:00 -0500

As Mother’s Day nears, spammers are targeting last-minute shoppers looking for gifts for Mom, according to McAfee Avert Labs.

Cybercriminals are signing up as affiliates to legitimate Web sites (such as FTD or Gevalia). Once they are affiliated with the legitimate site, they send spam emails on behalf of the legitimate site. Every time a consumer clicks on the spam email and travels to the site to make a purchase, the spammer receives a commission of that purchase.

Here are some of the spam subject lines that cybercriminals are using to attract consumers:

Mother's Day Exclusive! Flowers from $19.99
Gevalia has the perfect gift idea for Mother's Day
Mom Will Love Getting this Musical Letter from You
Give Mom a Personalized Gift! Hurry - Order Today!

Botnets Keep Hijacking IP Addresses

Wed, 06 May 2009 00:00:00 -0500

McAfee's first quarter threat report reveals cybercriminals have taken control of almost 12 million new IP addresses since January, a 50 percent increase since 2008.

The United States is now home to the largest percentage of botnet-infected computers, hosting 18 percent of all zombie machines. Cybercriminals are building an army of infected, "zombie" computers to recover from last November's takedown of a central spam-hosting ISP, according to the new report from Avert Labs.

The November 2008 takedown of McColo Corp. dropped spam levels by an estimated 60 percent, but spam quantities are rising as cybercriminals create new ways to send bulk e-mails. The quick expansion of botnets threatens to boost spam levels back up. In fact, spam volumes have already recovered about 70 percent since McColo Corp. went offline. Compared with the same quarter a year ago, spam volumes are 20 percent lower in 2009 and 30 percent below the third quarter of 2008, which had the highest quarterly volumes recorded to date.

"The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware," said Jeff Green, senior vice president of McAfee Avert Labs. "Essentially, this is cybercrime enablement."

Other findings in the report include:

The Koobface virus has made a resurgence, and more than 800 new variants of the virus were discovered in March alone;
Servers hosting legitimate content have increased in popularity with malware writers to distribute malicious and illegal content;
Cybercriminals are increasing their use of URL redirects and Web 2.0 sites to disguise their location; and
Compared to the overall landscape, the Conficker worm represents a small subset of all threat reports. Autorun malware, a vector used by certain Conficker variants, represented only 10% of all detections reported during the first quarter.

Tampa Bay Race Track Improves Security

Wed, 06 May 2009 00:00:00 -0500

Axis Communications has announced that Tampa Bay Downs Inc. has installed its video encoders, enabling the track to exceed new state regulations for recording surveillance video at gaming facilities in a cost effective manner.

Tampa Bay Downs is the only thoroughbred race track on the West Coast of Florida, and is known as one of America's oldest and most well-maintained race tracks. AXIS Q7406 Video Encoder Blades and AXIS Q7900 Racks have been installed for 60 of the track’s existing analog cameras in The Silks Poker Room, which features daily poker tournaments on 30 tables. Cameras are used to prevent, fraud, coercion and provide general security for the room.

Video encoders digitize analog video signals and send digital images directly over IP networks, such as LANs, intranets or the Internet. They essentially turn analog video systems into network video systems and enable users to view live images using a Web browser or video management software on any local or remote networked computers.

The impetus for the purchase was Florida’s new regulations dictating that gaming facilities must have video surveillance capabilities that record in at least 4CIF resolution (704x480 pixels) and no less than 30 frames per second. Given the issues, the racetrack turned to CDW, which recommended Axis video encoders.

The AXIS Q7406 offers the highly efficient H.264 video compression, which drastically reduces bandwidth and storage requirements without compromising image quality. This six-channel blade used with the video encoder rack enables large numbers of analog cameras to be integrated into an IP-based, high-density video surveillance system. When AXIS Q7406 blades are used with the AXIS Q7900 Rack, up to 84 analog cameras can be supported in one 4U, 19-inch rack.

According to John Vacha, director of Information Technologies for Tampa Bay Downs, “Prior to the implementation, we had been using DVRs in conjunction with our analog cameras. The system offered only moderate resolution and had limited upgrading flexibility. In the event that a DVR went down, the poker tables in the affected area had to be closed until the DVR was repaired or replaced.”

Vacha added, “We installed the new system in 24 hours without impacting our existing infrastructure. The Axis video encoders more than quadrupled the prior recording resolution to a D1 resolution of 720x480, which exceeds the 4CIF state requirements. In addition to offering a competitive price and superior functionality, Axis video encoders can be installed separate from the server used for recording video so they can be expanded at different times and rates. In addition, if a channel goes down now, we can simply replace the card in a matter of minutes since they are hot-swappable.”

Beyond this, since the video encoders offer H.264 compression, Tampa Bay Downs can now retain video for a longer period. In fact, using the same actual storage as before, it can now store far more than the state-mandated 14 days of video. In addition to the Axis network video products, the track has also implemented Milestone Systems’ video management software.

Image Spam on the Rise

Wed, 06 May 2009 00:00:00 -0500

For the first time since September 2007, spam levels have risen above the 85 per cent mark, according to the latest MessageLabs Intelligence Report.

The reason is an increase in image spam. Here’s how it works:

An unwelcome return of "image spam" -- spammers are using images hosted on what appear to be trustworthy hosting sites. Image spam peaked in 2007 -- back then, emails contained image attachments that carried the spam content. Now, images are being hosted online and spammers obfuscate the true location of the image hosting to bypass spam filters.
Using redirection links to fly under the radar -- links within image spam attempt to confuse filters regarding the nature of that domain and the likelihood that it is a spam message. The URLs are disguised as legitimate links to reputable sites that redirect users to the malicious content.
Spam domains in China -- many of the top-level domains used to host the images are registered with .cn domain suffixes, which are allocated to China. After the shutdown of McColo, domain registrars have had to clean-up their act -- as a result, spammers are forced to register spam domains overseas with registrars that don't have such stringent controls in place.

People Fearful of Fraud & ID Theft

Wed, 06 May 2009 00:00:00 -0500

According to research conducted in late February by Unisys Corporation, the vast majority of Americans (nearly 75 percent) believe that the current world financial crisis has increased their risk for experiencing identity theft or related fraud crimes, and more than one-quarter believe the current crisis raises that risk substantially.

The research, conducted with the latest Unisys Security Index, also confirms that most people are much more worried about their financial security, which saw a 12 percent spike when compared to results polled in September 2008. This concern now ranks as Americans’ number one security fear for the first time since Unisys began the global study in 2007. Conversely, the current data also shows the lowest level of concern about national security issues among U.S. consumers.

Additionally, more than two thirds of Americans are extremely or very concerned about other people obtaining and using their credit or debit card details, with 90 percent at least somewhat concerned.

“The economy’s pervasive effects go well beyond job losses and home foreclosures. Our data shows most people see an immediate, personal risk from greater fraud. Yet criminals see this risk as an opportunity, and new social engineering fraud schemes can tap into peoples’ fears,” said Tim Kelleher, vice president and general manager, Managed Security Services, Unisys. “Consumers, businesses and governments alike all need to take greater precautions. Our research may provide insight for enterprises to consider when communicating about security concerns and delivering services to their customers.”

The Unisys Security Index is a bi-annual global study of consumer opinion on four areas of security: financial, national, Internet and personal safety. The results were tallied on a scale of 0-300, with 300 representing the highest level of perceived concern. More than 1,000 Americans responded to the latest survey conducted from February 20-22, 2009. The average score of 147 for the current Unisys Security Index for the United States indicates a moderate level of overall security concern.

Additional findings from the latest U.S. results of the Unisys Security Index include:

Credit and debit card fraud is now the primary security concern for Americans. More than two-thirds of respondents (68 percent) are either extremely or very concerned. The proportion of Americans indicating no concern is at the lowest level since Unisys began the global study.
Only 25 percent of Americans have no concern about meeting their financial obligations. More than half of all Black Americans and Hispanic Americans polled are extremely or very concerned with meeting their financial obligations. In particular, almost three-quarters of Black Americans (74 percent) are concerned.
Older Americans and Americans with higher salaries are less concerned about meeting financial obligations than younger Americans and Americans with lower salaries.
Two-thirds of Americans (66 percent) are seriously concerned about unauthorized access to or misuse of personal information. Overall, the levels of concern on this issue have remained relatively high and constant since the first global study in August 2007.

In addition, computer security remains a concern. More than 40 percent of Americans are extremely or very concerned about security in relation to viruses or unsolicited emails. Banks and retailers should also take note of the results from the survey respondents in the 45 to 54 age group, the segment of the population that tends to have the highest earnings and greatest disposable income. Forty-nine percent of people surveyed in that group are extremely concerned or very concerned about the security of shopping or banking online.

“Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data,” said Kelleher. “If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration’s call to action for government and business.”

The Importance of Configuration Management

Wed, 06 May 2009 00:00:00 -0500

Shavlik Technologies has announced results of a survey the company recently conducted with responses from over 435 IT operations and security specialists. The survey illustrates that configuration management is considered a critical to perform IT task, but organizations aren’t necessarily investing in best practices to support it.

The survey results showed that 87 percent of IT managers believe that configuration management is an important part of their overall security program, but only 52 percent regularly audit their configurations. Only 9.6 percent of respondents have automated solutions for this repetitive, complex, error prone, and time consuming task.

Ninety per cent of survey respondents admit that their current configuration management processes are either manual or only semi-automated, using a combination of tools and scripts to maintain the environment. Most respondents reported they lack solutions that automate identifying mis-configured systems and bringing those errant systems back into conformance; relying instead on manual processes to close the gaps. These approaches are becoming unacceptable in today’s environments where IT resources are shrinking but the demands to prove security best practices and policy conformance are increasing.

“The results gained from this significant survey validate what we’ve been hearing for months at various customer events across the globe – that attempting to manage literally thousands of configuration settings across an environment using free tools or ad hoc processes has created a false sense of security and left management frustrated by a lack of visibility,” states Mark Shavlik, CEO of Shavlik Technologies. “IT practitioners are beginning to understand that to reduce management overhead and contain costs, they must invest in sustainable configuration management. However, the challenge is this: how do I simplify and automate the management of configuration settings without sacrificing visibility and control?”

Cyber-Ark Makes Canadian NMSO List

Wed, 06 May 2009 00:00:00 -0500

Cyber-Ark, a provider for protecting critical applications, identities and information, has launched a formal government initiative with two major milestones for effectively servicing governmental markets - the approved listing of all products in both the US Government Services Administration (GSA) Schedule and availability on the Canadian National Master Standing Offer (NMSO). C

In Canada, the Cyber-Ark solutions are being made available on NMSO and were sponsored by reseller Conexsys (www.conexsys.net). An NMSO is a “standing offer from a potential supplier to provide goods and/or services at pre-arranged prices, under set terms and conditions, when and if required.”

“These listings are indicative of the increased activity we see in key federal, state, provincial and local government markets and Cyber-Ark’s commitment to growing this side of our business,” said Richard Weeks, vice president of channel and business development for Cyber-Ark Software. “Working in conjunction with our highly respected channel partners, DLT Solutions and Conexsys, we have accomplished the first phase of our strategy to increase visibility and availability for government acquisition of our products.”

Roge Security Software Tops Threat List

Wed, 06 May 2009 00:00:00 -0500

Microsoft Corp. has released the sixth volume of its Microsoft Security Intelligence Report, which showed a significant increase in rogue security software and evidence that threats are predominantly targeting common third-party desktop applications. This version of the report also showed that the No. 1 reason for data breaches remains lost and stolen computer equipment.

Released twice a year, the Microsoft Security Intelligence Report uses data gathered from hundreds of millions of computers worldwide to provide an in-depth snapshot of the threat landscape. With this volume, which covers the second half of 2008, Microsoft provides more information and insight about threats than ever before by offering new data on document file format attacks, the differences in malware affecting home and business computers, and phishing.

Rogue security software, also known as “scareware,” takes advantage of users’ desire to keep their computers protected. The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information. The Microsoft Security Intelligence Report shows that such programs are now among the top threats around the world. For example, two rogue families, Win32/FakeXPA and Win32/FakeSecSen, were detected on more than 1.5 million computers by Microsoft software, catapulting them into the top 10 threats in the second half of the year. In addition, Win32/Renos, a threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 66.6 percent over the first half of 2008.

Rogue security software and other social engineering attacks such as these compromise people’s privacy and are costly; some take personal information and drain bank accounts, while others infect computers and rob businesses of productivity.

“We continue to see an increase in the number of threats and complexity of those threats designed to implement crime at a variety of levels online,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. “But as Microsoft and the industry continue to improve the security of our products and people become more concerned about their online safety and privacy, we see cybercriminals increasingly going after vulnerabilities in human nature rather than software. By working with others across the industry, Microsoft is helping combat the next generation of online threats through a community-based defense resulting from broad industry cooperation with law enforcement and the public.”

The Security Intelligence Report also showed that as software companies have improved the security of their operating systems, attackers have shifted their focus to the application layer, where the majority of vulnerabilities are now being reported; nearly 90 percent of vulnerabilities disclosed in the second half of 2008 affected applications. The report also showed that Microsoft continues to make significant progress in secure software development and that newer versions of Microsoft software are more secure than previous versions.

Finally, the Security Intelligence Report showed that lost and stolen equipment, not computer hacking, continues to be the most common cause of security breaches resulting in data loss publicly reported in the second half of 2008 — totaling 50 percent of reported incidents. To mitigate this threat, organizations must implement strong data governance practices to help protect data from criminal access.

Oracle Buys Sun

Wed, 06 May 2009 00:00:00 -0500

Oracle Corporation and Sun Microsystems have entered into a definitive agreement under which Oracle will acquire Sun common stock for $9.50 per share in cash. The transaction is valued at approximately $7.4 billion, or $5.6 billion net of Sun’s cash and debt.

“We expect this acquisition to be accretive to Oracle’s earnings by at least 15 cents on a non-GAAP basis in the first full year after closing. We estimate that the acquired business will contribute over $1.5 billion to Oracle’s non-GAAP operating profit in the first year, increasing to over $2 billion in the second year. This would make the Sun acquisition more profitable in per share contribution in the first year than we had planned for the acquisitions of BEA, PeopleSoft and Siebel combined,” said Oracle President Safra Catz.

“The acquisition of Sun transforms the IT industry, combining best-in-class enterprise software and mission-critical computing systems,” said Oracle CEO Larry Ellison. “Oracle will be the only company that can engineer an integrated system – applications to disk – where all the pieces fit and work together so customers do not have to do it themselves. Our customers benefit as their systems integration costs go down while system performance, reliability and security go up.”

There are substantial long-term strategic customer advantages to Oracle owning two key Sun software assets: Java and Solaris. Java is one of the computer industry’s best-known brands and most widely deployed technologies, and it is the most important software Oracle has ever acquired. Oracle Fusion Middleware, Oracle’s fastest growing business, is built on top of Sun’s Java language and software. Oracle can now ensure continued innovation and investment in Java technology for the benefit of customers and the Java community.

The Sun Solaris operating system is the leading platform for the Oracle database, Oracle’s largest business, and has been for a long time. With the acquisition of Sun, Oracle can optimize the Oracle database for some of the unique, high-end features of Solaris. Oracle is as committed as ever to Linux and other open platforms and will continue to support and enhance our strong industry partnerships.

“Oracle and Sun have been industry pioneers and close partners for more than 20 years,” said Sun Chairman Scott McNealy. “This combination is a natural evolution of our relationship and will be an industry-defining event.”

“This is a fantastic day for Sun’s customers, developers, partners and employees across the globe, joining forces with the global leader in enterprise software to drive innovation and value across every aspect of the technology marketplace,” said Jonathan Schwartz, Sun’s CEO, “From the Java platform touching nearly every business system on earth, powering billions of consumers on mobile handsets and consumer electronics, to the convergence of storage, networking and computing driven by the Solaris operating system and Sun’s SPARC and x64 systems. Together with Oracle, we’ll drive the innovation pipeline to create compelling value to our customer base and the marketplace."

Cybercriminals Creating Specialized Search Engines

Wed, 06 May 2009 00:00:00 -0500

PandaLabs, Panda Security’ malware detection and analysis laboratory, has observed how cyber-criminals are starting to use their own search engines to lead users to malicious pages, often created for distributing malware.

This new trend underlines how cyber-crime is becoming increasingly professional. Previously, cyber-crooks would use malicious SEO (Search Engine Optimization) or “blackhat SEO” techniques to improve the ranking of their pages among popular search engines. Now they are beginning to use their own search engines which lead users directly to pages designed to infect or defraud them.

One such malicious search engine, detected by PandaLabs, has already received around 195,000 visits.

These search engines operate as follows: When users enter a word to find, the engine returns just five or six results. Clicking on any of these results will redirect the user to a Web page created specifically to distribute malware. The pages may include content such as pornographic videos, which ask users to download the latest version of “Web media player” in order to watch the clip. However, the file downloaded is really the adware WebMediaPlayer. These pages are also being used to distribute fake antivirus programs. You can see an image here: http://www.flickr.com/photos/panda_security/3504323344/

This technique is known as social engineering, and basically involves infecting users by enticing them to click a link or run a malicious file.

“We started searching for words and issues frequently exploited by cyber-crime, in this case swine flu, or celebrity names such as Britney Spears or Paris Hilton and this took us to pages created to distribute malware. But then we found that even searching for our own names would throw up results that were really malicious pages,” explains Luis Corrons, Technical Director of PandaLabs. “Strangely though, there is the occasional normal result among all the malicious ones. Perhaps this is to bolster the illusion that this is a genuine search engine”.

To avoid falling victim to these attacks, PandaLabs advises users only to use trusted search engines, and to be wary of websites offering sensational videos or unusual stories.

“If on this kind of website you are asked to download a codec or any other kind of program to watch videos, there is a strong chance that it is really malicious code”, warns Corrons.

Telus Launches IT Security Survey

Wed, 06 May 2009 00:00:00 -0500

The second annual TELUS-Rotman survey on IT security is now underway.

The goal of the survey, created in partnership by TELUS Security Labs and the Rotman School of Management, is to enhance understanding of IT security related issues and practices among Canadian analysts and business managers.

Last year, the study produced valuable information around the impact of IT security on Canadian businesses. Some highlights from the 2008 study are as follows:

Canadian publicly traded companies lost an average of $637,500 due to breaches and government organizations lost $321,429.
Those who did not invest materially in application security technologies were 3 times more likely to report website defacements.
The average salary for those in positions of Director and above was $106,863 and $84,127 for those in positions lower than that of director.

To complete the 2009 survey, click here.

Log Management Produces Results

Mon, 18 May 2009 00:00:00 -0500

A recent study by Aberdeen Group concludes that the top 20 percent of companies – denoted by Aberdeen as “best-in-class” – are showing demonstrable gains from security information and event management (SIEM) technologies in three areas:

a decrease in audit deficiencies;
reduction in security incidents; and
considerable operational cost savings.

The research, released this past April and commissioned in part by Vigilant, also notes that the majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents and operational costs associated with security management. To ensure better and more rapid success, Vigilant advocates a systematic approach to deploying and managing SIEM and log management tools – taking into account the following key success factors:

Compliance objectives often drive funding for SIEM and security log management (SLM) projects, but regulatory pressure alone should not drive product implementation. By mapping security controls to the various regulations, policies and standards that need to be addressed, project leaders should prioritize monitoring of the most important control elements, and be thorough in customizing with those in mind. High-quality, focused work will both improve actual security and yield better audit results than a race to meet the compliance checklist.
While companies can expect immediate efficiencies simply from being able to view log data from a single console, SIEM and SLM products must be contextualized to the environment to achieve significant gains. By breaking the deployment into discrete phases, each associated with specific and measurable objectives, companies can achieve greater success.
SIEM and SLM tools must be viewed as dynamic infrastructure, with adequate staffing to manage their use against changes in the IT environment and the threat landscape. With current budget constraints, companies should consider options for augmenting internal capabilities with outside resources.
To maximize opportunities to communicate the value of security investments, IT groups need to gear reporting toward executives. Security information data is still primarily consumed by security operations – meaning that for most, monitoring security devices may be higher on the priority list than securing key business processes – a trend that must be reversed before the full value of SIEM will be realized.

“Many organizations need help translating their IT risk and security programs into effective, more rapidly delivered SIEM solutions, and they need affordable ways to increase the value of SIEM over time,” said Alison Andrews, chief executive officer (CEO), Vigilant. “Our Fulcrum Framework and co-sourcing services help companies do just that, so ‘laggards’ can make rapid improvements, and the ‘best-in-class’ can continue to mature SIEM for more transactional and business-oriented purposes.”

Security Spending Up in Certain Industries

Mon, 18 May 2009 00:00:00 -0500

Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu.

The third edition of the Deloitte TMT Global Security Survey reveals that 32 percent of respondents reduced their information security budgets, while 60 percent of respondents believe they are “falling behind” or still “catching up” to their security threats — a significant increase from 49 percent over the previous year.

“This year’s results indicate companies are explicitly scaling back. With funding decreasing and the threats increasing, it is more important than ever for TMT companies to be highly cost efficient in addressing their security risks,” said Irfan Saif, a principal in Deloitte & Touche LLP’s Audit and Enterprise Risk Services practice. “Companies that do not have a sound understanding of their security risk profile, or who under-invest in security now, may find themselves exposed to significant and increasingly sophisticated threats that they are not equipped to mitigate.”

With the proliferation of digitized assets, security should claim a significant portion of a company’s overall IT budget. However, only 6 percent of respondents allocate 7 percent or more of their total budget to IT security. This year represents a significant decline from the previous edition of the survey, which showed that 36 percent of the respondents allocated 7 percent or more of their budget to IT security.

The survey also indicates that declining security investment is hindering adoption of new security technologies, with only 53 percent of respondents considering their organizations to be early adopters, or part of the early majority, down from 67 percent in 2007. Companies are focusing more effort on optimizing solutions that are already in place rather than investing in cutting-edge technology that can be capitalized upon during economic recovery.

Social Networking Adds to the List of Insider Threats
While social networks and blogs can be powerful enablers, they also increase organizations’ internal security challenges. In today’s connected world, insider threats are greater than ever. Survey results show that “exploitation of vulnerabilities in web 2.0 technologies” and “social engineering” techniques such as pretexting and phishing are regarded as a threat to a company’s information security, with 83 percent and 80 percent of respondents, respectively.

Furthermore, generational differences have a major influence on perceptions of privacy. Information sharing for the youngest generation of TMT workers can test the limits of traditional privacy laws. In contrast, older generations have a different perspective on privacy. Survey respondents recognize this issue, with 56 percent rating “cultural interpretations” as an “average” to “very high” threat to their information security.

The survey also notes that, with new vulnerabilities constantly emerging, TMT companies are less confident in their ability to deal with internal security risks. This year, only 28 percent of respondents rate themselves as “very confident” or “extremely confident” with regard to internal threats, down from 51 percent in 2007. Forty-one percent of respondents experienced at least one internal security breach in the past 12 months.

Additionally, companies do not have the necessary resources in place to cope with emerging network vulnerabilities. Only 47 percent of those surveyed currently have a privacy program in place, and only 44 percent have an executive responsible for privacy — the latter down from 50 percent a year earlier. This aligns with the fact that many TMT companies do not have a program for managing privacy compliance (33 percent), a written privacy policy (28 percent) nor a formal directive with respect to the destruction of personal information (28 percent).

“Information and intellectual property are the lifeblood of a TMT company,” said Saif. “Taking calculated measures to protect these precious assets, especially in the current environment, may encourage more openness and collaboration rather than hinder it. It is critical for TMT companies to be proactive in this regard.”

Regulatory Issues Are Moving to the Forefront
TMT companies face a myriad of rules and regulations that relate to information security and strict compliance is critical, particularly in a tough economy. Failure to comply can expose a company to hefty fines and significant liability. However, compliance with rules and regulations may not be sufficient for TMT companies to mitigate their information security risks. More than 67 percent of respondents say that regulatory security requirements are at best “somewhat effective” for improving their information security posture. A majority (57 percent) of respondents believe that senior executive support for effectively meeting regulatory requirements is either missing or inadequately funded.

Domain Name Cloning Leads to Trouble

Mon, 18 May 2009 00:00:00 -0500

Websense has released the results of new research conducted by Websense Security Labs that reveals a growing domain-name cloning trend among cybercriminals seeking to take advantage of the huge number of social networking users, particularly Facebook, MySpace and Twitter users.

Criminals are increasingly using domain names that include words like Facebook, MySpace and Twitter, with no official connection to the real sites, to trick unsuspecting visitors to visit fake Web sites and lure them to input sensitive information or download malicious code. In fact, Websense Labs research indicates that in a research sample taken from the Websense URL database, more than 200,000 phony copycat sites were found, all using the terms Facebook, MySpace or Twitter in their URLs. Examples similar to samples found include, unblock.facebookproxy.com, buy.viagra.twitter.1234.com or hotbabesofmyspace999.com (note these are just sample site names that are similar to the sites researchers found).

Further research shows that the hackers are taking steps to create these cloned domains to circumvent security measures put in place by organizations to filter the original domain in a business setting. Many of the domains are proxy avoidance sites which are used to try to evade traditional Web filtering technology.

Taking advantage of the huge increase of social networking-savvy “Millennial” users entering the workforce, and the 276 percent growth of Facebook among the 35-54 year old segment over the past six months, Facebook was the most popular domain used to dupe users, with more than 150,000 known fake URLs charted during the research period.

“These new threats illustrate that attackers will continue to target Facebook, MySpace and Twitter, along with other social networking sites, for three reasons,” said Charles Renert, senior director, advanced content research, Websense. “These Web sites are popular – fraudsters are able to target lots of victims; people trust the content on it – because they think it’s from other people in their network; and they are easy to compromise because they allow anybody to create and post content. Traditional Web filtering is not enough to protect users from threats on trusted sites, and isn’t enough to keep up with fraudsters generating new URLs almost instantaneously to avoid detection. Only real-time analysis of Web content can prevent users from being exploited by this attack.”

This isn’t the first time Facebook users have been targeted by hackers. In late April, Websense Labs detected a phishing campaign targeting Facebook users. The scam, labeled “FBStarter” by security researchers redirected users to a phishing page that spoofs Facebook's sign-in page. By entering their user name and password, they give attackers the information necessary to log into their account and spam their friends.

Data gathered from the Websense Threatseeker™ Network shows that sites that allow user-generated content comprise the majority of the top 50 most active distributors of malicious content and that more than 70 percent of these sites have hosted malicious code in the last six months, as well as malicious comment spam and the URL and domain spoofing noted in the most recent research.

ISA Receives Honour

Mon, 18 May 2009 00:00:00 -0500

McAfee, Inc. has named Toronto-based Information Systems Architects Inc. (ISA) the 2008 Top Canada Solution Provider.

ISA has been recognized for its strength, success and consistency across numerous categories including revenue, collaboration, partner commitment, new business development, year-over-year growth and impact on the overall McAfee® business.

“The ISA team continues to demonstrate their understanding of McAfee’s programs and initiatives providing customers with the best solutions to effectively meet their security challenges,” said Ross Allen, McAfee’s Canadian General Manager. “They have become an important example of the McAfee business and channel model and this award validates their commitment to our partnership.”

ISA is a McAfee SecurityAlliance™ ElitePartner. McAfee and ISA have been working together since 1997.

Network Access Control for Dummies

Mon, 18 May 2009 00:00:00 -0500

Juniper Networks has announced the recent release of “Network Access Control for Dummies,” a practical guide to understanding and implementing NAC. This latest “For Dummies” reference guide provides a fast-track approach to learning advanced concepts that users need to acquire in order to properly set up and operate NAC.

“Network Access Control for Dummies” provides an overview of how a comprehensive, standards-based NAC solution works and teaches administrators how to ensure a successful deployment. It covers the NAC lifecycle, including the steps of assessing, evaluating, remediating, enforcing and monitoring an organization’s program. It also illustrates real-world challenges and helps users decide on the best NAC approach for their organization.

“Innovative businesses are increasingly turning to network access control solutions to grow and sustain productivity and improve security,” said Scott Edwards, director, Education Services at Juniper Networks. “With this friendly instructional book, our goal is to help administrators achieve this balance and enable flexible, secure and differentiated network and application access. Regardless of their use case or access control challenge, we aim to provide guidance that builds user confidence and knowledge to ensure success.”

Published by John Wiley & Sons, Inc., “Network Access Control for Dummies” is available worldwide wherever technical books are sold.

Canadian Firm Receives PCI Certification

Mon, 18 May 2009 00:00:00 -0500

Above Security, a Monteral, Que.-based firm that offers information risk management solutions, has obtained the Approved Scanning Vendor (ASV) certification from the Payment Card Industry (PCI) Security Standards Council.

This new certification allows Above Security to perform vulnerability scans on merchants and payment services providers' information systems to make sure they comply with the PCI Data Security Standard. These vulnerabilities
scans are some of the requirements that need to be done by merchants and payment service providers as part of their objective to protect credit card holder data. The scans are run on a quarterly basis and are meant to discover
security breaches and vulnerabilities on information systems used to manage, store or process credit card data.

"Complying with PCI DSS allows organizations to better manage the risks associated with customer data and in many cases, to improve their business processes.", says Daniel Gaudreau, CISSP, CISA, CISM, and Vice-President of
Operations at Above Security. "It also decreases the risks of fraud and the consequences of non compliance that range from important fines to fees escalation and jeopardize the corporate image."

Above Security's Approved Scanning Vendor (ASV) certification is in addition to the current Qualified Security Assessor (QSA). This new certification will enable Above Security to accompany merchants and payment services providers in all of the requirements to obtain, to keep or improve their PCI-DSS compliance.

The ASV certification obtained by Above Security is a complement to the managed security and monitoring services product line that include intrusions detection and intrusions protection systems (IDS, IPS), vulnerability scans, as well as log aggregation. All of its services are offered in English, French and Spanish.

Malware on the Rise

Mon, 18 May 2009 00:00:00 -0500

Fortinet has released the findings from its April 2009 Threatscape Report, which shows new and persistent malware faces contributing to the highest malware volumes detected this year – online gaming and adware threats largely among them. China received the brunt of this month’s malware attack, doubling its share from the last report. Fortinet’s FortiGuard® Global Security Research team made the following observations in April:

Game-on for New Faces: Four new variants landed in April’s Top 10 malware list, three of which were online gaming Trojans. The fourth narrowly missed the list at the eleventh position. But W32/Virut.A is still king of the hill, claiming first position for two consecutive months and building on a year-long run within the Top 10 list. Collectively, these threats formed a significant portion of April’s detected activity. The lucrative marketplace created by online gaming has attracted cyber crime with haste, predominantly in China. China leap-frogged over Japan and the U.S. with a 44.86 percent global malware share, nearly doubling its 24.17 percent share from the last report.
Waledac’s Resilience: One of the most active malware families, Waledac launched a fifth campaign since the beginning of this year, serving up malicious variants disguised as SMS spying software. Waledac, like many blended threats, is multi-functional with the ability to receive and spew custom spam templates, launch denial of service attacks, and download further components. It was also spotted on Conficker’s network which, in concert with its own various campaigns, has further helped this family gain momentum.
Conficker.C Peers: As we anticipated, no significant activity occurred with Conficker.C on the much hyped April 1st date; however, soon after, Conficker.C’s newly established peer-to-peer network became active. Exploit activity with MS.DCERPC.NETAPI32.Buffer.Overflow (MS08-067) picked up once again during the first week of April, returning to February levels after a significant drop in March. The drop was due to Conficker.C variants ceasing exploit activity, while the subsequent increase can be linked to several factors outside of Conficker. Over 31 percent of new vulnerabilities this period (96 in total) were reported to be actively exploited: 36 of the new vulnerabilities were rated as critical, marking a year high, up from 30 in last month’s report.

“April was a busy month for cyber criminals who unleashed the most aggressive malware attacks thus far this year,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “We believe this upward trend will endure with online gaming attacks continuing to dominate, especially with Real Money Trading becoming a big business – now an estimated $2 billion annual market.”

Facebook Attacks on the Rise

Mon, 18 May 2009 00:00:00 -0500

Since the beginning of May, Symantec has observed a new wave of phishing attacks on Facebook users. The attack uses a compromised Facebook account to send a malicious link to friends and direct them to a site that looks identical to the Facebook login page. Users are prompted to provide their login credentials that are phished and their Facebook accounts are then used by attackers to send their friends similar phishing e-mails in an attempt to gather more login credentials. Symantec is aware of this threat and we have no reports of infection. For more information, visit the Symantec Security Response blog.

Symantec advises users to observe security best practices by maintaining a high level of caution about any message from within a Web site or that appear to be sent by that Web site and protect themselves by updating their security definitions. Consumers who use the same password for multiple accounts, including online shopping and banking, are most at risk. Cybercriminals will quickly be able to access all of their online accounts and cash in on their password provision.

Most importantly, consumers must maintain a high level of caution about any messages they receive from within a Website or that appear to be sent by that Web site. Rather than clicking on any links in a message, type the URL directly into the Web address. Double check you’ve arrived at your destination. When clicking over to a Web site, make a habit of looking at what appears in the address line. You might not always be able to spot a fake site but in the case of this particular scam, it’s obviously not www.facebook.com.

Use complex passwords and unique ones for each site. A few suggestions:

Use a combination of uppercase and lowercase letters, symbols, and numbers
Make sure your passwords are at least eight characters long. The more characters your passwords contain, the more difficult they are to guess
Try to make your passwords as meaningless and random as possible
Use different passwords for each account
Change your passwords regularly. Set up a routine, changing your passwords the first of each month or every other payday
Never write your passwords down, and never give them out—to anyone.
Don't use names or numbers associated with you, such as a birth date or nickname.
Don't use your user name or login name in any form
Don't use a derivative of your name, the name of a family member, or the name of a pet
Avoid using a solitary word in any language
Don't use the word password
Avoid using easily-obtained personal information. This includes license plate numbers, telephone numbers, social security numbers, your automobile's make or model, your street address, etc.
Don't answer yes when prompted to save your password to a particular computer. Instead, rely on a strong password committed to memory or stored in a dependable password management program

Messaging Architects Receives Security Award

Mon, 18 May 2009 00:00:00 -0500

Messaging Architects, a provider of e-mail risk management solutions, has announced its M+Guardian was the only e-mail security solution to achieve a VBSpam Platinum Award in Virus Bulletin’s anti-spam certification. Of the six products tested, M+Guardian demonstrated a spam-catch rate twice as high and a false-positive rate twice as low as the average from all solutions tested - the pre-condition for VBSpam Platinum status.

Virus Bulletin's methodology tested the capabilities of the core anti-spam engines, thus excluding protocol-level filtering and other layers of spam detection provided by M+Guardian. Martijn Grooten, Test Director, explains: “Until now, end users had little factual information about the performance of different spam filters. We used our experience accumulated in over a decade of anti-malware comparative testing to run an independent anti-spam product test assessing the algorithms different vendors employ to trap spam and avoid false positives. We are confident the results will be valuable for the anti-spam industry as a whole.”

“We never had any doubts about M+Guardian’s superior performance capabilities,” said Pierre Chamberland, Founder & CEO of Messaging Architects. “Yet, we are very proud to be the sole recipients of the VBSpam Platinum Award and consider it a strong validation of our product design and overall technology direction, especially since the test methodology was developed by one of the most highly respected and recognized security testing labs.”

Part of Messaging Architects’ M+Platform for Email Lifecycle Management, M+Guardian integrates anti-malware, anti-spam, content filtering and data-leak prevention in a single easy to manage solution. Delivered either as an appliance or a virtualized application for rapid integration into fully virtualized server stacks, it intelligently filters inbound and outbound email according to individuals’ roles and responsibilities. The result is seamless enforcement of corporate usage policies and a dramatic reduction in the cost and complexity of managing email risk.

McAfee Unveils Web Film Series

Thu, 21 May 2009 00:00:00 -0500

McAfee has aunched a new Web film series, entitled "H*Commerce: The Business of Hacking You." The film series was created to expose cybercrime as a serious and universal threat that can no longer be ignored. This is the first project developed by Tribal DDB San Francisco and DDB West since being retained by McAfee in September 2008.

The term H*Commerce (or Hacker Commerce) is defined as the business of making money through the illegal use of technology to compromise personal and business data. Starting today, a new episode will be posted every two weeks at www.StopHCommerce.com until all six episodes have aired.

"The days when hackers were a small group of thrill-seekers breaking into computers to gain fame and notoriety are behind us," said David Milam, chief marketing officer at McAfee. "Now, hacking for profit, or what we call H*Commerce, is a global industry in which Americans have lost a total of almost $8.5 billion dollars due to Internet scams and crimes in the last two years alone. Consumers must be aware of risks online, and we think that revealing real stories from victims will resonate with them."

The project was originally conceived as a series of standalone episodes, each focusing on different aspects of cybercrime - such as phishing, denial of service attacks, online scams, bank scraping, and fraudulent emails. As the film-makers dug deep into the experience of H*Commerce victims, they realized the film's focus had to be on the complex stories of real people doing normal online things, only to be horribly violated by ruthless cybercriminals.

Seth Gordon, director of films such as the 2008 theatrical release of "Four Christmases," and the documentary, "The King of Kong - A Fistful of Quarters," was hired to direct "H*Commerce: The Business of Hacking You." As Gordon began the research phase of the film, he identified a woman living in Oregon, named Janella Spears, who was a victim of one of the largest and most elaborate email scams on record.

Spears' story of losing more than $440,000, and the dire effects it had on her family and marriage, became the central theme of the film series. Over the course of the filming, Chris Roberts, a third-party cyber forensic expert was introduced to Ms. Spears to provide advice on how to clean her system, handle the hackers, and help put an end to the cybercrime scams.

"The most compelling way to convey the severity of cybercrime was to focus on the personal story of a specific victim," said director Seth Gordon. "The elaborate scam on Ms. Spears unfolded as we were working on the Web series. We witnessed the tactics cybercriminals use to prey on their victims. I hope this Web series shines a light on what is a surprisingly prevalent and insidious industry."

The State of Web 2.0

Thu, 21 May 2009 00:00:00 -0500

Websense has revealed the findings from a global survey of 1,300 information technology managers across 10 countries, asking about their perceptions of Web 2.0 in the workplace, testing their understanding of Web 2.0 technologies and assessing their organizations’ level of security preparedness.

Web 2.0 sites and applications allow user-generated content and comprise the majority of the top 100 most visited sites on the Internet, including search engines like Google and Yahoo, resources like Wikipedia and news sites like CNN. Key findings from the Web2.0@Work™ survey include:

Web 2.0 in Business is Here to Stay
Web 2.0 has made an impact in the workplace and will continue to change the way organizations conduct business as more Web 2.0 applications make their way into the corporate environment. Though many Web 2.0 services were designed for consumer use rather than business use, organizations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders and generate revenue. Specifically:

95 percent of respondents currently allow employee access to some Web 2.0 sites and applications – most commonly webmail, mashups and wikis
62 percent of IT managers believe that Web 2.0 is necessary to their business
IT Experiences Pressure from All Sides
Employees are clamoring for even more use of Web 2.0 in the workplace, leaving IT departments to find the right balance between preventing security risks while still allowing safe and flexible access. The pressure for more Web 2.0 access is coming not from rogue employees, but rather from lines of business and top-level executives:
86 percent of IT managers reported feeling pressured to allow more access to more types of Web 2.0 sites and technologies
30 percent of respondents reported pressure coming from C-level executives and director level staff
34 percent reported pressure coming from marketing departments
32 percent reported pressure coming from sales departments

IT Professionals Are Overconfident in Their Security
Though many organizations already allow access to some types of Web 2.0 sites and applications, a dangerous security gap exists. The majority of respondents reported feeling confident in their organization’s Web security, though they admit to not having the necessary security solutions to protect from all threat vectors. Additionally, a surprising number of respondents appear to be confused on what exactly constitutes Web 2.0 – and what they don’t know could put their organizations at risk.

80 percent of respondents reported feeling confident in their organization’s Web security, despite the fact that the numbers show they are ill-equipped to protect from Web 2.0 security threats:
68 percent do not have real-time analysis of Web content
59 percent cannot prevent URL re-directs
53 percent do not have security solutions that stop spyware from sending information to bots
52 percent do not have solutions to detect embedded malicious code on trusted Web sites
45 percent do not have data loss prevention technology to stop company-confidential information from being uploaded to sites like blogs and wikis, hosted on unauthorized cloud computing sites, or leaked as a result of spyware and phishing attacks
Only 9 percent report having security solutions in place to cover all threat vectors
47 percent of respondents report that users in their organization try to bypass their Web security policies, demonstrating that new policies are needed to provide the flexibility for employees to access the Web for their jobs while preventing inappropriate use or security threats.

To read the study in its entirety, visit Web2.0@Work.

Patch Deployment Not Always Easy

Thu, 21 May 2009 00:00:00 -0500

A survey of US and European IT and security specialists released by Shavlik Technologies suggests nearly half of companies continue to struggle with the fundamentals of security best practices such as deploying patches across all systems connected to their networks.

In the survey of 715 respondents, the majority, 63 percent, identified patch management as one of their top three most critical-to-perform tasks. Despite this, when asked which areas presented the greatest challenges for visibility and control, deployment of patches topped the list with over 42 percent of US respondents (318) and nearly 50 percent of the European respondents (397) citing this issue.

The April survey questioned RSA and Infosecurity Europe conference delegates about their vulnerability management practices and concerns. Globally, the top three tasks identified as critical to perform were patch management; antivirus/antispyware; and configuration management. These rated higher than policy and regulatory compliance auditing and virtual machine lifecycle management. Decentralization of these critical tasks adds an avoidable layer of complexity – most respondents would opt for consolidation of these tasks, if possible -- but it was lack of automation that was identified as the most substantial hurdle to overcome.

Just over half of respondents identified that the lack of automation presented an obstacle for IT departments in their efforts to provide visibility and maintain control in these areas, with 37 percent saying that such an effort was "too time consuming." This outweighed all other options including traditional concerns such as cost and the quality of tools available, both at about 26 percent.

“Organizations are struggling with too much complexity in their security operations. Different tasks are allocated to different parts of the organization while the lack of visibility covering the low-level basic controls prevents them from being cost-effectively executed and monitored,” says Mark Shavlik, CEO and founder of Shavlik Technologies.

“There is also recognition that with today’s complex networks, particularly with the addition of virtual machines, visibility and control are not possible without automation—at Shavlik Technologies, we have an unwavering focus on technology and processes that simplify and automate discovery and remediation, including flexible options for deployment and management of our solutions, as we continue to solve the problems revealed in this survey.”

The survey suggests that the deployment of virtual machines is adding to the complexity with about two-thirds, just under 69 percent, of respondents identifying that their companies were deploying virtual machine technology, and more than half concerned about managing the configuration of virtual machines.

Swine Flu, China and Online Gaming

Fri, 29 May 2009 00:00:00 -0500

Fortinet has announced its May 2009 Threatscape Report showed a dominance by the online gaming Trojan, W32/Dropper.PTD, which made up more than one-third of all detected malware activity of the past month. Threat activity was higher overall, with malware up 66 percent from the April Threatscape Report, vulnerabilities and active exploits at their highest this year and spam rates higher than recorded last month. Key highlights of the May Threatscape Report follows:

Gaming Trojan Dominates: W32/Dropper.PTD, the most aggressive of the online gaming Trojans, claimed 34.5 percent of malware activity for the month, representing the strongest surge by a single malware variant since September 2008.
Targeting China: For the second consecutive month, China (44.86%) led the pack with the highest percentage of malware activity worldwide due largely to online gaming. This came by courtesy of gaming Trojan W32/Dropper.PTD, which pursued Thailand as its second favorite target. The U.S. (37.81%) again came in second place, with Japan (33.52%), India (16.19%) and Taiwan (15.26%) making up the rest of the most-targeted regions around the globe.
New Highs for Vulnerabilities and Active Exploits: highest reported rates so far this year. Out of 140 newly covered vulnerabilities this period, 46.4 percent were reported to be actively exploited, well up from last report (31.3%). The most active exploit overall this period was the notorious MS08-067 vulnerability, first made infamous through Conficker. This exploit (MS.DCERPC.NETAPI32.Buffer.Overflow) targets a vulnerability in Microsoft’s Server service.
Spam Targets Swine Flu Fear: Spam levels were at their highest at the beginning of May, but there has been an increase overall from the last report. The Canadian Pharmacy gang has been aggressive and currently pushing TamiFlu as one of their main “products,” hoping to draw potential victims to their wares to take advantage of the recent swine flu scare.

“Criminals – both online and offline – target easy money, and for the cyber underworld, what continues to pay off is online gaming,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “While online gaming threats seem to be most prevalent in Asian countries for the time being, we believe a similar movement will hit North America in the near future as cybercriminals uncover new ground. They have already begun to expand their horizons.”

The FortiGuard research team compiled threat statistics and trends for May based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

Economic Downturn Driving IT Security Spend

Fri, 29 May 2009 00:00:00 -0500

Even as organizations adapt to the current global economic crisis with cost-cutting and restructurings, they are making investments to strengthen IT security. According to an independent global survey sponsored by CA, Inc., 42 percent of organizations anticipate an increase in budget for IT security, while 50 percent expect budgets to stay flat, and only eight percent anticipate a cut in their IT security budget. IT security budgets are being driven upward by the prospect of new regulations and a perception that restructurings will increase internal threats.

Already companies spend a significant amount of their IT security budget on compliance:

On average, companies in North America spend 26 percent of their IT security budget on compliance initiatives, while companies in Asia Pacific spend 37 percent, and EMEA and South America spend 19 percent and 17 percent respectively.
On average 78 percent of companies surveyed globally believe that new regulations and mandates will increase IT spending and efforts.
Survey responses showed that security budgets correlate to how regulated the company is. For example, an organization that is highly regulated and must comply with 50 or more regulations, spends about 3.5 times more on IT Security than a company that is more lightly regulated with fewer than 10 mandates.

“The need for companies to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data loss prevention,” said Lina Liberti, vice president of marketing, CA Security Management. “Despite the need to cut costs, organizations continue to invest security tools that will help them automate labor-intensive, manual compliance procedures such as reporting, deprovisioning users’ entitlements, and removal of orphan accounts. The goal is to automate compliance systems to reduce errors that can result in audit failures while demonstrating the value in an IT security investment more quickly through streamlined processes.”

The economy also has forced many companies to restructure their organizations, which has often resulted in layoffs. Sixty-seven percent of mid-market companies and 73 percent of enterprise organizations believe that layoffs have increased the internal threat to IT systems.

Whether a security incident is caused by an internal or external threat, the impact on an organization in dollars and cents is significant, and it has an effect on security spending:

According to survey respondents, security incidents at companies in North America report an average loss of nearly $418,000, with the majority of them reporting losses of more than $500,000. The real number is likely greater when factoring in lost time identifying and remediating the breach, and the damage to corporate reputation.
Survey respondents that reported an increase in IT security spending also reported a higher number of internal and external incidents.

The CA-sponsored study surveyed more than 400 IT directors or above from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and South America. The study also included qualitative feedback from focus groups and in-depth interviews of IT security directors or above in the United States, United Kingdom and Germany.

Mount Sinai Selects WinMagic

Mon, 01 Jun 2009 00:00:00 -0500

WinMagic has announced that Mount Sinai Hospital, an internationally recognized health care centre affiliated with the University of Toronto, has selected its SecureDoc full-disk encryption software to protect hospital data. SecureDoc is being installed on more than 200 laptops being utilized by physicians, administrative staff, support staff, clinical staff, IT support staff and researchers.

Having researched available full-disk encryption solutions, Mount Sinai selected SecureDoc based on numerous pre-determined criteria. Mount Sinai’s thorough evaluation process included testing for Windows compatibility, user experience during initial encryption, ongoing performance and user experience following initial encryption, performance and compatibility across a wide variety of laptop models, ability to unencrypt data, data recovery capabilities, ability to support security policy control, client management and monitoring capabilities, auditing and reporting capabilities and preboot authentication functionality.

“SecureDoc provided the best data protection option from a security, ease of use and cost perspective,” said Prateek Dwivedi, Vice President and Chief Information Officer, Mount Sinai Hospital. “SecureDoc’s central management console simplifies network security administration while its auditing and reporting capabilities make it easy to set and enforce data security policies,” Dwivedi continued. “Most importantly, as SecureDoc runs transparently in the background it meets all our data security requirements without distracting busy medical staff from their primary objective – providing top quality patient care.”

SecureDoc’s versatile software has made it simple for Mount Sinai to centrally deploy enterprise-class ‘always-on’ full-disk encryption to all its laptop users. And, in the event a staff member is unavailable, or if they have simply forgotten their password, centralized escrow and management of encryption keys ensures critical data can still be accessed – because in urgent situations access to medical data simply cannot wait for a particular person or password.

“Obviously, it is imperative that hospitals protect medical data, but Mount Sinai was equally concerned that the added security should not interfere with patient care,” said Thi Nguyen-Huu, CEO of WinMagic Inc. “Traditionally, ease of use has been adversely impacted by additional security, but SecureDoc’s transparent operation ensures that Mount Sinai’s laptops operate exactly the same with the encryption installed as they did without encryption,” Nguyen-Huu continued. “As a result, Mount Sinai’s medical staff can focus on looking after patients and let SecureDoc look after data security.”

Compatible with all editions of Microsoft Windows Vista, XP, and 2000 as well as Mac and Linux platforms, WinMagic’s SecureDoc protects sensitive data stored on servers, desktops, laptops and removable media, such as USB thumb drives and CD/DVDs. SecureDoc also supports and manages hardware-encrypted disk drives such as the Seagate^® Momentus^® FDE and BlackArmor^™ drives, as well as the upcoming TCG “Opal” specification drives from other leading drive manufacturers. This provides organizations with the flexibility to deploy any combination of hardware and software-based encryption – or transition between the two – with full transparency for end users and a consistent management interface for administrators.

Additionally, SecureDoc simplifies the deployment of any combination of sector-based full-disk encryption, file-and-folder encryption, container encryption and self-extractor encryption. This not only makes it easy for organizations to customize data protection to meet specific security protocols, but also ‘future proofs’ their investment in SecureDoc for Windows, Mac and Linux environments.

McAfee Completes Acquisition of Solidcore Systems

Tue, 02 Jun 2009 00:00:00 -0500

McAfee has announced it has completed the acquisition of privately owned Solidcore Systems, Inc. for approximately $33 million in cash up front and with an earn-out of up to an additional $14 million if certain performance targets are met.

With the acquisition, McAfee can now offer an end-to-end compliance solution that includes dynamic whitelisting and application trust technology, antivirus, antispyware, host intrusion prevention, policy auditing and firewall technologies.

"Solidcore has become a critical component to our ability to meet our Payment Card Industry compliance requirements, while protecting our point of sale infrastructures throughout all of our 193 stores across Canada," said Mike Lewis, executive vice president and CIO for Giant Tiger Stores, one of the largest family discount store chains in Canada. "As a McAfee ePolicy Orchestrator software customer, we are eager to reap the combined benefits of Solidcore's dynamic whitelisting and real-time file integrity monitoring with the comprehensive security and compliance management capabilities of the McAfee ePO console. This is definitely a win-win for our company and our investments."

"IT organizations need broad sets of solutions that help manage across multiple stovepipes in order to give IT executives a clear view of what's happening within the company's IT infrastructure," said Fred Broussard, research director for PC, Device and IT Service Management at IDC. "With Solidcore's compliance and governance capabilities, McAfee gains granular control over managing changes to the IT environment. This capability is especially important to IT organizations that use process standards like ITIL to help manage their IT environments."

"With this transaction, McAfee has significantly expanded its reach to include security for embedded devices, including automated teller machines, point of sale systems, multifunction printers, Supervisory Control and Data Acquisition systems (SCADA) and mobile devices," said George Kurtz, senior vice president and general manager, McAfee. "We will give customers a single security platform for dynamic file and application control across the enterprise following the integration of Solidcore's products into the McAfee ePolicy Orchestrator console. The end result will be improved IT compliance, security and availability."

Symantec & McAfee to Pay Penalties

Fri, 12 Jun 2009 00:00:00 -0500

Attorney General Andrew M. Cuomo has announced a settlement with computer security software vendors Symantec and McAfee after the companies renewed customers’ software subscriptions without the customers’ knowledge or authorization. Under the Attorney General’s settlement, both companies will make detailed disclosures to consumers about subscription terms and renewal, and each will pay $375,000 in penalties and costs.

“Companies cannot play hide the ball when it comes to the fees consumers are being charged. Consumers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months. Symantec and McAfee - two of the nation’s largest vendors of computer security software - will now have to be clear and up-front with their customers when it comes to renewal fees. In other words, no more hide the ball with renewal fees.”

Symantec and McAfee both offer a wide range of products to individuals and businesses to protect computers from internet threats such as computer viruses and spyware. Both companies regularly revise and update their software to combat the latest security threats, and they provide these updates to their existing customers. Customers who buy Symantec or McAfee software are only entitled to a limited “subscription” to these updates, usually for a period of one year. After this period, customers must pay for a renewal subscription in order to receive new software updates.

The Attorney General conducted an extensive investigation into the online marketing and sales practices of Symantec and McAfee. The Attorney General’s investigation found that the companies failed to adequately disclose to consumers that subscriptions would be automatically renewed and that consumers would be charged for subsequent subscriptions. Information about automatic renewal charges was not clearly disclosed, but was instead hidden at the bottom of long webpages or in the fine print of license agreements.

The Attorney General’s office received complaints from customers who had bought Symantec and McAfee software over the internet and whose credit cards were later charged for “renewal subscriptions” without their knowledge or consent. In addition, the investigation also revealed that both Symantec and McAfee made it difficult for consumers to contact the companies to opt out of automatic renewal or to request refunds for unauthorized credit card charges.

Under the terms of the Attorney General’s settlement, Symantec and McAfee will clearly disclose to consumers any automatic renewal program and provide an easy, transparent, and automated means to opt out of renewal. The companies will provide electronic notification to consumers before and after renewal of the subscription and will provide refunds to consumers who request them within 60 days of being charged. The companies will clearly disclose the length of time that they will continue to support and provide updates to any purchased software. Symantec and McAfee will also pay a combined $750,000 to the Attorney General’s office to settle all claims.

IBM & Avaya Expand Relationship

Fri, 12 Jun 2009 00:00:00 -0500

Avaya and IBM have announced an expansion of their alliance relationship to deliver unified communications solutions backed by newly Avaya certified security products for enterprise clients and government organizations, worldwide. The two companies also plan to focus support on Avaya Aura™ – Avaya’s new unified communications architecture -- by incorporating Avaya Aura into existing IBM converged communications services.

As part of the expanded alliance, the companies will jointly deliver unified communications solutions that streamline mission critical and complex communication systems, achieve rapid return on investment and improve productivity by helping to allow users to communicate anytime from anywhere, regardless of device or network. In addition, Avaya has certified the IBM Internet Security Systems’ Proventia GX 5208™ and Proventia Management SiteProtector SP1001™ as compliant with IP telephony solutions from Avaya, enabling IBM to offer comprehensive intrusion protection for Avaya Aura’s communication system.

“As more and more companies move toward unified communications, it’s important that they take a holistic approach to security that encompasses multi-vendor applications in mobile and virtual environments,” said Dan Powers, vice president of brand, strategy, marketing and business development at IBM ISS. “Individual workers will assume security comes from the core, but they can be one of the most vulnerable points of entry if it does not. IBM has created solutions in our Intrusion Prevention Systems designed to help prevent current and emerging threats and help keep unified communications deployments secure.”

Today, IBM and Avaya are delivering unified communications and contact center solutions designed to meet the needs of clients in all industries. With this new powerful combination of Avaya Aura and IBM’s extensive experience in planning, design and implementation of Unified Communications and Contact Center solutions, customers can benefit from a unified architecture that centralizes and integrates communications in multi-platform, multi-technology provider and multi-modal environments in a cost effective manner.

“IBM and Avaya have had a strong alliance for more than eight years, and with this expansion, we can offer a breadth of business communications solutions and truly complimentary portfolios designed to meet client demands around the globe,” said Laurence Guihard-Joly, vice-president of Integrated Communications Services, IBM. “Together, IBM and Avaya offer robust and security rich mission critical solutions while adopting industry protocols and open standards.”

IBM and Avaya solutions are used by leaders all over the world to help reduce costs, streamline businesses and enable anytime, anywhere communications. Shanghai Airlines, for instance, generates close, regular customer interaction that improves customer satisfaction throughout the sales cycle using an integrated Customer Relationship Management Contact Center solution that consolidates fragmented areas of the business. The solution is delivered by IBM and Avaya contact center applications, agent desktops, scheduling applications and a knowledge database.

“Shanghai Airlines is benefiting from the combined power, expertise and solutions offered by both IBM and Avaya that were incomparable to any other option,” said Wang Lu Ping, General Manager of Information Technology at Shanghai Airlines. “Today our customer satisfaction rate has improved immensely and we are capitalizing on the strengths of an alliance that is continuing to evolve.”

Leveraging the industry leading, security focused capabilities of both IBM ISS and Avaya solutions, companies are better able to proactively prevent attacks such as denial or interruption of service, VoIP phishing, eavesdropping, malware and overall business interruption. The solutions can assist customers to assess security needs, protect, remediate and even outsource security network operations if desired.

“Avaya and IBM have a number of integrated solutions across our unified communications portfolios and a long history of success in contact center deployments,” said Todd Abbott, senior vice presiden

Integration Hopes to Reduce Corporate Risk

Fri, 12 Jun 2009 00:00:00 -0500

McAfee and CommVault have announced the availability of integrated data and security management features utilizing the two companies' respective data management, backup and security solutions. The integration between the award-winning CommVault(R) Simpana(R) enterprise data management software suite and McAfee(R) ePolicy Orchestrator(R) (ePOTM) centralized management platform provides customers with actionable information regarding the status of protected data managed by CommVault Simpana software. Using a built-in connector from CommVault, event information related to backup status can be shared within a custom McAfee ePO dashboard to synthesize reporting efficiencies and provide ease of use for administrators to monitor multiple systems at the same time.

"We already rely on McAfee and CommVault solutions to manage and protect our enterprise data. Now, the tight integration between McAfee and CommVault will provide us a way to monitor the important data we create with increased security and an overall simplified management approach. Using these integrated solutions, we will be able to view the data protection state of our end point clients to identify conditions such as the backup status. If a proscribed event occurs within the monitored environment, it will trigger an alert notification immediately through the McAfee ePolicy Orchestrator dashboard. This will be an enormous benefit to us and drive a more proactive response to mitigating risk, while helping us meet our critical data protection objectives for recovery," said John Chirhart, IT consultant, InfoReliance Corporation.

McAfee and CommVault align to offer customers for the first time their integrated enterprise solutions that manage security beyond the endpoint to include data and network protection. These integrated features are designed to help reduce costs and improve threat protection and compliance management.

"With an ever increasing number of security threats, aligning data backup, recovery, and archive requirements with security beyond the endpoints has never been more important. IT administrators need to know they have both an appropriate solution to identify vulnerabilities before company data integrity is compromised and cost-effective backup options for rapid data recovery. The combination of industry leaders, CommVault and McAfee, provides customers with a more integrated security/data management solution without additional IT cost or complexity," said Jon Oltsik, principal analyst, Enterprise Strategy Group.

With the availability of the compatible McAfee-CommVault solutions, end users can now more easily manage security risk and data backup, recovery, and archive from a single console to provide customers faster and more concise decision making about data integrity, security, and protection status.

"There's never been a more challenging economic and regulatory environment. IT and legal need to work hand-in-glove to provide insight into real-time vulnerabilities while minimizing business level risks," said David West, vice president of marketing and business development, CommVault. "The CommVault-McAfee integration gives businesses a powerful tool to speed decision making and proactively handle today's security and data management challenges. Our partnership with McAfee is proof of our continued effort to deliver customers the best joint solutions through strategic industry alliances. We're excited by the successes to date with our joint efforts and look forward to continuing to explore other synergies between McAfee and CommVault."

"McAfee is committed to delivering administrators the information they need to make the most informed decisions when it comes to addressing both their data protection and security needs," said Dave Scholtz, senior vice president of global strategic alliances at McAfee. "The availability of integrated solutions through our ongoing partnership with CommVault reinforces both companies' commitment to offer an integrated data and risk management solution that is simple and cost-effective to deploy."

This announcement reinforces the ongoing commitment of both companies to provide customers with solutions that address both security risk and data protection. The integrated solution will not only help to reduce the complexity in customers' IT environments but also serve to improve protection and lower the Total Cost of Ownership (TCO).

Navy Pier Increases Security

Fri, 12 Jun 2009 00:00:00 -0500

IBM has announced the creation of one of the world’s most advanced, integrated network video monitoring systems for Chicago’s Navy Pier. The project increases video security capabilities at Navy Pier and integrates new and existing safety resources to safeguard people and property

In collaboration with the Metropolitan Pier and Exposition Authority – owner and operator of Navy Pier – IBM designed, built and implemented the project, which utilizes new high-resolution cameras with far- and wide- range viewing capabilities to add situational awareness throughout the Pier and operational assistance during an incident.

At the heart of the solution is a state-of-the-art network of cameras from IBM business partner Axis Communications, and advanced Internet Protocol (IP)-based video recording and monitoring system called, Omnicast from business partner Genetec. The project is a result of a Port Grant from the U.S. Department of Homeland Security to protect the Navy Pier complex, the top-visited leisure and tourist destination in the Midwest, which hosts more than 8 million guests per year.

“We consider this to be one of the finest security command centers of its kind in the country,” said Juan Ochoa, Chief Executive Officer of MPEA., “IBM’s video monitoring system allows us to better serve and protect a facility that is both a vital economic engine for the City of Chicago and a beloved family destination.”
The first phase of the project integrates cameras, alarms, sensors, audio and analytics to protect the Pier’s visitors. The camera coverage extends visibility along the perimeter of the Pier and its entrance and departure points. Strategically placed emergency call buttons are integrated with the video system and when activated will stream video and audio content to the Pier’s new command center.

IBM’s Smart Surveillance Solution (SSS) technology developed by IBM Research allows video analytics to monitor the waterway and alert security personnel when unauthorized boats approach restricted areas. In addition to local monitoring from the Pier’s command center, the complete monitoring environment is also accessible by the Chicago Office of Emergency Management and Communications (OEMC), the City’s 911 and incident management center – where IBM has already deployed one of the world’s most advanced city-wide intelligent security systems – and by the Chicago Police Department (CPD) Marine Unit, the City’s first responders for water-related incidents. The video will stream continuously for live viewing by security professionals and will also be recorded and archived for post-event review and analysis.

Upon completion of the second phase of the project, Navy Pier will boast the greatest lakefront security coverage in the world. The design includes the use of high-end laser infrared with long range capabilities. The new cameras will extend coverage around landmark venues such as McCormick Place, one of the country’s premier convention centers and Soldier Field, the City’s historic football stadium, and through waterways and walkways, including miles of beaches and harbors. As with the first phase, coverage will be viewable at the OEMC and CPD Marine Units ensuring an integrated approach to tackling real-time threats.
.
“Chicago is one of the first and most ambitious adopters of the smart city concept. As evidenced by this most recent project with Navy Pier, the City of Chicago is committed to infusing intelligence into its systems, processes and infrastructure to provide better quality of life for citizens and visitors,” said Roger Rehayem, principal of emerging technologies for IBM Global Technology Services. “IBM is proud of its continued partnership with the City of Chicago, as the City once again sets the standard for homeland security.”

“We are proud to be part of this important project,” said Fredrik Nilsson, general manager of Axis Communications, Inc. “Partners like IBM appreciate our deep experience and broad product range as well as the high image and product quality of our network cameras.”

Figthing the Gumblar Attack

Fri, 12 Jun 2009 00:00:00 -0500

Check Point Software Technologies has announced that its ZoneAlarm ForceField can protect consumers against Gumblar, a Web attack that compromises Web sites and downloads malware onto unsuspecting computers.

ZoneAlarm ForceField, available separately or integrated within ZoneAlarm Extreme Security, places a two-way “bubble of security” around the browser to automatically catch and neutralize malicious Web browser downloads. The safe, virtual ForceField sandbox prevents the unwanted malware from damaging a user's PCs or accessing any information residing on a targeted machine.

Gumblar is named after the Gumblar.cn exploit, which so far targets users of Internet Explorer and Google search, delivering malware through compromised sites to infect a user’s PC and subsequently intercept traffic between the user and the visited sites. Once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, Web passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim’s computer and use them to infect more sites, thus increasing the spread of this threat. So far, more than 3,000 Web sites have been attacked including a popular entertainment site and sports site.

“We are witnessing a tremendous increase in Web browser-based attacks such as Gumblar, which traditional security products are not able to defend against,” said Paul Comessotti, Check Point’s Canadian Country Manager. “Our unique ZoneAlarm ForceField virtualized browser security solution provides additional layers of protection and helps divert users away from malicious Web sites, delivering the highest level of security needed to stop such sophisticated attacks.”

Symantec Lands in Magic Quadrant

Fri, 12 Jun 2009 00:00:00 -0500

Symantec Corp. has been positioned by Gartner, Inc. in the Leaders quadrant of the 2009 Magic Quadrant for Email Active Archiving.

Symantec Enterprise Vault, which has been adopted by more than 10,000 organizations globally, provides customers with the most efficient intelligent archiving platform to reduce the costs of storing unstructured information such as email, file server and SharePoint content. Enterprise Vault allows organizations to store, manage and discover content enterprise-wide, and has become the foundation of many organizations’ E-Discovery and information management strategies today.

“Leaders have the highest combined measures of an ability to execute and a completeness of vision,” according to the Gartner report authored by Carolyn DiCenzo and Kenneth Chin. “They have the most comprehensive and most scalable products. They have a proven track record of financial performance and established market presence. In terms of vision, they are perceived as thought leaders, with well-articulated plans for ease of use, how to address scalability and product breadth. For vendors to have long-term success, they must plan to address the expanded market requirements for archive management, personal store migration, ease of use and deployment, and archive recovery.”

“For the past 10 years the archiving market has continually evolved, but Symantec Enterprise Vault’s reliability and technology advancements remain constant,” said Matt Kixmoeller, vice president of product management, Symantec Information Management Group. “We believe Symantec’s position in the Leaders quadrant by Gartner validates our long-standing dedication to delivering an innovative solution that allows customers to manage and discover unstructured data with ease and confidence.”

The Magic Quadrant is copyrighted 2009 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

March Networks Lands in South Africa

Fri, 12 Jun 2009 00:00:00 -0500

March Networks has been selected to provide its VideoSphere Intelligent Video Management solution for two significant transportation projects in South Africa, working in conjunction with experienced security systems integrator Basix Technologies (Pty) Ltd. Both projects are slated for completion in advance of the 2010 FIFA World Cup, during which South Africa will play host to thousands of spectators from around the world.

The IP video solution will be deployed to enhance security at 14 rail stations along the 80-kilometre Gautrain mass rapid transit system currently under construction in the country’s Gauteng Province. Security staff will use VideoSphere Video Management System (VMS) and SiteManager software, integrated with March Networks Edge Blade Encoders and industry-standard IT servers, to monitor station activity in real-time and review video evidence captured by more than 850 surveillance cameras. The fixed solution follows an earlier decision to use March Networks mobile video recording technology on Gautrain passenger rail cars as part of a jointly-developed offering from Bombardier Transportation.

The second project, for the City of Johannesburg Bus Rapid Transit (BRT), will see Basix install more than 600 VideoSphere IP cameras and networked recorders to support centralized live monitoring capabilities across the agency’s city-wide network of stations and depots. The solution also includes powerful VideoSphere SiteManager software for remote management and administration.

China Chooses GE Security

Sat, 27 Jun 2009 00:00:00 -0500

GE Security, a leading supplier of security and life safety technologies worldwide, announced it has won more than 25 metro lines projects across China to supply state-of-the-art metro safety solutions consisting of fire alarm systems, gas release control systems, and integrated metro security systems.

The cities involved in the projects include Shanghai, Beijing, Guangzhou, Nanjing, Shenyang, and Shenzhen. The total length of the projects covered by GE security products is more than 700 kilometers, handling 1.6 million passengers per day and 2.4 million passengers during peak usage times per crowded line.

The announcement was made at the World Metro Rail Summit China, held in Shanghai June 22-24. As an honorary co-organizer of the Summit, GE Security highlighted its world-class subway fire alarm and security solutions and called for building safer and more effective security platforms to meet rising demands in the fast-growing Chinese urban mass transit sector.

Like an invisible hero behind the scenes, high-tech integrated security technologies help to protect the lives and livelihoods of passengers from the moment they step into the subway station. High population density and the high turnover rate of China’s metro lines led to a rising demand for timely, reliable and effective safety solutions to protect the riders and the infrastructure.

“GE Security’s global leadership in fire and security solutions and our experience in serving more than 500 metro stations make us a strong partner for China’s rapid metro growth,” said Lu Yan, General Manager of GE Security China.

“China’s unique challenges in handling large numbers of passengers provide us with tremendous opportunities to demonstrate our strong expertise in the industry, such as integration capability for long distance fire alarm networks, high performance interference resistance, an extremely flexible interface and tailored solutions for exchange stations,” said Lu.

“GE Security provides more reliability, compatibility and flexibility to the metro operation company given the project scale, complexity and rigorousness of operating environment. We’ve been working very closely with the metro project owners to make sure we are addressing their needs with value-for-money solutions. Meanwhile, we value and will continue to build strong ties with our local partners to provide customized and localized solutions for each city’s metro lines. We are devoting all of our efforts into Chinese mass transit infrastructure and construction.”

In addition to its fire solutions, GE’s metro security solution, based on the intelligent IP integrated platform, integrates advanced encoding/decoding technology, flexible system configurations, open software & hardware systems, and built-in video content analytics to create a comprehensive surveillance system.

As the Chinese mass transit sector grows rapidly, the demand for safer metro is becoming increasingly important. The Chinese government is significantly increasing investment in infrastructure construction to stimulate the economy and combat the global economic downturn. In the urban rail sector, a new wave of mass urban rail transit construction is set to kick off soon. Nineteen Chinese cities plan to build more than 70 metro rail lines by 2015, while the urban rail networks in Beijing, Shanghai and Guangzhou are currently expanding at a rate of 30 to 50 kilometers per year. (Data source: Y2009 study, China Railway Society)

Themed with developing safe, green and efficient metros for the future, this year’s World Metro Rail Summit brings together rail industry leaders from government agencies, planning and design institutes, urban rail transit operators, construction firms, and equipment and technology suppliers, to look at opportunities and solutions for addressing the challenges and demands of China’s growing mass transit industry.

CA Helping Oracle Users

Sat, 27 Jun 2009 00:00:00 -0500

Sparked by industry consolidation and increased interest in CA’s Security Management solutions, CA has created a program to migrate Sun Microsystems (NASDAQ: JAVA) customers to CA Identity and Access Management (IAM) products.

“CA SPF 100” allows Sun customers to trade their Sun product1 licenses for equivalent licenses of CA Identity Manager, CA Role & Compliance Manager or CA SiteMinder—essentially a 100 percent discount on the license fee. This program, which runs until March 31, 2010, also applies to Oracle customers2 who are interested in switching to CA IAM solutions. Under this program, customers of the Sun and Oracle products shall receive CA licenses for the same number of authorized users of the Sun or Oracle products as of the date of the CA product migration license transaction. The only cost to the customer will be the charge of standard annual maintenance for the new CA products to ensure support going forward.

Customers taking advantage of this offer can also benefit from CA’s optional Rapid Implementation service offerings to help accelerate the migration to CA’s solutions. These services are designed to help customers who purchase them see value from their security investment in as little as 60 to 90 days, and they include CA training from CA Education to help customers quickly take advantage of all the products’ capabilities.

“IDC forecasts that the identity and access management market will reach $4.8 billion by 2013, exclusive of professional services,” said Christian A. Christiansen, program vice president, Security Products and Services, IDC. “Among the IAM market leaders, CA offers an extremely comprehensive solution set that will provide the foundation for the rapidly evolving IT market.”

Virgin Atlantic Implements SSL

Sat, 27 Jun 2009 00:00:00 -0500

GlobalSign has announced Virgin Atlantic as the most recent major brand to migrate to its Extended Validation (EV) SSL technology to secure their public facing web site. EV SSL differs greatly from standard SSL making the browser address bar glow green, and providing visitors with visual reassurance that the site they are on is who they claim to be and that their personal information is secure.

EV SSL, perhaps the most significant advancement in how consumers view and understand security on the web, activates the glowing green address bar in the current generation of browsers including IE7 and 8, Firefox, Opera, Google Chrome and Safari and gives companies a means of visibly showing they are a trusted and authentic organization operating a legitimate web site. These extra visual indicators provide a clear business differentiator for online companies taking preventative action against today’s relentless phishing attacks. The adoption of EV SSL by Virgin Atlantic clearly shows its customers their strong ongoing commitment to online safety and security. Extended Validation Certificate support is now widespread and the benefits of increased protection against online fraud and brand abuse can be recognized by the majority of Virgin Atlantic’s online visitors.

“Virgin Atlantic made the decision to migrate their existing standard level SSL Certificates to the latest Extended Validation SSL to provide the highest level of identity trust available to their online customers”, said Alex New, IT Architect, Virgin Atlantic. “GlobalSign were able to deliver the platform and EV SSL products that meet our operational and security requirements and have helped make the switch to EV SSL Certificates straightforward.”

“Using technology that provides the best defense against phishing as well as higher levels of trust to web site visitors is essential for an international brand like Virgin Atlantic,” said Paul Tourret, Managing Director, GlobalSign Ltd. “Virgin Atlantic and its customers benefit immediately from the ‘glowing green’ enhanced protection EV SSL Certificates provide and we are pleased that Virgin Atlantic is setting the online security standard within its industry.”

Top 10 Malware Threats for June

Sun, 12 Jul 2009 00:00:00 -0500

Sunbelt Software, a provider of Windows security software, has announced the top 10 most prevalent malware threats for the month of June 2009. The report, compiled from monthly scans performed by Sunbelt's antispyware tool, CounterSpy, and its anti-malware solution, VIPRE® Antivirus + Antispyware, is a service of Sunbelt Labs.

In the last month, Sunbelt Labs finds a surge in threat detections for the high risk threat Trojan-Spy.Win32.Zbot.gen, a family of password-stealing Trojan programs. The Trojan injects code from remote sites that harvest confidential data off a user’s system including cached passwords, login credentials for web sites such as online banking sites, as well as data in certificates and cookies.

Reportedly, the threat can be distributed through spam email, in some instances as a file purporting to be an airline e-ticket and in other instances; it is included in spam emails from an alleged “United Parcel Service of America” as an infected attachment with the file name UPS_NNR01.zip and in another email claiming to be an e-payment notification of an order with Amazon.com. More details on Trojan-Spy.Win32.Zbot.gen and example spam emails that propagate the threat are available at http://www.sunbeltsecurity.com.

The top ten results represent the number of times a particular malware infection was detected during CounterSpy and VIPRE scans that report back to Sunbelt’s community of opt-in users.

The top ten most prevalent spyware threats for the month of June were:

Trojan-Spy.Win32.Zbot.gen
Trojan.DNSChanger.Gen
Trojan-Downloader.Zlob.Media-Codec
Trojan.1
BehavesLike.Win32.Malware (v)
Exploit.PDF-JS.Gen (v)
PersonalAntivirus
INF.Autorun (v)
Trojan-Spy.Win32.Pophot.gen
Win32.Cekar.E

Security Threats 'Are Getting Down to Business'

Tue, 21 Jul 2009 00:00:00 -0500

Cisco has released the Cisco® 2009 Midyear Security Report, which shows that Internet criminals are increasingly operating like successful businesses, borrowing some of the best strategies from legitimate companies and forming partnerships with one another to help make their illegal activities more lucrative.

Highlights of the report include:

*The Conficker worm, which began infecting computer systems late last year by exploiting a Windows operating system vulnerability, continues to spread. Several million computer systems were under Conficker's control as of June 2009.
Online criminals are up on current events and making the most of them. After the outbreak of H1N1 influenza ("swine flu") in April, cybercriminals quickly blanketed the Web with spam that advertised preventive drugs and linked to fake pharmacies. Cybercriminals will often seize on major news events to launch this type of attack. While many spammers continue to operate with extremely high volumes, some are opting for lower-volume but more frequent attacks in an effort to remain under the radar.
President Barack Obama has made strengthening U.S. cybersecurity a high priority for his administration and looks to work with the international community and the private sector to leverage technology innovations to reduce cybercrime. This focus is expected to have a significant positive impact for the industry in the coming months. John N. Stewart, Cisco's chief security officer and a contributor to the Center for Strategic and International Studies (CSIS) report for the Obama administration, provided additional insight in a recent blog and video blog post.

"Securing the Internet has long been a moving target as criminals develop increasingly sophisticated ways to breach corporate networks and obtain valuable personal data," says Patrick Peterson, Cisco fellow and chief security researcher. "What is striking in our latest findings is how, in addition to using their technical skills to cast a wide net and avoid detection, these criminals are also demonstrating some strong business acumen. They are collaborating with each other, preying on individuals' greatest fears and interests, and increasingly making use of legitimate Internet tools like search engines and the software-as-a-service model. Some also continue to succeed using well-documented methods that in recent years have been downplayed as threats given the preponderance of new tactics. With criminals being so quick to identify weaknesses both in online networks and in consumers' psyches, businesses need to adopt ever more advanced ways to fight cybercrime and remain vigilant across all attack vectors."

New Trojan Bypassing Anti-Virus Engines

Tue, 21 Jul 2009 00:00:00 -0500

Millions of e-mail viruses bypassed major anti-virus engines during the second half of the second quarter, according to the Q2 2009 Internet Threat Trends Report by Commtouch.

Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines, compared to the consistently low quantities of malware that had been distributed via email during the previous 18 months.

Commtouch’s quarterly trend report is based on the analysis of over two billion email messages and Internet transactions daily in the company’s cloud-based global detection centers.

Other highlights from the Q2 Trend Report include:

Spammers and malware distributers used current events including the Swine Flu epidemic and death of Michael Jackson to spread their messages.
Sites in the “Health” and “Web-based email” categories topped the list of Web categories manipulated by phishing schemes.
“Business” was the Web site category most infected with malware.
An average of 376,000 zombies were newly activated each day for the purpose of malicious activity.
Image-based spam returned with new tactics foregoing MIME-format standards to trick anti-spam engines.
Spam levels averaged 80% of all email traffic throughout the quarter, peaking at 97% in April and bottoming out at 64% in June.
Brazil continues to produce the most zombies, responsible for 17.5% of global zombie activity.

“For the last year and a half, anti-virus engines effectively blocked many virus variants with generic signatures,” said Amir Lev, chief technology officer of Commtouch. “In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch.”

Budgetary Constraints Impacting Security

Mon, 27 Jul 2009 00:00:00 -0500

RSA Conference has released the results of a recent survey of security professionals regarding the critical security threats and infrastructure issues they currently face, including those exacerbated by the current economic climate. The study, “What Security Issues Are You Currently Facing?,” includes responses from nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations.

The study indicates that even though practitioners are most concerned about email phishing and securing mobile devices, technologies addressing these needs are at risk of being cut from IT budgets. Seventy-two percent of respondents indicated a rise in email-borne malware and phishing attempts since Fall 2008, with 57% stating they have seen an increase in Web-borne malware. Concerns about zero-day attacks and rogue employees as a result of layoffs were cited by 28% and 26% of survey respondents, respectively.

When asked about the top security and organizational challenges they expect to face in the next 12 months, 57% of respondents cited budgetary constraints; 44% cited employee education as a major concern and 40% called out lost or stolen devices.

The survey also asked what technology investments will likely be bypassed or curtailed due to spending freezes and budget cuts (see Chart 3). Given the above information, however, the survey illustrates that even though employees are seeing increases in email- and Web-borne malware and phishing, IT budgets are not being sufficiently allocated to defend against these issues.

Specifically, the survey demonstrates that even though 72% of respondents have seen a rise in email-borne malware and phishing, 8% still plan on cutting money that would previously be earmarked to attempt to mitigate those risks. Even more alarming is that 40% of respondents admitted that securing lost or stolen devices – like the iPhone or Blackberry – is a top concern in the coming year, yet 15% of those surveyed will be reducing spending in this area.

“It is very disconcerting to see that while the trends and the experience of security professionals point to web and email-borne malware as the biggest threat, companies are cutting messaging and web security budgets,” said Andreas Antonopoulos, Senior Vice President and Founding Partner at Nemertes Research. “Companies tend to focus too much on the spectacular attacks (zero-day and organized crime) versus the mundane but extremely costly attacks (phishing and malware). Security controls should be driven by risk/reward calculations that soberly evaluate the impact on the business, rather than sensationalist media reports. Security professionals know where the real threats are but often find it difficult to quantify and explain the risks to senior management.”

In an attempt to uncover the impact of the recent Facebook and Twitter phishing attacks that have received extensive media coverage over the last several months, RSA Conference asked respondents how their organizations were affected. The survey found that while 84% of respondents allow the use of these tools, only a mere 3% were seriously affected by the attacks. Conversely, 73% said that their organization was not impacted at all and 24% indicated they were somewhat affected.

Spam at an All-Time High

Thu, 30 Jul 2009 00:00:00 -0500

Spam volumes have increased 141 percent since March, continuing the longest streak of increasing spam volumes ever, according to McAfee, Inc.’s (NYSE: MFE) Q2 Threats Report, released today. The report also highlights the dramatic expansion of botnets and the threat from Auto-Run malware.

More than 14 million computers have been enslaved by cybercriminal botnets, a 16 percent increase over last quarter’s rise. The report confirmed McAfee’s first quarter prediction that that the surge in botnet growth would send spam levels to new heights, surpassing their previous peak in October 2008 before the takedown of the spam-hosting ISP McColo.

McAfee researchers also found that, over the course of 30 days, Auto-Run malware had infected more than 27 million files. Auto-Run malware, which exploits Windows’ Auto-Run capabilities, does not require any user clicks to activate, and is most often spread through portable USB and storage devices. The rate of detection surpasses even that of the infamous Conficker worm by 400 percent, making Auto-Run the number one piece of malware detected around the world.

“The jump in bot and spam activity we saw in the last three months is alarming, and the threat from Auto-Run malware continues to grow,” said Mike Gallagher, Senior Vice President and Chief Technology Officer of McAfee Avert Labs. “The expansion of these infections is a grave reminder of the potential harm that can be caused by unprotected computers in homes and businesses.”

Botnet Growth Drives Cyberattacks, Spam Growth
Fourteen million additional computers have been turned into botnets this quarter. That averages to more than 150,000 computers infected every day, or 20 percent of the personal computers bought daily (Source: Gartner 2009). South Korea displayed the largest boost in bot activity; the nation saw a 45 percent increase in new infected computers over the last quarter. Such botnets were used to execute the DDoS cyberattacks against the White House, the New York Stock Exchange and South Korean government Web sites in early July.

While the growth in South Korea is substantial, it only accounts for less than four percent of the world’s new bots. The United States tops the list with 15 percent of the new zombie computers.

Botnet expansion is also the main driver in the increasing volume of spam, which is now 92 percent of all email. Spam volumes have now exceeded the highest volume on record by 20 percent, increasing at a steady rate of roughly 33 percent each month. In other words, spam volumes grow by over 117 billion emails every day.

Cybercrime as a Service
As the number of bots continues to grow, malware writers have begun to offer malicious software as a service to those who control botnets. By exchanging or selling resources, cybercriminals distribute new malware to wider audiences instantaneously. Programs like Zeus - an easy-to-use Trojan creation tool - continue to make the creation and management of malware even easier.

Cybercriminals Target Twitter, Social Networks
Twitter’s growth in popularity has made it a new target for cybercriminals in the last three months. Malware like the “Mikeey” worm and new variations of the Koobface Trojan attack users through tweets and abbreviated URLs. Spam Twitter accounts are becoming increasingly prevalent. Twitter administrative accounts have also been hacked on multiple occasions, giving cybercriminals access to the private accounts of celebrities and politicians, such as Britney Spears and Barack Obama and even allowing for the publication of sensitive internal strategy and finance documents to be posted on the Web.

Facebook and MySpace remain strong attack vectors for cybercriminals. In May, spam messages on social networks pointed users to 4300 new Koobface files.

Attacks in Multiple Languages

Thu, 30 Jul 2009 00:00:00 -0500

Symantec's July 2009 MessageLabs Intelligence Report reveals spammers are using translation services and templates to easily develop multiple language spam runs, and web-based malware writers take a break as less than one percent of web malware in July is new.

With spam levels globally continuing to stay at a two-year high of approximately 90 percent, some countries are experiencing levels in excess of 95 percent, such as Germany, France and The Netherlands. MessageLabs Intelligence reveals that one technique contributing to these unprecedented levels, predominantly in non-English language countries, is the use of automated translation services and templates enabling spam runs to operate in multiple languages. Local language spam now accounts for 46 percent of spam in Germany and 53 percent in France. In The Netherlands, 25 percent of spam is in Dutch. In Japan 62.3 percent is in non-English languages and in China this number is 54.7 percent.

“Once again the spammers turn to their online toolbox, the Internet, for their latest tactics. Translation services and templates enable the spammers to push out multiple-language spam attacks and some dubious translations through the use of poor online services highlight the use of these antics,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “Non-English spam now accounts for one in every 20 spam messages, a figure we’ll be closely monitoring to see if spammers continue with their global expansion.”

Malware writers seem to have taken a break this month as analysis of web security activity highlights that in July only 0.7 percent of all web-based malware intercepted was new, compared with 58.8 percent in June. However, with the number of new websites harboring malware and other potentially unwanted programs identified each day reaching a nine month high of 3,618, it indicates that previously used malware is being more widely distributed to other websites.

Also in July, MessageLabs Intelligence reported that the presence of shortened URLs in spam has skyrocketed with three significant spam bursts occurring this month, accounting for as much as 6.2 percent of all spam at its peak on July 9, equivalent to more than nine billion spam messages per day worldwide. With many social networking sites providing character restrictions on status updates & messages, the use of free URL redirection services which turn lengthy web addresses into shortened URLs is increasing in popularity as this helps cybercriminals disguise the true URL destination for their victims. Donbot, a botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits for using this new technique.

Finally in July, cyber-criminals continue to use world news and events to their advantage, with the US Independence Day festivities receiving attention from the botnet Waledec. Simply clicking on a malicious link within an email purporting to show a fireworks display of the festivities would have added that unsuspecting user to the Waledec botnet. In addition, the death of Michael Jackson still continues to achieve widespread attention, from fans and fraudsters alike. Michael Jackson spam currently accounts for approximately one percent of all unsolicited mail, and malware and advance fee fraud attacks are becoming common occurrences.

Other report highlights:

Web security: Analysis of web security activity shows that 0.7 percent of all web-based malware intercepted was new in July. MessageLabs Intelligence also identified an average of 3,618 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, an increase of 88.5 percent since June.
Spam: In July 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 89.4 percent (1 in 1.12 emails), reflecting a 1 percent decrease since June.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 295.2 emails (0.34 percent), a decrease of 0.03 percent since June. In July, 15.2 percent of email-borne malware contained links to malicious websites, an increase of 4.8 percent since June.
Phishing: One in 327.6 emails (0.31 percent) comprised some form of phishing attack, a decrease of 0.05 percent since June. When judged as a proportion of all email-borne threats such as viruses and Trojans, the number of phishing emails had decreased by 3.2 percent to 92.9 percent of all email-borne malware threats intercepted in July.

Geographical Trends:

Germany overtook France as the most spammed country with levels rising to 97.5 percent.
Spam levels in the U.S. rose to 86.0 percent and 83.0 percent in Canada. In the UK spam levels increased to 93.6 percent and the Netherlands saw a rise to 95.7 percent.
Increases were also experienced in Australia and Japan, with levels reaching 92.0 percent and 90.6 percent respectively.
Although virus activity in Australia declined to 1 in 153.1 emails, it still retains its place at the top of the virus table for July.
Virus levels increased in the US and Canada with levels reaching 1 in 367.1 emails and 1 in 361.3 emails respectively. In Germany virus levels were 1 in 344.5 emails and for The Netherlands, 1 in 798.2 emails. In Hong Kong virus activity was 1 in 299.2 emails and in Japan it reached 1 in 580.1 emails.

Vertical Trends:

In July, the most spammed industry sector with a spam rate of 95.2 percent was the Marketing and Media sector.
Spam levels for the Education sector were 95.0 percent, also 95.0 percent for the Chemical & Pharmaceutical sector; 93.3 percent for Retail, 94.0 percent for Public Sector and 92.1 percent for Finance.
Virus activity in the Education sector fell by 0.10 percent, but it remained at the top of the table with 1 in 144.6 emails being infected.
Virus levels for the IT Services sector were 1 in 341.0, 1 in 477.9 for Retail and 1 in 288.8 for the Chemical and Pharmaceutical sector.

The July 2009 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.