23 total posts
McAfee Bakes Encryption Into Data Protection
Encryption capabilities to target leaks at the network, endpoint and mobile device-levels.
McAfee has baked encryption technology into its latest data security product in a bid to protect mobile devices, endpoints and the network from data leaks.
Dubbed McAfee Total Protection for Data, the product is the Santa Clara, Calif.-based security vendor?s answer to compliance regulations requiring business secure customer data.
It is an amalgamation of a number of McAfee products, including the company?s Endpoint Encryption, Device Control, DLP Host and DLP Network software. Though each component adds its own layer of security and can be purchased separately, with the inclusion of encryption technology, McAfee officials hope they can help customers address a key element of data loss prevention ? the case of the missing device.
EU official: IP is personal
IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.
Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data."
His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is ? something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.
New Symbian worm in the wild
It affects S60 2nd Edition phones.
The SymbOS/Beselo family of worms is very similar to Commwarrior. In fact at first we actually misidentified Beselo.A as Commwarrior.Y. Like Commwarrior, Beselo worms spread via MMS and Bluetooth using social engineering to trick users into installing an incoming SIS application installation file.
Facebook criticised for retaining user data
Facebook's data protection policies are to be investigated by the UK's Information Commissioner's Office (ICO), after a user complained that they were unable to fully delete their profile after terminating an account.
Currently, Facebook users who wish to remove their profile are given the opportunity to deactivate their account. However, although the information from deactivated accounts is no longer accessible, it remains on Facebook's servers so the account can be reactivated at a later date.
According to Facebook, this is in "full compliance with UK data protection law" and the social-networking site says it does not use the information from deactivated accounts.
Ikea rapped for flat-pack spam
Vulnerability on homepage gave hackers access to email servers
Security firm Tier-3 has warned companies to review IT security arrangements following a potentially serious spam incident that affected the email servers of furniture giant Ikea.
Tier-3 said that Ikea had recently closed a serious security hole that gave hackers and phishers full access to its email servers, allowing them to send bulk email from the furniture giant's systems.
Geoff Sweeney, chief technology officer at Tier-3, said that the most troubling aspect is that the flaw allowed hackers to use Ikea as a launch pad to send specially targeted emails containing zero-day Trojans or root-kits.
Confusing .au.com domain threatens Aussie users
A US-based anti-spyware company has registered the ".com.au.com" domain name, which experts fear could be used by cybercriminals to create more convincing phishing attacks.
For example, typing www.google.com.au.com or www.commbank.com.au.com, will redirect to an anti-spyware download page -- as will all other URLs that finish ".com.au.com" or ".org.au.com".
Users who accidentally add .com at the end of an Australian domain will also be redirected to the fake anti-spyware site.
Virtualization: What are the security risks?
Virtualization will become dominant in enterprises, but the security risks are fuzzy at best. Meanwhile, the usual defense?firewalls, security appliances and such aren?t ready for virtualization.
Server virtualization can aid security, but virtualized environments bring their own headaches.
Hypervisors introduce a new layer of privileged software that can be attacked.
Not enough attention has been paid to patching and confirming the security of virtual servers.
Communications between virtual machines are likely to be popular attack vectors.
There?s money to be made in virtualization security.
Those are some of the big takeaways from a ThinkEquity report by Jonathan Ruykhaver.
Bottom line? Read it and details for the above at http://blogs.zdnet.com/security/?p=821
Latest iPhone firmware unlocked
The latest version of the firmware for Apple's iPhone has fallen to hackers less than a week after its release.
Two hackers working separately have both succeeded in jailbreaking version 1.1.3 of the firmware, iPhone Atlas reports. One of the hacks requires hardware modification, so it's not suited for those of a nervous disposition or lacking in electronics expertise.
More and the video clip at http://www.theregister.co.uk/2008/01/22/iphone_jailbreak/
New Sophos Security Report reveals cybercriminals moving
IT security and control firm, Sophos, has published its Security Threat Report 2008 examining the threat landscape over the previous twelve months, and predicting emerging cybercrime trends for 2008. The report reveals that in 2007 organised criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money. With proof that hackers are extending their efforts beyond Windows, Sophos is warning computer users of all operating systems not to be complacent about security.
Sophos experts note that malware for Macs has been seen before, but until recently, organised criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available. However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognised there is a viable and profitable market in infecting Macs alongside Windows PCs. For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on websites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.
"No-one should underestimate the significance of financially-motivated malware arriving for Apple Macs at the end of 2007. Although Macs have a long way to go in the popularity stakes before they overtake PCs,particularly in the workplace, their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," said Graham Cluley, senior technology consultant at Sophos. "Mac users have for years prided themselves on making smarter decisions than their PC cousins - well, now's the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."
Cybercriminals moving beyond Microsoft to Apple and Linux
A new report reveals that in 2007 organised criminal gangs for the first time started attacking Internet connected Apple products with the intention of stealing money. The report issues a chilling warning that the increased popularity of Mac computers and the enthusiastic take-up of net connected products such as iPhone and iPod Touch has its down side.
Symantec: Drive-by Pharming in the Wild
After many months that Symantec talked about the concept of a drive-by pharming, then recently saw instances of actual attackers attempting a basic version of drive-by pharming.
In one real-life variant that we observed, the attackers embedded the malicious code inside an email that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router?s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker?s Web site.
Now, anyone who subsequently tried to go to this particular banking Web site (one of the largest banks in Mexico) using the same computer would be directed to the attacker?s site instead. Anyone who transacted with this rogue site would have their credentials stolen.
Now that the first instances of the attack have been observed, they expect there to be others.
Drive-by pharming attack hits home
Whenever you type an address into an Internet browser, that address is instantly resolved into the site's numerical Internet address by a DNS server located somewhere in the world. On Tuesday, Symantec announced that online criminals have started to remotely redirect your home network router's DNS server so that whenever you type in a financial institution or other trusted site, your browser will instead be redirected to a bogus or phishing Web site.
Heathrow PC security probe launched
Hacker discovers 'wide open' public access terminal
Public access internet security terminals at Heathrow airport may be vulnerable to hacking attacks. An Italian hacker stumbled on flaws that create a possible means for miscreants to load key logging software or other malware on a PC that allowed members of the public to access the internet. The same flaws create a means for the unscrupulous to obtain free internet access.
The firm that runs the terminals, Spectrum Interactive, is investigating reports first relayed to it by security consultancy RedOracle, which was approached by the white hat hacker who came across the wide-open PC. RedOracle, which was born as security-related website before becoming a security consultancy, informed Spectrum Interactive of the problem. In response, Spectrum Interactive pulled the affected PC and launched an investigation.
"We are aware of the incident that has been reported on one of our 1,900 Internet Desks," Daniel Gray, head of group marketing at Spectrum Interactive told El Reg
RedOracle has published a detailed advisory, including screenshots obtained from its informant, documenting the problem.
51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today.
San Diego based security firm Websense says that roughly 51 percent of all the malicious sites it found in the second half of 2007 were legitimate sites that were compromised by attackers. Malicious, compromised Web sites are especially dangerous because they usually already have a steady stream of trusting visitors. Many of these visitors may not have the latest patches for their Web browser of choice.
The report, available here in PDF form, doesn't go into how the sites were hacked, but Web site hackers compromise sites pretty much the same way they do personal computers: through unpatched security holes.
Report in PDF: http://blog.washingtonpost.com/securityfix/Security%20Labs%20Report%20Q4_011808.pdf
Websense: Second half of 2007 in review
As another year comes to close, let's look back at the lessons we have learned and extrapolate what we can expect to see this year. As the philosopher George Santayana would say, "Those who cannot remember the past are condemned to repeat it."
ThreatSeeker Technology Q3-Q4 2007 Results*
51% of Web sites with malicious code are legitimate sites that have been compromised, rather than sites specifically commissioned by hackers
18% of malicious Web sites were created using a toolkit
87% of email messages are spam
65 % of unwanted messages contain malicious URLs (including links to spam and malicious sites)
Ask.com's Privacy Tool Tracks Users, Groups Tell Feds
A coalition of privacy groups filed a federal complaint Saturday against Ask.com, alleging that AskEraser - the company's recently unveiled search engine history anonymization tool - doesn't actually protect users' privacy and could be used to track people when they thought they were anonymous.
The groups, which include the Electronic Privacy Information Center, are asking the Federal Trade Commission to find that Ask.com is engaged in unfair trade practices by making false promises to users. The groups want the FTC to force the company to modify the program.
Specifically, the groups charge that even when the search anonymization tool is turned on, Ask.com's advertising partners -- which include Google -- are able to see and store search terms and identifiers that tie a search to an individual.
'Highly critical' security bug bites HP Virtual Rooms
A security researcher has uncovered a serious security bug in a Hewlett-Packard website used to host virtual meetings that could allow an attacker to remotely run malicious code on the machines of people who use the service.
The vulnerability in HP Virtual Rooms resides in the ActiveX client used to install the service on users' PCs, according to this advisory posted Tuesday on the Full-Disclosure mail list. Vulnerability tracking service Secunia rates it "highly critical," because it can be used by attackers to compromise a user's machine.
FBI requests spawn network forensics start-up
Start-up Packet Analytics Corp. on Monday announced a tool for searching aggregated log data to analyze traffic activity between IP-based host computers.
Net/FSE, which stands for Network Forensic Search Engine, is Linux-based server software that provides a Web interface for network managers to easily see an analytical profile of host-to-host activity based on NetFlow router data as well as log information related to the organization's firewall, intrusion-detection systems and security information management. (Learn more about Security Information Management products from our Security Information Management Buyer's Guide.