Wednesday, May 31, 2006

Recent college breaches heighten IT security concerns

In a recent survey, colleges named security as the most important issue their facing computer systems for the first time since 1999.

Full Article...

VA breach could cost half-billion dollars

Taxpayers could pay more than $500 million in costs related to the May 3 data theft that compromised the personal information of 26.5 million veterans, VA Secretary Jim Nicholson said Thursday in front of the House Committee on Veterans Affairs.

Full Article...

Tuesday, May 30, 2006

HoneyNet Statistics - Who's attacking what today?

Juniper Networks maintains honeypots around the world to collect real time statistics about vulnerabilities and threats. Honeypots are sample networks connected to the Internet in a production environment and contain a representative sample of platforms, operating systems and applications.

The data represents the most common attacks that are seen on these representative networks and is an average per honeypot collected over a rolling one week window. The attacks seen in these networks may differ from the top and latest threats listed on the previous page. The data represents the most widespread attacks but may neither pose the greatest risk to customers nor be one of the latest threats.

Full Article...

Anatomy Of A Fraud

Most fraud victims clam up. In this check-tampering case, the victim-a small-business owner-decided to speak out. The resulting cautionary tale offers a rare, detailed look into the mechanics and psychology of fraud. And its aftermath. Unfortunately, this time the perpetrator wasn't the only one who wound up in court.

Full Article...

Attack of the iPods!

MP3 players and USB drives can be used for more nefarious purposes than just carrying data out the door.

A lot has been written about the threat of iPods, digital cameras and USB memory sticks to information security programs. Because all of these are basically high-capacity storage devices, they make it easy for thieves (whether insider or outsider) to slip into your organization, quickly download a bunch of confidential docs, and then slip out—and all the while, you thought that they were just enjoying some groovy tunes. Thieves can hide corporate secrets on the SD card of a digital camera, and if they want to be really sneaky, they can even delete the files so that the information won't show up during a casual inspection. Then, when they get home, they can use an "undelete" program to recover the secrets.

Full Article...

Monday, May 29, 2006

The Pandemic Possibility

Companies warn of flu outbreak fallout.

How bad will it be for the U.S. economy if the avian flu mutates and spreads rapidly from human to human? Bad enough that a few companies have warned investors that a flu pandemic could hit their bottom line. In their most recent annual statements filed with the Securities and Exchange Commission, companies as diverse as Callaway Golf, MetLife and Starbucks mention the risk of a flu pandemic, for very different reasons—such as the demand for its products, the accessibility of its facilities for customers, or the liabilities imposed by losses. Such statements suggest sensible planning, says Baruch Fischhoff, former president of the Society for Risk Analysis.

Full Article...

VA Data Theft Could Cost Taxpayers $500M

Veterans Affairs (VA) Secretary Jim Nicholson on Thursday stood in front of the House Committee on Veterans Affairs, and explained that taxpayers may end up having to cough up $500 million as a result of the May 3 theft of personal data on 26.5 million U.S. veterans, Reuters reports.

Friday, May 26, 2006

HIPS growth marks latest major IT security advance

One year ago, the big security debate was whether to replace intrusion-detection systems (IDS) with intrusion-prevention systems (IPS). Today, the question is whether host-based intrusion-prevention systems (HIPS) technology will do away with the traditional security perimeter or become merely another security tool.

Full Article...

Red Cross blood donor database breached

The Missouri-Illinois Blood Services Region of the American Red Cross notified nearly 8,000 blood donors last week that a former employee had allegedly stolen their personal information in March and possibly used it in identity thefts.

Full Article...

Thursday, May 25, 2006

FCC declines to investigate the NSA

The Federal Communications Commission, tasked with regulating communications companies and investigating violations of relevant laws, has declined to look into the allegations that three large telcos cooperated with the National Security Agency to wiretap domestic phone calls and Internet communications.

Full Article..

Thieves steal personal data of 26.5M vets

WASHINGTON - Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday.

Full Article...

Wednesday, May 24, 2006

How a Bookmaker and a Whiz Kid Took On an Extortionist—and Won

Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.

Saturday, Nov. 22, 2003, 7:57 a.m.Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to will be under attack each weekend for the next 20 weeks, or until you close your doors."

Full Article...

5 Ways Google is Shaking the Security World

Whether you're charged with preventing hacks, protecting assets, stopping fraud or defending trademarks, Google and other search engines present a new mix of risks for everybody in the security game.

Ask Google anything—what's happening to GE's stock price, how to get to 881 Seventh Ave. in New York, where Mission Impossible 3 is showing, whatever happened to Brian W. after he moved away in the ninth grade—and you'll get an answer. That's the power of this $6 billion search engine sensation, which is so good at what it does that the company name became a verb.

Full Article...

Tuesday, May 23, 2006

Big Brother is Watching

You just gotta love this one...

Telecos under fire for helping NSA wiretaps

As evidence mounts that the National Security Agency spied on American civilians, legislators vowed to hold hearings and lawyers continued to file class-action lawsuits against the telecommunications companies that allegedly cooperated with the government.

Full Article...

University server breach lasted at least one year

Ohio University has placed one technician on paid administrative leave and initiated a comprehensive reorganization of the university’s computer systems.

Full Article...

Friday, May 19, 2006

British law would force encryption key disclosure

The British government is about to give law enforcement officials the authority to compel the disclosure of encryption keys and force suspects to decrypt encrypted data, prompting criticism from security experts and civil rights advocates alike.

Full Article...

Harris poll: Most people lack backups

A new Harris Interactive poll, in conjunction with Maxtor, shows that almost half of U.S. adult computer users are at risk of losing important data because they have not backed it up.

Full Article...

Thursday, May 18, 2006

Revamped Symantec Security Client Due in '07

Symantec is readying a new application for enterprise PCs that will integrate security and network policy enforcement technology the company picked up from recent acquisitions.

Full Article...

Renegade Spammer Beats Blue Security

Anti-spam firm Blue Security will stop its spam-fighting effort after deciding not to place the Internet, as a whole, in jeopardy by escalating a conflict with a renegade spammer, The Register reports.

Wednesday, May 17, 2006

New Law Would Require Reporting of Breaches

A bill introduced in Congress calls for prison time and stiff fines for company executives who fail to enform law enforcement when a digital break-in jeopardizes consumers’ personal and financial data, Brian Krebs reports from his Security Fix blog on

Full Article...

GE security exec shares tips to reduce security risks

May 15, 2006 (Network World) -- When it comes to putting data and identity thieves in their place, Peter Costa says there's no room for being Mr. Nice Guy.

"Have a public hanging. ... They have to know you'll go after them," says Costa, who heads up enterprise security at GE Consumer Finance - Americas. Companies need to be "fanatical about prosecution," he says.

Costa outlined his views (which he stressed are not all necessarily those of GE as well) for dealing with data and identity theft during a presentation at last week's CIO Forum. The unique annual conference brings together IT suppliers and potential buyers on a cruise ship sailing out of New York City.

Full Article...

Hackers use Google to uncover hidden passwords

Google is an extremely powerful tool and, as with most things, it can be used for both good and evil. Read this very interesting article and you'll learn about some the risks you need to be aware of and what you need to do about it.

May 16, 2006 (CSO) -- Ask Google anything -- what's happening to GE's stock price, how to get to 881 Seventh Ave. in New York, where Mission: Impossible: III is showing, whatever happened to Brian W. after he moved away in the ninth grade -- and you'll get an answer. That's the power of this $6 billion search engine sensation, which is so good at what it does that the company name became a verb.

Full Article...

Tuesday, May 16, 2006

Worker Gets 10 Months for Spying on Boss

A former U.S. government security auditor has been sentenced to 10 months in jail and home confinement after pleading guilty to snooping on his supervisor’s computer.

Kenneth Kwak of Chantilly, Va., pleaded guilty in March to gaining unauthorized access to a government computer. He faced a maximum sentence of five years in prison and a US$250,000 fine.

Full Article...

Instant Messaging a Security Headache

Instant messaging as a communication tool for business is on the rise, said Lee Weiner, senior product manager at Symantec."Organizations are embracing IM because they see increased benefits from communication, collaboration and reduction in cost," he said.However, IM is potentially a risk factor for businesses because the increased use of it attracts virus writers and hackers to target IM.

Full Article...

New Law Would Require Reporting of Breaches

Its about time that something like this was put in place, don't you think?

A bill introduced in Congress calls for prison time and stiff fines for company executives who fail to enform law enforcement when a digital break-in jeopardizes consumers’ personal and financial data, Brian Krebs reports from his Security Fix blog on

Full Article...

Monday, May 15, 2006

British hacker faces extradition to U.S.

News Brief, 2006-05-10 - Gary McKinnon, the hacker who entered various U.S. military and NASA computers, has lost his first battle against extradition to the U.S.

Full Article...

Ohio University latest college breach victim

Ohio University announced Thursday that almost 200,000 people have had their confidential information exposed in three separate security breaches over a two-week period.

Full Article...

Wireless security essential to curb potential abuses

IT departments and security managers face a number of challenges regarding the potential abuses of wireless technologies.

Full Article...

Friday, May 12, 2006

Malware using search engines to spread

Few people are aware that they can get infected just from surfing the net. This story gives the evidence to support your need to understand this risk.

Internet search engines are now one of the commonest means by which malware spreads, a new study has suggested.

Full Story

Today's Humour

Thief Disguises Himself as Security Guard

ROME (Reuters) - A thief disguised as a security guard Tuesday duped the unsuspecting staff of a top Italian art gallery into giving him more than 200,000 euros ($253,100), local media reported.

Full Story

New Cybercrime Bill Called Inadequate

New legislation in the U.S. Congress intended to help law enforcement agencies fight cybercrime falls short because it does not give consumers tools to guard against identity theft, a lawmaker and a consumer advocate said Thursday.

Full Story

SiteAdvisor: Search Engines Expose Users to Malware, Viruses

Research slated for release on Friday by McAfee’s SiteAdvisor division suggests that the spread of various forms of malware and viruses is linked to search engine usage, The Wall Street Journal reports.

Thursday, May 11, 2006

Did you Know?

Have you ever received one of those emails asking you to handle a money transfer for someone's brother in Zoobia?

I have received many, and thought my readers might enjoy this cartoon.

Russian virus distributor convicted

Russian authorities have convicted a university student who ran web sites that distributed computer viruses.

Sergey Kazachkov, a Russian university science student from the town of Voronezh, was found guilty of running two sites that distributed more than 4,000 computer virus varieties.

The student has been given a two-year suspended sentence and faces a one year probation period.

Full Story

Business gets riskier for SMEs

With time and money short, and their vulnerability to threats higher than ever, it is becoming more difficult for small businesses to keep up with security requirements. In part two of our five part series, Paul Bray looks at how they can protect themselves

Full Story

FTC Settles Data Security Case With Real-Estate Firm

Nations Holding Co. (NHC), a real-estate firm operating in 44 U.S. states, has settled a data security case after the U.S. Federal Trade Commission (FTC) accused it of allowing a common Web attack to compromise customer data, the FTC announced Wednesday.
Full Story

Wednesday, May 10, 2006

Teachers deflect responsibility for Internet child safety

Wednesday, May 10, 2006 - A new study shows that over half of teachers would not know where to get help if one of their students got into trouble on the Internet.
Full Article...

Did you Know?

Just to keep you coming back (as if all this fantastic security news isn't enough), I'm also going to post one interesting fact each day. They may not be related to security, but they will give you something to talk about the next time you're at the water cooler.

For example: Did you know that the first couple to be shown in bed together on prime time television were Fred and Wilma Flintstone? I'll be you didn't.

Most Malware Attacks Linked to Crime

Seventy percent of malware detected by Panda Software in the first quarter was driven by criminal or financial motivations, The Register reports.

The survey by the developer’s scanning service reported that 40 percent of the malware detected was spyware, followed by Trojans at 17 percent and malicious dialers at 8 percent, according to The Register.

E-mail worms, hugely publicized not long ago, accounted for only 4 percent of the malware described in the Panda survey, The Register reports.

Trojans, which represented 47 percent of new examples of malware in the survey, appear to have overtaken traditional viruses in popularity because of their more disguised nature, The Register reports.

The full Panda report is available online.

U.K. Judge Approves U.S. Request for Hacker's Extradition

A British court approved a request by the United States for the extradition of an unemployed systems administrator who allegedly caused US$700,000 in damage by hacking into U.S. military and government computers.

Full Story

Tuesday, May 09, 2006

A New Breed of Identity Theft

Everyone has heard of identity theft—when someone steals your private information such as a Social Security, credit card or bank account number and then spends your money. But have you heard about identity theft through your blog?

Alex Bard, a staff writer with WebProNews, writes about such a case. One Boston blogger was writing about the Boston Red Sox and New England Patriots and getting more than 500 hits a day. Then she found out from a reader that her blog was being plagiarized on a regular basis for the past six months.

According to the story, all the thief did was change the names.

However, WebProNews reports that there is someone on the side of today’s bloggers. Jonathan Bailey is the author of the Plagiarism Today blog, which is dedicated to making bloggers and readers aware of the problem.

The story states that he started his "crusade" about four years ago and now helps at least 25 people a day.

There are currently more than 38 million blogs, WebProNews reports, so it’s hard to estimate how large the problem really is. But Bard wrote that A-List bloggers aren’t plagiarized as much as most average bloggers.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

White Paper: Business Executives Guide to Security Management

The intent of this document is to provide a framework for understanding the risks and costs associated with the management and security required for the information systems used by companies with between 20 and 300 computer users.

This is not intended to be a technical whitepaper and as such, it will not be filled with techno-jargon that is incomprehensible to the business executive. Instead, this paper was written with the sole purpose of empowering the business owner/manager with enough information to make informed risk/reward decisions about how best to have their critical information systems managed.

Why Business Executives Should Read this Paper
Readers will find significant value in reading this white paper if they are concerned with any of the following:
  • Protecting critical business information from unauthorized access, damage, or loss
  • Improving business efficiencies through increased automation of routine tasks
  • Increased profit margins through the reduction of fixed costs
  • The risks associated with sub-standard IT management practices
  • Difficult or impossible calculations for ROI on Information Systems investments
  • Compliance with privacy legislation
Download the full white paper here

Hidden security threats: Targeted Google searches

Thursday, May 4, 2006 - Sarah D. Scalet of CSO Magazine wrote in a recent editorial about using a targeted Google search, while working on a story on the security implications of Google, to find an Excel spreadsheet on a major U.S. company that contained information on around 300 executives. Though the information did not include names, there was enough on the spreadsheet about titles and past work history to infer the correlating names, Scalet reported.
Full Article...

Swiss army knife worm spreading

(MSPAlliance) - Thursday, May 4, 2006- A new worm known as the "Swiss army knife" has been detected that is more advanced than most malware picked up to date by investigators. W32.Nugache.A spreads through e-mail and IM channels, and also includes a unique peer-to-peer element. PCs that are infected by the worm keep contact with the controller and other infected PCs through a peer-to-peer network using TCP port 8 instead of IRC.
Full Article...

Hacker hits Toronto transit message system, jabs prime minister

Imagine Gerry Nicholls’ surprise when he glanced at the electronic advertising sign on the Toronto-area commuter train he was riding last week and saw this message about the Canadian prime minister scroll across the screen: “Stephen Harper eats babies.”
Full Article...

VoIP connections becoming more secure

IT vendors demonstrated secure VoIP connections both from within the LAN and remotely over a VPN at the InteropLabs show last week. The demo focused on protecting the SIP gateway from attack and supporting remote users through a VPN.
Full Article...

Companies must anticipate IT security changes

Many IT departments do not anticipate security changes and are left in a continuous cycle of action and reaction. Some IT decisions to set technology, such as what desktop or server platform to use, can standardize the field for years. Security, however, is a different story, mainly because of Microsoft, advances in Web applications and the growth of threats.
Full Article...

Vista security features cumbersome to users

MSPAlliance - Tuesday, May 9, 2006 - Security tools on Microsoft’s new Windows Vista OS may be so unfriendly to users that businesses may delay implementing Vista, scheduled to hit the market in January. After receiving feedback from software developers currently testing preview versions of Vista, Boston’s Yankee Group reports that the intrusive nature of the new system’s security features could turn off both IT staff and users.
Full Article...

A 13-point plan for starting a strategic security group

Stan Gatewood, CISO of the University of Georgia, suggests the following steps to set up a new—or newly strategic—information security program.

1. Identify executive leadership. An executive sponsor needs to champion the new strategic security program.

2. Select a point person. The CISO or another information security leader should manage day-to-day activities.

3. Define and prioritize goals. Try to tie business objectives to security objectives.

4. Establish a review mechanism. A process review board with executives from information technology, physical security, human resources, legal, audit and information security will evaluate and approve security initiatives.

5. Assess the current state of security. Look at policies, processes, guidelines, standards, existing technology (both hardware and software), training and education.

6. Establish (or re-establish) the security organization. This group should focus on information security, not just the narrower confines of information technology security.

7. Revise existing policies and develop new ones as needed. This might include an acceptable-use policy and minimal security configuration for any device on a network.

8. Assemble implementation teams. Pull together cross-functional teams made up of technical and nontechnical employees to hammer out plans for new policies, procedures, initiatives and tools.

9. Have the executive security review board endorse the plans. This group should consider budget, timing and prioritization.

10. Review the technical feasibility. This should be done by a technical security review board with representatives from the office of the CIO and CTO, plus operations staff, production services and support staff.

11. Assign, schedule, execute and discuss deliverables. Give individuals or teams clear responsibilities and time lines.

12. Put everyone to work on the strategic plan. Everyone in the information security department should be able to introduce strategic security objectives and explain how projects are contributing to a mutual goal.

13. Measure outcomes with metrics. IT security metrics must be based on goals and objectives to realize true decision making and improved performance.

Security leads IT budget priorities

MSPAlliance - Tuesday, May 9, 2006 - The number one item in IT budgets is still security, although strategic solutions are gaining momentum, according to a new IDC survey, “Global Watch 2006: IT Budget Trends and Priorities.” Businesses in the United States, Western Europe, China and India are moving past recent infrastructure upgrade cycles, as the survey found that top IT budget priorities include business intelligence, Web-based applications and vertical industry solutions.

Full Article...

Hacker Gets 57 Months in Prison

Twenty-one-year-old hacker Jeanson James Ancheta of Downey, Calif., was sentenced to 57 months in prison for hacking into hundreds of thousands of computers and then renting the network of computers he shanghaied to spyware companies and spammers, The Washington Post reports.

Blog Archive

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.