Friday, December 22, 2006

Bots and rootkits among top 10 threats, said McAfee

The days of big virus outbreaks like MyDoom, Melissa and SQL Slammer are gone, said Joe Telafici, director of operations for McAfee's Avert Labs.

Telafici was speaking at the recent AVAR (Association of Antivirus Asia Researchers) conference, which was held in Auckland. Today's cyber criminals don’t want to draw attention to themselves as the main motivation for cyber crime now is money, not fame, he said.

Click here for the full story.

Thursday, December 21, 2006

Top tips on destroying data on your hard drives

Reformatting a drive or deleting its partition doesn't truly erase its files

Data thieves don't have to be programming wizards to get their hands on your personal information. They often find hard drives that contain financial and other sensitive data at flea markets, charity shops, the city dump and even on eBay. These tips will help you render an old drive's files unreadable.

Click here for the full story.

Tuesday, December 19, 2006

Risk Management's Bell Curve

IT security managers have two basic problems: getting their managers to understand the need for security resources; and figuring out how to prioritize and spend the resources they already have.

Both problems could potentially be solved if security people spent a little less time thinking like IT experts and a little more time thinking like insurance experts, according to new report from the London School of Economics and McAfee.

Click here for the full story.

Risk Management's New Bell Curve

IT security managers have two basic problems: getting their managers to understand the need for security resources; and figuring out how to prioritize and spend the resources they already have.

Both problems could potentially be solved if security people spent a little less time thinking like IT experts and a little more time thinking like insurance experts, according to new report from the London School of Economics and McAfee.

Click here for the full story.

Monday, December 18, 2006

Email security techniques we wish would work, but just don't

At the height of its hype cycle, XML was supposed to solve the "interoperability problem," but in the end, only had a marginal level of success that was better than any other file format. In much the same way, many legacy spam detection techniques promised to rid us of much or all spam. Instead, they fell short of their promise and, in many cases, just did not work.

Click here for the full story.

Friday, December 15, 2006

Boeing laptop with data on 382,000 employees stolen

And in Dallas, the University of Texas reported a network intrusion

A laptop containing the personal information on 382,000 current and retired workers of Chicago-based Boeing Co. was stolen from an employee's car earlier this month, according to Boeing spokesman Tim Neale. He declined to say exactly where the laptop was stolen.

The information included employees' Social Security numbers, home addresses, telephone numbers and birth dates, as well as salary information, Neale said. Although the laptop was turned off and was password protected, Neale said the data on it was not encrypted.

Click here for the full story.

Thursday, December 14, 2006

Report: Phish Jump

As if you didn't already know that phishing is growing, the Anti-Phishing Working Group's latest numbers hammer it home even harder, showing a 50 percent increase in phishing sites from September to October.

The APWG's latest report shows 37,444 unique phishing sites were detected in October, versus 24,565 in September. The APWG attributed much of this jump to phishing campaigns using URLs with multiple subdomains in an attempt to evade spam filters and antiphishing filters in browsers, which use blacklists of known phishing sites.

Click here for the full story.

Tuesday, December 12, 2006

Worms Get Smarter

The recent wave of Web worms on MySpace and other social networking sites represent a new generation of more sophisticated worms -- ones that employ the pervasive cross-site scripting (XSS) flaws found on many Websites.

Early worms were more for wreaking havoc and proof-of-concept purposes (think Code Red and Melissa), but the new worms discovered earlier this month on MySpace are more about stealing data. Example: the XSS exploit that spreads as a worm and tries to force spyware onto a user's machine for nefarious purposes. That attack is a QuickTime movie that is "backdoored" with an XSS exploit, which changes a user's profile to include links to a porn site that hosts spyware. Once a user goes to that site, he or she is infected with the spyware.

Click here for the full story.

Friday, December 08, 2006

2006: The year in security

Though Internet-crippling virus attacks now seem to be a thing of the past, PC users didn't feel a lot more secure in 2006. That's because online attacks have become more sneaky and professional, as a new breed of financially motivated cyber criminals has emerged as enemy number one. Microsoft Corp. patched more bugs than ever and whole new classes of flaws were discovered in kernel-level drivers, office suites and on widely used Web sites. Vendors' chatter about security is at an all-time high, but the bad guys are still finding lots of places to attack.

And, oh yes, spam is back.

Following are five of the top computer security stories in 2006.

Click here for the full story.

Thursday, December 07, 2006

Disney protected with home-grown security, compliance software

Company's Keystone Web services provide centralized identity management, access control

The Walt Disney Co. is locking down its applications with cutting edge identity management innovations developed in-house that are helping the entertainment giant meet its security, compliance, and auditing goals.

Click here for the full story.

Wednesday, December 06, 2006

IBM Buys Into Security Compliance

IBM did its holiday shopping a little early this year, picking up security information management and compliance tool vendor Consul today for an undisclosed sum.

Consul, a 20-year-old company originally founded to do mainframe data and usage auditing, is one of several smaller security vendors that makes tools for collecting information about user access and activity across an enterprise. Such data is critical in the effort to meet security requirements outlined in a variety of government and industry policies and regulations, including Sarbanes-Oxley and HIPAA.

Click here for the full story.

Tuesday, December 05, 2006

Compliance Keys: Money, Monitoring

When it comes to regulatory compliance, companies that spend the most on IT security, and are the most vigilant about their compliance efforts, are the most successful.

That's the result of a study published earlier today by the IT Policy Compliance Group, a collection of compliance experts formed last year to study best practices in regulatory compliance.

Click here for the full story.

Monday, December 04, 2006

Research group finds high level of IT deficiencies

IT vulnerabilities such as inadequate documentation and poor PC access controls put enterprises at risk of being noncompliant with regulatory mandates and prone to security events -- and most companies have at least a few such deficiencies present in their enivornments, according to research to be released Monday.

Click here for the full story.

Friday, December 01, 2006

New Threats Loom for 2007

Attackers are preparing a new array of exploits and vulnerabilities for next year, security researchers say.

McAfee Avert Labs, the research arm of the popular antivirus vendor, yesterday unveiled its predictions for 2007, based on its analysis of more than 217,000 threats collected to date.

At its current rate of growth, the threat base will grow to 300,000 by the end of next year, the company says. "It is clear that malware is being released by professional and organized criminals," the company said in a statement.

Click here for the full story.

Wednesday, November 29, 2006

From Wall Street to the military, the year ends with security undertakings

As the year winds up, IT managers from Wall Street to the military say they've kicked off ambitious projects to bolster security within their organizations.

At New York-based investment firm Goldman Sachs, one project under the direction of Tom Quinn, vice president of information security, entails adding desktop software for digital-rights management to restrict viewing, printing or changing financial data.

Click here for the full story.

Tuesday, November 28, 2006

The 10 Most Overlooked Aspects of Security

Before you hunker down, all comfy and cozy, in front of a crackling holiday fire, hold the fruitcake and eggnog: Feel like you're forgetting something?

Most likely, you are.

Did you post a surveillance camera in your server room? Check the trash can for discarded disk drives that weren't wiped clean of sensitive data? Do a deep background check on that new database administrator you hired? Look into that new third-party security services offering?

Encrypt the backup of the year-end financial data?

Gulp. Maybe you're not quite ready for the holidays.

Click here for the full story.

Friday, November 24, 2006

Study: Almost half of firms late in patching laptops

Organizations, already knee-deep protecting the data in laptops are patching critical vulnerabilities in the mobile devices too slowly, a new study has suggested.

The findings, released Monday by analyst firm Trusted Strategies and patch management provider Shavlik Technologies, revealed that companies largely lack automated solutions to track down vulnerable laptops and apply the necessary patches.

Click here for the full story.

Thursday, November 23, 2006

Oakley rolls out laptop protection software

Oakley's SureFind software lets IT administrators remotely monitor and disable lost or stolen laptops.

Oakley Networks this week rolled out software that lets organizations remotely locate a lost or stolen laptop, determine whether data on the laptop has been compromised, and destroy the data to protect it from exposure.

Click here for the full story.

Wednesday, November 22, 2006

Data That Doesn't Drip... Drip... Drip...

You've heard of data leakage, but what about data seepage?

That's when your desktop applications are set to connect to your internal mail server or shared folders -- for instance, when you boot up your machine -- and your corporate network is then exposed to a targeted attack.

Click here for the full story.

Not Your Grandpa's Microsoft

OCTOBER 31, 2006 | Microsoft's a big target -- the vendor takes a lot of heat for poor products or just a lack of responsiveness. While some of that criticism may have been true and even warranted over the years, let's give credit where it's due: Windows XP SP2 turned out to be vastly better from a security standpoint than previous versions. In fact, Microsoft-based enterprises have improved their security so much that even Symantec reports that the attack vectors have shifted to employees' homes.

Full Article...

Tuesday, November 21, 2006

Small companies ignorant of security?

Small businesses must become more aware that they are the potential victims of cybercrime, former White House security adviser Howard Schmidt has urged.

Speaking at an IT security event at London's House of Lords on Monday, Schmidt said all businesses are at risk through a lack of proper configuration of security equipment, or through not taking proper security precautions.

Click here for the full story.

Monday, November 20, 2006

Laptop loss: How to avoid becoming the next Starbucks

When Starbucks earlier this month revealed it couldn't find four laptops containing data on thousands of employees, IT administrators everywhere once again were forced to ask themselves: What's our policy on protecting data on mobile devices?

Click here for the full story.

Friday, November 17, 2006

SQL Server Is Safest DB

That big spike in Web application vulnerabilities is bad news for your database. And apparently, some databases are more of a target than others.

Eric Ogren, security analyst for Enterprise Strategy Group, has compiled Common Vulnerabilities and Exposures (CVE) data from Oracle, Microsoft's SQL Server, and the open source MySQL database, and found some major differences. In fact, Oracle has 70 vulnerabilities, MySQL has 59, and SQL Server has just two. Sybase has seven, and IBM's DB2 has four, according to ESG's findings.

Click here for the full story.

Thursday, November 16, 2006

Human error, zero-day targeted attacks make up latest SANS Top 20

Few would dispute the powerful link between social engineering and the success of a cyberattack in today's financially-driven threat landscape. So now, for the first time, the SANS Institute has named human error to its twice-annual Top 20 Internet Security Attack Targets list, a line-up that, until now, was reserved solely for technology.

Wednesday, November 15, 2006

Security group ranks human error as top security worry

The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: spear-phish your employees.

That's what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade.

Click here for the full story.

Tuesday, November 14, 2006

Group Tags More 'Hacker Safe' Sites

Add Ace Hardware, American Red Cross, GNC, HP, Johnson & Johnson, Nike, Northrop Grumman, Petco, Ritz Camera, the Red Cross, Sony, Sports Authority, World Bank, Yahoo, and Yankee Candle to the list of Hacker Safe-labeled Websites identified by as containing cross-site scripting vulnerabilities (XSS). (See 'Hacker Safe:' Safe for Hackers.)

Click here for the full story.

Friday, November 10, 2006

Phishers Pick $2.8 Billion From Consumers' Pockets

Criminals running phishing scams are raking in more money than ever, with the average loss jumping fivefold in the last year and the percentage of money recovered plummeting, according to a survey published Thursday by research firm Gartner.

"Phishing e-mails are getting through, and when they do steal, phishers are getting five times the amount they did in 2005," said Gartner analyst Avivah Litan. "They're getting better, much better, at their schemes." Litan pegged the total loss to phishing in the 12 months ending Aug. 30 at a whopping $2.8 billion.

Click here for the full story.

Thursday, November 09, 2006

Review of Windows Vista final code shows security needs admin attention

Overall, we can't say that we don't like the Vista Ultimate code that was released to manufacturing by Microsoft on Wednesday and will subsequently be available for corporate volume customers by the end of the month. After all, from our testing we can confirm that it contains vastly improved graphics, offers very flexible installation options and gives administrators stronger control over the operating systems's security settings.

Click here for the full story.

Wednesday, November 08, 2006

Let's Party Together

I think it's great that groups have differences -- that's how we learn about our choices and which path we want to take. What really bothers me, though, is when everyone agrees on the general direction, and there's still so much confusion and disjointed activity that nothing gets done. And when it comes to computer security, that sort of confusion seems to happen a lot.

Click here for the full story.

Tuesday, November 07, 2006

How much can a LAN switch protect your network?

Call it NAC (Cisco's Network Admission Control) or, well, NAC (network access control), or even NAP (Microsoft's Network Access Protection). Any way you refer to it, these schemes for shutting out unwanted users at the LAN switch port level are among the most buzzed about network technologies.

Click here for the full story.

Monday, November 06, 2006

Anti-Spam's United Nations

A user in Cleveland sits and deletes multiple bogus emails from Nigeria. A U.K. law enforcement team wants to catch a spammer, but he's hiding in Russia. With so many cross-border spam attacks, are regional anti-spam efforts ever going to be enough?

Six anti-spam groups earlier this week conceded that they need some help, joining forces to hold the first meeting of the StopSpamAlliance during the United Nations Internet Governance Forum in Athens, Greece.

Click here for the full story.

Friday, November 03, 2006

Kicking some brass

Do you ever wonder what the heck is wrong with top management? Why don't they see risks associated with IT security breaches? Why don't they help you do something about it? The U.S. Department of Homeland Security has been asking some of the same questions.

Click here for the full story.

Thursday, November 02, 2006

An alternative view of information security

Thinking about data in terms of its "life" isn't a complicated idea, but it's a powerful one. Acknowledging that information lives, grows and dies can help a company focus its security and business continuity efforts in the right places.

Click here for the full story.

Tuesday, October 31, 2006

New Windows attack can kill firewall

Hackers have published code that could let an attacker disable the Windows Firewall on certain Windows XP machines.

Full Story...

Friday, October 13, 2006

Gartner warns of soaring remote access costs

Gartner has called on businesses to develop stringent policies on remote access for workers to avoid escalating IT costs over the remainder of the decade.
Full Article:

Converged Security Threats Mean Business

Gone are the days of amateur, single-source security threats, as big business takes over creating an Internet filled with converged attacks.
Full Article:

Friday, October 06, 2006

Compliance regulations take back seat in managing storage

Data growth and disaster recovery/business continuity (DR/BC) are driving archive planning much more than regulatory compliance.
Full Article:

Trend Micro Offers Security Appliance to Protect E-Mail Networks

Responding to demand from its customers for more hardware-based systems, Trend Micro introduced its new integrated messaging security appliance on Oct. 9, the final piece of the company's strategy to build devices to host each of its software products.
Full Article:

Wednesday, October 04, 2006

Akonix looks to control Skype

Akonixhas released a management appliance intended to help corporate IT gain a measure of control over the popular voice application Skype.
Full Article:

Execs quizzed by Euro Parliament about data privacy

European companies face tough questions about the illegal sharing of data with U.S. authorities.
Full Article:

Monday, October 02, 2006

Determina patches latest Microsoft flaw

For the second week in a row, independent security researchers have fixed a hole in Microsoft's software.

Full Story...

Blue Coat SSL VPN protects data on remote machines

Blue Coat Networks this week is announcing a single SSL-VPN appliance that helps customers with lots of remote access users protect application traffic as it crosses the Internet.

Full Story...

Monday, September 25, 2006

Medical sector failing to embrace the internet

Patients want electronic access to medical records.
Full Article:

Hijacked consumer machines target the enterprise

The digital underground has learned that the best way to strike gold is to target consumers blissfully unaware that their desktop applications are riddled with security holes. By hijacking as many consumer desktops as possible, the bad guys can expand their botnets and use them to burglarize big enterprises with deep pockets.
Full Article...

Tuesday, September 19, 2006

UK firms admit to email management 'chaos'

Over a third of large organisations in the UK admit that their email management system is in "complete chaos", a poll has claimed.
Full Article:

The Global State of Information Security 2006

Some things are getting better—slowly—but security practices are still immature and, in some cases, regressing.
Full Article...

Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole

The newest zero-day flaw in the Microsoft Windows implementation of VML (Vector Markup Language) is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits.
Full Article:

Friday, September 15, 2006

Unisys Computer Recovered

The Office of the Inspector General of the Department of Veterans Affairs is reporting that an office computer reported stolen from a Unisys Corp. office in Virginia has been recovered, and a Washington, D.C., resident has been arrested in the case.
Full Article:

Nikon magazine hit with security breach

The breach, which lasted nine hours on Tuesday, revealed the personal and financial information of 3,235 subscribers.
Full Article...

Wednesday, September 13, 2006

UK bank hit by massive phishing attack

Customers of Barclays Bank have been alerted to a range of phishing emails designed to steal online banking details.
Full Article:

Survey: Large U.S. firms collecting more personal data

The largest U.S. companies appear to be gathering more personally identifiable data about their online customers, but fewer of them are sharing it with outside organizations, according to the fifth annual review of Fortune 100 companies conducted by The Customer Respect Group Inc. in Ipswich, Mass.
Full Article...

Monday, September 11, 2006

Keep your Job by avoiding....The six worst security mistakes

From Network World: We asked the top security experts in the industry - people who consult with enterprise customers on a regular basis - to name the most common security mistakes that companies make. Here's their list, as well as actionable advice on how to avoid making a major security gaffe
Story 1: Not having a comprehensive security architecture
Story 2: Not investing in training
Story 3: Neglecting identity management
Story 4: Ignoring the threat from insiders
Story 5: Not protecting Web apps
Story 6: Buying products based on bells and whistles

IT execs feel the heat as security woes multiply

Here's a very interesting story from Network World. IT execs are now starting to lose there jobs as a result of security breaches. Gone are the days of ignorance.

AOL fired a researcher and a manager last week, and CTO Maureen Govern resigned after the Dulles, Va., company posted data on search queries made by 650,000 AOL subscribers. Ohio University dismissed two senior IT people this month following news of five security vulnerabilities that exposed the sensitive records of 137,000 alumni.

Full Story...

Thursday, September 07, 2006

Portable data menace goes unchecked

Companies without appropriate controls to manage data on portable devices are leaving themselves "wide open" to security breaches and possible prosecution, a security expert told today.
Full Article:

Is your BlackBerry as secure as you think?

A small shock wave went through the community of BlackBerry users recently when a consultant showed off a way to use the popular wireless technology to circumvent a network's defences and attack its core computers.
Full Article:

Complacency Increases Security Risk

IT security managers should never be complacent about existing technologies because threats can dramatically change in such a short time, according to the security head of Australian wealth management company Asgard.
Full Article...

Wednesday, September 06, 2006

Calif. Man Says He Hacked USC Application System

Eric McCarty, a 24-year-old San Diego, Calif., resident, on Tuesday admitted in court that he hacked into a University of Southern California (USC) student application system in June 2005 after being denied admission to the school, the Associated Press reports via
Full Article:

Cisco, Microsoft demo network security cooperation

It has taken nearly two years, but Microsoft Corp. and Cisco Systems Inc. are finally ready to demonstrate how their network access security products will work together.
Full Article:

Government Report Finds Health Care Privacy Breaches Rampant

Agencies and contractors that experienced privacy breaches collectively have access to medical data for more than 100 million Americans.
Full Article...

Tuesday, September 05, 2006

Intel vPro Promises VARs and MSPs Less Needy Desktops

Intel aims to change the corporate desktop landscape with its vPro platform.
Full Article:

Word flaw hit with zero-day attack

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised Tuesday.
Full Article...

FBI Prepares For Phase One Of Controversial Sentinel Program

A critical design review next month will determine whether the FBI will move forward with the program.
Full article:

Monday, August 28, 2006

Microsoft to offer broader support for older software

Microsoft plans to offer a longer lifeline to customers that use the company's older products.
Full Article:

Hacker Faces Prison for PC Attacks

Overall, investigators have identified 441,000 computer systems hacked by Christopher Maxwell's robot virus, including 104 country domains, 276 ".net" domains, 128 ".com" domains, and 28 ".edu" domains. The virus was planted between July 2004 and July 2005, federal investigators said.
Full Article:

McAfee warns of 'SMiShing' attacks

Cell phone users should watch out for text messages containing a Web site link which, when visited, could download a Trojan horse, security experts have warned.
Full Article...

Wednesday, August 23, 2006

Bush aims to boost health care data transparency

President George W. Bush yesterday issued an executive order requiring the four agencies charged with overseeing federal health care programs to overhaul the way they use IT to exchange health data and measure quality.
Full Article:

IBM to Acquire Internet Security Systems for $1.3 Billion

IBM announced on Aug. 23 that it is acquiring Internet Security Systems, a maker of network security and appliances, for $1.3 billion, or $28 per share.
Full Article...

Tuesday, August 22, 2006

Student claims to find Myspace security flaw

A UK STUDENT has stumbled on what he thinks is a flaw in Myspace’s password system.
Full Article:

Businesses Struggle Under Growing Weight Of E-Mail

Feed the e-mail beast. We all do it, from the time we log on in the morning till late in the day when a last thought needs to be shared with a colleague or friend. We're sending messaging morsels over mobile devices to try to satiate its insatiable appetite. Don't feed the beast--take off a week, a day, even an hour--and you fall dangerously behind.
Full Article:

FBI Investigating Theft of 10 Hospital Computers

In the latest episode of stolen computers and compromised personal records, Hospital Corporation of America reported on Aug. 18 that 10 computers had been stolen from one of the health care provider's regional offices.
Full Article...

Thursday, August 17, 2006

Five things you'll be glad to hear about Longhorn Server networking

With all of the coverage of Windows Vista and its many improvements for client desktops, it's easy to forget that an equally large team of developers is working on the next generation of Windows on the server. Many enhancements are slated for Longhorn Server and most are actually already checked into code and operational in the latest beta release. These benefits aren't incremental, either. Some represent significant improvements to the core Windows code base, and will mean better reliability, faster network connections and easier management.
Full Article:

US govt researches next-generation Internet

The US government department that created the Internet is working on a new network that will be able to configure itself, intelligently cache and route data, and allow for fast and reliable sharing of data, all while maintaining military-grade security.
Full Article:

Wednesday, August 16, 2006

IBM Keeps Its Eye on IT Service Management

IBM is pursuing its IT service management and service-oriented architecture management strategy through a series of acquisitions and evolutionary product releases.
Full Article...

Avoid a Meltdown: Reacting to a Security Breach

How your company handles a data breach can make the difference between survival and extinction.
Full Article...

Survey: 81% of U.S. firms lost laptops with sensitive data in the past year

Loss of confidential data -- including intellectual property, business documents, customer data and employee records -- is a pervasive problem among U.S. companies, according to a survey released yesterday by Ponemon Institute LLC and Vontu Inc., a San Francisco-based provider of data loss prevention products.
Full Article:

Tuesday, August 15, 2006

Another worm set to exploit Windows flaw

Attack code exploiting a recently-patched vulnerability in Windows has been posted to the Internet, prompting concerns of a widespread attack.

Full Story...

DOT Is the Latest Victim of Computer Theft

The US Department of Transportation has announced that a laptop computer containing names, addresses and social security numbers of 133,000 Florida residents was stolen two weeks ago.

Full Story...

Unpatched Microsoft Computers Falling Prey to Hackers

Hackers are actively using exploit code to target a flaw in Microsoft’s software that generated a special warning from the U.S. government last week.

Full Story...

Fire Hazard Causes Dell Battery Recall

How's this for having a hot laptop...

Computer maker Dell is recalling 4.1 million laptop computer batteries because of a potential fire hazard, the company said Monday.

Full Story...

Thursday, August 10, 2006

Utah man charged with intercepting employer e-mail

Unauthorized reading material may include 15-year sentence.
Full Article:

Small Business Operators Have Higher Risks of Online Fraud

Many small business are wide open to online fraud because they have limited IT skills and computer security is not high on their list of priorities, The Daily Telegraph reports.
Full Article...

Laptops banned from hand baggage

There are ways to reduce the risk of damage or the impact of a lost laptop, said Richard Starnes, a computer security expert and president of the UK branch of the worldwide Information Systems Security Association. Ideally, laptop users should already be following such guidelines, he said. The guidelines include:
Full Article...

Wednesday, August 09, 2006

Colleges Brace for Malware Wave

While returning to school may only be a fleeting thought for most students at this time of year, it's top of mind for the folks charged with keeping university networks free from a host of electronic nasties.
Full Article:

What's the Future of Desktop Software - and How Will it Affect Your Privacy?

"Today, we may think of Microsoft when we think of [personal computer] operating systems, but there are many kinds of operating systems—on your cell phone, on an Xbox," she said. "The question for the future is how we merge these, how all this specialized software comes together ... to support a user experience that includes sharing, synchronizing information, making the experience expand and come alive."
Full Article...

Tuesday, August 08, 2006

Trojan data-stealer hijacks ICMP traffic

Once a PC has become infected, the Trojan installs itself as an Internet Explorer browser helper object (BHO), and then waits quietly for the user to access one or more target online banking websites.
Full Article...

VARBusiness Readers Define--And Redefine--Managed Services

Recently, VARBusiness asked the question: What is a managed service? Solution providers getting into the game have all kinds of definitions for what constitutes a managed service. In fact, some even say myriad definitions are causing confusion in the marketplace, making it difficult to succeed.
Full Article:

Friday, August 04, 2006

Dyrand to Open Calgary Office

Look for a new office in Calgary in the weeks ahead. Our crack team has been planning this expansion for some time now to take advantage of the many opportunities in the oil patch. Bill Lahay will head the new Alberta operations.

The evolution of corporate security

Here's a great article on the evolution of security...

Most security solutions are a trade-off of ease-of- use versus security. As computer security measures grow in importance, previously uninterrupted legitimate processes get reined in or stopped altogether -- like my recommendation of not allowing non-admin users to install software without management approval. As companies grow more valuable, they are willing to accept higher levels of default security as measured against legitimate needs
Full Article...

Dyrand is Hiring Now

Have a look at our home page for more information.

Thursday, August 03, 2006

Advisory group calls for standardized e-medical records

A federally chartered IT advisory group approved a recommendation on Aug. 1 to request that the federal government identify and prioritize by October the key data elements to be used in a medical electronic record available to first responders.
Full Article...

'Brute force' attacks against SMBs on the rise

The number of "brute force" attacks on small and midsize companies has risen dramatically in the past few months, according to Houston-based Alert Logic Inc., an on-demand IT network security company that focuses on small and medium-size businesses.
Full Article...

Wednesday, August 02, 2006

Security Spending on the Rise

According to a new report released today by Heavy Reading Enterprise, organizations of all sizes will increase spending for security products and services over the next two years: 66 percent of respondents from both large- and medium-sized companies and 55 percent of small companies. These findings are in sharp contrast to vendor and analyst warnings of late that security spending is slowing.
Full Article...

A password for your credit cards

As banks face an end-of-year deadline to strengthen online authentication, one company believes it holds the right card to customer security--a one-time- password.
Full Article...

Monday, July 31, 2006

IT security only half the solution

A majority of companies now increasingly depend on IT to carry out critical business functions, but internal and external threats to IT are both increasing exponentially.
Full Article...

Health care IT on the rise

The number of physicians using electronic medical records has increased by one-third since 2001, according a new report by the Centers for Disease Control and Prevention.
Full Article...

Man indicted after stealing health care database

A man has been indicted by a federal grand jury for downloading the personal information of more than 80,000 members of the American College of Physicians, according to the Department of Justice.
Full Article...

Tuesday, July 25, 2006

Hackers hold data for ransom

Smaller companies should back up their data to protect against ransomware, according to Kaspersky Labs.
Full Article...

Friday, July 21, 2006

Joke of the Day

Ad on MySpace Serves Up Adware to 1M PCs

More than 1 million users of and other websites may have been infected with adware spread by a banner advertisement, according to iDefense, a computer security group.

Full Story...

Bogus Google Site Hiding Trojan Horse

Scammers have set up an exact copy of the download page for Google’s toolbar plug-in in an attempt to lure users to download a Trojan backdoor.

Full Story...

Tuesday, July 18, 2006

Health care providers scramble to adopt NPI numbers

Health insurers are scurrying to make the last changes in their IT systems in order to comply with a federal requirement for doctors and hospitals to use standard ID numbers in processing claims and other electronic transactions.
Full Article...

Employers crack down on computer policy violations

Many employers are firing employees for violations of computer and Internet policies, according to the Wall Street Journal.
Full Article...

Thursday, July 13, 2006

IBM Sued over Hacked E-Mail Server

A Washington, D.C., law firm has sued IBM claiming that the computing giant is responsible for a 2005 attack on its e-mail server.

Butera & Andrews claims that an unknown IBM employee attempted to attack its e-mail server in November of last year, shortly after the law firm discovered that its computer had been taken over by an unknown attacker. Security investigators traced the source of the attack to a computer within IBM’s Cornwallis Road facility in Durham, N.C., the law firm alleges.

Full Story...

Wednesday, July 12, 2006

World Cup Security Considered a Great Success

Despite fears of hooligan riots, terrorist attacks and chaos in the streets, the security operation at the World Cup must be considered a great success, the BBC reports.

Move Over Phishing, Here Comes ‘Vishing’

Secure Computing has reported an ingenious new type of phishing scam that uses VOIP telephony to entrap its victims.

Dubbed "vishing", the fraud sees a randomly dialled user phoned by an automated system to be told that their credit card has been used illegally.

Full Story...

Tuesday, July 11, 2006

VPN market at $23 billion and growing

The VPN services market in 2005 was worth $23 billion, a 14 percent increase over 2004, according to a new report from Infonetics Research.
Full Article...

Thursday, June 29, 2006

Mobile device “kill pill” crucial to IT security

The booming popularity of mobile handset devices such as BlackBerrys and smartphones is creating a major information security problem, but a new breed of products designed to manage this equipment is slowly beginning to alleviate some security concerns, according to a recent report from Unstrung Enterprise Insider.
Full Article...

Supreme Court Rebukes Bush’s Anti-Terror Policy

In a 5-3 decision, the Supreme Court said the trials at Guantanamo Bay were not authorized under U.S. law or the Geneva Conventions ruling that the military commissions are unconstitutional, The Washington Post reports.

Researcher Publishes Details of, MSN Holes

Frustrated with what he calls a lack of response from Microsoft and, a security researcher has gone public with details of flaws on the two companies’ Web sites.

Full Story...


The government has recovered the stolen Department of Veterans Affairs (VA) laptop computer with sensitive data on up to 26.5 million veterans and military personnel, Veterans Affairs Secretary Jim Nicholson announced to the Associated Press, Forbes reports.

Yahoo Settles Click Fraud Suit

Yahoo agreed to compensate advertisers for click fraud dating back to January 2004 as part of a settlement agreement in a class-action lawsuit, the search company said on Wednesday.

Full Story...

Wednesday, June 28, 2006

For Spammers, a Picture Is Better Than 1,000 Words

Spam is again on the rise, led by a flood of junk images that spammers have crafted over the past few months to trick e-mail filters, according to security vendors.

Full Article...

Monday, June 26, 2006

AT&T, DoJ Fight Wiretap Suit

A suit against AT&T over alleged cooperation with government wiretapping should be dismissed because hearing it would mean exposing information that would help al-Qaida, the U.S. Department of Justice argued Friday in federal court in San Francisco.

Full Article...

Article to make you laugh...

JUNE 2005. The Total Information Awareness (TIA) program, led by John Poindexter, has suffered major public relations catastrophes during its ramp-up. To ameliorate bad press, the feds have approved a costly upgrade that will give TIA a customer-friendly CRM front end and enable a win-win for spooks and ordinary citizens alike. Following are early examples of customer outreach from the program, dubbed

Full Article...

The ABCs of New Security Leadership

September 11 profoundly changed the public perception of national security; the Enron accounting scandal and a rash of similar scams alerted us to widespread deficiencies in corporate governance, accountability and ethics. But every security leader knows that as time passes after any incident - no matter how demonstrative - corporate concern for the issues brought to light by that incident tends to wane. Maintaining the right level of boardroom and employee awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm. Below, CSO looks at what's Out and what's In.

Full Article...

Friday, June 23, 2006

5 Ways Google is Shaking the Security World

Whether you're charged with preventing hacks, protecting assets, stopping fraud or defending trademarks, Google and other search engines present a new mix of risks for everybody in the security game.

Full Article...

7 Arrested in U.S. Terror Plot

Five U.S. citizens, one legal resident and a foreigner were arrested by the FBI in Miami on terrorism charges for plotting to attack the Sears Tower in Chicago and the FBI building in Miami, The Washington Post reports.

Now or later? Security and ROI

Many people talk about the "Return On Investment" [ ROI ] when discussing many aspects of business, especially in regards to hardware and software procurement. Today we see standard ROI formulas trying to be applied to things like IT security. There are many different formulas for calculating ROI, but one of the toughest is the ROI on security, or "Return on Security Investment" [ ROSI ].

Full Article...

Thursday, June 22, 2006

U.S. police using data brokers

Police and government officals in the U.S. have been bypassing the need for subpoenas and warrants by gathering personal information made available through private data brokers. The data brokers, which advertise heavily on the Internet, have at times admitted to using deception and illegal practices themselves, according to a new report by the Associated Press.

Full Article...

Details emerge on second potential NSA facility

Two former AT&T employees have fingered a room in the telecommunications company's building near St. Louis as a likely center for wiretapping and Internet monitoring by the National Security Agency, according to a article.

Full Article...

How to Spot a Liar

We're used to seeing interrogation scenes on TV—the bare lightbulb, the sweaty, hostile detective, you know the drill. But how do investigations play out in the corporate world, when the questioner wears a suit rather than a gun holster, and the chilling environs of a police room are replaced by the bland layout of a corporate office? Here are four things to know about conducting interviews and interrogations that yield results.

Full Article...

Wednesday, June 21, 2006

Visa Hit With ATM Breach

In the latest example of a national trend, Visa announced that customers could be subjected to fraud as a result of a security problem affecting a contractor that processed automated teller machine transactions, the Associated Press reports on Yahoo News.

Tuesday, June 20, 2006

Companies must plan for disasters

Disaster recovery planning has become a regular part of business for many companies, and there are many things a company can do to contain the damages done by catastrophic events. But even when companies are prepared, unexpected circumstances usually arise when a disaster actually hits.
Full Article...

Flurry of new data breaches disclosed

The dizzying pace of data-breach notifications in recent months shows no signs of slowing, as several more organizations have disclosed major data compromises over the past few days.
Full Story:

Website Operator Pleads Guilty to Piracy’s owner pleaded guilty to selling nearly US$20 million worth of pirated software through the mail, the U.S. Department of Justice (DoJ) said Friday.

Full Article...

Yahoo!, you've got worms

A new JavaScript based worm has been found crawling through a flaw in Yahoo's webmail servers, requiring Windows users to update their anti-virus protection.

Full Article...

Microsoft's French Site Hit by Hackers

Part of Microsoft’s French website has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor’s Web hosting provider.

Full Article...

Monday, June 19, 2006

One-third of Americans will fall victim to data breaches this year

Personal information on more than 32 million Americans has been stolen as a result of data breaches during 2006 alone, with projections of 78 million identities stolen by the end of the year, according to identity theft prevention vendor Edentify.
Full Article...

Sarbanes-Oxley costs frustrating small businesses

Costs associated with meeting the compliance standards of the Sarbanes-Oxley Act have caused some public companies to consider going private, according to law firm Foley & Lardner.
Full Article...

Federal Breaches Spark Security Review

The massive data breach disclosed last month by the U.S. Department of Veterans Affairs has triggered sweeping reviews of information security policies at the VA and at several other government agencies that recently suffered smaller data losses.
Full Story:

Friday, June 16, 2006

Password security still lacking among IT pros

Most administrative passwords in some of the world's largest corporations are kept in the heads of one or two IT staff or on paper.

Full Article...

Phishing Scam Uses PayPal Secure Servers

A cross-site scripting flaw in the PayPal Web site allows a new phishing attack to masquerade as a genuine PayPal log-in page with a valid security certificate, according to security researchers.

Full Article...

Thursday, June 15, 2006

After lawsuit, Cisco embraces Black Hat

June 15, 2006 (IDG News Service) -- The bad blood between Cisco Systems Inc. and organizers of the Black Hat conference appears to be a thing of the past.

Full Article...

Sophos: E-Mail Virus Count Down

The proportion of e-mail messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos said on Wednesday.

Statistics released by Sophos show that about one in 91 e-mail messages contained a virus or other types of bad software, far less than the one-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection products.

Full Article...

Wednesday, June 14, 2006

How Small and Midsize Business CIOs Can Use Size to Their Advantage

With fewer resources and staff, SMB CIOs operate under some obvious disadvantages. Their advantages are less obvious, one being their proximity to senior management. They can use this effectively in seven ways and become trusted advisors to company executives.

Full Article...

NSA Wiretapping Update

If you have been following the NSA Wiretapping story, you may want to have a look at a story posted on another blog. Click here to visit it. Its the second story down at the time of this post.

Microsoft Leaves Windows 98 to the Hackers

If you are still using Windows98 (shame on you), you should be aware of the following item:

Microsoft has defended its decision not to patch a critical security flaw in Windows 98.

Support for the operating system officially ends next month on July 12.

Tuesday, June 13, 2006

Exchange gets mobility makeover

The new software also will allow a remote user to wipe all Exchange Server-fed data from a device if it is lost or stolen. Currently, only someone with Exchange Server administrator privileges can do this.

Full Article...

One in 300 PCs infected with malware

About one in every 300 PCs running Windows is affected by malware, according to Microsoft.

Full Article...

Monday, June 12, 2006

Major IM tech company reports large increase in hacks

San Carlos, Calif.-based Postini, a worldwide IM management company, reported that its systems recorded 500 percent increase in attacks for May.

Full Article...

Major IM tech company reports large increase in hacks

San Carlos, Calif.-based Postini, a worldwide IM management company, reported that its systems recorded 500 percent increase in attacks for May.

Full Article...

VA Conducts Security Review

Department of Veterans Affairs (VA) Secretary James Nicholson said in a hearing at the House Committee of Government Reform on Thursday that the agency has ordered a security review of every laptop computer and has banned all employees from connecting any employee-owned computers to the VA virtual private network (VPN), reports.

Full Article...

Wednesday, June 07, 2006

VA data theft affects most soldiers

The massive database stored on a laptop and external hard drive that were stolen from the home of an employee of the Department of Veterans Affairs last month could compromise the identity of nearly 2.2 million active-duty military personnel, the VA announced on Tuesday.

Full Article...

Canada Terror Plot Called for Beheading Prime Minister

Its not every day you see a storylike this one....

In addition to charges of training militants and plotting bombings faced by suspected terrorists in Canada, one member of the group allegedly sought to decapitate Prime Minister Stephen Harper, Reuters reports.

Full Article...

Google Spreadsheets

Just in case you don't already have enough Google products in use, here is one more: Google Spreadsheets. Now you can access your spreadsheets from anywhere and share them with anyone. The initial launch is by invite only, so if you want to sign up, click here

Tuesday, June 06, 2006

Mozilla Says IE 7 Won't Beat Firefox Security

One of the chief selling points (if a free browser can have a selling point) of Mozilla Corporation's Firefox browser has been its reputation of being more secure than Internet Explorer. Preaching to a choir of open-sourcers at the Red Hat Summit, the company said it expects to maintain that advantage.

Full Article...

Microsoft Hits Spammer For $1 Million

Settlements between one of the world's worst spammers, and plaintiffs Microsoft and the state of Texas, will cost Ryan Pitylak at least a million dollars.

Full Article...

Kiwi Security Expert Finds Flaw in Skype

A security flaw in Skype’s peer-to-peer voice-over-IP (VoIP) software has been closed, thanks to diligent work by a Kiwi security expert.

Full Article...

Monday, June 05, 2006

Microsoft Live Labs releases new security services

June 05, 2006 (IDG News Service) -- Microsoft Corp.'s Live Labs has launched two security-related Web-based services, one for providing authentication and another for connecting peer-to-peer applications through network firewalls.

Full Article...

Friday, June 02, 2006

Goldleaf server breach affects more than 300 banks

Goldleaf Technologies, a Brentwood, Tenn., provider of homepage services for financial institutions, suffered a server breach on Thursday, May 25.

Full Article...

Government asks top Web companies to retain user search records

Top officials in the FBI and the Department of Justice have requested leading Web companies to keep and store records of users’ Web surfing and searching habits for use in child pornography and terrorism investigations, according to USA Today.

Full Article...

Thursday, June 01, 2006


We are scholars of constitutional law and former government officials. We write in our individual capacities as citizens concerned by the Bush administration's National Security Agency domestic spying program, as reported in The New York Times, and in particular to respond to the Justice Department's December 22, 2005, letter to the majority and minority leaders of the House and Senate Intelligence Committees setting forth the administration's defense of the program.[1] Although the program's secrecy prevents us from being privy to all of its details, the Justice Department's defense of what it concedes was secret and warrantless electronic surveillance of persons within the United States fails to identify any plausible legal authority for such surveillance. Accordingly the program appears on its face to violate existing law.

Full Article...

Official: Bush authorized spying multiple times

NEW YORK - President Bush has personally authorized a secretive eavesdropping program in the United States more than three dozen times since October 2001, a senior intelligence official said Friday night.

Full Article...

NSA spy program broader than Bush admitted

I never been much of a Bush fan, so I think that this is just great. As the layers of the onion keep getting peeled back, I can't even imagine how bad its going to smell.

NEW YORK - The volume of information gathered from telephone and Internet communications by the National Security Agency without court-approved warrants was much larger than the White House has acknowledged, The New York Times reported Saturday.

Full Article...

Wednesday, May 31, 2006

Recent college breaches heighten IT security concerns

In a recent survey, colleges named security as the most important issue their facing computer systems for the first time since 1999.

Full Article...

VA breach could cost half-billion dollars

Taxpayers could pay more than $500 million in costs related to the May 3 data theft that compromised the personal information of 26.5 million veterans, VA Secretary Jim Nicholson said Thursday in front of the House Committee on Veterans Affairs.

Full Article...

Tuesday, May 30, 2006

HoneyNet Statistics - Who's attacking what today?

Juniper Networks maintains honeypots around the world to collect real time statistics about vulnerabilities and threats. Honeypots are sample networks connected to the Internet in a production environment and contain a representative sample of platforms, operating systems and applications.

The data represents the most common attacks that are seen on these representative networks and is an average per honeypot collected over a rolling one week window. The attacks seen in these networks may differ from the top and latest threats listed on the previous page. The data represents the most widespread attacks but may neither pose the greatest risk to customers nor be one of the latest threats.

Full Article...

Anatomy Of A Fraud

Most fraud victims clam up. In this check-tampering case, the victim-a small-business owner-decided to speak out. The resulting cautionary tale offers a rare, detailed look into the mechanics and psychology of fraud. And its aftermath. Unfortunately, this time the perpetrator wasn't the only one who wound up in court.

Full Article...

Attack of the iPods!

MP3 players and USB drives can be used for more nefarious purposes than just carrying data out the door.

A lot has been written about the threat of iPods, digital cameras and USB memory sticks to information security programs. Because all of these are basically high-capacity storage devices, they make it easy for thieves (whether insider or outsider) to slip into your organization, quickly download a bunch of confidential docs, and then slip out—and all the while, you thought that they were just enjoying some groovy tunes. Thieves can hide corporate secrets on the SD card of a digital camera, and if they want to be really sneaky, they can even delete the files so that the information won't show up during a casual inspection. Then, when they get home, they can use an "undelete" program to recover the secrets.

Full Article...

Monday, May 29, 2006

The Pandemic Possibility

Companies warn of flu outbreak fallout.

How bad will it be for the U.S. economy if the avian flu mutates and spreads rapidly from human to human? Bad enough that a few companies have warned investors that a flu pandemic could hit their bottom line. In their most recent annual statements filed with the Securities and Exchange Commission, companies as diverse as Callaway Golf, MetLife and Starbucks mention the risk of a flu pandemic, for very different reasons—such as the demand for its products, the accessibility of its facilities for customers, or the liabilities imposed by losses. Such statements suggest sensible planning, says Baruch Fischhoff, former president of the Society for Risk Analysis.

Full Article...

VA Data Theft Could Cost Taxpayers $500M

Veterans Affairs (VA) Secretary Jim Nicholson on Thursday stood in front of the House Committee on Veterans Affairs, and explained that taxpayers may end up having to cough up $500 million as a result of the May 3 theft of personal data on 26.5 million U.S. veterans, Reuters reports.

Friday, May 26, 2006

HIPS growth marks latest major IT security advance

One year ago, the big security debate was whether to replace intrusion-detection systems (IDS) with intrusion-prevention systems (IPS). Today, the question is whether host-based intrusion-prevention systems (HIPS) technology will do away with the traditional security perimeter or become merely another security tool.

Full Article...

Red Cross blood donor database breached

The Missouri-Illinois Blood Services Region of the American Red Cross notified nearly 8,000 blood donors last week that a former employee had allegedly stolen their personal information in March and possibly used it in identity thefts.

Full Article...

Thursday, May 25, 2006

FCC declines to investigate the NSA

The Federal Communications Commission, tasked with regulating communications companies and investigating violations of relevant laws, has declined to look into the allegations that three large telcos cooperated with the National Security Agency to wiretap domestic phone calls and Internet communications.

Full Article..

Thieves steal personal data of 26.5M vets

WASHINGTON - Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday.

Full Article...

Wednesday, May 24, 2006

How a Bookmaker and a Whiz Kid Took On an Extortionist—and Won

Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.

Saturday, Nov. 22, 2003, 7:57 a.m.Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to will be under attack each weekend for the next 20 weeks, or until you close your doors."

Full Article...

5 Ways Google is Shaking the Security World

Whether you're charged with preventing hacks, protecting assets, stopping fraud or defending trademarks, Google and other search engines present a new mix of risks for everybody in the security game.

Ask Google anything—what's happening to GE's stock price, how to get to 881 Seventh Ave. in New York, where Mission Impossible 3 is showing, whatever happened to Brian W. after he moved away in the ninth grade—and you'll get an answer. That's the power of this $6 billion search engine sensation, which is so good at what it does that the company name became a verb.

Full Article...

Tuesday, May 23, 2006

Big Brother is Watching

You just gotta love this one...

Telecos under fire for helping NSA wiretaps

As evidence mounts that the National Security Agency spied on American civilians, legislators vowed to hold hearings and lawyers continued to file class-action lawsuits against the telecommunications companies that allegedly cooperated with the government.

Full Article...

University server breach lasted at least one year

Ohio University has placed one technician on paid administrative leave and initiated a comprehensive reorganization of the university’s computer systems.

Full Article...

Friday, May 19, 2006

British law would force encryption key disclosure

The British government is about to give law enforcement officials the authority to compel the disclosure of encryption keys and force suspects to decrypt encrypted data, prompting criticism from security experts and civil rights advocates alike.

Full Article...

Harris poll: Most people lack backups

A new Harris Interactive poll, in conjunction with Maxtor, shows that almost half of U.S. adult computer users are at risk of losing important data because they have not backed it up.

Full Article...

Thursday, May 18, 2006

Revamped Symantec Security Client Due in '07

Symantec is readying a new application for enterprise PCs that will integrate security and network policy enforcement technology the company picked up from recent acquisitions.

Full Article...

Renegade Spammer Beats Blue Security

Anti-spam firm Blue Security will stop its spam-fighting effort after deciding not to place the Internet, as a whole, in jeopardy by escalating a conflict with a renegade spammer, The Register reports.

Blog Archive

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.