New password-stealing virus targets Facebook

by Michael Smith (Veshengro)

According to Reuters Wire Services Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, said McAfee.

This shows yet again how careful users have to be and also that users have to, finally, understand that rarely any service, whether FB or other, will contact users in such a way.

I have personally had a “stupid”, for that is the only word that comes to mind, email telling me that my login credentials had been lost due to a fault in their system and I should click on the link given in the email to sort it out. Right, and pigs fly.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its web site earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began.

Dave Marcus, McAfee's director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," he said.

The email's subject line says "Facebook password reset confirmation customer support," according to Marcus.

But the email may also have other tag-lines and everyone be best advised to ignore and – if so inclined – report such emails to the companies concerned.

Once again my advice:

  1. Have good anti-virus protection and no, you do not have to pay for it. AVG will do nicely.

  2. Do not open any links that have been given in any such emails as reputable companies do not work in such a manner.

  3. In addition to that with regards to Facebook: Do not use any applications on that social network, especially none that are third-party and most of them, in fact, are. Many a virus and Trojan is hidden in them.

Beware that there are many scams going on and try not to be the next victim.

Copyright © 2010

IT experts warn users turn off WiFi to prevent laptop theft

Credant warns users to turn off WiFi to help prevent laptop theft

Credant Technologies, the endpoint data security specialist, has warned laptop users to turn off their WiFi signals before stowing their laptop in the boot of their car or stashing their laptop in the office cupboard or desk drawer, apparently out of sight of thieves.

"BT Openzone recently announced it had passed the million WiFi access point mark in the UK (http://bit.ly/9t3ZF4) and cellular carriers are also boosting their WiFi coverage areas to take the load off their hard-pressed 3G networks, which all adds up to something of a WiFi explosion in the UK," said Sean Glynn, Credant's VP Marketing.

"This in turn has triggered the widespread availability of low-cost keyfob WiFi detectors for under a fiver, and quite sophisticated directional detectors for around the 30 pounds mark, both of which can be used by thieves to detect the presence of an out of sight laptop," he added.

Glynn's warning comes after a warning from a security analyst in Jamaica has reported that a large number of laptops are being stolen using WiFi detection techniques for later criminal use (http://bit.ly/aktKPv)

And, he says, with auction sites selling WiFi detection kit for pocket money prices, it is only a matter of time before this type of laptop detection technique finds its way to the UK.

Credant's observations, he went on to say, suggest that the real focus of identity thieves is the company laptop, which, as well as being a saleable item in its own right, can also contain valuable company data that can potentially be sold to the highest bidder online.

And as the jailing of the Darkmarket carder forum mastermind for almost five years on Friday illustrates (http://bit.ly/a2QZKs) identity theft is now big business, he noted.

Glynn went on to say that, because the latest laptops have a set time - sometimes up to 30 minutes - before they go into sleep mode when the laptop lid is shut, it doesn't take a genius to realise that shopping malls around 6pm on weekdays can be a prime source of potential notebook computers, just waiting to be stolen from cars.

"And whilst the office worker is busy inside the mall doing their shopping, no-one is going to think twice about someone in a suit waving their `car keys' around, ostensibly trying to find their car, when in fact s/he is looking for the strongest WiFi signal," he said.

"You may not be able to totally prevent your laptop being stolen, but only switching on your WiFi when you really need it, and, of course, encrypting your data on the notebook drive, will go a long way to preventing your computer becoming just another statistic," he added.

For more on Credant Technologies: www.credant.com

To be perfectly honest I cannot understand why anyone would want to leave the WiFi (Wireless LAN) on their laptop, notebook or netbook computer on when not in use, and that for simply one single and simple reason alone; namely the fact that the transceiver for the wireless uses battery power.

It is always advisable, simply for power management, to have the WiFi off when it is not being used.

Eskenzi PR with additional writing by Michael Smith

Personal data of 15,000 National Guardsmen lost

15,000 more reasons to archive data, says Origin Storage, as Arkansas National Guard archival disk goes missing

Basingstoke, March 2010: Reports that staff data spanning more than five years at the Arkansas National Guard have gone missing on a back-up drive highlights the need for encrypted backups to be taken on live data - and also strengthen the argument that live data should also be encrypted, says Origin Storage.

"The archival drive reportedly contains the names, addresses and social security number details of at least 15,000 current and former members of staff as at March 2009, and spans back to the start of 2004," said Andy Cordial, managing director of the storage system integration specialist.

"Whilst some experts claim that encrypting live data is overkill in some situations, the fact that was an archival disk, and almost certainly only accessed if the computer's primary drive went down, means that high levels of encryption should have been applied," he added.

Cordial noted that this isn't the first time a US military database has gone missing as, back in the spring of 2006, similar details of more than 2.2 million US military personnel - including nearly 80 percent of the active-duty force - were stolen (http://bit.ly/cXjE4B).

That data, including more than 430,000 National Guard members, was subsequently recovered after an in-depth investigation by the US military, indicating the potential value to fraudsters of the information that was stolen - "and that is before we start taking about US national security," he said.

According to the Origin Systems MD, the fact the US National Guard is recommending that all affected current and former members of staff contact a credit reference bureau indicates the potential fall-out from this hard dive loss, as the data lost is a identity thief's dream come true.

Social security numbers in the US, he explained, are much more powerful that national insurance IDs in the UK, as they are commonly used a means of identification online and over the phone, much as dates of birth are used in the UK.

The sheer size and history of the US, he said, means that there is a distinct possibility of several people of the same name having the same birthday but, because the social security number is unique to an individual, it is a much more useful identifier.

As a result, he added, most citizens use the number as their personal user credential when deadline with financial or government institutions.

"As a supplier we always recommend that archival data be protected by multiple layers of defence, such as encryption and password protection, as seen on our Datalocker range of secure backup systems (http://bit.ly/2vb6y9)," he said.

"And since we are dealing with a lot of staff data here it's also advisable to encrypt the current database, only decrypting data on the fly as and when it is needed. There is simply no excuse not to use password plus encryption on such valuable data," he added.

For more on the Arkansas archival drive theft: http://bit.ly/cW5sRp

For more on Origin Storage: www.originstorage.com

Source: Eskenzi PR

Industrialized cyber attacks infect educational servers worldwide

Hackers Automate in ‘Industrial Revolution’ Threat

Imperva Report Details Industrialization of Cyber Attacks and Uncovers Hacker Scheme to Infect Educational Servers Worldwide

London, March 2010 – Imperva, the data security leader, on March 1, 2010 released a new report warning that hackers have become industrialized and represent an exponentially increased threat to individuals, organizations and Government.

Imperva’s report says the emerging industrialization of hacking parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production. The result is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability.

The report, The Industrialization of Hacking, can be downloaded at: http://www.imperva.com/ld/industrialization.asp

As an example of this ‘industrial revolution’, Imperva has discovered a new hacker scheme that is infecting educational servers worldwide with Viagra ads that infect web users with malware when they visit the infected page on the legitimate education site.

According to Imperva, cyber-criminals are using industrialized methods to automate an as-yet unreported search engine manipulation scheme that has infected hundreds, possibly thousands of .edu and .ac.uk servers worldwide with Viagra ads. “This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State, University of Oxford and more. Ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public,” explained Imperva CTO Amichai Shulman.

The mass infection can be easily seen by searching Google US with the terms “Viagra and .edu”: http://www.google.com/searchhl=en&source=hp&q=viagra+.edu&aq=f&aqi=g10&aql=&oq=

Or Google UK with the terms “Viagra and .ac”: http://www.google.co.uk/#hl=en&source=hp&q=viagra+.ac&meta=&rlz=1R2GZAZ_enGB348&aq=f&oq=viagra+.ac&fp=a73fa2ac306dd28e

Key findings in the report include the organizational structure and technical innovations for automating attacks:

  • Organization structure – Over the years, a clear definition of roles and responsibilities within the hacking community has developed to form a supply chain that resembles a drug cartel. The division of labor in today’s industrialized hacking industry includes:

Researchers: A researcher’s sole responsibility is to hunt for vulnerabilities in applications, frameworks, and products and feed their knowledge to malicious organizations for the sake of profit.

Farmers: A farmer’s primary responsibility is to maintain and increase the presence of botnets in cyberspace through mass infection.

Dealers: Dealers are tasked with the distribution of malicious payloads.

  • Technical innovations—Hacking techniques once considered cutting-edge and executed only by savvy experts are now bundled into software tools available for download. Today, the hacking community typically deploys a two-stage process designed to proliferate botnets and perform mass attacks.

  • Search engine manipulation. This technique is the most prevalent method used to spread bots, yet remains virtually unknown to the general public. Essentially, attackers promote Web-link references to infected pages by leaving comment spam in online forums and by infecting legitimate sites with hidden references to infected pages. For example, a hacker may infect unsuspecting Web pages with invisible references to popular search terms, such as “Britney Spears” or “Tiger Woods.” Search engines then scour the websites reading the invisible references. As a result, these malicious websites now top search engine results. In turn, consumers unknowingly visit these sites and consequently infected their computers with the botnet software.

  • Executing mass attacks through automated software—To gain unauthorized access into applications, dealers input email addresses and usernames as well as upload lists of anonymous proxy addresses into specialized software, the same way consumers upload addresses to distribute holiday cards. Automated attack software then performs a password attack by entering commonly used passwords. In addition, today’s industrialized hackers can also input a range of URLs and obtain inadequately protected sensitive data.

About Imperva

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. More than 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit www.imperva.com.

Source: Eskenzi PR

Imperva launch new service to block automated cyber attacks

Imperva Introduces ThreatRadar To Mitigate Automated, Industrialized Cyber Attacks

First Reputation-Based Service for Web Application Security

London, March 2010 – Imperva, the data security leader, today announced the general availability of ThreatRadar, a new add-on to Imperva’s market-leading Web Application Firewall (WAF) that provides automated, reputation-based defense against large scale industrialized cyber attacks.

“ThreatRadar dramatically increases an enterprise’s ability to stop attacks by automatically adapting the defense so traffic from malicious sources can be blocked before an attack is attempted,” explained Imperva’s CTO Amichai Shulman. “By harnessing the collective insight of the security community, ThreatRadar can block traffic from malicious sources. As attackers shift locations and techniques Imperva’s ThreatRadar-powered WAF delivers the broadest arsenal of defense capabilities available today.”

Anyone using ThreatRadar with Imperva’s WAF will have an effective means to mitigate:

  • Mass SQL Injection attacks coming from botnets

  • Several types of automated attacks such as Comment SPAM campaigns, scraping attacks, web email SPAM attacks

ThreatRadar specific ally provides protection against:

  • Malicious sources: Up-to-date protection from sources that have repeatedly performed malicious activity on other web applications. Often part of the ten million plus botnet network they are executing attacks on behalf of remote hackers.

  • Anonymous Proxies: Up-to-date protection from sources that are used as anonymous proxies. By hiding the identity of traffic sources, anonymous proxies are often exploited by hackers to launch attacks.

  • The Onion Router, a.k.a., TOR IPs: Up-to-date protection from the TOR hacker network. Hackers use the TOR network to launch attacks without revealing their identity and location.

  • Phishing URLs: Real time alerting on phishing incidents against your domain.

  • In addition, ThreatRadar will provide:

  • IP Forensics Tool: A dynamic, web-based tool providing additional context on attackers, including geographic location and user profile, that takes the guesswork out of incident analysis.

  • Ongoing threat updates–Imperva’s Application Defense Center (ADC) has researched and integrated credible attack source data providers to ensure protection accuracy and effectiveness. The ADC will continually update attack sources as an ongoing service.

About Imperva

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. More than 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit www.imperva.com.

Source: Eskenzi PR

Brocade welcomes Government’s IT Strategy

Smarter IT is needed not more IT

The news announced by the UK government that it expects to make savings of £3.2 billion annually from 2013/14 made through transformation in public sector information technology has been broadly welcomed by Brocade.

Paul Phillips, Regional Director UK and Ireland, Brocade, stated: “The announcement that the Government’s ICT strategy will focus on a smarter, cheaper and greener public sector ICT infrastructure should be broadly welcomed by both the industry and tax payer alike,”

“Promoting efficient and effective services for the public is a worthy objective. However schemes such as this will only be truly effective when joined together and integrated seamlessly, as opposed to ad hoc and individual approaches that often lead to IT duplication and considerable waste. It’s more than making information available, it’s about clever investments being made in networking technologies. Investments that are designed to deliver leaner, cost-effective infrastructures to complement existing business models,” added Paul Phillips.

Under the IT Strategy the government intends to create one secure, resilient and flexible network which will enable every area of government to adapt their ICT to best deliver for the public.

“Critically for the first time, the plan also intends to bring together all Government departments, local government and wider public sector organisations to remove unnecessary overlaps between departments and avoid the costly duplication of IT,” he continued.

The key provisions outlined by the Government include:

  • Launching a Government Cloud ('G-Cloud') which is intended to enable public sector bodies to select and host ICT services from one secure shared network. Multiple services will be available from multiple suppliers on the network making it quicker and cheaper to switch suppliers and ensure systems are best suited to need.

  • Cutting the of the number of data centres to approximately 10 to 12 which is expected to save £300 million, lead to 75% reduction in power and cooling requirements of the centres and ensure data storage is secure, accessible and sustainable.

  • Creating a Government Applications store designed for sharing and reusing online computer programmes (like standard Office applications such as word processing and email) on a pay by use basis. It will speed up procurement and deliver savings of approximately £500 million per year.

  • Implementing a common desktop strategy which will lead to savings of £400 million per year.

“What is clear is that as a result of the economic downturn many in the public sector are now looking at investing in networking technology to improve efficiency in their organisation to reduce the burden on the tax payer. This is about smarter IT and not just IT for IT’s sake,” added Phillips.

Source: Spreckley Partners

Mobile workforce shift will cause security headache for many companies

Infosecurity Europe says mobile workforce shift will cause security headache for many companies

London, UK – A report just recently published that highlights the rising numbers of workers are moving to a truly mobile working environment confirms what many in the IT security industry have suspected for some time, says Claire Sellick, Event Director for Infosecurity Europe.

The iPass report, which took in responses from 1,000 enterprises, found that large swathes of enterprise staffers are using their smartphones to access their email - and a whole lot more.

"What is particularly concerning is the fact that 54 per cent of Blackberry users said they would move to an Apple iPhone if they were offered one, and 63% of employees prefer their smartphone over a laptop," she said.

"The problem here is that, whilst it's relatively easy to defend a laptop against the vagaries of a mobile Internet connection, securing a smartphone is a whole new ballgame for many IT managers," she added.

And, Sellick went on to say, as iPass said in its report, there are clear resultant risks in terms of compliance and security that arise from the migration to smartphones.

Many of the exhibitors at the upcoming Infosecurity Europe event, which takes place at London's Earl's Court exhibition centre on 27th - 29th April, are showing security solutions to what many people are calling the shift to agile working.

In addition, she explained, the show's education programme - which sees a raft of industry professionals giving their advice to visitors free of charge - will help IT managers make the transition to agile working in a safe and secure manner.

What is clear from anecdotal evidence - as well as studies of the enterprise workforce such as this latest one - is that the shift to mobile working is becoming something of a revolution, rather than the progressive evolution that many have previously observed.

"It's clear that enterprises now face the issue of workers using their smartphones, as well as their laptops, whilst on the move. One of our exhibitors has report on the subject (http://www.infosec.co.uk/ExhibitorLibrary/662/Mobile_security_26.pdf) and theme will be explored in several of our keynotes and seminars at the show," she said.

"In many ways, it is security issues such as this that makes the education programme at the show so attractive to attendees, who would normally have to pay for the free advice from a variety of industry professionals if they were at a conference," she added.

For more on the mobile workforce report: http://bit.ly/9hEHvw

To register to attend or for more information please visit www.infosec.co.uk

About Infosecurity Europe

Infosecurity Europe, celebrating 15 years at the heart of the industry in 2010, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of five Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 27th – 29th April 2010, in Earls Court, London. For further information please visit www.infosec.co.uk

Source: Eskenzi PR

Dell put Credant's Encryption on all Commercial client systems

Credant Announces Encryption Security Solutions Now Available Factory Installed On Dell Commercial Client Systems

Provides Customers with Compliance-Ready, Non-Disruptive, Centrally Controlled Endpoint Data Protection

Credant Technologies, the market leader in endpoint data protection solutions, will provide Dell with encryption and data protection for its commercial client systems. Beginning today, Dell customers may select the Credant Mobile Guardian Dell Edition security encryption solution factory installed on Dell Precision™ workstations, Latitude™ laptops and OptiPlex™ desktops, along with other Credant solutions through Dell’s Software and Peripheral (S&P) store with commercial laptop and desktop computer purchases.

Bob Heard, CEO of Credant Technologies, said “We are delighted that Dell, one of the leading computer companies in the world, has selected Credant as a data protection and compliance supplier. It is inspiring that Dell recognizes the importance of data security and therefore empowers its business customers with intelligent encryption technology that will help protect their data from loss or breaches, and meet their compliance obligations, from the day they purchase a new PC.”

Credant also announced the launch of Credant FDE DriveManager, which allows customers to manage self-encrypting hard drives shipped by Dell on Latitude PCs. These solutions offer customers complete flexibility in deciding which hardware and software solutions best meet their needs, safe in the knowledge that all of their data can be protected.

Credant has been providing encryption and data protection through Dell’s S&P organization since 2009. Dell customers can purchase additional Credant data encryption software and solutions to protect the data at rest on legacy PC’s, helping them meet their data compliance needs.

“Data protection is a concern that is top-of-mind for the customers we talk to on a daily basis,” said Steve Lalla, VP and GM, Commercial Client Product Group, Dell. “The Credant Mobile Guardian Dell Edition solution meets that critical need and provides compliance-ready data encryption with minimal impact on operational processes and the user experience. This allows customers to focus on their core business and end users to get more done.”

CREDANT Mobile Guardian is the only centrally managed endpoint data protection solution available providing strong authentication, intelligent encryption, usage controls, and key management for data recovery. By aligning security to the type of user, device, and location, CREDANT permits the audit and enforcement of security policies across all computing endpoints.

Heard concluded, “We are committed to delivering endpoint data protection that enables business processes to continue unhindered. By working with Dell we are delighted that its customers can utilize our technology to ensure the data on their endpoint devices is adequately protected.”

About CREDANT Technologies

CREDANT Technologies is the market leader in endpoint data protection solutions. CREDANT’s data security solutions mitigate risk, preserve customer brand, and reduce the cost of compliance, enabling business to “protect what matters.” CREDANT Mobile Guardian is the only centrally managed endpoint data protection solution providing strong authentication, intelligent encryption, usage controls, and key management for data recovery. By aligning security to the type of user, device, and location, CREDANT permits the audit and enforcement of security policies across all computing endpoints. Strategic partners and customers include leaders in finance, government, healthcare, manufacturing, retail, technology, and services. CREDANT has been recognized by Inc. magazine as the #1 fastest growing security software company in 2008 and 2007; was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators; and was named Ernst & Young Entrepreneur of the Year 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital (NASDAQ:INTC), and Cisco Systems (NASDAQ:CSCO) are investors in CREDANT Technologies. For more information, visit www.CREDANT.com.

Source: Eskenzi PR

ISACA Leader Says 2010 Will be Year of the Cloud

Rolling Meadows, IL, USA: Research released by Resource on Demand, an IT recruitment firm, claims to show the company has been receiving a record number of enquiries for salesforce and software-as-a-service (SaaS) specialists during the first month of the year (http://bit.ly/cZ108a).

According to Rolf von Roessing, international vice president of ISACA, the not-for-profit global association of IT security, audit and governance professionals, the 233 per cent surge in recruitment requests seen by the firm during January signals that, after brief gestation, cloud computing is firmly set to take off into the mainstream in 2010.

“The financial and organisational benefits of switching to cloud-based storage and systems are clearly driving this surge in demand, as witnessed by Gartner’s recent prediction that, within the next four years, 20 per cent of firms will have no appreciable local resources as a result from switching (http://bit.ly/7dvygF),” he said.

“It's important, however, that in the rush to embrace the obvious benefits of the cloud, businesses do not overlook the security implications of extending their IT resource into what is, to all intents and purposes, a virtual environment," he added.

Business and IT managers should take the time to review their security systems and resources, and ask themselves whether their information security management can effectively defend their data and other assets in the cloud, the ISACA leader went on to say.

And, even if an initial budget to extend and enhance a firm’s IT security resources to fully support the cloud is not apparently available, IT managers should not lose sight of the possibility that some of the direct cost savings that arise from cloud migration can be invested in security facilities, he explained.

Von Roessing, who has extensive experience in the financial services security industry, said that, in May of last year, ISACA joined the Cloud Security Alliance to promote good practices on the cloud security front (www.cloudsecurityalliance.org).

ISACA, a global association of 86,000 IT governance, security and audit professionals, also published a cloud computing white paper, titled Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. which provides a road map for developing positive and secure relationships with cloud providers.

"The ISACA white paper is available as a free download at www.isaca.org/cloud and, along with a number of other association initiatives, ISACA remains committed to working with IT professionals to ensure the highest levels of security in the cloud," he said.

"As new computing functions and services appear in what will undoubtedly be the year of the cloud, it is important that IT professionals remain vigilant about the security implications of what is set to become a rapidly-changing IT landscape," he added. For more on ISACA: www.isaca.org

About ISACA

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

Source: Eskenzi PR

Web 2.0 services are the next security hurdle says 360°IT – The IT Infrastructure Event

Planning is are now well under way for the first 360°IT – The IT Infrastructure Event, due to take place at London's Earls Court this coming September.

And, says, Natalie Booth, the Event Director, even at this early stage, it is clear that Web 2.0 services – and in particular social networking sites such as Facebook and Twitter – are becoming a new battleground between criminal hackers and Internet using businesses.

"If you look at all the research into workplace use of the Internet, and the threats it poses, the topic of social networking comes up time and time again, mainly because of the volume of malware infections and data leakages that accrue from staff using these services," she said.

"But the real battle has yet to come, as there are signs that conventional IT security may not be enough to defend against the diverse vagaries of social networking sites," she added.

Earlier this week, Ray Stanton, BT's global head of security, gave a security show keynote at which he said that many companies have been struggling with social networking sites, but that the problem had spilled beyond the IT department and over into human resources.

The problem identified by Stanton, says Booth, is that staff productivity is now under threat as a result of employees spending too much time interacting on the Internet, and not enough time doing their daytime jobs.

According to Booth, the scale of the problem has yet to break into the mainstream, as few employees are yet aware that their staff productivity is being eroded by staff – quite literally – whiling away the hours in the office on Facebook, Myspace and Twitter.

Ray Stanton correctly identified that, although the task of securing staff access to social networking sites and services isn't an easy one, but it can be achieved, she explained.

But the real problem, Booth went on to say, is that there is a danger of the productivity issue jurisdiction falling between the IT and human resources departments, when, in fact, it should be a boardroom and senior management issue.

"Just as staff need to be disciplined if they are found to be wasting company time with inappropriate behaviour, so inappropriate or excessive social network site usage needs to be added to the list of possible disciplinary offences," she added.

"It's against this backdrop that we expect social networking site usage to become a major talking point as the months count down to 360°IT – The IT Infrastructure Event in September. Web 2.0 services bring a lot to the better business table, but they also pose a potential serious company risk, and not just on the security level," she added.

For more on Ray Stanton's social networking keynote: http://bit.ly/96u0le

For more on the 360°IT – The IT Infrastructure Event: www.360itevent.com

About 360°IT – The IT Infrastructure Event

360°IT is the event dedicated to the IT community addressing the needs of IT professionals responsible for the management and development of a flexible, secure and dynamic IT infrastructure.

With high level strategic content, product demonstrations and technical workshops, 360°IT will provide an essential road map of current and emerging technologies to deliver end to end solutions.

360°IT will facilitate vendor and end user collaboration to create the IT infrastructure necessary to achieve key business objectives – improving service, reducing cost and managing risk whilst gaining competitive advantage and growth.

Eskenzi PR

MiFi and MC998D launch on Virgin Mobile Canada

Virgin Mobile Canada Launches Novatel Wireless MiFi Intelligent Mobile Hotspot 2372 and MC998D USB Modem

Connectivity Solutions Offer Convenience, Flexibility and Increased Productivity for Canadian Customers

SAN DIEGO AND TORONTO – February, 2010 – Novatel Wireless, Inc. (Nasdaq: NVTL), a provider of wireless broadband access solutions, and Virgin Mobile Canada, announced the launch of the Novatel Wireless MiFi Intelligent
Mobile Hotspot 2372 and Ovation MC998D Wireless Broadband USB modem on
Virgin Mobile Canada¹s HSPA network.

The Novatel Wireless MiFi 2372 represents the industry¹s first Intelligent Mobile Hotspot, a new category of mobile broadband that lets users put their world of content, services and connectivity in their pocket. The MiFi platform includes a microSD slot for expandable memory of up to 16 gigabytes and supports up to five simultaneous users or mobile Internet devices, located within 30 feet of the unit.

The Ovation MC998D Wireless Broadband USB modem is an HSPA+ device that
works on 850, 1900 and 2100MHz HSPA+/UMTS bands and Quad Band GPRS/EDGE providing download speeds of up to 28.8 Mbps. Featuring multiple input multiple output (MIMO) and diversity antenna technologies, autoinstalling
software for Windows and Mac, and integrated microSD storage, the MC998D
provides flexibility and ultra fast connectivity virtually anywhere in the world.

“Virgin Mobile¹s customers are constantly on the move and want to be able to connect online wherever they are. These new additions to our line-up make it easy for them to stay connected to all of their social networks – with photos, messaging, music and more – while on the go,” said Robert Blumenthal, President, Virgin Mobile Canada. “We are excited to partner with Novatel Wireless to provide our customers a simple, fast and convenient way to hook up online using either one of these mobile broadband products on Canada¹s largest high-speed network.”

"Demand for cutting edge mobile connectivity for both business and casual use continues to grow on a global scale," said Rob Hadley, CMO, Novatel Wireless. “Partnering with Virgin Mobile Canada will enable us to provide streamlined, ultra high-speed wireless Internet solutions for our combined customers across Canada.”
Compatible with Windows, Mac and Linux operating systems, the MiFi 2372 delivers download speeds up to 7.2 megabits per second with enhanced performance for simultaneous uploads/downloads and large file transfers. The MiFi 2372 also offers optimized functionality for video streaming and online gaming.

For more info, visit www.virginmobile.ca.

About Virgin Mobile Canada

The Virgin Mobile group of companies has attracted more than 13.8 million customers worldwide. As the No.1 mobile youth network, Virgin Mobile Canada's mission is to be Canada¹s most loved mobile company with the hottest phones and plans on the hottest network. Its plans with extra for no extra make it easy for members to find the perfect plan for them to connect to e-mail, social networks, texting and GPS navigation with the smartest phones and mobile Internet products. Virgin Mobile members also get access to the hottest events, global roaming and the best customer service. J.D. Power and Associates 2009 Canadian Wireless Customer Satisfaction Study has awarded Virgin Mobile “Highest in Customer Satisfaction With Prepaid Wireless Service, Five Years in a Row” and it has ranked Virgin Mobile "Highest in Customer Satisfaction With Postpaid Wireless Service". 91% of
customers would also recommend Virgin Mobile to a friend.

Virgin Mobile phones are available at more than 4,000 locations nationally
including The Source, Virgin Mobile retail locations and additional retails
partners. Virgin Mobile products can also be purchased at The Source
locations, online at www.virginmobile.ca or by calling 1-888-999-2321. Get
personal with Virgin Mobile Canada on Facebook at
facebook.com/virginmobilecan and Twitter at twitter.com/virginmobilecan.

ABOUT NOVATEL WIRELESS

Novatel Wireless, Inc. is a leader in the design and development of innovative wireless broadband access solutions based on 3G and 4G wireless technologies. Novatel Wireless' Intelligent Mobile Hotspot products, software, USB modems and embedded modules enable high-speed wireless Internet access on leading wireless data networks. The Company delivers specialized wireless solutions to carriers, distributors, OEMs and vertical markets worldwide. Headquartered in San Diego, California, Novatel Wireless is listed on NASDAQ: NVTL. For more information please visit www.novatelwireless.com. (NVTLG)

<>

It’s Better to Prevent than to Cure

Alexandra Tsybulskaya, Corporate Sales, Elcomsoft

Last week a company that rents an office floor next to ours fell prey to a malicious attack. The employees of the company use instant messengers to communicate with their existing and potential customers. Although it is a common knowledge that the improper use of instant messengers can pose a great risk to an enterprise, people still click on the links they receive. The addresser of such messages and links is often an attacker. In the case with our neighboring company there was no happy ending: each employee who clicked on the link leading to a scammer’s website lost her ICQ ID. As the sales department relied greatly on this type of communication with customers, the loss of the company is to be estimated.

In the age of information technologies, each employee – not only IT department staff – should be familiar with how to keep their valuable data safe and secure. To fulfill this task in a proper way one should try to halt hidden security threats, with those lying on the surface, in order to avoid grave consequences and damage for the whole company. Employees’ information security literacy is a job of both IT guys and HR professionals. That is the reason we listed the most wide-spread hidden security threats for you to be aware of.

Lost Laptops, Exposed Data

The mobility of employees is constantly increasing in the modern world, and the rapid growth of the supply of mobile gadgets is rooted in the huge demand for such devices not only for personal use, but for working purposes. However, if your laptop or smartphone, you are accessing your work e-mail inbox or office PC from, falls into the wrong hands, unauthorized users may easily obtain the sensitive data that you've stored there.

One of the ways out is encrypting your data. You can use an encryption program, such as TrueCrypt <http://www.truecrypt.org/>(available for free under open-source licensing), to protect your data from unauthorized access.

Another possibility is to use a recovery service. If your equipment gets lost or stolen, and you can't get it back, you'll at least want to erase the data it holds. Some vendors, such as HP and Dell, offer services that try to do both for selected laptop models.

Weak Passwords

Use stronger passwords: Longer passwords are better; more characters take longer to crack. Keep in mind that the character diversity makes your password significantly harder to guess or crack. The situation will be definitely improved just if one sticks to a simple and widely accepted rule that a password must consist of uppercase and lowercase letters, numbers, preferably, special characters and be at least 9 characters long.

Rogue Wi-Fi Hotspots

Free Wi-Fi networks are available almost everywhere your employees go. Attackers, however, sometimes set up a malicious open Wi-Fi network to lure unsuspecting users into connecting. Once you have connected to a rogue wireless network, the attacker can capture your PC's traffic and gather any sensitive information you send. Verifying the network's name may help in this case.

Weak Wi-Fi Security

If you're cautious, you've already secured your wireless network with a password to keep outsiders from accessing it or using your Internet connection. But password protection alone may not be sufficient.

It’s highly advisable as well to use stronger encryption. Several types of Wi-Fi network encryption are available. WEP (Wired Equivalent Privacy) encryption is the most common variety employed on wireless networks, but it can be easily cracked. The newer encryption types such as WPA (Wi-Fi Protected Access) or its successor, WPA2 resolve the weaknesses of WEP and provide much stronger protection.

Web Snooping

Now that so much entertainment, shopping, and socializing have shifted online, every Internet user leaves a rich digital trail of preferences. The best way out in this case is to use private browsing, which ensures that the site history, form data, searches, passwords, and other details of the current Internet session don't remain in your browser's cache or password manager once you shut the browser down.

Unpatched Software

Microsoft's products have long been favorite targets for malware, but the company has stepped up its game, forcing attackers to seek other weak links in the security chain. One of the most trivial preventive measures in this case is to have all security updates installed, thus keeping your operating system and applications up-to-date.

Each self-respecting company or enterprise should cooperate with IT security departments, for only mutual cooperation can bring evident results.

Elcomsoft is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

Courtesy: Eskenzi PR

SANS Institute recommends for more code development practices

Fortify gives thumbs up to SANS Institute-led request for more secure code development practices

Reports that a group of organisations, led by the SANS Institute and Mitre Group, are calling for corporate customers to request more secure code development practices from their software suppliers have been applauded by Fortify Software.

The software security specialists says that Tuesday's announcement (http://bit.ly/dwO19P) by a consortium of more than 30 enterprise customers of software vendors is good news as it give companies the draft text for use in their procurement contracts with vendors.

"Best practice in code development has been under active discussion by the software vendor community for some time, but it's good to hear that the SANS Institute has grasped the bull by the horns, and done something practical about the issue," said Richard Kirk, Fortify's European director.

"Our own observations suggest that a large number of successful hacker attacks are caused, in part, by software flaws, which give the hackers a small chink in an application's armour to prise open," he added.

According to Kirk, by encouraging companies to include suitable language in their procurement contracts, the consortium will hopefully drive the software development industry to adopt the best practices that a number of experts have been calling on for some time.

The Fortify director went on to say that, in his company's March 2009 report – 'Building in security in government software' (http://bit.ly/9f53Ge) – it recommended that the industry should adopt a best practice approach to software code development, building in security from the earliest point in an application's development and to conduct thorough security tests of software prior to acceptance.

The report, which was issued around the time of President's Obama's appointment of a federal chief technology officer, noted that the appointment - in the US at least - was an opportunity for government to adopt these best practices across the board.

It was interesting, said Kirk, to read that former White House security advisor Howard Schmidt - and president of the Information Security Forum - commenting that, despite its excellent goals, the US Federal Information Security Management Act (FISMA) has not managed to solve the software development industry's security problems (http://bit.ly/c0phgR).

"But, as Fortify's founder and chief scientist Brian Chess also said at the time, if FISMA has done nothing else, it has helped to identify the problem," he explained.

It's against this backdrop that Fortify is pleased to add its support to the SANS Institute-led call for more secure program code development, and the introduction of best practices in the application development industry.

"Changes of this type aren't going to happen overnight, as software vendors will have to engender new working practices in their code development operations," he said.

"However, if their clients start mandating the use of best practices in their commercial agreements - through the use of the correct language in procurement contracts - then that is something we can wholly support," he added.

For more on Fortify Software: http://www.fortify.com

Source: Eskenzi PR