Thursday, May 31, 2007

How to Stop Political Attacks

Not all hackers are motivated by money. In fact, there is a growing number of politically-motivated attacks on businesses and government agencies, and the methods they use are different -- and potentially harder to stop -- than their cash-hungry counterparts, experts say.
Is your company ready to stop them?
Click here for the full story.

Wednesday, May 30, 2007

New Laws Don't Solve Global Problems

Legislators around the world are taking a stab at the computer crime problem. But experts say, in most cases, they don't have enough jurisdiction to solve it.
The U.S. House of Representatives made a splash last week by passing the Internet Spyware Prevention Act of 2007 and the Spy Act, two bills designed to reduce the use of spyware and give law enforcement more resources to pursue and prosecute spyware perpetrators.

At the same time, German legislators were passing a controversial new anti-cybercrime measure that defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing it. Offenders are defined as any individual or group that intentionally creates, spreads, or purchases hacker tools designed for illegal purposes. The law also extends prosecution to those who attack individuals, as well as businesses or government.

Click here for the full story.

Tuesday, May 29, 2007

Google makes GreenBorder its first security acquisition

Acquisition-happy Google has made its first security purchase by quietly snaring start-up GreenBorder Technologies, a provider of virtualized web browsing anti-malware software, for an undisclosed amount.

But industry experts do not believe the deal signals Google is planning to further flex its muscles in the IT security marketplace. Instead, experts told today, the search giant likely will use the purchase to secure its recently unveiled business application suite, not as the kick-off to a portfolio that would compete with the likes of Symantec and McAfee.

Click here for the full story.

Monday, May 28, 2007

SonicWall Unveils Security App

SonicWALL, Inc. (NASDAQ: SNWL - message board), a leading provider of Internet security solutions, today unveiled the SonicWALL Network Security Appliance (NSA) E7500, a new gateway security appliance that makes deep packet inspection security productive and easy to manage in larger network deployments. Designed to enable the highest level of Unified Threat Management (UTM) performance at its price point, the NSA E7500 is intended for campus networks, distributed environments and data centers. The NSA E7500 is the industry's first UTM appliance to harness the power of multiple processing cores in a single network platform.
Click here for the full story.

Friday, May 25, 2007

Report slams FBI network security

FBI network vulnerable to insider attacks, government watchdog group says

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security: FBI Needs to Address Weaknesses in Critical Network,” the authors -- Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes -- said the FBI lacks adequate network security controls.

The FBI “has an incomplete security plan,” the report concluded.
Click here for the full story.

Thursday, May 24, 2007

New Spec Could Cut Phishing, Spam

Phishers and spammers beware: It may soon be a lot harder to pretend you're somebody you're not.

The Internet Engineering Task Force, which sets the technical standards for the Internet, yesterday approved the DomainKeys Identified Mail standard as a proposed standard (RFC 4871). The specification, a three-year effort pioneered by Yahoo!, Cisco, Sendmail, and PGP, is an email authentication framework that uses cryptographic signature technology to verify the domain of the sender.

In a nutshell, DKIM allows email senders to "sign" each email to verify that it comes from their domain. If the receiving domain handles an email that does not contain the signature, it can raise a red flag to warn the recipient that the message might be a fake.

Click here for the full story.

Wednesday, May 23, 2007

DHS publishes sector-specific protection plan for IT infrastructure

It aims to protect 17 specific sectors against a range of terrorist and natural threatsThe U.S. Department of Homeland Security (DHS) yesterday released a broad blueprint of actions that technology companies and government entities can take to mitigate terrorist and other threats against the nation's IT infrastructure.

The Sector Specific Plan (SSP) for IT was released as part of a broader National Infrastructure Protection Plan (NIPP) developed by the DHS under a 2003 presidential mandate. That mandate called for the development of risk-mitigation strategies for protecting critical infrastructure targets in 17 specific sectors against a range of terrorist and natural threats.
The plans are designed to help infrastructure stakeholders in each area to identify and prioritize key assets that need to be protected and to provide recommendations on how to go about doing that.

Click here for the full story.

Tuesday, May 22, 2007

Thousands of Illinois realtors, mortgage brokers warned of data compromise

Alert prompted by May 3 breach of state agency server
The Illinois Department of Financial and Professional Regulation (IDFPR) is sending out letters to an estimated 300,000 licensees and applicants informing them of a potential compromise of their names, Social Security numbers and other personal data.

The warning follows the May 3 discovery of a security breach involving a storage server at the agency. Among those affected by the breach are real estate and mortgage brokers, pawn shop owners and loan originators licensed to operate in the state. The potentially compromised data is between six and 12 months old and includes names of people who may have applied for licenses with IDFPR, said Susan Hofer, a spokeswoman for the agency.
Click here for the full story.

Friday, May 18, 2007

Alcatel-Lucent reports employee data lost or stolen

CD with unencrypted data may have walked off a UPS truck
A CD containing personal information about thousands of Alcatel-Lucent SA employees and their dependents has been lost or stolen, the company said on Thursday.
The disk contains the names, addresses, Social Security numbers, dates of birth and salary information for U.S. employees who worked for Lucent prior to its merger with Alcatel SA, as well as Lucent retirees and dependents of both groups, the company said.
The disk was prepared by Hewitt Associates LLC, which administers Alcatel-Lucent's benefits plans, for delivery via United Parcel Service to another contractor, Aon Corp., Alcatel-Lucent said.

"We are still investigating this matter, but we believe the disk was lost or stolen between April 5 and May 3," Alcatel-Lucent told employees in a letter on its Web site.

Click here for the full story.

Thursday, May 17, 2007

IBM contractor loses employee data in transit

Apparently fell off the back of a truck, more or less literally
IBM on Tuesday said it has been unable to recover lost storage tapes containing sensitive employment-related information of some former and current IBM workers.

The tapes were lost more than two months ago just a few miles south of IBM's corporate headquarters, because of what a company spokesman called a "transportation incident" involving an IBM vendor.

The lost tapes primarily stored the archived personal information -- including Social Security numbers, dates of hire and dates of departure from IBM -- of an undisclosed number of individuals.

Click here for the full story.

Tuesday, May 15, 2007

Profit-Minded Trojans

The first Trojan horse was designed to win the war and get the girl. But according to new research from PandaLabs, Trojan software makers now have gone commercial.
Sixty-six percent of the new Trojans that emerged in the first quarter of 2007 were designed for financial gain, according to the security company's quarterly research report, which was published Wednesday.

Click here for the full story.

Monday, May 14, 2007

Security: Thumb sucking, slurping, snarfing…Excuse me?

The Dictionary of Wacky Security Threat TermsRemember when thumb sucking was considered an innocent activity, except that if you did it as a young child you might need braces as a teen? Today you’d need a lot more than a mouthful of metal to protect from thumb sucking.

This phrase is one of the latest in a new genre of IT terminology: Wacky Security Threat Terms. While the incidents described by such terms are indeed serious, security vendors and others have broken the rules of spelling and relied upon double entendres to develop this new collection of buzz words that succinctly refer to the latest threats, with the hope that giving the threat a memorable tag will raise awareness.
Click here for the full story.

Friday, May 11, 2007

The Phisher King

You see phishing attack attempts nearly every day, but what you don't see is the face behind the attack. In a rare glimpse into the mind of a phisher, hacker and security expert RSnake recently engaged an attacker who says he makes $3,000 to $4,000 dollars a day and was willing to share a bit about himself and how he operates.
RSnake, a.k.a. Robert Hansen, CEO of SecTheory and Dark Reading blogger, asked the phisher, called "lithium," how he operates, what technology he uses, and just how much money he makes off these scams. Lithium, who says he's 18 and has been phishing since he was 14, said he has stolen over 20 million identities, mostly via social networking worms. "I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through," he wrote to RSnake, who today published the responses on the blog.
Click here for the full story.

Wednesday, May 09, 2007

TSA Loses 100,000 Employee Records

Every day, in airports across the country, they ask people to lose their keys, their shoes, and their belts. This time, though, the Transportation Security Administration has lost something of its own: a removable hard drive containing about 100,000 employee records.
The (TSA) Friday notified employees that an external hard drive containing personnel data -- including name, Social Security number, date of birth, payroll information, and bank account/routing information -- was discovered missing from a controlled area at the TSA Headquarters Office of Human Capital on Thursday, May 3. The data includes records of TSA employees from January 2002 until August 2005.

"It is unclear at this stage whether the device is still within Headquarters or was stolen," said TSA Administrator Kip Hawley in a letter to TSA employees.

Click here for the full story.

Tuesday, May 08, 2007

StopBadware says majority of malware sites hosted by five ISPs on Friday identified five Web-hosting companies with myriad infected Web sites residing on their servers, which the industry watchguard says puts unwitting Internet users at risk.

Based on analysis of close to 50,000 sites, the group identified five companies as hosting a majority of those Web sites known to distribute malicious code. The hosting companies -- iPowerWeb, Layered Technologies, Internet Services, Internap Network Services and CHINANET Guangdong province network -- have the largest number of infected Web sites residing on their servers. For instance, some 10,834 infected sites were identified on iPowerWeb's servers.

Click here for the full story.

Monday, May 07, 2007

SEC: WFI Insider Stole $7.7M

The Securities and Exchange Commission (SEC) has filed charges against a stock options manager at Wireless Facilities Inc. for using software and online services to steal $7.7 million in stock from his company.

Vencent Donlan, 44, was charged with using the company's Equity Edge stock plan management and reporting application and E*Trade to route more than 700,000 shares of his company's stock into an account held by his wife, Robin Colls Donlan. He also is accused of falsifying entries in Equity Edge to cover his tracks.

WFI, ironically, is an outsourcing provider in the wireless industry that provides (among other offerings) "security systems and engineering services."

Click here for the full story.

Wednesday, May 02, 2007

Intro to hackernomics

Five laws of hacker economics
Legislation, financially driven attackers, and high profile breaches have changed the economics of security. We need to rethink the motivations of attackers and the new attacker economy given a growing stolen identity information trade and the rise of organized electronic crime. We need to study hackernomics. This is a new term so allow me to offer a definition:

Hackernomics (noun, singular or plural): A social science concerned with description and analysis of attacker motivations, economics and business risk. It is characterized by five fundamental laws and eight corollaries.

Click here for the full story.

Tuesday, May 01, 2007

Experts: US Not Prepared for Cyber Attack

The United States is vulnerable to a "strategically crippling cyber attack" by enemies around the world, experts told Congress yesterday.
Testifying before the House Committee on Homeland Security, high-profile experts said the federal government's cyber defenses have become dated and may leave the country open to an attack -- "not by a conventional weapon, but by a cyber weapon."

Click here for the full story.

About Me

Choose Dyrand Systems as your virtual IT department and focus on growing your business—not on the technology that supports it. You deserve peace of mind when it comes to IT. When you choose Dyrand, you’re choosing more than just an IT firm—you’re choosing an extension of your own team.