Archive for the Category ◊ IT Security ◊

F5 Shakes Up the Firewall Market
Friday, February 03rd, 2012 | Author: admin

The high-end of the firewall market has really been dominated by two companies: Crossbeam Systems (with Check Point Software) and Juniper Networks. Over the past few years, these two firms won most of the high revenue/high margin enterprise and service provider deals.

Of course, others took notice and wanted their own piece of the pie. Cisco came out with its ASA 5580 a few years back. Network security guru Sourcefire introduced a high-end hardware architecture and a firewall in 2011. Finally, Check Point jumped in with its own high-end hardware as well.

As if this space wasn’t crowded enough, F5 Networks threw its hat in the ring this week with the announcement that its Big-IP 11.1 software passed the ISCA Labs test for network firewalls.

This may seem like just another feature for Big-IP but it’s not. F5 has a unique position amongst its competitors because:

READ MORE …

Category: IT Security  | Leave a Comment
Cybersecurity Report Stresses Need for Cooperation
Thursday, February 02nd, 2012 | Author: admin

As they grapple with a growing crop of increasingly sophisticated threats that know no political borders, nations must dramatically improve their framework for coordinating on cybersecurity policy and preventing and responding to attacks, according to a new study sponsored by security software vendor McAfee.

McAfee commissioned the Security and Defense Agenda (SDA), a prominent think tank based in Brussels, to canvas global leaders and cybersecurity experts for the report entitled, “Cybersecurity: The Vexed Question of Global Rules,” released at an event here on Monday.

The authors of the report emphasized the need for sharing information about threats in real time, both among nations around the globe and between the public and private sectors in any given country.

READ MORE …

Category: IT Security  | Leave a Comment
IRS helps bust 105 people in massive identity theft crackdown
Thursday, February 02nd, 2012 | Author: admin

The Internal Revenue Service and the Department of Justice teamed up for a coast-to-coast crackdown on identity thieves this week.

The coast-to-coast law enforcement onslaught arrested 105 people in 23 states and included indictments, arrests and the execution of search warrants involving the potential theft of thousands of identities and taxpayer refunds, the IRS stated. In all, 939 criminal charges are included in the 69 indictments and information related to identity theft.

READ MORE …

Category: IT Security  | Leave a Comment

Can industry heavyweights Google, PayPal, Microsoft and AOL — along with 11 others in high-tech such as Facebook and LinkedIn, as well as the financial world’s Bank of America and Fidelity Investments — succeed in stopping phishing attacks right in their tracks? In uniting behind an effort called DMARC.org unveiled today, the group says it can through policy-based steps filter out spoofed email that attackers use for phishing.

“Whether you are an enterprise or offering a consumer service, you can apply this policy now,” says Brett McDowell, senior manager of customer security initiatives at PayPal, who is chairman of the organization DMARC, which stands for “Domain-based Message Authentication, Reporting and Conformance.” The DMARC.org site today published guidelines and the specification for its technology, which makes use of the well-known standards Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), two basic approaches widely used today for authenticating email.

READ MORE …

Category: IT Security  | Leave a Comment
Breaches, like history, repeat themselves
Wednesday, February 01st, 2012 | Author: admin

Two recent studies show that if organizations simply focused on IT security basics, they’d make great strides in reducing their risk of embarrassing, avoidable and often costly data breaches.

Security firm Imperva examined attack trends across 40 applications and monitored millions of attacks that targeted web applications for the six-month period spanning June through November of last year. The firm found that attackers like to target five relatively common application vulnerabilities: remote file inclusion, SQL injection, local file inclusion, cross site scripting and directory traversal attacks. The majority of these attack vectors have been significant problems for years.

Rafal Los, chief security evangelist, HP Software Worldwide, says the industry’s inability to rid itself of lingering and well-understood software vulnerabilities isn’t a problem due to lack of technology. “It’s now a behavioral problem. Development organizations have more resources than ever to create a rational, security-infused software development lifecycle (SDLC) which doesn’t ‘bolt-on’ security at the very last stages,” says Los. “Until security becomes a fundamental business objective, the behaviors that today lead to things like SQL injection will continue. We need to “hack” the business relationship – from there I firmly believe things will finally start to get better.”

READ MORE …

Category: IT Security  | Leave a Comment
Shopping online not without some risk
Tuesday, January 31st, 2012 | Author: admin

Keeping it simple isn’t safe online.

As we leave a season of significant growth in online shopping, another story questions the security of online shopping.

Zappos, a popular online retailer, revealed Jan. 15 that more than 24 million of its customers’ records were stolen by hackers. Although full credit card content was encrypted due to compliance requirements enforced by Visa and MasterCard, other data such as customer e-mail addresses, shipping and billing addresses, phone numbers, the last four digits of the credit card and passwords were compromised.

The passwords, which are commonly used by consumers on various Internet sites, are the biggest concern. The password data were cryptographically scrambled, but hackers have free easy access to tools to descramble them.

READ MORE …

Category: IT Security  | Leave a Comment
EU data protection law proposals include large fines
Saturday, January 28th, 2012 | Author: admin

The European Commission has put forward the suggestion as part of a new directive and regulation.

The new rules include users’ “right to be forgotten” and an obligation on organisations to report data breaches “as soon as possible”.

The boss of one tech-focused organisation described the proposals as a “tax” on firms holding customer data

READ MORE …

Category: IT Security  | Leave a Comment
Symantec admits stolen source code impacts pcAnywhere
Saturday, January 28th, 2012 | Author: admin
ig Yellow has done an about-face in light of new analysis that confirms users of its pcAnywhere software may be at risk to attack due to the disclosure of source code.

Symantec is advising users of its pcAnywhere remote access product to disable the software if they don’t absolutely need it.

The warning comes amid confirmation by the security giant that hackers, believed to be affiliated with the Anonymous hacktivist collective, accessed a portion of the company’s source code dating back to 2006, according to anote on Symantec’s website. The code was related to the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks and pcAnywhere.

READ MORE …

Category: IT Security  | Leave a Comment

The European Parliament’s website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organization classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.

The Parliament issued a statement saying it had acted to reduce the impact of the attacks, but the site was still down as of mid-afternoon Thursday.

Take the data breach quiz

Anonymous, a loose-knit group of hackers and digital activists, has undertaken a series of DDOS attacks against government websites and other organizations following last week’s international take-down of Megaupload, whose operators are wanted by U.S. authorities for alleged copyright infringement related offenses.

READ MORE …

Category: IT Security  | Leave a Comment

Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.

READ MORE …

Category: IT Security  | Leave a Comment