▼ Sharing Files: The Untold Story of Software Piracy
By Jack M. Germain
Source: TechNewsWorld.com

When you get down to the basics, using broadband connections in the workplace to download files for personal use does more than steal productivity and cheat employers out of bandwidth costs. Employees generally are not aware of the damage their P2P and instant-messaging use does to their companies. 

File-sharing through the dozens of software piracy  mills on the Internet and well-known peer-to-peer networks like Kazaa , Morpheus , iMesh, eDonkey, Gnutella, LimeWire and Grokster accounts for thousands of illegally downloaded music files, games, movies and software. Computer security experts warn that more harm than the mere theft of intellectual property by piracy occurs through participation in file-sharing over the Internet. For example, use of file-sharing operations usually leads to situations in which computers -- and even networks -- are infected with spyware, malware and backdoors left ajar for hackers. (Read more...)
_________________________________

▼ Symantec Eyes One-Stop Shopping
By Dennis Fisher
Source: eWeek
 
Looking to solidify the company's place at the top of the security heap, Symantec Corp. executives are considering a new pricing model in which enterprises using Symantec's managed services would pay a single price for all the products and services they purchase from the company.

The pricing plan, which has been under consideration since before Symantec's recent acquisition of storage company Veritas Software Corp., would position Symantec as a true one-stop shop for an enterprise's security needs, company officials said. With one of the broader portfolios of security software, hardware and managed services offerings in the industry, the new model could give Symantec a leg up on other vendors and allow the company to gain even more market share and awareness at minimal cost. (Read more...) 0105
_________________________________

▼Microsoft Backpedals on Exchange Security Roadmap
By John Pallatto
Source: eWeek

Microsoft Corp. Wednesday disclosed that it will not ship—as a separate product—its Exchange Edge Services, a set of e-mail security and anti-spam enhancements for Exchange Server.

In May, Microsoft said it would roll out Exchange Edge Services in 2005. The package was expected to provide support for identification standards, such as SPF (Sender Policy Framework), as well as other tools and techniques designed to stop spam, including IP Safelist, or presolved puzzle validity—a technology that requires e-mail servers to solve complex computational puzzles for each message they send out. ADVERTISEMENT
Instead, Microsoft plans to wrap some Exchange Edge Services features into Exchange Server 2003 Service Pack 2 (SP2) that the company plans to release in the second half of 2005.  (Read more...) 1204
_________________________________

▼ Bulk of year's PC infections pinned to one man
By Munir Kotadia
Source: CNET News.com              

Sven Jaschan, self-confessed author of the Netsky and Sasser viruses, is responsible for 70 percent of virus infections in 2004, according to a six-month virus roundup published Wednesday by antivirus company Sophos.  (Read more...)
_________________________________

▼ Study: Security Is Now Top IT Concern
By Sean Michael Kerner  
Source: internetnews.com

Security has overtaken cost cutting as the top concern of IT managers with more than 75 percent of those polled in a new IDC study rating security as a very or extremely significant challenge.

According to IDC, the heightened level of security as a top concern has also had a corollary effect on IT security spending.  (Read more...)
_________________________________

▼ New Viruses Hit 30-Month High  
By TechWeb News
Source: Information Week

Sophos says there were 959 new viruses released on the Internet last month, the most since December 2001. 

The number of new viruses released on the Internet in May hit a 2-1/2-year high last month, an anti-virus vendor says.

Five new viruses released in May made Sophos' Top 10 for the month. Included are Sasser, Netsky-Z, Sober-G, Bagle-AA, and Lovgate-V, the company said Wednesday. Sasser led the pack in the number of infected machines reported. (Read more...)

►See also: Harry Potter virus targets children
Muggles spell trouble for family email accounts (Read more...)
_________________________________

▼ Study: ID theft usually an inside
By Bob Sullivan
Source: MSNBC

Up to 70 percent of cases start with employee heist

A soon-to-be-released study reveals what some identity theft experts have hinted at for years -- the crime is largely the work of insiders. In a study of more then 1,000 identity theft arrests in the United States, Michigan State professor Judith Collins has discovered that perhaps as much as 70 percent of all identity theft starts with theft of personal data from a company by an employee.

"It used to be that shrinkage (theft) was the biggest cost to employers after payroll and healthcare. Today what we have to think about, in the information age, is employees stealing information," Collins said. "Why steal merchandise when they can steal data and get money?" (Read more...)
_________________________________

▼ Financial Firms in Hackers' Crosshairs
By Sean Michael Kerner  
Source: internetnews.com

IT security attacks on some of the world's leading financial institutions more than doubled from last year, according to a new survey from Deloite & Touche.  

The professional service firm's annual Global Security Survey showed a dramatic rise in the number of respondents reporting system breaches. In 2003, 39 percent claimed they had been attacked, in 2004 the number jumped to a whopping 83 percent. (Read more...)
_________________________________

▼ IT Burden Forces Security Outsourcing
By Sharon Gaudin 
Source: CIO Information Network

Historically, enterprises have remained leery of taking care of network security anywhere but in-house. But those ideas may finally be changing.  

While outsourcing is on the rise in high-tech areas like programming and data center maintenance, IT administrators have remained leery of taking care of network security anywhere but in-house.

But those ideas may finally be changing.  

Keeping viruses at bay. Repelling hacker attacks. Ensuring that prying eyes aren't getting a look at private information. All of these functions are critical to keeping a business guarded and out of financial trouble.  

Security is so critical that IT executives have wanted to keep it in-house where they can keep an eye on what's happening in that realm and make sure that their best people are accountable for it. (Read more...)
_________________________________

▼ Under the Radar: IM Emerging as a Stealth Threat
By Allen Bernard
Source: CIO Information Network 

Instant messaging has moved out of your kid's bedroom and into the office next door. And this could spell trouble for your network security administrator. First, though, they have to know it's there -- and many don't.  

Although not nearly as pervasive as email or Web browsers, instant messaging (IM) is becoming more and more popular in the corporate world. Yet most IT managers have no idea how widespread IM is within their organizations. And this is a problem -- specifically, a security problem. 

Because IM clients reside on users' desktops and communicate with the outside world using http, it is difficult to identify IM messages from everyday Web traffic. Yet, IM clients are basically interpretation programs, like Microsoft Word, that can execute all manner of attachments, thus creating a backdoor into the corporate network, said Fred Cohen, a principal analyst with the Burton Group.

"Companies that don't have a proper policy in place and the technological safegards to support that policy have big (security) holes," he said.  (Read more...)
_________________________________

▼ Security managers: Companies can no longer afford patch-as-you-go
By Bill Brenner, News Writer
Source: Security Wire Perspectives    

Network security managers who abandoned the patch-as-you-go approach to confronting past worm attacks seem to be having the most success limiting the impact of the Sasser strains. But however good their methods and tools are, they worry Sasser is just the latest symptom of what they've long feared -- that malicious code writers are finding quicker ways to exploit vulnerabilities and overcome the latest mitigation systems.

Dennis Racca, president of Andover, Mass.-based systems security provider Umbra Networks said the scope of the Sasser outbreak has been much broader than past attacks. Of his half-dozen clients, Racca said Windsor, Conn.-based Advo Inc. -- a direct mail marketing company hit by earlier worms like Netsky, Bagle and Welchia -- has had the most trouble with Sasser.  

He said security platforms like Mazu Network's Profiler have helped him blunt the impact. But he worries attackers may already be capable of producing something much more destructive. (Read more...)
_________________________________

▼ How To Catch Hackers: A Captains Guide
By Hinesh Jethwani
Source: CXOtoday

‘Know your enemy’ - an unwritten rule that every soldier swears by - is quickly turning into the most effective method to stop hackers dead in their tracks. New age IT detectives, with hardcore military expertise in understanding the very psyche of their enemy, have setup a bold front to protect enterprises against hackers.

In an exclusive with CXOtoday, Captain Raghu Raman (ex-military), CEO of a specialized group that provides security consultancy in the country - Mahindra Special Services Group (MSSG), said, “It is easier to teach technology to a security professional, rather than training a technology expert to understand the concepts of security. Today, most security breaches are discovered purely by chance. The only way that security experts can get on top of hackers is by sniffing out a familiar pattern – a technique which is ingrained into the minds of security professionals.” (Read more...)
_________________________________

▼ Common Security Vulnerabilities in e-commerce systems
By K. K. Mookhey
Source: Security Focus

The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. The different types of vulnerabilities discussed here are SQL injection, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows.

Successful exploitation of these vulnerabilities can lead to a wide range of results. Information and path disclosure vulnerabilities will typically act as initial stages leading to further exploitation. SQL injection or price manipulation attacks could cripple the website, compromise confidentiality, and in worst cases cause the e-commerce business to shut down completely. (Read more...)
_________________________________

▼ Students warn of hacking threat
By Tess Livingstone
Source: NewsInteractive

Three Brisbane university students have discovered a major flaw in wireless network technology that means hackers can bring down critical infrastructure in as little as five seconds. 

The finding, which is likely to have worldwide ramifications – was identified by the Queensland University of Technology's Information Security Research Centre.  

Wireless technology is booming in popularity because it allows for access to the Internet without the need for cables and it is also used in some countries to control infrastructure such as railways and electricity.  (Read more...)
_________________________________

▼ Open Source Vulnerability Database Opens for Public Access
Source: OSVDB

The Open Source Vulnerability Database (OSVDB), a project to catalog and describe the Internet's security vulnerabilities, opened for public use on 31 March 2004.  

The OSVDB project was launched in 2002 following a realization in the security community that no independent, community-operated vulnerability database existed. There were, and still are, numerous vulnerability databases. Some of these databases are managed by private interests to meet their own requirements, while others contain a limited subset of vulnerabilities or have significant restrictions on their content. None are simultaneously comprehensive, open for free use, and answerable to the community. The OSVDB's organizers set out to implement a vulnerability database that meets all those requirements. (Read more...)
_________________________________

▼ Computer crime gets more costly
By Ian Townsend
Source: ABC Online 

A new survey has found that the cost of keeping the Internet secure from criminals has risen 20 per cent in the past year as the number of attacks increases "exponentially". 

The Australian Computer Emergency Response Team (AusCERT) 2004 survey reveals that computer crime, misuse and abuse is costing organisations, on average, more than $100,000 a year. (Read more...)
_________________________________

 ▼ Security Tools

Spam Cost Calculator
Shows lost salary and lost productivity for your company as the result of spam.

Security Check
Tests your computer's exposure to online security threats and shows how to make your computer more secure.