You are in: Articles / Security / Reports
 
 
Quick-List: Articles in Reports

Surge in malware marks start of year

Corporate data breach average cost hits $7.2 million

Beware the coming corporate smartphone threat warn experts

Security departments not prepared for new technologies

Low security awareness found across IT

10 tech trends to watch in 2011

Forrester: 2011 security strategy recommendations

Cybercriminals shifting focus from PCs to mobiles

Top 10 Tech Scares of the Decade

7 Scrooge-worthy scams for the holidays

Top Security Predictions for 2011

Report: Spam down, but malware continues hold

Keep Your E-Mail Private and Secure

Encryption adoption driven by PCI, fear of cyberattacks

A hazy view of cloud security

People feel safer on a PC than on a mobile device

Report: 95 percent of all email is spam

6 tips for guarding against rogue sys admins

Mobile workers pose biggest security risk

Fear of data loss, social media security risks rising

A list of hottest IT security certifications

Vulnerability management: The basics

Most hacking victims blame themselves

Do not underestimate the bad guys

Five tips for avoiding self-inflicted email security breaches

Sophos booklet helpful in corporate security awareness

How secure are virtualized servers?

Malware reaches all time high

Security secrets the bad guys don't want you to know

The top 10 'most wanted' spam-spewing botnets

Securing 4G smartphones

IT professionals still not protecting mobile devices

3.7 billion phishing emails were sent in the last 12 months

Cloud security: The basics

Endpoint security: managing enterprise smartphone risk

Research: 1.3 million malicious ads viewed daily

Are you ready for these Internet security threats?

Mac Users Do Not Spam, Linux Users Do

Mobile Device Security Woes

New cyber security threats

Tens of millions still opening junk e-mail

Spam plague in February and more to come

America's 10 most wanted botnets

Spammers exploiting more news stories

600% rise in phishing in 2009

Social Media is the newest playground for cybercriminals

Report predicts the rise of self-healing botnets in 2010

Flash/Acrobat Reader Vulnerabilities: The Biggest Security Hole on the Web?

Smartphones to become major hacker target

Prevent malware from spreading by e-mail links and attachments

Essential e-mail security measures

The Web's most dangerous keywords to search for

IT Professionals Don't Walk The Walk On Mobile Security

Security essentials for Active Directory on Linux

Hijacked Address Book: How did it happen and what to do?

Unsecured mobile devices could open a new back door into your network

Conficker Worm To Strike April 1

Fighting spyware with unified threat management

URL shortening: Yet another security risk

How to manage your risk with Web applications

Keeping Virtual Security Real

Security as a Service: Friend or Foe?

Malware in 2009: more sophisticated, more difficult to detect and simply .. more

Report: Hackers Will Be Bolder, Smarter, Craftier in 2009

Is it time for Internetpol to manage Internet?

Report Warns of More Cybercrime

You Could be Getting Clickjacked

The FBI: Do Not Open Unsolicited E-mails

15 Email Statistics That Are Shaping The Future

Email Security Is Being Disregarded...

Articles in Reports

Surge in malware marks start of year

(Lance Whitney, CNET) The first three months of the year have so far witnessed a rise in malware and some notable cyberattacks, according to a report released today by Panda Security.

Tracking a big jump in malware (PDF), Panda Security has uncovered on average around 73,000 new types of threats being released every day. That's a 26 percent increase during this year's first quarter compared with the same period in 2010.



Among the various flavors of malware, Trojan horses have accounted for around 70 percent of all threats so far this year. That points to Trojans as a tool favored by cybercriminals who use them to grab bank account information and other personal data directly from their victims.
|
|
Rating: 12345
 

Corporate data breach average cost hits $7.2 million

(Ellen Messmer, Network World) The cost of a data breach went up to $7.2 million last year up from $6.8 million in 2009 with the average cost per compromised record in 2010 reaching $214, up 5% from 2009.

The Ponemon Institute's annual study of data loss costs this year looked at 51 organizations who agreed to discuss the impact of losing anywhere between 4,000 to 105,000 customer records. The private-sector firms participating in the Ponemon Institute's "2010 Annual Study: U.S. Cost of a Data Breach" hail from across various industries, including financial services, retail, pharmaceutical technology and transportation.

While "negligence" remains the main cause of a data breach (in 41% of cases), for the first time the explanation of "malicious or criminal attacks" (in 31% of cases) came in ahead of the third leading cause, "system failure."

It turns out "malicious or criminal attacks" are the most expensive type of data breach to discover and respond to, costing on average $318 per customer record, $151 more than non-malicious breaches that stem from negligence of system failure.
|
|
Rating: 12345
 

Beware the coming corporate smartphone threat warn experts

(Lia Timson, ITWire) Rogue smartphone applications coupled with social engineering will be the undoing of corporate IT infrastructures, network security experts have warned.

As more and more enterprises succumb to the temptation of allowing employee devices to be used for work purposes - either because of cost or pressure from senior management - the threat to their IT systems security is rising.

Speaking at the RSA Conference 2011 in San Francisco this week, Ed Amoroso, security supremo at AT&T also advised IT managers to skill-up and use 2011 to prepare themselves and their networks to deal with future threats.

While fake free versions of popular games such as Monkey Jump and Angry Bird are appearing outside the iTunes App Store tempting people to download suspect code onto their phones, unchecked Android apps were also making their way onto mobile handsets which workers carry onto corporate networks.
|
|
Rating: 12345
 

Security departments not prepared for new technologies

(Joan Goodchild, CSO) Rapid adoption of mobile technology, social media and cloud computing in the workplace is creating a security problem for IT departments worldwide as they struggle to keep pace with demands, according to a survey released this week by security certification firm (ISC)².

The 2011 (ISC)² Global Information Security Workforce Study (GISWS) finds an increasing pressure to provide even more services to organizations to protect not just the organization's systems and data, but also its reputation, its end-users, and its customers. But the professionals charged with doing this are not prepared, according to the study's authors, who note the results reveal a clear gap in skills needed to protect organizations in the near future.

"The information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for the major changes ahead, and potentially endangering the organizations they secure," a summary of the findings states.
|
|
Rating: 12345
 

Low security awareness found across IT

(Jaikumar Vijayan, ComputerWorld) A broad spectrum of IT people, including those close to security functions, appear to have little awareness of key security issues impacting their organizations, a new survey shows.

About 22% of respondents claimed to be extensively involved in security functions, 60% claimed a limited or supporting role, and the rest said they were not involved with security at all. About 100 respondents belonged to companies with more than 10,000 employees.

What the survey showed was a surprising lack of awareness of security issues among the respondents. For instance, just 4% admitted to being fully informed about security breaches within their organizations. About 80% of those who said their organizations had suffered a data breach in the past year were unable to tell which IT components might have been impacted by the breach.[...]

Thom VanHorn, vice president of global marketing at Application Security, said the survey reveals a disturbing lack of communication about key security issues among different groups within enterprises. "It really says there isn't enough focus on security or communication across groups despite the environment we live in," VanHorn said.
|
|
Rating: 12345
 

10 tech trends to watch in 2011

(Gil Kirkpatrick, TechRepublic) Based on the results of surveys conducted at The Experts Conference last year, analysts at Quest Software have put together this set of predictions for the upcoming year.

There is a lot of buzz right now over cloud services adoption, platform vendor battles, and shifting technology investment strategies, but, what  happens in 2011 - and what doesn’t - will be determined by actual practices within the IT community. In-the-trenches IT practitioners surveyed at Quest Software’s The Experts Conference 2010 have provided insights into technology trends that appear likely to emerge this year. Here is a look at the top 10.

1. Cloud computing adoption will accelerate, but half of all companies will avoid the cloud for at least five years;
2. There’s no go-to cloud platform provider, so the vendor wars will heat up this year;
3. Organizations that adopt cloud computing will create new organizational structures to support the initiatives;
[...]

Read more by following the "full article" link.
|
|
Rating: 12345
 

Forrester: 2011 security strategy recommendations

(Khalid Kark, NetworkWorld) Every New Year brings an opportunity to review existing security plans and adjust strategies for the next year. Most CISOs are struggling with the same issues, ranging from dealing with the changing threat landscape to properly supporting the rising adoption of social technologies, employee-owned mobile devices, and cloud services.

Given security leaders' pain points and focus areas for 2011, Forrester has identified recommendations for security strategies that address the broad security trends in the current market. Our recommendations fall into three major themes:
1. Better governance structures (prepare for social technology adoption, help the business devise a strategy to leverage cloud services, actively support mobility in the post-PC era);
2. More mature security processes (from reactive tools to proactive focus on integrating tools and processes, from identity management to information and access management, from ineffective incident planning to robust breach response);
3. Improved analytics and reporting capabilities (educate and equip risk owners with relevant information for decision-making, demonstrate the value of security with business and financial metrics, enhance operational measures through validation and correlation).
|
|
Rating: 12345
 

Cybercriminals shifting focus from PCs to mobiles

(Stuart Corner, ITWire) Cisco has released its annual security report saying it shows "a major cybercrime turning point" in that cybercriminals have begun shifting focus from Windows PCs to smartphones, tablets and mobile platforms in general.

The report says this shift in focus is the result of three factors: significant improvements in security in the Windows environment: weak security in mobile devices and the rapid proliferation of mobile devices. However the hugely popular practice of downloading apps, from legitimate app stores is giving cybercriminals a whole new avenue to penetrate target devices.

"Third-party mobile apps are emerging as a serious threat vector. And right now, that market is like the Wild West," warns Horacio Zambrano, product line manager for Cisco. "No one is looking at these apps and determining what is a 'good app' or a 'bad app'."
|
|
Rating: 12345
 

Top 10 Tech Scares of the Decade

(Sarah Jacobsson Purewal, PCWorld) The dawn of the new millennium prompted fears about the future, but so far reality has not quite matched the predictions of catastrophe. The first 10 years passed uneventfully - well, aside from Y2K and a bunch of intelligent computer viruses. Here's a look back at the past decade, and ten of the most terrifying tech scares.

The past ten years saw some terrifying technology:
1. Y2K (2000), predicted outcome: end of the world and technology as we know it, actual outcome: accidental alarms, slot machine failures, incorrect dates on Websites.
2. Conficker Worm (2008-2009), no predicted outcome, actual outcome: an estimated 10 million home/business/government computers under its control.
3. Mydoom (2004-2009), no predicted outcome, actual outcome: the fastest-spreading e-mail worm ever.
[...]

Read more by following the full article link.
|
|
Rating: 12345
 

7 Scrooge-worthy scams for the holidays

(Joan Goodchild, NetworkWorld) All crooks want for Christmas is to steal your money and sensitive information. Security experts give tips on avoiding scams.

The 2-week mark before Christmas is when things start to ramp up out of control. Spammers and malware authors focus on when the attention is going to be there. And you don't need to be shopping online to get caught in one of their traps. Even checking out email or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid:
1. "Free iPad giveaway!"
2. Fake gift cards
3. Stripped gift cards
4. "You're preapproved for this credit card!"
5. Bad e-cards
6. Bad links to holiday sales, job offers, etc.
7. Fake charities

Read more by following the "full article" link.
|
|
Rating: 12345
 

Top Security Predictions for 2011

(Tony Bradley, PC World) It's time to look ahead to 2011 with some predictions for what the year holds in store for security.

Aside from the festivities of the holidays, one thing that always makes December special is the combination of reflecting on the year gone by, and looking ahead to what the next year might hold. Hence, it's a good time to have a look at what 2011 holds in store for security:
1. Precision Attacks - evolution of malware attacks is continuing;
2. Ripped from the Headlines - it will remain common for attackers to exploit breaking news as malware bait;
3. Beware the Web - consolidation of various messaging platforms into Web services will increase, making it an attractive target for hackers who want to break into the corporate network;
4. Low-Hanging Fruit - IT admins will still have to monitor and protect the primary platforms, but will also have to scramble to ensure that the various networks and applications those platforms are connected to don't leave a window open for attackers;
5. Mobile Computing - mobile devices will be a common target for theft.

What are your predictions for 2011?
|
|
Rating: 12345
 

Report: Spam down, but malware continues hold

(Lance Whitney, CNet) Spam may be down but malware marches merrily on. That's the message from the "November Threat Landscape Report" released yesterday by security vendor Fortinet.

Global spam levels ultimately fell 12% in November after Dutch authorities took down a large Bredolab network made up of 140 different servers. The Bredolab botnet was typically used by cybercriminals to send out spam selling fake drugs, according to Fortinet. Spam had actually fallen as much as 26% the week after the network was dismantled but was able to stage a bit of a recovery afterward.

In terms of sheer malware attacks among the top countries hit in November, the U.S. accounted for 35%, up from 32% in October. Japan took 22% of the total attacks, up from 16% the prior month. And Korea took the brunt of 12.5% of the world's total malware attacks, up from less than 9% in October.
|
|
Rating: 12345
 

Keep Your E-Mail Private and Secure

(Tony Bradley, PC World) E-mail is one of the most widely used forms of communication today. Estimates from May 2009 suggest that around 250 billion e-mails are sent every day. That equates to more than 2.8 million e-mail messages per second, and some of them are not even spam.

E-mail is faster and cheaper than traditional postal mail, but at least when you seal that envelope and stick a stamp on it, you can have some confidence that only the intended recipient will open it. With e-mail, however, your message could be intercepted midstream, and you might never realize it. Copies and remnants of your message stored on your PC could be compromised as well. You have to take steps to secure and protect your e-mail messages.

Follow the "full article" link to learn how to protect your e-mail.
|
|
Rating: 12345
 

Encryption adoption driven by PCI, fear of cyberattacks

(Ellen Messmer, NetworkWorld) A survey of more than 900 IT managers shows that adoption of encryption in their organizations is being driven by two main factors, anxiety about possible cyberattacks and the need to meet the payment-card industry (PCI) data security standards.

According to the Ponemon Institute's "2010 Annual Study: U.S. Enterprise Encryption Trends," 69% of the 964 IT managers responding to the survey said the need to meet regulatory compliance was the driving force behind deployment of encryption in their organizations. And the most important regulatory factor to them was the need to meet encryption requirements of the PCI data security standard.

Another important factor spurring organizations to adopt encryption is fear related to cyberattacks. Some 88% of organizations in the survey acknowledged at least one data breach, up three points from 2009. "And of those, "23% had only one breach and 40% had two to five breaches." These numbers were consistent with last year's results, but those experiencing more than five data breaches a year was up 3% from 2009.
|
|
Rating: 12345
 

A hazy view of cloud security

(Dave Kearns, Network World) More than three-quarters of the respondents in a recent survey couldn't say who they believe should be responsible for data housed in a cloud environment.

A recent survey of 384 business managers from large enterprises revealed that confusion abounds about cloud data security. More than three-quarters of the respondents couldn't say who they believe should be responsible for data housed in a cloud environment, while 65.4% said that the company from which the data originates, the application provider and the cloud service provider are all responsible, and another 13% said they were not sure. There was no consensus on who the single party should be that protects that data.

Click on the "full article" link to further read their findings.
|
|
Rating: 12345
 

People feel safer on a PC than on a mobile device

(Lance Whitney, CNet) A majority 87% of people polled for a new study think their home PCs offer better defense against viruses, malware, and hackers than do their mobile phones. Released today by the National Cyber Security Alliance and Symantec, the study also discovered that people may be overconfident in the power of their computers to protect them as less than half are using full security software.

Though only 24% of those polled said they feel very safe using their home computers to surf the Net, 61% said they feel somewhat safe. In contrast, just 18% said they feel very safe using their mobile phones to access the Web, while only 28% feel somewhat safe.

Only 5.1% of those surveyed think the Internet is safer than it was a year ago, while 68% feel it's about the same, and 21.2% believe it's less safe. Half of those polled cited identify theft as a major concern. Overall, 44% of the respondents see themselves as responsible for their own online safety. Only 30% believe keeping the Internet secure is the responsibility of Internet providers, while just 4% feel it's the government's job.
|
|
Rating: 12345
 

Report: 95 percent of all email is spam

(Lance Whitney, CNet) Spam accounted for 95% of all email sent worldwide during the third quarter, according to a report released today.

Panda Security's third-quarter report also found that 50% of all spam came from 10 countries, with India, Brazil, and Russia as the top three sources. The U.S. came in No. 8, while the U.K. dropped off the list. Much of the spam that invades in-boxes comes from botnets that hijack computers whose owners don't realize their PCs have been infected, the report noted.

Trojans now are responsible for 55% of all malware threats, with many of them designed to steal information in order to access financial accounts. These types of threats have generally grown over the past two years, according to Panda, because their creators know they can get the greatest return on investment.

|
|
Rating: 12345
 

6 tips for guarding against rogue sys admins

(Carolyn Duffy Marsan, NetworkWorld) One of the biggest threats that organizations face is losing sensitive data - such as payment card or personally identifiable information about customers or employees - to theft from their own employees. The threat is greatest from systems and network administrators, who have privileged access to vast amounts of corporate data and are responsible for most compromised records in insider cases.

Heather Wyson, vice president of the fraud program at the BITS Financial Services Roundtable, says there has been an increase in insider incidents among U.S. financial services firms.

We spoke with CISOs and IT security experts about what practical steps IT departments can take to minimize the insider threat. Here's their advice:
1. Restrict and monitor users with special privileges
2. Keep user access and privileges current, particularly during times of job changes or layoffs
3. Monitor employees found guilty of minor online misconduct
4. Use software to analyze your log files and alert you when anomalies occur
5. Consider deploying data-loss prevention technology
6. Educate your employees about the insider threat
|
|
Rating: 12345
 

Mobile workers pose biggest security risk

(John E Dunn, TechWorld) Mobile workers trigger more security alerts when they leave the office than when they do at their desks, the latest Symantec MessageLabs Intelligence Report has suggested. According to the company, the explanation for this disparity is simple: mobile workers visit riskier websites when traveling than they do in the more locked-down office environment.

After analyzing users on the company's hosted email service, remote workers were 5.4 times more likely to trigger download alerts than their office equivalents, a pattern that followed for visits to shopping sites, search engines, and dating sites. Mobile workers also generated 1,807 blocks based on infringing policies compared to only 322 for office workers.

"In general, more policy blocks overall are triggered by workers when they are out of the office, indicating rather intuitively that users are more compliant with usage policies when in the office," said MessageLabs' analyst, Paul Wood.
|
|
Rating: 12345
 

Fear of data loss, social media security risks rising

(Joan Goodchild, NetworkWorld) A new survey finds more organizations are dealing with data loss and security breaches due to employee use of social media sites. Email security firm Proofpoint polled 261 IT decision makers at organizations with more than 1000 employees. Respondents were asked about the frequency of data loss events in the past 12 months, as well as their concerns, priorities and policies related to email, the Web, social media and other sources of data loss risk.

The survey found 20% of companies polled had investigated the exposure of confidential, sensitive or private information via a post to a social networking site. In many instances, the events have been severe enough to lead to job loss or disciplinary action, with 7% of companies reporting termination of an employee for social networking policy violations. Another 20% disciplined an employee for not following social networking policy.

Social networking sites such as Facebook and LinkedIn were cited by 53% of respondents as a high concern when it comes to the risk of information leakage. However, not all companies are concerned enough to make the sites off limits. Only 53% explicitly prohibit the use of Facebook and 31% explicitly prohibit use of LinkedIn. Microblogging service Twitter was mentioned by 17% of companies as a source of investigation due to the exposure of confidential, sensitive or private information. Additionally, 51% said they are highly concerned about the risk of information leakage on Twitter.
|
|
Rating: 12345
 

A list of hottest IT security certifications

(Carolyn Duffy Marsan, NetworkWorld) Interest in IT security certifications is booming, as more U.S. companies tighten up the protection surrounding their critical network infrastructure and as a growing number of employees view security expertise as recession proof.

Three of the top 10 IT certifications in terms of demand among U.S. employers are security related, according to Foote Partners, a consultancy that tracks IT employment trends. These include the Red Hat Certified Security Specialist – which ranks as No.2 on the Foote Partners list – as well as the CompTIA Security+ (No.3) and the GIAC Security Essentials Certificate (No.6).

Worries about security breaches are prompting companies to get more IT employees trained and certified in information security, says David Foote, CEO of Foote Partners. "Employees are looking at security certifications as career safety," he adds. "Security is a great long-term career move because there's a steady drumbeat of regulations and compliance."

Read more by following the "full article" link.
|
|
Rating: 12345
 

Vulnerability management: The basics

(Bill Brenner, NetworkWorld) The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.

To get anywhere with vulnerability management, Northcutt said there are five things to consider first:
1.Vulnerabilities are the gateways through which threats are manifested.
2.Vulnerability scans without remediation have little value.
3.A little scanning and remediation is better than a lot of scanning and less remediation.
4.Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network.
5.Security practitioners need a process that will allow them to stay on the trail of vulnerabilities so the fixes can be more frequent and effective.

If a data breach happens and it's traced back to a flaw the company knew about but didn't fix, the consequences can be serious. "This could be factored into the punitive damages phase of a court case," Northcutt said.

Next, Northcutt said it's important to identify the primary threat vectors an organization must worry about. They are:
- Outsider attack from network
- Insider attack from network (VPN)
- Outsider attack from telephone
- Insider attack from local network
- Insider attack from local system
- Attack from malware

Read more by following the "full article" link.
|
|
Rating: 12345
 

Most hacking victims blame themselves

(Robert McMillan, ComputerWorld) Just under two-thirds of all Internet users have been hit by some sort of cybercrime, and while most of them are angry about it, a surprisingly large percentage feel guilt too, according to a survey commissioned by Symantec.

In a cybercrime survey of just over 7,000 Internet users in 14 countries, researchers found that 65% of Internet users worldwide have already been victims. In the U.S., it's 73%, but things are worse in China (83%), Brazil (76%) and India (also 76%).

Another surprise: how victims react to being hacked. People do fee angry, but also feel pretty guilty: 54% said they should have been more careful, when they responded to online scams. When it came to identity theft victims, 12% said that the incident was entirely their fault, Symantec found.
|
|
Rating: 12345
 

Do not underestimate the bad guys

(Mike Bantick, ITWire) Security firm Sophos has recently produced its 2010 mid-year Security Threat Report, and whilst many things remain the same, there are plenty of new security vectors for the connected among us to deal with.

If there is one thing that is clear from the latest Sophos mid-year security threat report, it is that traditional attacks on private data are still prevalent.  Perhaps the vectors are shifting but figures show Spam, Phishing and Malware are still a major source of worry for security personnel world-wide.

The Security Threat Report shows that the traditional security attacks are migrating to social networks such as Facebook and Twitter.  Since April 2009, moving into 2010 reported Spam attacks reported from social networks increased from 33.4% to 57%, Phishing from 21% to 30% and Malware from 21.2% to 36%.  It is clear that criminal activity is moving into the online worlds increasingly populated by everyday Internet users.
|
|
Rating: 12345
 

Five tips for avoiding self-inflicted email security breaches

(Chad Perrin, TechRepublic) Email security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of email security is ensuring you don’t shoot yourself in the foot.

These tips focus on the ways users break their own security rather than on protecting against the predations of malicious security crackers. Security can be violated through careless acts more easily than by outside forces.
1. Turn off automated addressing features
2. Use BCC when sending to multiple recipients
3. Save emails only in a safe place
4. Use private accounts for private emails
5. Double-check the recipient, every time — especially on mailing lists
|
|
Rating: 12345
 

Sophos booklet helpful in corporate security awareness

(M.E.Kabay, NetworkWorld) The recently-released free Sophos booklet, "10 myths of safe web browsing", is a simple, short summary of some basic Web safety information that can serve our purposes in raising security consciousness and involvement.

Each of the following myths is discussed in a short paragraph:
- Myth No.1: The Web is safe because I've never been infected by malware
- Myth No.2: My users aren't wasting time surfing inappropriate content
- Myth No.3: We control Web usage and our users can't get around our policy
[...]
This booklet would make a perfect subject for a brown-bag lunchtime discussion among the IT staff; it could be used as the basis for a user-education session to spark discussion of the issues.

Read more by following the full article link.
|
|
Rating: 12345
 

How secure are virtualized servers?

(David Heath, ITWire) You'd think that a virtualized environment would be a safe way to encapsulate a server, but that appears to be far from the truth. Earlier this year, Gartner released its own research  into the security of virtualized environments.  The results weren't pretty.  Gartner estimated that by 2012, 60% of virtual servers will be less secure that the physical servers they replace, although this is expected to drop to 30% by the end of 2015.

The Gartner report identified six major categories of risk:
- Information security isn't initially involved in the virtualization projects
- A compromise of the virtualization layer could result in the compromise of all hosted workloads
- The lack of visibility and controls on internal virtual networks created for VM-to-VM communications blinds existing security policy enforcement mechanisms
- Workloads of different trust levels are consolidated onto a single physical server without sufficient separation
- Adequate controls on administrative access to the hypervisor/VMM layer and to administrative tools are lacking
- There is a potential loss of separation of duties for network and security controls

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."  However, according to a BeyondTrust spokesman, "that hasn't stopped 90% of virtualized data centers from putting their most sensitive data on virtualized servers."
|
|
Rating: 12345
 

Malware reaches all time high

(Tom Brewster, ITPro) Malware levels have reached new heights as the first six months of 2010 proved to be the most active for malicious file activity on record, McAfee has reported.

There were 10 million new pieces of malware logged in the first six months of this year, while 6 million were discovered in the second quarter alone.

Threats were most likely to emanate from portable storage devices like USBs, while fake anti-virus software was the second most popular choice among malicious file spreaders. Social media-specific malware was the third most common basis for attacks.
|
|
Rating: 12345
 

Security secrets the bad guys don't want you to know

(Robert McMillan, ComputerWorld) You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist being tricked into visiting a phishing site or downloading a Trojan horse. But when you've got the basics covered, but you still don't feel secure, what can you do?

Here are a few advanced security tips to help you thwart some of today's most common attacks:
1. Avoid scripting - This may be the one piece of advice that will do most to keep you the safe on the Web: steer clear of JavaScript, especially on sites you don't trust.
2. Back out of rogue antivirus offers - Rogue antivirus programs have emerged as one of the most annoying security problems of the past few years.
3. Sharpen your password game - People have to remember too many passwords on the Internet. Everyone knows this, but most of us get around the problem by using the same username and password over and over.Hackers know this as well, and they're happy to use it against you.

Read more by following the "full article" link.
|
|
Rating: 12345
 

The top 10 'most wanted' spam-spewing botnets

(Ellen Messmer, Network World) Spam continues to grow largely due to the growth in malicious botnets. Many botnets are command-and-control systems used by criminals and are still the main way that spam is spewed into your e-mail box. A recent report states that the worldwide spam volume has now climbed to 230 billion messages per day, up from 200 billion at the start of 2010.

M86 Security has created the "Top Ten Most Wanted" Spam-Spewing Botnets list, many of them are believed to be controlled in Eastern Europe by criminals who manipulate compromised systems, mostly PCs, around the world to generate spam:
1. Rustock (generating 43% of all spam)
2. Mega-D (10.2%)
3. Festi (8%)
4. Pushdo (6.3%)
5. Grum (6.3%)
6. Lethic (4.5%)
7. Bobax (4.3%)
8. Bagle (3.5%)
9. Maazben (2.0%)
10. Donbot (1.3%)

Read more by following the "full article" link.
|
|
Rating: 12345
 

Securing 4G smartphones

(Brad Reed, NetworkWorld) Like all good things, the increase in speed and power comes with greater risks: added data capacity, connection speeds makes 4G smartphones more vulnerable. This article describes what any smart IT department should know before allowing a 4G device onto its network.

The increased mobile data usage is only expected to intensify in the enterprise as more executives could try to use their favorite devices for both work and personal use. Mike Siegel, a senior director of product management at McAfee, says this will put a particular strain on IT departments' abilities to protect data across multiple operating systems and applications. "We have senior executives now who are pushing on IT to support Android or iPhone," he says. "With iPhone and Android, you have a propagation of applications that have connections back to sensitive corporate data in the cloud. So these devices now are very much a data leakage vulnerability."

What is to be done? Read more by clicking the "full article" link.
|
|
Rating: 12345
 

IT professionals still not protecting mobile devices

(Hannah Douglas, ITPro) In a time of threats to corporate data and costly breaches, companies aren’t doing enough to protect sensitive information, according to research.

According to a newly released report, sponsored by a data protection and management group, 52% of the nearly 300 IT security professionals surveyed do not encrypt the data on USB drives they use to carry company data.

The type of unprotected data reported by respondents was not insignificant, with 67% intellectual property, 40% customer data and 26%  employee details. Incidents of lost or stolen devices were also mentioned in the study, which said that 11% of the sample had experienced a breach recently.
|
|
Rating: 12345
 

3.7 billion phishing emails were sent in the last 12 months

(Carrie-Ann Skinner, NetworkWorld) Cybercriminals sent 3.7 billion phishing emails over the last year, in a bid to steal money from unsuspecting web users, says CPP. 25% of Brits have been victims of scams, losing on average £285.

A new research revealed that 55% of phishing scams are fake bank emails, which try and dupe web users into giving hackers their credit card number and online banking passwords. Hoax lottery and competition prize draws and 'Nigerian 419' scams that involve email requests for money from supposedly rich individuals in countries such as Nigeria, were also among the most popular phishing emails.

CPP also revealed social networking scams are on the rise. Nearly one fifth of Brits have received phoney Facebook  messages claiming to be from friends or family in the past year. One in 10 fear that fraudsters are using Twitter to follow them, while a third are concerned their social networking account could be hacked.

"It seems that not a day goes by without a new case of online fraud hitting the headlines. But what's concerning is that consumers are still falling victim," said Nicole Sanders, an identity fraud expert at CPP.
|
|
Rating: 12345
 

Cloud security: The basics

(Mary Brandel, NetworkWorld) Cloud computing is one of the most-discussed topics among IT professionals today. And not too long into any conversation about the most highly touted cloud models - software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS) - the talk often turns to cloud security.

According to Milind Govekar, an analyst at Gartner, cloud has rocketed up the list from number 16 to number two in Gartner's annual CIO survey of key technology investments. "Like with anything new, the primary concern is security," he says. In fact, the vast majority of clients who inquire about cloud, he says, would rather create a virtualized data center on their own premises - what some call a private cloud - because they're uncomfortable with the security issues raised by cloud computing and the industry's ability to address them.

"We are in the early stages of a fascinating journey into a new computing model that, for all its purported advantages, from a security and risk point of view, is a difficult thing to deal with," agrees Jay Heiser, an analyst at Gartner.[...] For this reason securing cloud computing environments will be a major focus of vendor efforts over the next year, says Jonathan Penn, an analyst at Forrester Research. In the short term, he sees users having to do a lot of the legwork, but over time, "cloud providers themselves will see the opportunity to differentiate themselves by integrating security," he says.
|
|
Rating: 12345
 

Endpoint security: managing enterprise smartphone risk

(Tim Lohman, Computerworld) Almost by the day, enterprises are becoming more receptive to the consumerisation of IT and introduction of mobile devices and platforms into their environment. But introducing smartphones, netbooks or newer technologies such as the iPad and e-readers, can pose security issues to an organisation - and to any customer or business included in the data held on the devices.

Threats such as Trojans and drive-by-downloads which attack and exploit unpatched vulnerabilities in software installed on an endpoint, rogue security applications, spyware, botnets, worms, viruses and phishing attempts are all threats that apply as much, if not more-so, to consumer devices as office-bound PCs. And once commercial data makes its way onto an employee's device, which is often unmanaged, the enterprise can no longer control its spread or usage. [...]

IT managers must also bear in mind that while employee devices perform a dual role - as a personal device and a company device - the protection of any organisational data held on the devices is totally up to the company, says senior marketing manager for Websense, David Brophy.[...]
|
|
Rating: 12345
 

Research: 1.3 million malicious ads viewed daily

(Dancho Danchev, ZDNet) New research indicates that 1.3 million malicious ads are viewed per day, with 59% of them representing drive-by downloads, followed by 41% of fake security software also known as scareware.

More findings from the Dasient research:
- The probability of a user getting infected from a malvertisement is twice as likely on a weekend and the average lifetime of a malvertisement is 7.3 days.
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware due to external partners (such as javascript widget providers, ad networks, and/or packaged software providers).
- Fortune 500 web sites have such a high risk because 69% of them use external Javascript to render portions of their sites and 64% of them are running outdated web applications.

The research’s findings are also backed up by another recently released report by Google’s Security Team, stating that fake AV is accounting for 50% of all malware delivered via ads.
|
|
Rating: 12345
 

Are you ready for these Internet security threats?

(Linda Musthaler & Brian Musthaler, NetworkWorld) Symantec has published its annual in-depth threat report and recommendations on how to improve enterprise security.

Based on multiple sources, the report presents an in-depth view of what threats exist on the Internet today, and what the trends are over a span of years. For example:
  1. There continue to be many targeted attacks on enterprise organizations.
  2. Web-based attacks are still common, and they are the primary means to install malicious code on computers.
  3. More than 240 million distinct new malicious programs.
  4. Executable file sharing has become the primary means of transmission of infections, especially for viruses and worms.
  5. Botnets are responsible for distributing 85% of spam.[...]
|
|
Rating: 12345
 

Mac Users Do Not Spam, Linux Users Do

(Wolfgang Gruener, ConceivablyTech) MessageLabs has released a new issue of its monthly intelligence report, which reveals interesting statistics of spam originating from client computers that are infected by botnets. Not surprisingly, most spam comes from Windows users, but Linux systems are five times more likely to be sending spam than Windows. And: There is virtually no spam that is sent from Apple Mac computers.

Spam still accounts for nine out of ten emails (89.9%) sent, one in 341 emails contains malware and one in 455 emails carries a phishing attack. Spam is dominated by botnets that infect client computers around the globe and use their connectivity to send out emails.[...]The entire spam volume caused by all botnets currently monitored is about 121 billion messages per day from up to 5.6 million computers. Non-botnet spam is only 7 billion messages per day, bringing the total spam volume to just above 128 billion messages per day.

If we look at the PCs that are controlled by the botnets and that are sending the spam, and break them down by operating system, MessageLabs’ data shows, not surprisingly, that 92.65% of all spam came from Windows machines, 0.001% from Mac OS X systems and 5.14% from Linux computers in March 2010.
|
|
Rating: 12345
 

Mobile Device Security Woes

(Jon Oltsik, NetworkWorld) Large organizations now realize that endpoint security (and management) extends beyond PCs to mobile devices like Blackberrys, Droids, iPhones, iPads. Mobile device security is one of those areas that should get more attention. Users want better data security and integrated solutions.

So which security technologies are most important for mobile device protection? According to a recent ESG Research survey, here are the top 5:
  1. Device encryption (51% of respondents rated this as "very important", 34% rated this as "important")
  2. Device firewall (48% of respondents rated this as "very important", 37% rated this as "important")
  3. Strong authentication (46% of respondents rated this as "very important", 41% rated this as "important")
  4. Antivirus/Anti-spam (45% of respondents rated this as "very important", 37% rated this as "important")
  5. Device locking (44% of respondents rated this as "very important", 41% rated this as "important")
|
|
Rating: 12345
 

New cyber security threats

(Veronica C. Silva, MIS Asia, NetworkWorld) A new report on consumer online behaviour and criminal activities on the Internet noted that new security threats have recently emerged, prompting the implementation of a mix of security solutions to protect unsuspecting victims.

Blue Coat's annual 'Blue Coat Web Security Report for 2009' released recently noted that security solutions are finding it difficult to keep up with the rapid attacks by cyber criminals. The popularity of social networking activities online is also making the Internet more vulnerable to recent attacks. The report noted that social networking sites accounted for 25% of activity among the top 10 URL categories last year. Web-based e-mail, on the other hand, dropped in popularity from fifth place in 2008 to ninth in 2009.

"The battlefield for information security against identity theft and cyber crime is the Web. The Web, and especially social media, is where the apps are, where the eyeballs are and, therefore, where the attacks are," said Andreas Antonopoulos, senior vice president and founding partner of Nemertes Research.[...]
|
|
Rating: 12345
 

Tens of millions still opening junk e-mail

(Dave Rosenberg, CNET) In this day and age of technological advancement and digital lifestyles, it's incredible to me that nearly half of a recently surveyed audience opened junk e-mail (aka spam), intentionally.

According to a new survey report, tens of millions of users continue to respond to spam in ways that could leave them vulnerable to a malware infection or bot network. The results of the survey show that nearly half of the users have opened spam, clicked on a link in spam, opened a spam attachment, replied, or forwarded it - all activities that leave consumers susceptible to fraud, phishing, identity theft, and infection.



Read more by following the "full article" link.
|
|
Rating: 12345
 

Spam plague in February and more to come

(Mis Asia Writer, Network World) Global spam volume grows by 25 per cent. A new research revealed a surge in spam levels in February 2010 to make up 89.4% of all e-mails.

Spam levels in Hong Kong reached 90.6% and virus activity in China was the highest in the world in February, according to Symantec's latest MessageLabs Intelligence Report. In Singapore, one out of every 319.2 e-mails contained a virus in a period when the total spam volume globally increased by about 25%.

In February, the most spammed industry, with a spam rate of 93.1%, was the engineering sector. Spam levels for the education sector were 90.8%, 89.3% for the chemical and pharmaceutical sector, 89.8% for IT services, 91.1% for retail, 87.6% for the public sector and 88.4% for finance.[...]
|
|
Rating: 12345
 

America's 10 most wanted botnets

(Ellen Messmer, Network World) Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Ranked by size and strength, these article presents the 10 most damaging botnets in the U.S.

1. Zeus
Compromised U.S. computers: 3.6 million. Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers.
2. Koobface
Compromised U.S. computers: 2.9 million. Main crime use: This malware spreads via social networking sites with faked messages or comments from "friends."
3. TidServ
Compromised U.S. computers: 1.5 million. Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment.[...]

Read more by following the "full article" link.
|
|
Rating: 12345
 

Spammers exploiting more news stories

(Lance Whitney, CNET News) "Bomb Blast." "Jackson is still alive: proof." "Obama cursed by Pope." These are just a few of the subjects used by cybercriminals last year to trick people into opening malware-infected e-mails.

Spam that uses the latest news headlines was just one of the hot trends last year in the world of cybercrime, according to McAfee's "Q4 Threats Report", released Tuesday. The latest threat assessment also noted a rise in "hacktivism," or politically motivated cyberattacks.

Though spam levels in the fourth quarter actually dropped by 24% from the third quarter, the daily volume of junk mail around the world still averaged 135.5 billion per day. To reach that level, spammers relied heavily on news stories, especially tragedies.


|
|
Rating: 12345
 

600% rise in phishing in 2009

(Linda McGlasson, Bank Info Security) Bogus security software applications are among the types of electronic crimes that grew 585% over the first half of 2009, according to a new study. The Anti Phishing Working Group's (APWG) latest report shows that rogue anti-malware programs, infected computers and crimeware broke new records in the first half of 2009.

Other important conclusions drawn through this analysis:
  1. The number of unique phishing websites detected in June rose to 49,084, the second-highest recorded since APWG began reporting this measurement.
  2. The number of hijacked brands ascended to an all-time high of 310 in March and remained at an elevated level to the close of the half in June.
  3. The total number of infected computers rose more than 66% to 11,937,944.
  4. Payment Services became phishing's most targeted sector.
"The Internet has never been more dangerous", says APWG's Chairman Dave Jevans. "In the first half of 2009, phishing escalated to some of the highest levels we've ever seen."
|
|
Rating: 12345
 

Social Media is the newest playground for cybercriminals

Cisco's Annual Security Report for 2009 highlights the impact of social media, particularly social networking, on network security and explores the critical role that people, not technology, play in creating opportunities for cybercriminals. The report also discusses trends in cloud computing, spam and overall global cybercrime activities that information technology professionals continue to face.

Social media experienced explosive growth in 2009. Facebook alone tripled its active user base to 350 million over the course of the year. Social media adoption is expected to continue growing into 2010, especially as more organizations realize the value of social networks as an absolute business requirement. Social networks have quickly become a playground for cybercriminals because members of these sites put an inordinate amount of trust in the other members of their communities and often fail to take precautions to prevent the spread of malware and computer viruses.

"The blending of social media for business and pleasure increases the potential for network security troubles, and people, not technology, can often be the source. Without proper cognizance of security threats, our natural inclination to trust our 'friends' can result in exposing ourselves, home computers and corporate networks to malware", says Patrick Peterson, Fellow, Cisco. "The value of social media is becoming acknowledged increasingly by businesses, but these same organizations need to provide the proper training and education to ensure that employees avoid compromising themselves and their businesses."

The Annual Security Report also provides more information on the potentially devastating combination of minor vulnerabilities, poor user behavior, and outdated security software that can dramatically increase risks to network security.
|
|
Rating: 12345
 

Report predicts the rise of self-healing botnets in 2010

(John E. Dunn, TechWorld ) The world is not only losing the war against spam, the situation might be about to get a whole lot worse with the emergence of a new type of automatic botnet able to thrive without direct human control, Symantec's MessageLabs division has warned.

MessageLabs reckons this is a sign that today's botnets have been modified to more quickly adapt to the loss of a particular nodes, transferring traffic through different channels in a matter of days or even hours. The speed of response necessary requires self-healing behaviour, including the use of encrypted channels for control based on P2P principles.

MessageLabs' Paul Wood predicts that during the coming year, botnets will migrate to a design based on "inbuilt self-sufficient code" able to adapt to anti-botnet activities and so improve their survival chances. The company has detected 5 million PCs that are now working on behalf of the botnets.

Previosuly considered a way of foiling the mass creation of email account to channel spam and get around reputation services based on trusting a whitelist of domains, CAPTCHA was now being defeated by individuals in sweat shops paid small sums to manually create accounts.

So what do reports such as this tell us that we might not have known a year ago? An important underlying theme is that criminality has now burrowed deep into the fabric of the Internet in ways that make tacking problems such as spam almost impossible.
|
|
Rating: 12345
 

Flash/Acrobat Reader Vulnerabilities: The Biggest Security Hole on the Web?

(Chris Crum, WebProNews) Two weeks ago, Adobe released a critical patch for Flash Player and Acrobat Reader. According to online security company Trusteer, about 80% of users are still vulnerable, and perhaps more startling, the company views this as being possibly the biggest security hole on the Internet today.

That 80% figure is based on Trusteer's installed base of over 2.5 million online banking users of the company's security service.
"The penetration of Adobe Flash and Acrobat is unparalleled," a spokesperson for Trusteer tells WebProNews. According to Adobe, 99% of Internet users run Flash.
Reader and FlashSo so many people on the web are running Flash, and Adobe released the patch two weeks ago, why are so many still vulnerable? Trusteer thinks Adobe just has issues with distributing patches.

"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.  For some reason, it is not effective enough in distributing security patches to the field," says Trusteer CEO Mickey Boodaei. "Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately."

According to the same study, targeting products like Flash and Acrobat is attractive to wrongdoers because they reach such a huge portion of Internet users. Browser use is much more diversified with Internet Explorer reaching about 65% of users and Firefox reaching 30%. Targeting Adobe's products just covers a lot more people.
|
|
Rating: 12345
 

Smartphones to become major hacker target

(Robert McMillan, TechWorld) Smartphones are set to become a prime target for criminals according to Google's head of Android security.

"The smartphone OS will become a major security target," said Android Security Leader Rich Cannings, speaking at the Usenix Security Symposium. Attackers can already hit millions of victims with a smartphone attack, and soon that number will be even larger. "Personally I think this will become an epiphany to malware authors," he said.

PCs running Windows are the prime target of criminal attacks today, and hackers have generally steered clear of mobile devices. Security experts say that this is because mobile phones haven't traditionally stored a lot of sensitive data, and because there are so many different devices to attack, it's hard to create a single virus that can infect a large number of users.

That may be changing as more and more people start using iPhones, BlackBerries, and - Google hopes - Android-based phones such as the Samsung I7500.

Google was late to market with an iPhone competitor - G1, the first Android system shipped in October 2008 - but the company hopes to make up ground by making its platform more open and appealing to developers. Android uses open-source components, and Google places fewer restrictions on device makers and application developers than Apple.
|
|
Rating: 12345
 

Prevent malware from spreading by e-mail links and attachments

(Michael Kassner, TechRepublic) There seems to be a run on e-mail induced malware lately. It seems that e-mail as a malware delivery vehicle is getting a second wind. E-mail attachments and links are popular methods for bad guys to install malware on computers. So it’s important to understand what to do when you get an e-mail that has an attachment or link in the e-mail message body.

E-mail attachments are files that accompany e-mail messages. Attachments can be one of two things:
  1. The actual file or document designated in the e-mail.
  2. A copy of the expected attachment that has malware embedded in it.
E-mail links are the underlined phrases in e-mail messages that simplify going to a specified Web site. Clicking on a link can cause one of three things to happen:
  1. The link opens the correct Web page referred to in the email.
  2. The link activates a malware program embedded in the e-mail message.
  3. The link is spoofed. It opens a Web page similar to the correct page, but with malware embedded in it.
Activating malware
E-mail malware requires user intervention to get started. It’s that simple. The bad guys will try any method possible to entice you to open an attachment or click on a link. One of their favorite tricks is to pretend that the e-mail is from someone you know. That way you have no reason to be suspicious.

Spread to other computers
Once installed, the malware will immediately try to infect other computers by sending out e-mail messages with the same infected attachment to all the e-mail addresses it found on the newly-infected computer.
Those recipients will more than likely open the e-mail attachment as well, because it appears to be from someone they know. So it’s not hard to see that this process will quickly overrun every computer on the network
|
|
Rating: 12345
 

Essential e-mail security measures

(Chad Perrin, TechRepublic) E-mail security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of e-mail security is ensuring you don’t shoot yourself in the foot. These best practices will help you avoid any mistakes.

There’s a lot of information out there about securing your e-mail. Much of it is advanced and doesn’t apply to the typical end user. Configuring spam filters such as SpamAssassin, setting up encrypted authentication on mail servers, and e-mail gateway virus scanner management are not basic end-user tasks.

The following is a list of some important security tips that apply to all e-mail users - not just users of a specific application. The first five are listed in the order one should employ them, from the first priority to the last. This priority is affected not only by how important a given tip is, but also by how easy it is to employ. The easier something is to do, the more likely one is to actually do it and move on to the next tip. The last five pointers are best practices that will help prevent users from making careless mistakes.

Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought.

At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML - or “Original HTML,” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.

If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail.
This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail for e-mail you want to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services, such as Hushmail, can often be less than diligent in providing security to their users’ e-mail.
|
|
Rating: 12345
 

The Web's most dangerous keywords to search for

(Dancho Danchev, ZDNetSecurity) Which is the most dangerous keyword to search for using public search engines these days? It’s “screensavers” with a maximum risk of 59.1 percent, according to McAfee’s recently released report “The Web’s Most Dangerous Search Terms“.

Upon searching for 2,658 unique popular keywords and phrases across 413,368 unique URLs, McAfee’s research concludes that lyrics and anything that includes "free” has the highest risk percentage of exposing users to malware and fraudulent web sites. The research further states that the category with the safest risk profile are health-related search terms.

Here are more findings:
  1. The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky
  2. The categories with the worst average risk profile were also lyrics sites (5.1%) and “free” sites (7.3%)
  3. The categories with the safest risk profile were health-related search terms and searches concerning the recent economic crisis. The maximum risk on a single page of queries on the economy was 3.5% and only 0.5% risky across all results. Similarly, even the worst page for health queries had just 4.0% risky sites and just 0.4% risk overall
This isn’t the first time McAfee is attempting to assess the risk percentage of particular search terms, as the company did similar studies in 2006 and 2007. And whereas the research attempts to raise awareness on malicious practices applied by cybercriminals, it also has the potential to leave a lot of people with a false feeling of security since it’s basically scratching the surface of a very dynamic problem.
|
|
Rating: 12345
 

IT Professionals Don't Walk The Walk On Mobile Security

(Jennifer Bosavage, ChannelWeb) A new survey finds that IT security professionals are suffering from "password fatigue" when it comes to using their mobile devices.

Credant Technologies, an endpoint data security vendor, surveyed 227 IT professionals for its study, many of whom were from companies with more than 1,000 employees. Thirty-five percent responded that they just don't get around to using passwords on their business phones and smartphones, although they may contain sensitive and confidential information.

The study found that IT professionals are only marginally better at using passwords than the general population; A survey conducted earlier in the year by Credant found that 40 percent of all users don't use passwords on their mobile phones. Different types of sensitive information are kept unprotected on smartphones and mobiles. For example, 23 percent said they store business e-mails, 12 percent have bank account details and 5 percent have credit card information unprotected on their devices.
|
|
Rating: 12345
 

Security essentials for Active Directory on Linux

(Kevin Beaver, CISSP TechTarget) As businesses continue to integrate Linux into their existing Windows infrastructures, extending Active Directory functionality to accommodate these systems is becoming more appealing. Many shops already run some combination of Samba/Winbind, PAM, and OpenLDAP that offer up Windows authentication services, among other things. Although some admins are looking ahead for ways to replace Active Directory altogether (a goal of Samba 4), don't hold your breath - Samba 4 has been four years in the making. There are commercial solutions for Active Directory/Linux integration available from vendors such as Quest, Centrify, and Likewise. So the need and the solutions are there. But, of course, it's not that simple - at least if security is on your radar.

Whether you've already started down the path of integration or have it on the docket for the near future, there are some Active Directory-centric security issues you need to be aware of. Like acquiring a new company and taking on its business processes and codebase, you're going to get the warts and all when you incorporate Active Directory into the Linux realm (or vice versa). You'll suddenly have all the security issues that come along with Active Directory – some of which will undoubtedly have some unintended consequences in your environment.

First off, dependence on Active Directory as your sole directory service and security policy enforcer can create a single point of failure. When Active Directory goes down – or goes away – because of some unintended outage, design oversight, or mismanagement, your network services can come to a halt. This is the least likely of scenarios - but you still need to consider it.

Another common weakness with Active Directory is the lack of separation of duties. Simply put every admin has full access to the system and there's no real accountability. Be it via general security groups or admin access at the OU (or similar) level, there needs to be some sort of separation if multiple hands are allowed access.

You also have issues with password policies – or lack thereof. This is probably the most common weakness I see related to Active Directory security. Interestingly, admins will go out of their way creating well thought-out security controls such as one-way trusts, GPOs (group policies) for locking down workstations and so on but minimal – and reasonable – password requirements are often missing.
|
|
Rating: 12345
 

Hijacked Address Book: How did it happen and what to do?

(Joe Rosberg, TechRepublic) Most of us have seen those spoof e-mails, when a personal e-mail address has been commandeered for the purpose of sending spam, but in this case, to everyone in your Address Book.

Here are a few ways it could happen:
Malware of some sort found its way onto your computer, and its sole purpose is to harvest e-mail addresses, which are then sent along to someone else for the purpose of sending spam e-mails.
Someone who has your e-mail address in their Address Book actually has the malware on their computer.
Some Web sites actually harvest e-mail addresses from a computer, especially those that presume to share things with others or invite friends, and so on; or perhaps people who are members of those sites have ways to harvest e-mail addresses from their friends.

What to do:
Scan your system for malware. Two tools I might recommend are Malwarebites and Hijackthis. And since some malware might resurrect itself through a Registry entry, perhaps running CCleaner would be prudent as well. However, consider the risks of running a Registry cleaner.
Make sure your antivirus software is installed and is up to date with the current virus definitions.
Make sure your Windows OS is current with all security updates.
Be careful of (or avoid) some (or all) of those social Web sites, especially ones that share e-mail addresses.
If your computer is clean, and you’re certain you weren’t compromised at a social networking site, send an e-mail to all the people in your Address Book to give them a heads-up that someone in your e-mail circle might be compromised. I would suggest sending them one at a time or with a blind CC, however, since I advise people to never send mass e-mails — although we probably all do it from time to time in certain cases.
|
|
Rating: 12345
 

Unsecured mobile devices could open a new back door into your network

(Paul Mah, TechRepublic) What kind of security policies do you enforce on mobile devices and smartphones that employees bring into the office? Are unsecured mobile devices opening up a back door into your corporate network? A study conducted by Credant Technologies shows that the use of mobile phones or devices for work-related matters is on the upswing. In a manner, this is surely good news, since what it means is that workers are increasingly being able to maximize their time — especially since shipments of smartphones have been projected to continue increasing.

Some of the statistics from the survey are as follows:
  • 35 percent receive and send business e-mail
  • 30 percent use them as a business diary
  • 17 percent download corporate information, such as documents and spreadsheets
  • 23 percent store customer’s information
In all, 600 commuters were interviewed at London railway stations. Interestingly, while 99 percent use their personal phones for some sort of corporate use or other, a quarter of them have actually been asked by their employer not to do so. The reason for that is simple enough — the possibility of losing one’s mobile phones to theft or carelessness could open the way to devastating data leaks.

In addition, unlike laptops where stored information is usually limited to whatever is on the hard disk, mobile devices are increasingly equipped and configured to tap into storage repositories and databases inside the corporate network.

The use of unsecured mobile devices
What I thought to be of particular concern here is the fact that 40 percent surveyed in this random sample failed to protect their mobile phones with even a rudimentary password. Extrapolating from this lack of security consciousness, the contents of media cards itself are likely to be similarly unprotected. I would not be surprised if the percentages of users without password or encryption were similar elsewhere.[...]

Whatever the approach, a deliberate strategy needs to be put into place to eliminate the presence of unsecured mobile device’s ability to access the corporate network.

The absence of a mobile usage policy
While computer usage policies are common in organizations by now, the situation is different when it comes to policies pertaining to the usage of mobile devices. As it is, mobile usage policy needs to be in place and followed by the implementation of security controls. This is hardly as easy as it appears to be, since these controls have to span the entire organization hierarchy in order to be effective. In addition, loss remediation procedures need to be drawn up and made known.
|
|
Rating: 12345
 

Conficker Worm To Strike April 1

(Stefanie Hoffman, ChannelWeb) The Conficker worm that has left a trail of destruction in its wake for the last six months is set for a new evolution April 1 that will enable it to stealthily launch a variety of malware attacks unbeknownst to the security community.

Security experts say that the new Conficker variant, which has infected at least 12 million users around the globe since its creation in October, will contain a new update mechanism that will allow it to communicate with its command and control centers to upload new marching orders and launch attacks at will.

Part of the new update will include a refreshed ability to dodge scrutiny from the security community, which has thus far been able to intercept communication between the worm and its domains. After April 1, however, the new Conficker variant will contain code that will prevent the security community from blocking updates.

"The Internet as we know it will still exist," said Paul Henry, security and forensic analyst for Lumension Security. "But what (the security community has) been doing will no longer work after April 1. There's great concern in the security community because they're no longer able to block the command and control communication of this botnet."

Like other renowned worms, Conficker relies on numerous attack vectors to self-replicate and spread, using such techniques as brute force password guessing to propagate throughout a network.

The latest and most sophisticated variant - Version C - of the Conficker worm, was renowned for infecting copious networks via peer-to-peer networks and USB drives. It also added numerous defensive measures designed to evade detection and removal by disabling Windows Automatic Updates and Windows Security Center. In addition, version C had the ability to block access to several security vendors' Web sites while rendering numerous antivirus products useless.
|
|
Rating: 12345
 

Fighting spyware with unified threat management

(Lisa Phifer, TechTarget) Spyware is no longer just a petty nuisance, clogging enterprise desktops and access links - it's also crimeware, driven by the desire for illicit profits. Gartner estimates that these financially motivated attacks will represent 70% of all network security incidents by 2010.

Winning the war against malicious spyware requires a layered defense applied at the desktop, server and network edge. Security professionals are already familiar with desktop antispyware programs, but consider also how unified threat management (UTM) appliances can help you defeat spyware at network and workgroup perimeters.

Here, there, everywhere
From pesky adware like ISTBar to stealthy attacks like Trojan-Backdoor-SecureMulti, spyware is now held responsible for one out of four help desk calls and half of the PC crashes reported to Microsoft. IDC estimates that more than 75% of corporate desktops get infected with spyware. According to antispyware vendor Webroot Software Inc., spyware-related downtime and cleanup costs corporations approximately $250 per user annually. Fighting spyware on the desktop requires new techniques and tools because not only has spyware evolved considerably in recent years, it also still behaves differently than viruses and worms. Many enterprise products (e.g., CA Inc.'s eTrust Pest Patrol, Lavasoft Ad-Aware Enterprise, Webroot Spy Sweeper Enterprise) focus exclusively on host spyware eradication. Antispyware programs are also being rolled into desktop security suites, such as Symantec Corp.'s Client Security, which combines host antivirus, antispyware, firewall and intrusion prevention. Microsoft has embedded basic antispyware defenses into its recently released Windows Vista operating system.

Network antispyware
In most companies, desktop antispyware simply isn't good enough. Employees connect infected laptops to the corporate network; desktop software breaks or becomes out of date; visitors, contractors and home workers don't run your chosen antispyware program. Protecting an entire network against spyware really requires a network-based product that can be easily controlled by IT.

UTM appliances complement desktop antispyware by enforcing spyware policies at the network edge. Most UTM appliances, from companies like Cisco Systems Inc., Crossbeam Systems Inc., Juniper Networks Inc., Fortinet Inc., WatchGuard Technologies Inc., SonicWall Inc., and Secure Computing Corp., among others, consolidate firewall, intrusion prevention and antivirus scanning, and may provide additional security services, including VPN, Web filtering, antispam and antispyware.
|
|
Rating: 12345
 

URL shortening: Yet another security risk

(Michael Kassner, TechRepublic) URL-shortening services such as TinyURL and Bit.ly are becoming popular attack vectors. You may not want to automatically click on the shortened URL after you read this.
Originally, the process of URL shortening was developed to avoid broken URLs in e-mail messages. The increased popularity of instant messaging (IM) and Twitter has escalated the use of URL-shortening services like TinyURL and Bit.ly, especially Twitter with its 140 characters per message limit.


How they work

TinyURL, Bit.ly, and other Web sites that offer URL shortening are similar in how they work. All that’s required is to:
   1. Go to the respective Web site.
   2. Copy/paste the actual URL into the appropriate field.
   3. Click on Shorten if you want the Web site to append a generic ending on the URL.
   4. If a custom URL is desired, enter your chosen ending and then click on Shorten.
Presto, you have a new shortened URL that has little meaning and isn’t visually related in any way to the official URL.

Potential phishing method
As with many applications that are helpful to normal law-abiding users, attackers and spammers tend to leverage that same usefulness for ill-gotten gain. URL-shortening services provide attackers and spammers with the following options:
   * Allow spammers to side step spam filters as domain names like TinyURL are automatically trusted.
   * Prevent educated users from checking for suspect URLs by obfuscating the actual Web-site URL.
   * Redirect users to phishing sites in order to capture sensitive personal information.
   * Redirect users to malicious sites loaded with drive-by droppers, just waiting to download malware.

As you can see, there are all sorts of opportunities for misuse, just because the victim has no idea where the shortened URL is pointing.
|
|
Rating: 12345
 

How to manage your risk with Web applications

(Polly Schneider Traylor, TechRepublic) Web apps continue to grow in popularity, but companies have legitimate concerns about security and reliability. Here are some ways to address potential risks and make sure you choose the right vendor.

Web-based software and services have proven to be a trend with staying power. Combine flexibility, relatively low maintenance and fees, and rich functionality and it’s easy to add up the benefits. Software as a service (SaaS), in particular, is playing out pretty well in today’s economy, according to IDC, which predicts the sector will see a 36 to 40 percent growth in 2009.

Yet many organizations, especially at the enterprise level, worry about offloading corporate data to a third-party vendor. Will security risks increase? What happens when reliability begins to suffer? How can they access critical data/systems during an outage? These are valid questions, but many experts actually think that your data is safest with a credible third-party whose business in effect is (or should be) managing the security and reliability of data across many customers. After all, if a vendor screws up, it will lose revenue, customers, and market share in a heartbeat.
|
|
Rating: 12345
 

Keeping Virtual Security Real

(Nick Lowe, Check Point) Remember the first time you drove a car on your own, and you’d get a kick from the sensation of sheer speed? Unfortunately, you also have to learn the mundane stuff like how to turn, stop and reverse safely. The same is true in organizations that deploy virtualization.

Compared with deploying physical servers and apps, virtualization is like driving a new sports car. It’s so easy to move quickly. But just like when you were learning to drive, you’ve got to find out how to do it safely. It’s easy to be seduced by the performance and ease of virtual machines (VMs), and overlook the more mundane aspects – like security.

Analyst Gartner predicted that in the coming year, 60% of VMs will be less secure than the equivalent physical servers. This makes VMs the target of choice for potential malware or hacking exploits. How do you go about narrowing the security gap between virtual and physical deployments, and what techniques will help mitigate the risks?

History lessons
The first step is to be realistic about the actual security risks to VMs. There’s a lot of theorising and discussion of potential risks, such as new types of malware that targets hypervisors, or other vulnerabilities. Certainly, malware attacks specifically targeting VMs will appear as usage continues to grow.

However, the more pressing and important issue is ensuring your virtual environment is designed and built as robustly as your physical network. Remember that we’ve all had to go through 15 years of painful experience in securing servers and data against constantly-evolving threats, and in developing robust network architectures to give the right security framework. It’s vital that this isn’t overlooked when deploying a virtualized environment. In fact, this hard-won security knowledge stands you in very good stead when it comes to securing the virtual world.

VM hygiene
This means going back to basics, and looking at which applications are being moved from physical servers to VMs – and to audit what VMs may already be in use in the organization. It’s easy to get carried away with the performance benefits, and overlook the fact that the applications running on the VMs need to be segregated – for example, a public e-commerce application (that may have sat in the organization's demilitarized zone) and an internal CRM system.
|
|
Rating: 12345
 

Security as a Service: Friend or Foe?

(Linda Tucci, Senior News Writer, SearchCIO-Midmarket) IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service - namely that an outsider does not know your company well enough to protect it - may be falling away, as businesses look for more ways to cut costs.

Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware.

Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. "Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings," said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises.

"Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said.

Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate.

Yet outsourcing security is not just about cost. "The world is becoming very hostile," said Sadik Al-Abdulla, solutions manager of security at CDW Corp.

"We have seen a substantial uptick in security incidents over the last two quarters, and even the automated attacks are going after data," said Al-Abdulla, who oversees CDW's advanced security practice, which has a strong midmarket bent (typically for companies with 1,000 to 2,500 users). "Maybe I am biased because I am in the security business, but I honestly believe that a single person can't keep up. I think a team of people who only do security can. So the question for the CIO becomes, do I hire a team or a company? There are reasons to answer that question both ways."
|
|
Rating: 12345
 

Malware in 2009: more sophisticated, more difficult to detect and simply .. more

2009 is expected to bring a continuing increase in the amount of malware, as Panda Security research shows that during the first half of 2008 as many malware strains (viruses, worms, Trojans etc.) in circulation as in the previous 17 years combined have been detected, and this trend is expected to continue, if not grow, throughout this year.

What else is to be expected?

  1. Banker Trojans and fake antiviruses will be the most prevalent malware types in 2009. Banker Trojans are designed to steal login passwords for banking services, account numbers, etc, while fake antiviruses try to pass themselves off as real antivirus products to convince targeted users they have been infected by malicious codes. Victims are then prompted to buy the rogue antivirus to remove these bogus infections. Cyber-crooks are currently profiting substantially from this type of fraud.
  2. A significant proliferation of malware targeting new platforms such as Mac OS Leopard X. Linux or iPhone. The number of malware strains created for Mac or Linux platforms will grow in 2009, although they will still represent a very low percentage compared to the total number of threats.
  3. The financial crisis will also bring an increase in malware related to stock markets and false job offers. Over the last few months of 2008, research has been conducted showing a clear correlation between the financial crisis and malware strategies: every stock market drop is followed by a spike in the amount of malware in circulation and the increase in the unemployment rate translates into a boom in false job offers aimed at recruiting money mules. According to the PandaLabs forecasts, this will repeat in 2009. Fake job offers will continue to grow whenever the unemployment rate goes up.
|
|
Rating: 12345
 

Report: Hackers Will Be Bolder, Smarter, Craftier in 2009

(TechNewsWorld) Malicious computer hackers will utilize better technological and psychological techniques in the year ahead, according to a security report from equipment vendor Cisco. Targeted attacks, cross-vector attacks and a rise in threats originating from legit domains are the report's most concerning trends.

As malware writers and Internet attackers become more sophisticated, 2009 looks to be a year of more focused attacks by profit-driven criminals bent on stealing data from businesses, employees and consumers.

Networking firm Cisco released its annual Threat Report Monday, citing a nearly 12 percent increase in the number of disclosed vulnerabilities over 2007 and a tripling of vulnerabilities in virtualization.

Targeted attacks and blended, cross-vector assaults, along with a 90 percent growth in threats originating from legitimate domains, top this year's list of the most worrisome new trends plaguing computer users, according to the report.

Attackers are changing tactics, leaving infected attachments behind for more specialized methods. Malware volume propagated via e-mail attachments declined by 50 percent from the previous two years (2005-2006), noted Cisco researchers.
|
|
Rating: 12345
 

Is it time for Internetpol to manage Internet?

It's been long time coming, and it seems that the sentence on internet freedom is drawing near. The question remains whether this will turn out to be about extra safety or just old-fashioned control and oppression.  

"(Pankaj Maru, ciol.com) With multi fold rise in IT security threats, malware programs, virus attacks and growing presence of global cybercrime networks, it's high time to have Internetpol (Internet Police)

According to a report recently published by F-Secure, a provider in security solution for Internet service providers, the amount of malware accumulated over the previous 21 years increased by 200 per cent just in the course of one year.  This year the overall detections count has tripled against 2007 and about 1.5 million signature based detections have been done by F-Secure. And the amount of malicious software, infections, number of botnets, criminal profits naturally calls for actions against the attackers.

Further, malicious sample totals increased by almost 350 percent, where 10 millions of suspicious samples have been imported, scanned, indexed, classified and categorized by F-Secure's Response Lab Systems, says the IT security threat report for 2008. This poses a question as to how could one deal with the issue. "It can be dealt in two ways, one by minimizing these attacks using technology and two by taking action against the culprits or perpetrators involved in such crimes," Mikko Hypponen, F-Secure's chief research officer (CRO) told CyberMedia News.

F-Secure's security technologies are based on Threat Analysis Process using the Blacklight – a scan engine for scrutinizing the virus and malware samples. "Our new security solutions – Deep Guard 2.0 is based on cloud approach offering real-time protection network, where the tool examines the applications or computer programs and accordingly blocks malicious programs and only allows the proper ones," he explained."

The fill article offers a broader view on the subject, and one cannot shake off the similarities with the Patriot Act, Operation silent night and other abuse-friendly safety projects. How much freedom are you willing to sacrifice for the promise of the secure web ?
|
|
Rating: 12345
 

Report Warns of More Cybercrime

E-war is upon us it seems, unless the ever-so-not-vigilant authorities up their efforts! Are online dealings and everyday browsing heading for the trenches?

(Richard Adhikari, internet.com) "The economic downturn, poor cooperation among law enforcement agencies and inadequate laws may see cybercriminals prosper – but not if the Obama administration takes warnings to heart.Next year could be a very good year for online crime if the economy gets any worse, security vendor McAfee warned.

Governments will be too busy grappling with economic issues, while desperate job seekers will become easy targets for cybercriminals, according to its annual cybersecurity survey, the McAfee Virtual Criminology Report. Law enforcement is another problem. Police forces are not adequately trained to fight cybercrime. Cross-border law enforcement is made difficult because agencies tend to act locally rather than globally, and international laws are not being implemented uniformly worldwide.

The report does contain some hopeful notes. The problems may become easier to solve if the incoming administration of President-elect Barack Obama implements the suggestions just made by the Washington-based Center for Strategic and International Studies (CSIS), Pamela Warren, McAfee's cybercrime strategist, told InternetNews.com.

Law enforcement authorities lack adequately trained personnel to sift through and use digital evidence, the report said. Those who are trained are either hired away by the private sector or, in some cases, recruited by the criminal underground. Further, outmoded laws see sentencing based on the level of physical damage, whereas, with cybercrime, the damage is not only physical.

In many states, cyberlaws are not clear as to whether botnets are illegal. Because different countries have different laws, and different definitions of crimes, it is difficult to conduct cross-border investigations or accurate statistics, the McAfee report said.

Changes in the law are also needed. Businesses and government agencies must bear legal responsibility when customers suffer Internet-related security losses unless the customers are guilty of gross negligence, the report said."

Read the full article to see what we'll be up against but, in the meatime, keep your email communication safe and pleasurable with Axigen, the best mailserver money can buy.

|
|
Rating: 12345
 

You Could be Getting Clickjacked

Phishing, online fraud, spam and now click-jacking...it's just not safe to go online anymore! But hey, I'm still keeping the faith because soon-to-be unemployed president Bush could make a dazzling career move. After he gained extensive experience from masterminding the "War on Terrorism", he would be the perfect commanding chief for the "War against Internet Crime"! He's gonna get'em !   

(By Sean Michael Kerner, Internet.com): If you're not careful about where you click, you could become a victim of a clickjacking attack.

Everyday we click on some kind of button in our Web browsers. It could be a simple "Yes" button to agree to something or a "submit" button for your password. But do you know what you're actually clicking? If you're not careful, you could become a victim of a clickjacking attack.

An attacker could potentially place a button under or over a legitimate button, making it difficult for users to detect. The mechanism for getting the malicious clickjack button in place could involve taking advantage of Adobe Flash as well as JavaScript.

Whitehat security founder Jeremiah Grossman gets the credit for reporting the clickjacking security issues to Adobe earlier this year. That led to an update for its Adobe Flash product. Grossman said latest Flash 10 player does a good job of protecting against clickjacking. 

Eric Lawrence, security program manager on Microsoft's Internet Explorer team, echoed Grossman's sentiment about the issue. Lawrence, who also participated in the live Black Hat Webinar, noted that IFRAMEs are critical for many mashup scenarios as well as some forms of Web advertising. Still, Lawrence added, focusing on IFRAME is important because if IFRAMEs can be better isolated than the risk from clickjacking can be mitigated.

"The clickjacking attack is a super interesting attack because it is one of the hardest things for a browser to address," Lawrence said. "Because it is essentially the browser working in the way it was designed and intended; there is a side effect that has a security impact that we now have to find a way to mitigate against. This is one of a few things ... putting the browser vendors on the defensive –where we have to find a way to not break the web while at the same time mitigating the vulnerability."

Just wait and see; e-criminals would tremble in fear of a true hero: George WWW Bush. But before the hope of tommorow saves the day, read the full article to learn what we're dealing with at present. Safe browsing everyone!

|
|
Rating: 12345
 

The FBI: Do Not Open Unsolicited E-mails

Most of us have been spammed, or royally emailed should I say, by the rich prince of African country X, offering millions of $$$ in exchange for a small financial aid (5-10k) to get their otherwise enormous amount of money out of the country. But here is a little something that appeals to fear rather than greed...

(Softpedia.com) The FBI has decided to take more measures to fend off the wave of spam attacks in which the sender pretends to be a hitman hired to kill the recipient of the email, or a loved one. The Internet Crime Complaint Center (IC3), a branch of the federal authority, has released an official note, advising people not to listen to the demands of a supposedly paid criminal who claims thousands or even tens of thousands of dollars (depending on their eagerness to become rich) from the victim.

Although these attempts to extort money from people were first reported back in 2006, July 2008 was the month when the attacks began to proliferate. Security organizations have made it clear that all that targeted people need to do is to delete the malicious emails and go on with their lives (which had not been threatened for a second, in fact).

Don't miss out on the full article and remember : "No decent hitman will ever contact you via email!".Either that or the Bureau wants to "turn your frown upside down" as you await the unfortunate outcome...

|
|
Rating: 12345
 

15 Email Statistics That Are Shaping The Future

(Convince & Convert) Which of These Email Marketing Stats Scare You Most?
1. 21% of email recipients report email as Spam, even if they know it isn’t
2. 43% of email recipients click the Spam button based on the email “from” name or email address
3. 69% of email recipients report email as Spam based solely on the subject line
4. 35% of email recipients open email based on the subject line alone
5. IP addresses appearing on just one of the 12 major blacklists had email deliverability 25 points below those not listed on any blacklists
6. Email lists with 10% or more unknown users get only 44% of their email delivered by ISPs
7. 17% of Americans create a new email address every 6 months
|
|
Rating: 12345
 

Email Security Is Being Disregarded...

...and this can lead to security breaches and data loss!

(Softpedia.com) GFT inboxx, a British company specialized in archiving solutions, performed a survey which returned alarming results – over fifty percent of the questioned employees responded that either they didn't have any email policies at work or they didn't have knowledge of them.

The majority of respondents indicated that they had learned on their own that their company implemented security enforcements or some policies regarding email storage. Hereby, over two thirds of the respondents said that they had not been instructed in archiving their electronic mail, or advised on what they should keep after reading and what they should delete.

Click "full article" below to get all the info on this!
|
|
Rating: 12345
 
Close send to email window
 



Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll
.01

What OS do you use for your email server?
Linux
Windows
Other
disabled next
.02

How many mailboxes do you currently manage?
1-50
51-300
300+
previous next
.03

Would you like to comment upon the choosing of this particular OS?

previous
 
DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)