INFORMATION

Site Map - IT Security

Black Hat Physical Device Security: Exploiting Hardware and Software

- One Web-based video camera system described in the book was released with a flaw that would allow a misspelled Web address to bypass all authentication mechanisms in the system, granting the user full administrative access to the devices.

Nostalgic for the Days of “My Doom”

- Under Symantec’s system, malicious code is ranked from one to five; the higher numbers—what Turner calls “bell-ringing alarm threats”—represent the threats that cause much immediate damage and are difficult to contain because they are widely distributed. “We’ve only seen six category-three worms in 2005,” Turner says, referring to the most recent statistics compiled in the report, “whereas in 2004 we saw 32.”

Does SSL Lock Trouble In?

- SSL traffic is all but invisible to an enterprise, according to a survey of 319 IT security and networking professionals by Blue Coat Systems. More than 72 percent said they had no way to look inside SSL traffic, a situation that nearly 90 percent of the respondents said was risky, particularly as it can pass through firewalls unseen and untouched.

Defining Moment

- Every document file (for example, those such as .doc, .txt, .xls, and so on) could be sucked off your computer’s hard drive and onto an iPod in under two minutes, according to Abe Usher of Sharp Ideas, LLC, who created a proof-of-concept application to do just that.

Road of Risks

- Quarantining these laptops when they are attached to the network is a good way of preventing these backdoor attacks.

Numbers

- people who receive at least one phishing e-mail every day on a work computer

A Site To See

- Every day, analysts and security experts—all volunteers—from the SANS Internet Storm Center dissect the latest threats, monitor for Web-based “storms” such as virus or worm outbreaks, and dig through sanitized intrusion-detection and firewall logs sent in from people around the world. The incident “handlers” at the Internet Storm Center maintain a regular diary of security incidents and information, from how and where to submit tips about child pornography to details and screenshots of the latest phishing attempts. The site also includes lots of graphics showing, for example, the most targeted ports or where in the world most port scans originate. It’s this month’s A Site to See. @ Get to the Internet Storm Center via SM Online.

Does SSL Lock Trouble In?

- SSL traffic is all but invisible to an enterprise, according to a survey of 319 IT security and networking professionals by Blue Coat Systems. More than 72 percent said they had no way to look inside SSL traffic, a situation that nearly 90 percent of the respondents said was risky, particularly as it can pass through firewalls unseen and untouched.@ Highlights from the survey are at SM Online.

Old problems remain unsolved

- Half of 218 companies surveyed admitted that they had active user accounts belonging to former employees (an increase of 6 percent from 2004); nearly a quarter identified unauthorized personnel with administrator rights (a 4 percent increase); and more than half had worms compromise their networks. If there was a bright spot in the 2006 Mazu Networks Internal Threat Report, it was that 71 percent of worm infections were remediated in less than 24 hours. The IT professionals who responded to the survey came from 18 industries and government agencies. @ The full report is at SM Online.

More Compliance, Less Security

- Threats to your computer can range from gnatlike annoyances such as pop-up ads to the pointed hooks The Forsythe survey notes that 28 percent of the respondents had little or no confidence that they had detected all significant security breaches in the past year; even more alarming was that a similar number rated their current IT environment as more vulnerable than a year before. That, says John Kiser, CEO of Gray Hat Research Corporation, may be a sign that time or money spent by IT professionals on ensuring compliance to top management are resources taken away from other crucial security tasks.

What Are Your Weaknesses?

- The first step that a company can and should take along the road to better data security is to conduct a formal IT assessment.

New Threats

- Consumer Internet Threat Meter educates consumers on online risks.

Data Losses

- RSA Security’s Wireless Security Survey of San Francisco found that more than 40 percent of wireless networks were unsecured.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.