Friday, March 30, 2007

Eight Faces of a Hacker

You fight against them every day: hackers, attackers, insiders. You know what they do, but not who they are. They are often nameless, usually faceless. You'd like to be able to guess their next move, but that can be pretty difficult when you don't even know what motivates them or why they're attacking you.
Is there a way to "profile" a hacker, the way the police might profile an arsonist or a serial killer? Not exactly. But quietly, a collection of university researchers and law enforcement agencies has been developing a taxonomy of the hacker community, much as an entomologist studies and classifies insects. And police and security experts hope that taxonomy will eventually help them identify and root out the vermin.
Click here for the full story.

Thursday, March 29, 2007

TJX data breach: At 45.6M card numbers, it's the biggest ever

It eclipses the compromise in June 2005 at CardSystems Solutions

After more than two months of refusing to reveal the size and scope of its data breach, TJX Companies Inc. is finally offering more details about the extent of the compromise.

In filings with the U.S. Securities and Exchange Commission yesterday, the company said 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders. That number eclipses the 40 million records compromised in the mid-2005 breach at CardSystems Solutions and makes the TJX compromise the worst ever involving the loss of personal data.

Click here for the full story.

Wednesday, March 28, 2007

Web attacks get personal

Malware purveyors are increasingly tailoring their virus distribution and attack techniques to take advantage of different classes of end-users, according to researchers with the Internet Security Systems' X-Force team at IBM.

Top experts with the Atlanta-based research operation said that malware writers, phishing scheme operators, and botnet herders are more frequently employing so-called personalization tools to make their attacks more effective.

Much like the online marketing companies that gather bits of information to target advertising at individual Web users, cybercriminals are creating malware outlets and code executions that scan readily-available details about people's' computing posture to find appropriate recipients for their work.

Click here for the full story.

Tuesday, March 27, 2007

ID Theft Doubles in Two Months

Online identity theft grew at an unprecedented rate during the first two months of 2007, as its two chief components -- malware and phishing -- skyrocketed at rates of 50 to 200 percent.

A study scheduled to be released tomorrow by Internet monitoring firm Cyveillance Inc., found more than 3 million pieces of personal information available on the Web, including approximately 320,000 debit and credit card numbers, 1.4 million Social Security numbers, and 1.3 million account login credentials.

Click here for the full story.

Monday, March 26, 2007

What to Do When Your Security's Breached

Well, it's finally happened. Despite all your efforts to stop both internal and external attackers, someone has penetrated your defenses and stolen or damaged your data.

You've got a full-blown security incident on your hands. What are you going to do about it?

If you've been smart, experts say, you'll already have a computer security incident response team -- and a plan -- in place. You'll even have tested the team and plan in some sort of live simulation.

Click here for the full story.

Thursday, March 22, 2007

Stolen TJX data used in Florida crime spree

Police told company months before company told customers
Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies.

In partnership with the Gainesville Police Department, officials from the Florida Department of Law Enforcement said they have taken six of 10 suspects into custody for allegedly using the TJX customer data to purchase large quantities of gift cards from discount chains Wal-Mart and Sam's Club.

The series of arrests marks the first specific instance of crime to be connected to the TJX data heist, although some banks have previously reported that accounts held by consumers affected by the incident had been used in attempted fraud around the globe.

Click here for the full story.

Wednesday, March 21, 2007

Biggest security threat? Your users

How to protect against naive, careless or malicious users
Whether it is the FBI's sheepish acknowledgement that at least 10 of the 160 agency laptops that have gone missing in recent years contained "sensitive or classified information" or the drama of retailer TJX's February admission that the incident that put its customer credit card information in the hands of thieves impacted more people than originally thought, security incidents keep making headlines and vexing organizations.

Click here for the full story.

Tuesday, March 20, 2007

Huge Leak Revealed at Japanese Firm

One of Japan's largest printing companies today reported the theft of more than eight million pieces of customer information, including addresses and credit card numbers.


Dai Nippon Printing said around 8.64 million pieces of customer information related to 43 client companies -- including Toyota Motor Corp. and Aeon Co. -- were stolen in July by a former employee of a subcontractor, who absconded with a magnetic optical drive containing the data.

Click here for the full story.

Monday, March 19, 2007

Users Go for Data Lockdown

Removable storage devices are turning firms' employees into data security time bombs, forcing many CIOs to rethink their security strategies, according to concerned IT managers here today.


USB drives, in particular, are a major source of anxiety. "The ordinary person is like a mini-data center -- he is walking around with a lot of data in his pocket," warned Kumar Mallavalli, chief strategy officer of InMage and co-founder of Brocade, during a keynote this morning. "The most critical issues that we face today [involve] endpoint security [for] laptops, PDAs, and removable media."

Click here for the full story.

Friday, March 16, 2007

Seven Steps to Safer WiFi

We've all done it: You need quick access to email, so you jump on that free WiFi connection at the local coffee shop, the airport, or a conference hotel. What are the chances you'll get hacked, anyway?

Think again. If you use unsecured WiFi in the clear, without any encryption or security, you're asking for it. Your laptop is routinely broadcasting seemingly innocuous data that when put together, can compromise your system as well as your company's. Hackers have the sniffer tools that can grab login and passwords, or gather bits of information that can reveal who you are and possibly gain entry into your corporate applications. (See Joke's on Me, Tool Uncovers Inadvertent 'Chatter', and Data That Doesn't Drip... Drip... Drip....)

Ask any security expert, and they will say "just say no" to naked WiFi.

Click here for the full story.

Thursday, March 15, 2007

Smart USBs Gone Bad

You know those handy, smart USB drives that let you carry the contents of your computer around your neck when you're on the move, applications and all? These portable drives can also be used by an attacker to steal your user privileges and data.

That's what Bob Clary, a consultant with Secure Network Technologies, recently discovered within just a few minutes of purchasing a smart USB. "The minute I saw the U3 USB drive, I thought 'I can do anything with this.' Five minutes after I had bought it, I had it hacked," says Clary, whose company performs social engineering and penetration testing for its clients.

Click here for the full story.

Wednesday, March 14, 2007

Photocopiers: The newest ID theft threat

Newer models have hard drives that record what has been duplicated
Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what's been duplicated. At tax time, when Americans photocopy tax returns, confidential information may be easily available to criminals.

Click here for the full story.

Tuesday, March 13, 2007

Burger, Fries & Security

Whipping out that credit or debit card at your local fast-food restaurant may be convenient, but it has also put the so-called quick-service restaurant (QSR) sector under the Payment Card Industry (PCI) standard microscope.

Just ask Wendy's franchisee Paul Haire, who co-owns seven Wendy's restaurants in the Monroe, La., area. Haire's restaurants were some of the first to accept credit cards. The Wendy's stores had also been rife with email-borne malware that spread from the manager's XP-based workstation in the back office to the XP-based electronic point-of-sale (POS) systems in the front of the stores.

"That would bring the whole system down and step these restaurants back into the 60s, with hand-written orders and checks," he says. "We had a huge issue with viruses."

So Haire outsourced his franchises' Internet and security services to BHI . The Eden Prairie, Minn.-based Internet hosting and managed services security provider for SMBs provides a turnkey service for QSRs like Wendy's. He's been using the MSSP for nearly two years now.

Click here for the full story.

Monday, March 12, 2007

'One of our laptops is missing'

These are words no IT manager ever wants to hear. Beyond the embarrassment, there is the danger of seriously bad publicity, damage to brand equity and legal liability. It is possible that losing even a single mobile computer loaded with sensitive information can kill an otherwise thriving business.

The good news is that current technologies and best practices can lower the risk dramatically when mobile computers are lost or stolen.

Click here for the full story.

Thursday, March 08, 2007

ID theft forecast: Gloomy today, worse tomorrow

Thieves are staying a few steps ahead of banks, retailers and the hoi polloi
Virtually every trend line for identity theft is bad news, a research analyst said today as she released a survey showing that 15 million Americans were victimized during a recent 12-month span.

For the year-long period that ended last August, 15 million people were burned by some kind of fraud related to identity theft, said Avivah Litan, a Gartner Inc. analyst. That number is 50% higher than 2003 data released by the Federal Trade Commission.

Click here for the full story.

Wednesday, March 07, 2007

Deep Threat

Enterprises are leaking an increasing amount of data from the inside, and they aren't sure what to do about it.

Those are the conclusions of two new studies -- one from the Ponemon Institute and one from Enterprise Strategy Group -- being published today. Both of the reports suggest that enterprises should be shifting their security attention from the outside to the inside.

"The insider threat is far and away the number one threat," says Eric Ogren, an analyst at Enterprise Strategy Group and one of the authors of the research.

Click here for the full story.

Monday, March 05, 2007

Getting to Know the Enemy Better

Experts agree: The best way to secure applications is to build security in during the development phase. The problem is that there are few standards or templates for doing it.


But that situation is about to change, according to speakers at the Black Hat conference here today. In fact, draft guidelines for specifying common security weaknesses and common attack patterns could be just weeks away.

Click here for the full story.

Thursday, March 01, 2007

Lessons from the DuPont breach: Five ways to stop data leaks

Follow the data, and protect it, say security experts
In the five months Gary Min was stealing $400 million worth of proprietary information from a DuPont database, he downloaded and accessed more than 15 times as many documents as the next-highest user of the system. But he wasn't caught until after he left the company for a rival firm.

Min pleaded guilty last November to misappropriating DuPont data and is scheduled to be sentenced on March 29. His case is only the latest to highlight a lack of internal controls for dealing with insider threats at many companies. Earlier in February, a cell development technologist at battery maker Duracell Corp. admitted to stealing research related to the company's AA batteries, e-mailing the information to his home computer, and then sending it to two Duracell rivals.

Click here for the full story.

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.