Friday, December 31, 2004

SSL VPNs Poised For Significant Growth: "SSL has emerged as the remote-access VPN technology of choice. In the past two years, adoption has climbed to 44% of all North American enterprises having started or completed SSL VPN rollouts. Financial services is the most aggressive vertical deploying SSL VPN, with 56% currently using the technology. Business services rounds out the verticals that have passed 50% penetration. As the market continues to mature, the top-tier vendors will find other vertical industries where SSL VPNs help solve specific business and regulatory issues. Look for healthcare, retail, and manufacturing to be the most attractive verticals moving forward because of their requirements for extranets and remote access to legacy apps."—Forrester

Thursday, December 30, 2004

Netcraft Releases Anti-Phishing Toolbar: "AgainstHate writes 'Netcraft has released an Anti-Phishing Toolbar that provides detailed information about the website you are visiting (sites' hosting location, country, longevity and popularity) at all times to help users to validate fraudulent URLs. It also natively traps cross site scripting and other suspicious URLs. The toolbar also enables users to report phishing attacks to Netcraft, thus blocking any other unsuspecting users from being harmed (Netcraft supervisor validation is used to contain the impact of any false reporting). Currently the toolbar is only available for IE but a Firefox version is under development.'"—Slashdot

Wednesday, December 29, 2004

Trojan horse threatens latest Windows XP: "Phel program attempts to use an HTML file to infect computers running Windows XP Service Pack 2."—News.com
Computer Viruses Broke 100,000 In 2004: "Sammy at Palm Addict writes 'The count of known computer viruses broke the 100,000 barrier in 2004 and the number of new viruses grew by more than 50% according to news from the BBC. The BBC also reports that 'phishing attempts, in which conmen try to trick people into handing over confidential data, are recording growth rates of more than 30% with attacks are becoming increasingly sophisticated.''"—Slashdot

Thursday, December 23, 2004

Mobile Phones Under Malware Attack: "The release of new malware that targets mobile phones has been increasing over the last few weeks."—Designtechnica

Tuesday, December 21, 2004

European IP VPN market to generate 8.56 bln euros in 2008: "European IP VPN services market generated 2.73 euros bln in 2003. In 2008, it is estimated to be worth EUR 8.56 bln, which suggests that almost 70% of the total potential market is likely to implement an IP VPN solution by then. Between private and public infrastructure-based IP VPN technology, the former accounted for 72% of total market revenue in 2003. This segment is expected to experience the majority of growth; in 2008, it is expected to account for close to 85% of total market..."—AlwaysOn Network

Monday, December 20, 2004

Security hole found in Google desktop search: "Researchers at Rice University have discovered what they say is a flaw in the beta version of Google's Desktop Search product that could allow third parties to access users' search result summaries, providing a sneak peek at part of the content of personal files."—InfoWorld: Top News
Schneier defends Google Desktop Search: "Bruce Schneier says ‘don’t kill the messenger’ regarding the security implications of using Google Desktop Search. This defense contrasts sharply with a recent warning from Gartner advising corporate users not to use (or allow use of) the tool. As usual, Schneier takes the high altitude view..."—The Tablet PCs Weblog

Friday, December 17, 2004

Will Microsoft's Spyware Buy Cast a 'Giant' Shadow?: "Analysts predict that Microsoft will start a price war by introducing an enterprise-class product that fights both spyware and viruses. But will customers buy a security product to protect software sold by the same company?"—eWEEK

Thursday, December 16, 2004

Microsoft buys anti-spyware technology firm: "Redmond has acquired Giant Company Software, a provider of anti-spyware, anti-pop-up and antispam tools."—News.com
Symantec to buy Veritas for $13.5 billion: "update Deal is the latest sign of consolidation in the enterprise software market and the second major acquisition this week."—News.com

Wednesday, December 15, 2004

Report: Phishing increases, gets more sophisticated: "There was a 29 percent increase in phishing attack sites reported in November compared to October along with increasing incidents of phishing attacks using malicious code to steal consumers' online banking and credit card credentials, according to a report Wednesday from the Anti-Phishing Working Group (APWG), of Menlo Park."—Silicon Valley Business Journal
Meet OpenVPN: "Connecting road warriors with a full-blown open-source VPN solution."—Linux Journal

Monday, December 13, 2004

Check Point Supports Microsoft Network Access Protection Technology for Security Policy Enforcement: "In addition to Check Point's existing support for the industry-standard 802.1x and Extensible Authentication Protocol (EAP), support for Network Access Protection technology builds upon Check Point's Total Access Protection (TAP) endpoint security initiative. TAP provides a security policy enforcement framework for heterogeneous networks. Extending the TAP initiative to support Microsoft's Network Access Protection strategy provides enterprise security professionals with new tools for their security arsenal to combat the risks posed by hackers, targeted attacks, spyware and malicious code."—Business Wire
An Applications View on Security: "In fact, more than 80 percent of companies have detected system penetrations of internal origin, according to data compiled by insurance brokerage and risk management company Arthur J. Gallagher & Co., in Itasca, Ill. This means that applications performing their normal function, at the behest of authorized internal users, must be viewed as dwelling in hostile territory rather than in trusted environments."—eWEEK

Friday, December 10, 2004

Penn State warns students off of Internet Explorer: "Penn State is advising its students to drop Internet Explorer in favor of alternative browsers. The decision to advise against IE use arises out of concerns about security."—Ars Technica
Avoid Using Accounts With Administrative Privileges: "A common issue in many organizations is the prevalence of users that run their laptop or desktop with administrative credentials. It is a best practice for all user accounts to be members of the Users group. Users should not be allowed to log in routinely using accounts that are members of the Administrators group. By enforcing this change, users will not be able to install unapproved software that may contain viruses or other types of potentially dangerous code.

Implementing this requirement may be challenging, but using Windows XP Professional with logo certified applications makes this easier. Applications that are not logo certified may not run correctly for users without administrative privileges. To find a list of logo certified applications, look for software labeled "Designed for Windows XP" on the Windows Catalog page of the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=22382."—Microsoft: Securing Windows XP

Why you shouldn't run as admin: "The #1 reason for running as non-admin is to limit your exposure.  When you are an admin, every program you run has unlimited access to your computer.  If malicious or other 'undesirable' code finds its way to one of those programs, it also gains unlimited access."—Aaron Margosis, Microsoft Federal
Browsing the Web and Reading E-mail Safely as an Administrator: "I've said this many times, but I'll say it again, 'Running with an administrative account is dangerous to the health of your computer and your data.' So, whenever someone says they must operate their computers as administrators, I always try to persuade them it's not the correct thing to do from a security perspective."—Microsoft Security Developer Center
Symantec to buy intrusion detection software company Platform Logic: "Antivirus software company Symantec signed an agreement to buy Platform Logic, a maker of intrusion detection software (IDS) for an undisclosed sum, according to information obtained by IDG News Service."—InfoWorld: Top News
Spyware: The Next Real Threat: "A Computer Associates exec warns that spyware will soon become an even bigger headache for enterprises than viruses."—eWEEK

Thursday, December 09, 2004

Security Execs Identify Top Issues for 2005: "Worms, viruses and regulatory compliance rank among the major worries."—internetnews.com

Wednesday, December 08, 2004

IMlogic unveils IM, P2P threat-detection network: "IMlogic and several partners today unveiled a threat center network to provide a central place for detecting and analyzing IM and peer-to-peer threats, including IM-borne viruses, worms, spam over IM and malicious code."—Computerworld News

Tuesday, December 07, 2004

'White collar' virus writers make cash from chaos: "According to Sophos, this new breed of commercially motivated virus writers may be new to the scene. 'They are less likely to brag about their exploits but police have the possibility of finding them by tracing the money trail from other cybercriminals,' Cluley says."—The Register
Microsoft Tightens Windows Server 2003 Security: "Microsoft ships the first release candidate for Windows Server 2003 Service Pack 1, a security update that makes many of the changes in Windows XP SP2, plus many new network access security enhancements."—eWEEK
Check Point releases VPN-1 SecureClient for Mac OS X: "Check Point today released its VPN-1 SecureClient for Mac OS X, an integrated, endpoint security sol..."—MacNN
Cisco killer comes of age: "Juniper CEO Scott Kriens talks about Juniper's famed rivalry with Cisco and why network security is necessary to the future of the Net."—News.com

Monday, December 06, 2004

Trend Micro gives away mobile antivirus software: "Trend Micro Inc. will become the latest major antivirus software company to provide protection against mobile phone viruses, with new antivirus and antispam software for mobile phones running the Microsoft Corp. Windows Mobile and Symbian Ltd. operating systems."—Computerworld
Who would you like to attack today?: "MessageLabs predicts that Trojans and other malicious code specifically developed to compromise particular organisations will become a greater threat next year. Mark Sunner, chief technology officer, said the singling out of certain companies to be the victim of phishing attacks 'could signal the beginning of a wider trend. Already particular businesses are threatened and blackmailed, indicating a shift from the random, scattergun approach, to customised attacks designed to take advantage of the perceived weaknesses of some businesses.'"—The Register

Zero-hour defenses will become, if they're not already, absolutely required.
Changing Patch Habits With Microsoft: "Microsoft's consistent release cycle is having a huge impact on enterprise security management, though worm writers are focusing on the regularity."—eWEEK
A technologist looks back, looks ahead: "Indeed, for many of us, the fundamental nature of work itself is changing—enabled by cheap, ubiquitous networking, communications, coordination and information-sharing technologies. The 'virtual office' is more the norm than the exception."—News.com

The challenge for security firms is to provide protection, both for corporate networks against attack and for sensitive data against theft, across virtual networks connecting loosely knit confederations of businesses.
Spyware on My Machine? So What?: "There's a reason why so many PCs are infected with spyware and adware: Users seem to have stopped caring about having online privacy. Many are saying spyware is a small price to pay for free applications."—Wired News

Friday, December 03, 2004

Desktop Search: The Ultimate Security Hole?: "While uncovering lost e-mails or past Web page visits may appeal to some users, analysts are warning enterprises that desktop search makes it possible to reveal personal and confidential information on corporate computers."—eWEEK

Thursday, December 02, 2004

Corporate PCs 'riddled with spyware': "Five per cent of the PCs scanned had system monitors and 5.5 per cent had Trojan horse programs, the two most nefarious and potentially malicious forms of spyware. The audit - based on scans of more than 10,000 systems, used by more than 4,100 companies - is touted by Webroot as the first comprehensive analysis of the presence of spyware within corporate networks."—The Register
Anti-Spyware Products Don't Live Up to Promises: "John Wells writes 'In the December, 2004 issue of PC World, the author of an article titled Poor Defenders concludes that most commercial anti-spyware software is ineffective. In tests using a fresh install of XP and 6 typical spyware infections the commercial software failed to stack up against freeware competitor Spybot Search and Destroy. Four out of seven commercial products failed to remove any of the infections. One product even installed 57 spyware files itself! Conclusion: Use freeware products like Spybot and Lavasoft's Ad-Aware SE Personal.'"—Slashdot
In 2008 spyware removal will be $305 mln industry: "From a minor annoyance for home-PC users to a major plight on enterprise environments around the world, SpyWare (also known as AdWare, MalWare, ScumWare, and a host of other sordid names) is infecting mlns of computers with multiple purposes: stealing personal information, enabling identity theft, tracking users' online activity, and selling the information back to anyone willing to pay. According to IDC, the need to identify and eradicate these parasitic programs will drive..."—AlwaysOn Network
New VOIP Exploits Coming Soon: "Experts say VOIP systems' many layers provide more entry points for attackers, even though vendors downplay the risks to avoid 'scaring the consumer' away from a growing market. The message for enterprises: Consider security above cost when weighing the options."—eWEEK
VPN Evolution Progressing to SSL: "One VPN technology is decommissioned, but the replacement causes problems. SSL offers some answers, but there are still issues to be resolved."—Computerworld
Microsoft releases patch to plug IE vulnerability: "Microsoft today released an out-of-cycle security bulletin and patch for a critical hole in Internet Explorer that is already being widely exploited by attackers."—Computerworld News
Upcoming HP software hopes to slow malware: "New server monitoring software from HP aims to slow down the spread of viruses and other malware. Released first for Win2K and Win2K3 ProLiant servers, the software will attempt to throttle rogue processes."—Ars Technica