|
09 May 2008
COBRA warns against ‘snake oil’
Nigel Brown, the lead for resilient telecommunications strategy for the Cabinet Office, discussed the technical implications facing emergency response, and warned of scaremongering at Infosecurity Europe 2008.
09 May 2008
IBM to sponsor live video Webinar on web application security
The Webinar on 'web application security in the software quality management lifecycle' will be available through the Infosecurity magazine website on Monday 19 May.
07 May 2008
Major media malware attack breaks out on file-sharing networks
McAfee has reported "the most significant malware outbreak in three years," with more than 500,000 detections of a Trojan horse masquerading as a media file.
07 May 2008
Police plan national database of CCTV images
British police forces are to explore the feasibility of a national database of CCTV images that would be on a par with the existing national databases for DNA and fingerprint samples.
06 May 2008
Russian cyberthief grabs business records
Confidential records from more than 40 global businesses have were freely available to anyone on the web after they were stolen and stored on an unprotected server by a Russian cyber thief, a security company reported today.
06 May 2008
MoD reinforces guard on 20,000 laptops
The Ministry of Defence is securing sensitive data on 20,000 RAF, Army and Navy laptops with technology from BeCrypt.
01 May 2008
Facebook applications exposed as security risk
Speculation on the security of social networking has increased amid reports that applications on Facebook are capable of collecting personal information.
24 April 2008
ISACA explains its rationale
At the Infosecurity Europe event held in London this week, Infosecurity Magazine met up with Ron Hale, the Director of Information Security Practices with ISACA, the Information Systems Audit and Control Association, along with John Mitchell, managing director of LHS Business Control and a past president of the London ISACA Chapter.
24 April 2008
Enterprise data protection under the microscope
IBM and PGP representatives were on hand to host a seminar entitled `Evolving STrategies for Enterprise Data Protection' at the Infosecurity Europe show in London this week.
24 April 2008
Schneier calls for curtains on ‘security theatre’
Vendors invent self-serving security models which make customers believe they need their product to eradicate a security threat that doesn’t exist
24 April 2008
UK association of penetration testers launched
The IT security industry has launched the first UK association of providers of penetration testing.
24 April 2008
Orchestria crowned king of the jungle
Orchestria was crowned king of the jungle by lions Ray Stanton, Colin Clark, Paul Simmonds and Tony Lock at the popular, interactive Infosecurity event, the ‘Lion’s Den’, 24 April.
23 April 2008
Infosecurity 2008: use of new technologies exposing UK firms to risk, report finds
The adoption of new technologies is exposing UK companies to high levels of risk, according to a government security survey.
23 April 2008
Infosecurity 2008: car and plant makers turn to encryption to safeguard intellectual property
Automotive and machinery manufacturers are turning to encryption technologies to protect intellectual property, it has emerged at Infosecurity 2008, which is taking place in London this week.
23 April 2008
Infosec 2008: Human element is the key to reducing data breaches
The importance of the human element in security has been highlighted at Infosecurity 2008 in London this week, with a government report showing incidents remain high despite overall improvements in controls.
23 April 2008
GrIDsure links with partners to promote pictorial PIN replacement
GrIDsure, a company that has developed a simple, but secure, pictorial
replacement for PIN-based authentication, was at the Infosecurity
Europe show in London this week, announcing a number of partnerships
to promote its technology into new areas.
23 April 2008
Jericho Forum unveils new security framework for online usage
The Jericho Forum has unveiled a new security framework for
interactive business Internet users.
23 April 2008
Sophos says infected Web site numbers soaring
At the Infosecurity Europe show, Sophos revealed that the numbers of
infected Web sites detected by its research team, has soared in the
last 12 months to a high of a new infected site appearing once every
five seconds.
23 April 2008
Interactive theatre a success at Infosecurity Europe
The interactive theatre - where the audience gets to participate by voting in the seminar - was hailed a success at this year's Infosecurity Europe show, which ran until Thursday of this week at the London Olympia centre.
22 April 2008
Govt-sponsored PwC report shows firms taking security seriously
The annual survey carried out for the opening of the Infosecurity Europe show in London today shows that, even in the face of rising IT security threats, UK companies of all sizes appear to be taking their security more seriously, as well as allocating extra funds to tackle the issue.
22 April 2008
Qualys offers Web-based security software-as-a-service
Qualys has taken the wraps off its QualysGuard offering.
22 April 2008
Veracode launches on-demand code verification service
Veracode launched an on-demand program code audit and verification service at the Infosecurity Europe show.
22 April 2008
Wick-Hill says credit crunch not affecting IT security sales
Ian Kilpatrick, the chairman of the Wick-Hill Group, says that the escalating effects of the credit crunch it not affecting sales of IT security hardware, software and systems at the veteran distributor and systems integration reseller.
16 April 2008
Customers “clamoring”
for self-encrypting hard drives
Seagate Technology has debuted a new breed of self-encrypting hard
drives for mission-critical servers and storage arrays.
16 April 2008
Security Officer should have
more strategic role
When it comes to defining what a Chief Security Officer does in
an enterprise think less of a corporate cop and more of a business
enabler. That was the message at the RSA Conference from Dave Hansen,
former CIO at CA and now a senior vice president and general manager
of the company’s Security Management business.
15 April 2008
Federation Against Software
Theft focuses on virtualisation
The Federation Against Software Theft (Fast) has begun working with
the software industry to form a working group to clarify the impact
of virtualisation on software licensing.
15 April 2008
Personal Data ‘Lost’
by London Councils
Thirteen London councils have admitted to losing, or inadvertently
disclosing sensitive information concerning members of the public,
according to a BBC survey.
14 April 2008
FaceTime first with Skype encrypted
IM scanning technology
Building on its multi-year relationship with Skype's parent company
eBay, FaceTime has enhanced its security software to scan encrypted
instant messages (IMs) sent between users of the Skype internet
telephony and messaging service.
14 April 2008
Say hello to a new cybercrime business
model: CAAS
Finjan, the business web security specialist, has uncovered a new
cybercrime business trend: crimeware-as-a-service or CAAS for short.
09 April 2008
UK government launches enquiry into card fraud
The UK government has launched a parliamentary inquiry into the
issue of card fraud, which it says has reached near-epidemic proportions.
09 April 2008
Cyberdefence moves to the
top of the Council of Europe/NATO agenda
Cybercrime defence is at last receiving the attention it is due,
following a multi-pronged series of initiatives orchestrated by
the Council of Europe and NATO.
04 April 2008
Microsoft joins MIT Kerberos Consortium
Microsoft has joined the MIT Kerberos Consortium as a founding sponsor,
joining Sun Microsystems, Google and Apple on the consortium’s
executive board.
04 April 2008
ISPs deny responsibility for online piracy
The head of Talk Talk, one of Britain’s most prominent internet
service providers, has rejected demands from the music industry
that it ‘police’ the growing number of illegal file-sharers.
27 March 2008
BAA suspends fingerprint biometrics security system at Heathrow
Terminal 5
Fingerprint identification
Heathrow Airport owner BAA is pulling a biometric fingerprint system
at the new Terminal 5 (T5) the day before the building opens to
the public, after the Information Commissioner’s Office (ICO)
raised concerns about the system.
26 March 2008
Facebook photos exposed
A security lapse on Facebook has made large libraries of private
photographs, including one of Paris Hilton, available for all users
to access.
26 March 2008
Secure Computing delivers
new generation of email security appliances
Secure Computing has announced a new version of its on-premise email
security product, Secure Mail (formerly known as IronMail).
20 March 2008
Home Office rejects request for £1.3m e-crime unit
Plans to create a national police unit to fight high-tech crime
were delt a blow this week after the Home Office said it was unable
to find £1.3m to fund the unit.
14 March 2008
US Department of Homeland Security holds biggest ever cybersecurity
exercise
The US Department of Homeland Security is this week conducting the
largest cybersecurity exercise ever organised, with the UK participating.
14 March 2008
Security and email top SMEs’ home working concerns
A survey of how the small business community uses the Internet by
SME broadband provider UK Online has found that security and email
management are the key concerns in a practice that SMEs' businesses
depend on.
07 March 2008
ID card scheme must appeal to public to succeed, government advisor
says
A national identity scheme is more likely to succeed if consumers
can use it confidently and easily than if it is driven by governmental
goals.
04 March 2008
Counterfeit Cisco gear threatens
network security
The seizure of £38m worth of counterfeit Cisco equipment has
raised concerns over the security of networks.
28 February 2008
‘Highly confidential’
Home Office laptop sold on eBay
Police are investigating a possible Home Office security breach
after the discovery of an encrypted laptop containing a scrambled
disc with the words ‘Home Office, highly confidential’
written on it.
25 February 2008
Three-quarters of UK firms
have no contingency plans for data loss
Three-quarters of UK companies have no contingency plans for data
loss, even though 90% had to recover data in the past year, according
to research from Kroll Ontrack.
25 February 2008
Storm botnet takes
advantage of Valentine's day
Storm looks like becoming a major vehicle for criminals, say malware
researchers.
8 February 2008
Lords committee to re-open
data security inquiry
Science and technology committee lambasts "vacuous, idle and
irrelevant" UK government response to last report
7 February 2008
Retailers need to step
up IT security, says Deloitte
Only one third plan to comply with PCI-DSS
6 February 2008
Société Générale
faces government IT security probe
French finance minister wants further investigation of events around
£3.6 billion loss
30 January 2008
Nationwide
rolls out Chip and PIN for online transactions
Building society follows banks in issuing home hardware
29 January 2008
PCI-DSS failure could
hit brands, gaming firms told
Compliance costs, but not as much as non-compliance, says Visa
28 January 2008
Marks & Spencer
must encrypt all laptop hard-drives
ICO ruling after retailer lost data on 26 000 employees
28 January 2008
ICO code warns against CCTV
recording sound
Seven out of ten people oppose cameras with microphones
24 January 2008
(ISC)2 offers guide to
hiring IT staff
Professional association provides data on job functions, career
paths and candidate traits
23 January 2008
Full-scale UK ID scheme pushed
back to 2012
Accenture and BAE pull out of bidding for biometrics-based system
22 January 2008
Navy reports more stolen
laptops following loss of 600 000 records
Defence secretary Des Browne says three laptops with personal data
may have been stolen since 2005
21 January 2008
Open University starts
computer forensics course
Course is aimed at IT professionals and others handling computer
investigations
17 January 2008
Private sector
must improve data protection, says Deloitte
James Alexander says failure could mean ICO's public sector powers
being extended to companies
14 January 2008
ID cards for foreign nationals
within a year, says UK
Home Office issues 10-point plan as part of e-Borders project
14 January 2008
SANS Institute reveals
top 10 cyber threats for 2008
Trusted web sites will be exploited to spread malware, experts believe
11 January 2008
Barclays chairman
victim of identity theft
Crook obtains Barclaycard, then steals £10 000, in Marcus
Agius' name
9 January 2008
More than half
of UK employees under IT surveillance
ESRC survey says this leads to exhaustion, anxiety and work-related
worry
8 January 2008
Jeremy Clarkson driven
to u-turn on CD loss
Journalist who published bank account details to show lack of danger
becomes victim of identity fraud
7 January 2008
Firefox flaw allows password
hack, says researcher
Israeli researcher says latest version of alternative browser has
problems with log-ons
7 January 2008
Flash users hit by cross-site
scripting flaw
US-Cert warns of input validation flaw
4 January 2008
Doctors encourage patients
to opt-out after NHS data losses
Nine trusts report lost personal information over Christmas
4 January 2008
Lloyds TSB tells customers
they have been hacked
One customer complains to ICO over bank not disclosing what personal
data was breached
3 January 2008
Big data-users could fund
stronger UK law enforcement
Parliament’s justice committee calls for more money and power
for ICO
2 January 2008
Better job prospects
for infosecurity staff, says SANS
Mobile phones, social engineering and Olympics will add to 2008
risks, according to industry
21 December 2007
Big phish-hunters make small
tank vulnerable
It may not be wise to rely on crowds to verify phishing web-sites,
say Cambridge academics
19 December 2007
Government to toughen Data Protection
Act
Chancellor's statement comes as HMRC announces new loss of pension
records
18 December 2007
Details of three million learner
drivers lost in Iowa
Transport secretary Ruth Kelly announces another major breach
17 December 2007
Norwich Union Life fined
£1.26m
Financial Services Authority says penalty shows it takes infosecurity
seriously
17 December 2007
Home Office scraps
Police Portal service
Department involved in legal dispute with supplier
14 December 2007
Northern Irish drivers agency
loses data on 6000 drivers
More unencrypted discs lost in the post
13 December 2007
US-CERT: hackers are attacking
flaw in Microsoft Access
Organisation warns of stack buffer overflow vulnerability
11 December 2007
ICO: consider privacy before
installing new IT
Manchester conference on "surveillance society" hears
that HMRC breach was a watershed
10 December 2007
A year of sophisticated
web threats
MP3 attachments make their debut, finds MessageLabs' security report
7 December 2007
IBM buys Arsenal
Data protection firm follows Princeton Softech
7 December 2007
SANS: crooks turn fire on users
and custom software
Top 20 highlights spear phishing danger
6 December 2007
Banks voice approval
of phone biometrics
Voice Biometrics conference: BT to sell voice recognition service
6 December 2007
Fasthosts users warned
of password breach
All control panel and FTP passwords reset by company
3 December 2007
Spies greater threat than terrorists
to infosecurity
CPNI tells Sans Institute event that organisations must be aware
of social engineering
3 December 2007
New Zealander arrested for
being hacking mastermind
Teenager alleged to be head of international gang
29 November 2007
Government systems to
be targeted by cyber attacks
Report says UK, US and Germany state-sector bodies are likely targets
28 November 2007
Webroot buys Email Systems
US firm promises it will support existing customers and installations
27 November 2007
Department of Health
mulls overseas processing of patient data
August 2007 document refers to "current review" of foreign
processing
26 November 2007
RSA standard vulnerable,
says founder
Adi Shamir says flaw in a widely-used microchip could allow encryption
to be "trivially broken"
COVERAGE OF THE UK CHILD BENEFIT DATA BREACH
26 November 2007
Banks turn monitoring
software to high
Barclays says it has spotted nothing amiss on accounts affected
by child benefit data breach
23 November 2007
HMRC data loss: NAO request
evidence
Emails released by NAO show it asked for more security and less
data, but didn't get either
21 November 2007
ICO gets right to spot check
government departments in wake of HMRC privacy catastrophe
Request to criminalise serious breaches still outstanding
21 November 2007
HMRC appears to be “bang
to rights” says assistant commissioner
Most serious breach in two decades
21 November 2007
Missing child benefit
CDs: what went wrong, and why it would have carried on regardless
HMRC had been sending data on CD since March
20 November 2007
UK government loses
data on 25m Britons
HMRC chairman resigns over computer discs lost in the post
16 November 2007
German pips Bletchley’s
Colossus in cracking code
Bonn man wins decryption challenge, possibly helped by sun-spots
15 November 2007
Google enhances Postini hosted
e-mail security offering
Search engine giant adds content-based policy option for message-scanning
15 November 2007
Enhanced Sophos appliances
block e-mail data leaks
Hardware can scan and encrypt outbound content
14 November 2007
iPhone unfit for corporate email
Gartner and Infosecurity editorial board say Apple device
lacks security; O2 says it is for consumer use
14 November 2007
ICO asks UK to criminalise
severe data breaches
Regulator sees anomaly between finance and other organisations
13 November 2007
FCO breached data privacy of
50 000 visa applicants
ICO asks Foreign Office to sign formal undertaking to protect data
after online visa failure
9 November 2007
Home Office reveals
first projects for National Identity Scheme
Government will ask for bids for biometrics and application systems
next May
9 November 2007
Browser providers should
admit flaws, says Mozilla
CSI 2007: Firms must open up, Window Snyder tells conference
9 November 2007
Discipline blamed for
non-compliance
CSI 2007: Log management experts say lack of budget is another excuse
7 November 2007
EU wants to fight terrorism
with more passenger data
Airlines may be forced to provide passenger name records for all
European flights
7 November 2007
Flawless ID doesn’t
exist, says e-commerce specialist
CSI 2007: Passwords are not enough, Sanjay Bavisi tells conference
6 November 2007
Warning as first serious
Apple Mac Trojan hits
Malware attacks DNS to divert web traffic
6 November 2007
HSBC to integrate its
global fraud defences
Bank creates bespoke system for single view of accounts
2 November 2007
Interview: the Value of
Bruce
BT Counterpane’s Bruce Schneier on why he hasn’t been
fired yet
2 November 2007
Online gambling site
claims remote web-security win
Victor Chandler says it can protect offices without IT infrastructure
1 November 2007
Police authorities accused
of Data Protection Act breach
ICO tells four forces to delete records of minor offences, but police
will appeal
26 October 2007
Doncaster school tracks
pupils with RFID chips in their uniforms
Darnbro adds chips to school badges, to help with registration and
security
26 October 2007
Symantec develops automated
IT service system
Altiris Workflow system to be available in beta next month
26 October 2007
UK government to investigate
data-sharing schemes
Justice minister Jack Straw asks information commissioner for review
of public and private sector work
25 October 2007
Card issuer to adopt graphical
Pin randomiser
UK start-up licences method for “saving” Chip and Pin
25 October 2007
Kiwis felt ID cards wouldn’t
fly
RSA Europe 2007: New Zealand cites privacy in avoiding cards and
splitting identity scheme
25 October 2007
Spyware cashes in quietly
RSA Europe 2007: What you can’t see can hurt you, says Eschelbeck
25 October 2007
Personalities required for
team-building
RSA Europe 2007: infosecurity teams need personalities as well as
technical skills
24 October 2007
Government gives muted
welcome to secure code initiative
RSA Europe 2007: Safecode Alliance of vendors aims to improve code
quality
24 October 2007
Nato meets to plan cyberdefences
RSA Europe 2007: Defence group will announce policy next year
24 October 2007
Cyberwarfare threat
is growing, say experts
RSA Europe 2007: attack on Estonia could be first of many
22 October 2007
Biometrics help security trump
privacy
Biometrics 2007: Speaker argues that such technology “de-humanises”
society
22 October 2007
VIS: A long way to go
Biometrics 2007: European visa information system planned for end
of next year
22 October 2007
Biometrics industry told to challenge
UK government
Biometrics 2007: Campaigner says experts should counter ministers’
claims
22 October 2007
Joining up data would speed
border checks
Biometrics 2007: Speakers tell conference how security could be
co-ordinated
19 October 2007
Fingerprints fail to tackle football
‘hooligans’
Biometrics 2007: trial at Dutch clubs found biometrics were easy
to spoof
19 October 2007
IPS shortlists eight
for UK ID cards and passports
Five will be chosen in May 2008 to establish identity system
11 October 2007
ICO issues new guidance on data-sharing
Framework Code of Practice issued by UK data protection regulator
10 October 2007
Criminals using Skype to communicate
Swiss law enforcement expresses concerns about encrypted voice-over
IP
9 October 2007
Nato defends its networks
Defence organisation spends £4.2 million to strengthen protection
9 October 2007
HMRC in identity theft scare
Laptop stolen holding data on hundreds of individuals
4 October 2007
ISSE weighs privacy against internet
security
Warsaw conference considers the difficulty of finding balance in
fight on cyber terrorism
4 October 2007
Websense completes SurfControl
acquisition
Firm says purchase furthers intelligent content protection strategy
3 October 2007
Refusal to provide encryption
key to earn five years in jail
Part III activated in Britain's Regulation of Investigatory Powers
Act
20 September 2007
Banks to increase security spending
Deloitte research suggests a board-level focus on security within
the financial sector
19 September 2007
Security warning as NHS staff
view celebrity record
More than 50 staff read supposedly protected health record
19 September 2007
Lumension sticks to specialisation
Firm will retain purchased product lines and combine them in an
appliance
18 September 2007
Spend less on IT security,
says Gartner
Prevention is better, and cheaper, than cure, says John Pescatore
18 September 2007
Secure software may take 50
years, says Rutkowska
"Stupid users" not to blame for all problems, Gartner
conference hears
14 September 2007
Google calls for world-wide
privacy standard
Peter Fleischer backs Asia-Pacific agreement as “the most
promising foundation”
14 September 2007
PCI payment card body adds PIN
entry device testing to portfolio
Agreement provides global standard for Chip and PIN
13 September 2007
Data taken from Loans.co.uk
UK insurer says personal information transferred outside company
has been used for nothing more than marketing purposes
11 September 2007
Disaster recovery
six years after 11 September
Analysis: what organisations learnt following 2001's terrorist attacks
6 September 2007
HSBC develops new security authentication
system
UK bank prefers telephone ring-back system to user hardware
6 September 2007
Everyone's hacking the
net, says Check Point founder
Governments, gangs and amateurs are all on the attack, he believes
3 September 2007
Zango loses case against Kaspersky
Lab
US court refuses to force Kaspersky to stop blocking firm's software
31 August 2007
Jericho Forum at the crossroads
High-level security think-tank considering how to get vendors to
support its guidelines
28 August 2007
280 000 New York pensioners in
data theft scare
Laptop with city's pension details stolen from restaurant
24 August 2007
Interview: Sharon Lemon of Soca
Former head of National Hi-Tech Crime Unit says Soca has greater
capabilities
24 August 2007
US has lessons for Britain
on e-crime punishment
Analysis: as the US charges three major e-criminals, report says
Britain lacks capacity in tackling such crime
24 August 2007
Biometrics move from
banking to borders
San Jose state university’s Jim Wayman says usage, testing
and technology have changed significantly in last decade
20 August 2007
Windows update blamed for Skype
outage
48 hours downtime blamed on mass reboot after Microsoft update
20 August 2007
Seven years in jail for
identity theft fraudster
US man used personal data to defraud bank customers
17 August 2007
Wal-Mart deploys new data
security system
SSH provides global network encryption
14 August 2007
Government tenders for
ID scheme supplier
Programme boss James Hall sticks to £5.5 billion cost estimate
14 August 2007
Naive Facebookers face fraud
threat
Spoof profile of frog attracted dozens of pieces of personal data,
finds Sophos
10 August 2007
Biometrics oversold, says
Peter Cochrane
Former BT chief technology officer says modern biometrics are worse
than those used in Second World War
10 August 2007
UK should introduce data breach
notification law, say Lords
Select committee says banks should be liable for online fraud and
vendors should be liable for security flaws
7 August 2007
IBM buys Princeton Softech
Data security vendor says Optim product will be maintained
7 August 2007
Microsoft picks nCipher for
authentication
Cambridge firm's hardware product will be used across Microsoft's
range
7 August 2007
UK state data-sharing
lacks adequate security
While information commissioner offers public advice on
personal data
3 August 2007
Quarter of all spam
comes as attachment
While mass-mailers and trojans continue to threaten smaller organisations
31 July 2007
UK to retain telecoms traffic
data for a year
Decision deferred on email, web-use and voice-over IP calls
31 July 2007
Home Office to roll out
biometric technology to UK borders
But UK identity card procurement remains stalled
30 July 2007
Government IT disposal poses
security breach risk
National Audit Office says 70% of departments fail to check PCs
are wiped
27 July 2007
PDF spam-wave subsides
Users are not clicking on infected PDF files, says vendor
25 July 2007
IT security spending
to exceed $20bn by 2010
Analyst expects 32% growth over three years, with increased use
of one supplier to provide the bulk of an organisation’s protection
24 July 2007
Britons catch more viruses
Oxford Internet Institute survey finds growing privacy concerns,
but more relaxed attitudes towards downloading music
23 July 2007
Flood-zone security suppliers
confident of business continuity
Companies in Gloucester, Abingdon and Oxford say the likes of remote
working and alternative sites will maintain services
19 July 2007
Google pushes privacy
by crumbling cookies
Analysis: change makes little practical difference, but sends pro-privacy
message
18 July 2007
Anti-terrorist police to use
congestion charge cameras
Transport for London to give real-time access, for national security
purposes
12 July 2007
Information commissioner
'horrified' at number of data breaches
UK data protection watchdog Richard Thomas tells business and political
leaders to take responsibility for leaks
10 July 2007
Google buys Postini
to sell infosecurity as a service
Products will fit with Google Apps for clients of all sizes, says
search engine firm
3 July 2007
Government launches
information assurance strategy
UK updates its framework for first time in four years
2 July 2007
VW to save £35m with
global access management
Meanwhile, SAP enters the identity management market
26 June 2007
BP aligns IT with physical security
Oil multinational will bring infosecurity closer to physical and
corporate security over next two years
25 June 2007
Infosec ignorance is
a barrier to security in America's Cup
For the 32nd America's Cup, the Victory Challenge team introduced
security into their game plan
25 June 2007
HP launches the Secure Advantage
platform
Hewlett Packard has launched software to protect data
on HP servers and storage for regulatory compliance.
25 June 2007
Spanish police arrest
suspected mobile phone virus writer
Spanish police have arrested a man suspected of writing and distributing
mobile phone viruses.
22 June 2007
PatchLink to acquire SecureWave
PatchLink have announced that terms for the acquisition of SecureWave
have been agreed in an all-stock merger.
21 June 2007
New web threats gain momentum
Eighty per cent of infected websites have been compromised by a
third-party hacker
20 June 2007
Renault Formula 1 deploy IRM
to protect car designs
Financial infosecurity specialist hopes to build academic links
15 June 2007
Colley plans to develop (ISC)2
beyond Europe
Financial infosecurity specialist hopes to build academic links
15 June 2007
Lack of management tools slows
BitLocker adoption
Organisations prefer small-scale adoptions of Microsoft disk encryption
15 June 2007
In brief
India establishes data protection body; Eden Project joins laptop-losing
list
8 June 2007
Lloyds TSB turns fraud-detection
software on staff
FSA keen for banks to tackle insider threat
8 June 2007
Three-quarters of organisations
believe they are exposed to cybercrime
UK survey of 1200 infosecurity professionals shows fear of insiders
tops other threats
8 June 2007
ICO issues policy on data sharing
UK data protection regulator provides new guidance for businesses
31 May 2007
Image spam levels tumble
Proportion falls from 56% in January to below 16% last week
31 May 2007
Corporates used partners
for security
Skills shortages are the cause, says F-Secure head
29 May 2007
Nato aids Estonia in denial
of service fight
International attacks represent throw-back to days of cyber-graffiti
23 May 2007
Microsoft alters
Office security
Two new features designed to help secure documents
18 May 2007
LSE calls for review of UK
ID cards
Academics question scheme's £800m cost-hike
17 May 2007
One gang corners the market
in phish
"Rock-phish" switches web and IP addresses to avoid black-listing,
say Cambridge researchers
14 May 2007
Infosecurity improving
at UK organizations
Vulnerability testing finds proportion of at-risk companies falls
from 61% to 32% over last year
4 May 2007
Cybercrime
unreported due to reputation risks
One in ten people who make online transactions have been a victim
of fraud. But at what point does it become worthwhile to report
it?
27 April 2007
Police
criticised on cybercrime
Panel says reluctance to report and poorly-framed law are harming
its investigation
25 April 2007
Put people above technology,
says (ISC)2
Professional body says its members should push staff education
24 April 2007
House of Lords call for
more police involvement in internet security
Infosecurity Europe key-note: end-users should not be responsible
for crime reporting and prevention
20 April 2007
Barclays and Lloyds
lead online security drive
UK banks plan to send hardware to customers
11 April 2007
Microsoft gets patching
Microsoft and security researchers are investigating reports of
several potentially serious bugs affecting Microsoft Office.
21 March 2007
Encryption is the
new postman
Traditional methods of sending confidential data are less effective
and less secure than encrypting email.
21 March 2007
Cover your back security:
always one step behind
The tendency for security to always be one step behind is something
which has become apparent since 9/11, says Schneier.
20 March 2007
VoIP - soon to be under
attack?
Governments will learn to love encrypted voice-over IP (VoIP), even
though it may curtail their ability to eavesdrop on telephone conversations.
7 March 2007
Increased
collaboration between companies set to ignite new security market,
says Gartner
An increasingly collaborative business community is opening organizations
out to threats that will give rise to a new $10 billion market by
2012. Research house Gartner is predicting that the market that
will promote and protect what it calls the ‘Communities of
Trust’ could be worth at least $10 billion in five years time.
7 March 2007
ID card crackdown
on immigrants
John Reid, UK Home Secretary, has today re-stated his support for
a crackdown on illegal immigrants living and working in the UK.
7 March 2007
Bagle at three
The three-year old email-borne malware, known as Bagle or Beagle,
continues to defeat most anti-virus technology with its distribution
method.
6 March 2007
Conflicts
between regulation régimes dog international infosec
Contradictory laws and compliance régimes continue to trouble
European information assurance officers.
21 February 2007
One in five British companies
without business continuity plan
One per cent of UK business expects never to recover from a disaster.
14 February 2007
Identity theft
rises from the Third World
Cybercrime is being conducted in under developed countries due to
a lack of law enforcement, according to Bruce Schneier speaking
at RSA.
13 February 2007
Keeping out the bad
guys makes good money for Protegrity
2006 was a breakthrough year for data security management company
Protegrity, who have reported revenues twice that of the previous
year.
13 February 2007
Yoggie wins innovation station
at RSA 2007
At the RSA conference 2007, Yoggie security systems beat nine other
companies to the post to be named winner of the most innovative
new company.
8 February 2007
Technology needed
to protect children online
Sexual attacks and abuse on children has entered a whole new dimension
since the widespread popularity of popular social networking sites.
Experts are looking to technology for solutions.
7 February 2007
Bill Gates takes leave
of RSA conference
Microsoft stops counting the days since the TCI memo
1 February 2007
European communications
crash imminent?
The European Commission wants to prevent a catastrophic meltdown
of the continent's communications networks, which it regards as
increasingly likely.
25 January 2007
Bank emails seen
as ‘phishy’
Consumer trust in online banking continues to crumble, according
to an annual online fraud survey. Eighty-two per cent of account-holders
are less likely to respond to an e-mail from their bank due to phishing
scams the RSA Security sponsored survey found.
25 January 2007
Chinese engineer
charged with espionage in US
A Chinese engineer has been charged by US authorities for stealing
military secrets from a Silicon Valley company, and attempting to
sell them on to the People’s Republic of China and the Malaysian
and Thai Air Forces.
25 January 2007
MySpace: Your risk?
Online alerts will be sent to MySpace users to help find missing
children and to increase protection for the social networking site's
users.
9 January 2007
Spammers use Microsoft
Vista as bait
Image spam is the new big thing. Drugs promising weight loss and
improved sexual performance are the usual products promoted, but
spammers have new bait: reduced-price Microsoft Vista.
8 January 2007
A new year, a new security
threat landscape
2006 was the year of the botnet. From January onwards, there was
a huge increase in the size and use of botnets. It is now reported
that botnets are controlling more than two million compromised PCs.
With more than 25% of malicious attacks being attributed to botnet
related activity, what does this mean for computer security in 2007?
5 January 2007
Cisco buys IronPort
to feed NAC
Cisco has agreed to buy email filtering vendor IronPort for $830m.
The deal is said to add some flesh and blood to the networking giant’s
‘self-defending network’ framework, of which its Network
Access Control initiative is part.
5 January 2007
US defences under hacker
attack
Attempts to threaten and target U.S missile systems and US defence
security have risen by 43% according to a recent Pentagon report.
14 December 2006
Phishing costs UK banks £45.7m
in 2006
The government's financial watchdog authority has just revealed
that incidents of phishing scams have increased by more than 8,000
per cent over the last two years in the UK.
6 December 2006
Biometric trial
at Heathrow
Heathrow airport has deployed a biometric system, officially launched
on 06 December by UK Minister for Immigration, Liam Byrne and Heathrow
Airport CEO, Tony Douglas
05 December 2006
Spam at 90%
of email and set to soar
Globalization will generate more fodder for botnets in 2007 as spam
sets to soar, according to research from Postini.
05 December 2006
Aviation industry IT
security pros feel the pressure
IT professionals in the airline industry report are being tested
with the security vulnerabilities thrown up by IP-enablement.
1 December 2006
Spyware powers 2006 cybercrime
Spyware for enterprise IP theft on the rise
23 November 2006
Banks threatened from the
inside
Banks are opening their eyes to the reality that the biggest
threat to their security comes from the inside.
21 November2006
35% of SANS 'top 20' new
SANS release the list of top 20 vulnerabilities of 2006
20 November2006
Check Point
makes move into data security
Firewall pioneer Check Point has announced a €457m bid to buy
Pointsec Mobile Technologies, a data-level security supplier, based
in Sweden.
13 November2006
US and UK government
documents leak confidential data
The Ministry of Defence and the US Department of Defense are inadvertently
disclosing confidential information, thanks to the workings of Microsoft
and Adobe software. Ronald D. Hackett, a former USAF major who works
for SRS Technologies, urged authorities to take action to stem the
information flow at the CSI conference in Florida last week.
9 November2006
Wikipedia just as ‘wiki’
as ever, says Wales
Wikis for music and film
27 October 2006
BT buys Counterpane
to boost IT security services
The UK’s BT Group has bought network monitoring specialist
Counterpane Internet Security, the company famously founded by security
intellectual Bruce Schneier.
27 October 2006
Senior
infosec pros shift gears from technology to management
Hardware and software have been definitively ousted by management,
awareness and HR issues in the minds of infosec professionals world-wide.
Such is the top-line finding of the third annual Global Information
Security Workforce Study, conducted by IDC on behalf of security
education and certification body (ISC)2.
24 October 2006
Verisign extends
VIP tokens to Macedonia
American developing economy charity USAid has combined with Verisign
to lift Macedonia out of the internet's black economy. USAid is
part funding the provision of the supplier's VIP (Verisign Identity
Protection) tokens to the country's Komercijalana Banka.
24 October 2006
Microsoft
vaunts Vista as chance to clean up IT 'ecosystem'
Microsoft VP for its security technology unit, Ben Fathi presented
Windows Vista, at RSA Europe in Nice today, as an opportunity for
the IT industry to clean up its "ecosystem".
21 October 2006
Biometric scheme reduces
night-time street violence in Yeovil
A biometric system for premises licensed to sell alcohol in the
English rural town of Yeovil has reduced night time street disorder.
Julia Bradburn, Principal Licensing Officer for South Somerset District
Council told delegates at Biometrics 2006 that between May and September
this year only “two major incidents” had happened in
the six premises enrolled in the scheme, compared with “between
20 and 25” in the six months prior.
21 October 2006
Call for public
trust in ID cards at Biometrics 2006
Joan Ryan, UK Parliamentary under Secretary of State at the Home
Office, told delegates at Biometrics 2006 on Thursday 19 October
that public trust was the most essential factor in ensuring the
success of the mooted ID card scheme. "There are risks around
the delivery of this scheme – but we must gain public trust
in order to move this forward. People must understand that improvements
in security will improve their everyday lives”.
16 October 2006
Norwegian BankID scheme
acclaimed at ISSE 2006
The ‘BankID’ electronic identification and signature
scheme that involves all banks in Norway has emerged as the 2006
winner of the eema ‘Award for Excellence in Secure Electronic
Business’. Infosecurity Editor, Brian McKenna presented
the award at the Information Security Solutions Europe conference
(ISSE 2006) in Rome, last week.
10 October 2006
Microsoft to fore at ISSE
2006
EU Commissioner Viviane Reding exhorted the Union’s private
sector to promote diversity in computing environments when opening
the ISSE Conference in Rome today. “Diversity reduces risk”,
she told delegates, “and introduces natural safeguards”.
5 October 2006
Security vendors barred
from Microsoft’s Vista
In the Financial Times of 03 October, McAfee published
a full-page advertisement addressed to ‘computer users around
the world’. The ad is in response to Microsoft’s announcement
that they would be denying third-party security vendors access to
the kernel of Vista 64bit, in order to make their software safer.
McAfee accuses Microsoft of deliberately obstructing security companies
from overcoming weaknesses in Windows Vista.
29 September 2006
Bodyguard computer enters market
Israel-based Yoggie Security Systems has announced the launch of
a credit-card sized computer that protects laptops. Company founder,
and former Finjan CEO, Shlomo Touboul said he got the idea for the
product “trying to figure out how to get round the problem
of protecting the corporate mobile laptop”.
29 September 2006
(ISC)² joins forces with
Childnet in internet safety campaign
Members of (ISC)² and Childnet, a charity devoted to making
the internet a safe place for children, announced last week a scheme
to promote internet security awareness in schools.
27 September 2006
Vendors dispute 90%-plus
spam claim
Security vendors have disputed a claim from the founder of a spam
blacklister that more than nine emails in ten are junk.
22 September 2006
Internet Explorer zero-day
exploit less toxic than feared
The IE exploit that has drawn so much press attention this week
is unlikely to impact enterprise IT. Russ Cooper, senior analyst
at security firm Cybertrust, said "IT security managers need
not be worried by this. Alerted, yes, but as long as they are practising
good internet hygiene, this problem should not affect them”.
15 September 2006
Network operators
feel the scourge of the botnet
Botnet executed distributed denial of service attacks have plagued
internet service providers over the last year.
14 September 2006
Top management lack of
awareness stokes insider threat
The security threat from inside companies is getting more menacing
and more widespread. The Ponemon Institute, a US privacy research
organization, links the increase to a lack of awareness at executive
level.
13 September 2006
Jail time for software
pirate and Zotob authors
Nathan Peterson, 27, has been sentenced to a record 87 months in
prison and a restitution bill of $5.4million in a court case that
the US Department of Justice (DOJ) has called: ‘one of the
largest involving internet software piracy ever prosecuted’.
12 September 2006
Stock-spammers promote themselves
with spam
‘Pump and dump’ spammers, who attempt to inflate the
prices of company stocks by sending emails recommending the purchase
of shares, have started promoting their services to investors and
company owners – through a campaign of spam, according to
a security vendor.
4 September 2006
UK to track US on drug traceability
The British Department of Health is conducting a 'scoping exercise'
to determine whether prescription drugs should acquire an electronic
identity that guarantees their provenance.
29 August 2006
Notify UK data
victims, says consumer group
A consumer group says Britons should be notified when their personal
data may have been breached, as is legally required by US states,
including California.
25 August 2006
ISS enters Big Blue
Not so much a summer of love as a season of wedding accouncements.
Microsoft swallows Whale; EMC scoops RSA; and now Big Blue takes
ISS.
25 August 2006
EMC buys RSA Security for
$2bn. Have they gone mad?
Perhaps EMC wants to be the Tesco of the IT market. If so then CA,
IBM and HP offer stiff competition. Documentum was an understandable
purchase for the storage giant, even though document management
peripheral to its business. And ControlCentre, Invista, Legato,
Rainfinity, Smarts, and VMware were all sensible seeming acquisitions.
18 August 2006
Return
of Ripa overshadowed by 10 August terror plot
The eighth Scrambling for Safety conference, held in London on 14
August by the Foundation for Information Policy Research, started
by debating the activation of dormant powers within part III of
the Regulation of Investigatory Powers Act 2000 (Ripa), allowing
government investigators to demand the decryption
of information.
16 August 2006
Critics voice concern
over planned UK decryption powers
The UK government’s plan to activate dormant legislation,
making it an offence not to decrypt data required by government
investigators, was criticised at a London conference on 14 August.
However, speakers differed mainly on how such legislation should
work, rather than whether it was needed.
14 August 2006
Company secrets not
scoured from second hand disks
Companies are still not ‘shredding’ computer disks.
Research from BT, the University of Glamorgan in Wales, and Edith
Cowan University in Australia shows that significant volumes of
sensitive information are still readable from second hand computer
disks.
9 August 2006
Worm attack predicted for Microsoft
server service vulnerability
Experts at security vendors Symantec and ISS have identified a newly
announced Microsoft vulnerability as a sweet spot for malcode authors.
1 August 2006
UK plans prison terms
for personal data abuse
The UK government’s plan to introduce imprisonment for those
found guilty of illegally buying and selling personal data will
not affect employers or officers of an organisation, as long as
they did not order or encourage the breach.
27 July 2006
Microsoft ingests
Whale
Microsoft has completed the acquisition of Whale Communications,
first announced in May. The privately held Israel-based SSL VPN
vendor was among the last of its breed swimming independently. It
has been working closely with Microsoft, especially since December
2005 when it started OEM-ing ISA Server.
19 July 2006
RuBee protocol goes through
walls — and human flesh
Infosecurity professionals may soon have a whole new world to worry
about, thanks to a new radio communications protocol that claims
to overcome signal loss problems associated with current implementations
of radio frequency identity (RFID) tags.
19 July 2006
Stock promotion spam
soars to 15% share
Spam that promotes company shares is booming – as do, temporarily,
the prices of such shares, according to experts at security vendor
Sophos.
17 July 2006
Industry
guide to international law updated
The Information Security Forum's (ISF) has released version III
of its legal repository, bringing together laws relevant to information
security and professional legal interpretations.
13 July 2006
Secure Computing acquires CipherTrust
Secure Computing is to buy messaging security supplier CipherTrust
in a deal worth $273.6 m, made up of $185 million in cash, 10 million
shares of Secure Computing common stock, and a $10 million seller
note that is subject to certain performance obligations.
7 July 2006
Researchers find
way around Great Firewall of China
China’s system for censoring internet traffic can be by-passed
through ignoring the reset instructions it sends, according to a
paper by researchers at University of Cambridge’s Computer
Laboratory.
29 June 2006
Nokia and G&D connect
to turn cellphones into credit cards
Forget about swiping your credit card, remembering your PIN or losing
your train ticket. Soon you'll just wave your mobile phone at a
point of sale terminal to pay for goods or board the 7.34.
23 June 2006
(ISC)2 scholarship winner
aims to please users
Ana Ferreira, a Portuguese information security researcher specializing
in healthcare, has won an (ISC)2 scholarship to develop and implement
an access control model for complex environments. She’ll do
this work at the University of Kent.
23 June 2006
Hacking matures as a criminal
discipline
The increasing criminalization of hacking concerned speakers at
(ISC)2’s SecureLondon conference on 20 June. “It’s
no longer an issue of hacking for fun and games or defacing a website,”
said former eBay and Microsoft security chief Howard Schmidt in
his keynote speech. Schmidt went on to detail how peer-to-peer networks
are being used by criminals as a source of confidential corporate
and personal information.
21 June 2006
Novell boosts SecureWave
SecureWave has announced a deal with Novell under which it will
resell the ‘white-listing’ security company’s
Sanctuary product suite alongside Novell ZENworks.
21 June 2006
Barclays banks gives
free a-v to customers
UK-based Barclays Bank is giving online customers free anti-virus
software and will send them text messages about transactions.
21 June 2006
Peer-to-peer software exposes corporate
data
Criminals are using peer-to-peer (P2P) networks to find corporate
and personal information held on home computers, former Microsoft
and eBay security boss Howard Schmidt told a London conference on
20 June.
20 June 2006
Microsoft makes stealthy
progress into security market
Microsoft has released an all-in one security package for home users
to challenge traditional security vendors. The new product –
OneCare, which costs nearly $50 a year, provides a firewall and
tackles spyware and viruses.
14 June 2006
Can you trust your partner?
The security posture of companies’ business partners has become
a bigger headache than ever because of the pressures of compliance
regulations. Not only do IT security managers have to worry about
their own networks being secure and in compliance, but they increasingly
have to ensure auditors that their supply chain is as clean as a
whistle.
8 June 2006
Removable media security
time bomb
Over half of UK employees are downloading corporate information
onto their memory sticks, compared with 31% last year, according
to a ‘Removable Media in the Workplace’ survey. The
study, conducted by Pointsec, indicates that removable media devices
such as media players, memory sticks and USB flash drives are now
routinely with scant regard to security.
6 June 2006
Ransomware hits Manchester
A UK case of ransomware, which encrypted the files on a nurse’s
computer and demanded a payment for the key, seems to show the technique
is spreading from its Russian roots.
6 June 2006
Spam – UK increase
matches global decrease
Britain bucked the global spam trend in May with a two per cent
increase, according to MessageLabs May Intelligence report.
25 May 2006
Real world security model for
infosec, says Microsoft security guru
"Security is not about locking things up”, Microsoft
security guru Butler Lampson told the SEC 2006 conference in Karlstad,
Sweden. “The fundamental reason people don’t break in
to most of our houses is that the risk of punishment is too great”.
25 May 2006
Ballmer: Symantec will not block
our Vista
Symantec’s legal action against Microsoft will not delay the
release of its Vista operating system, Microsoft’s chief executive
Steve Ballmer said on 22 May.
16 May 2006
E-crime under spotlight
at Infosecurity Europe 2006
Soca kicks off new game for NHTCU
16 May 2006
Five years for Californian botmaster
A 21 year-old California man is the first botmaster to go down for
nearly five years for controlling 400,000 bots to send spam, conduct
DDOS attacks and install adware for profit.
16 May 2006
First major Chip and
PIN fraud hits Shell
Oil company, Shell last week suffered a £1 million Chip and
PIN fraud in the UK that is likely at the hands of an insider. Eight
people have been arrested in connection with the crime.
10 May 2006
McKinnon extradition no risk
to pen testers
A judge’s decision to extradite British hacker Gary McKinnon
to the US does not increase risks for penetration testers, according
to a British practitioner.
10 May 2006
More UTM from Check Point
Check Point has released two new product lines focused on Unified
Threat Management (UTM) and what it calls 'high performance security'.
12 April 2006
UK business
careless with online data
British businesses are failing to adopt the security controls needed
to protect their customers' information, according to findings from
the 2006 Department of Trade and Industry's biennial 'Information
Security Breaches Survey'.
12 April 2006
Fix for critical IE flaw available
As part of its monthly patch distribution, Microsoft has issued
a series of new security updates, some of which are categorized
as critical.
10 April 2006
Linux-Windows virus: don’t
panic
A cross-platform demonstrator virus capable of infecting both Linux
and Windows file formats is unlikely to lead to a real threat, according
to experts.
29 March 2006
Small, targeted
botnets emerge as threat
Botnet herders using zero day malcode to target small numbers of
victims is emerging as a major threat du jour, Mikko Hyppönnen,
chief research officer at F-Secure told delegates to Websec, in
London, yesterday.
28 March 2006
Microsoft postpones more secure
Windows
Microsoft’s delayed release of Windows Vista will mean a longer
wait by users for what should be a more secure version of its operating
system. However, one analyst said that the ideal time to move to
Vista will be after the first service pack is released, regardless
of improved security features.
27 March 2006
Internet-enabled
workers still plague UK business
British employees are easing off on web and email abuse at work,
but it's still not a pretty picture. The UK Department of Trade
and Industry's biennial Information Security Breaches Survey found
one employee spending six hours of each working day on online dating,
while one manufacturing company lost custom to a misdirected email
containing confidential information.
21 March 2006
Basel II might boost infosecurity
The Basel II banking code will give international banks a financial
incentive to gather better data on infosecurity risks, according
to a speaker at Isaca’s European Computer Audit Control and
Security conference in London on 20 March.
21 March 2006
Security less problematic than IT
staffing
Security and compliance were the least problematic IT issues for
organizations last year, according to research for the IT Governance
Institute (ITGI).
15 March 2006
Commissioner tells CeBit that
privacy is RFID concern
The European Union will hold a series of meetings and an online
consultation on the use of Radio Frequency Identification (RFID)
chips.
15 March 2006
Problem PINs down North Americans
A vulnerability on bank card personal identification numbers, which
has led to Citibank blocking PIN transactions for its American customers
in the UK, Canada and Russia, does not apply to countries which
have adopted ‘Chip and PIN’ bank cards, according to
the UK payment association Apacs.
10 March 2006
Days of
mass destructive worms are numbered
Damaging and ubiquitous worms and viruses are on the way out, according
to a new Symantec report that examined the security threats at the
end of 2005.
28 February 2006
John Lewis monitors
moves on CCTV
John Lewis Partnership may in future link movement analysis software
to in-store CCTV cameras, according to the employee-owned store
chain’s head of business protection.
28 February 2006
IISP marks official
debut
The newly minted CEO of the UK-based Institute for Information Security
Professionals, Nick Coleman, revealed that the organization has
had 220 individual applications in the last 60 days. He also confirmed
that four major professional services firms – Accenture, Atos
Origin, Ernst & Young, and KPMG – have joined McAfee,
the UK Cabinet Office, Vodafone, and UBS, among others, in an initial
roster of corporate members.
26 February 2006
UK ID scheme:
blessing or backlash for biometrics?
The British House of Commons voted on 13 February by a majority
of 31 to compel anyone applying for a passport also to accept an
identity card and enrol on the national identity register. This
is a database which will store the facial, fingerprint and iris
biometrics of its subjects, along with much other information.
15 February 2006
Gates and McNeally commit to sharing
on Valentine’s Day
Industry giants crack accidental shooting jokes at RSA
14 February 2006
Fine-tuning for Olympic IT security
Contractor Atos Origin sees no attacks, just a few accidental disconnections
10 February 2006
Spyware spikes in northern
Europe
2005 was the biggest year yet for spyware, with the UK and the Nordic
countries having the most infected of European computers.
6 February 2006
Regulator warns banks to
face up to online fraud
The UK Financial Services Authority (FSA) has said that consumer
confidence in the safety of online banking is now ‘fragile’.
It has reported that half of all the Internet surfing public were
‘extremely’ or ‘very’ concerned about making
transactions online.
1 February 2006
Euro data protector cautious
on police access
Peter Hustinx, the European Data Protection Supervisor, last week
signalled a cautious approach towards use of Europe-wide databases
in tackling crime and terrorism, when this is not their primary
purpose.
19 January 2006
eBay attacker owns up to
2003 hack
An eBay hacker has pled guilty of launching a distributed denial
of service attack against the internet auction site.
19 January 2006
Bulgaria and Microsoft
hook suspected phishers
The Bulgarian authorities and Microsoft have cracked a gang suspected
of sending fraudulent emails.
19 January 2006
The Shadowcrew - organized,
but Organized Crime?
The mainstream and IT trade press is replete with references to
'organized crime' getting into cybercrime. Is this designation correct?
And how significant are the successes of law enforcement in this
area?
17 January 2006
Suppliers face risks
on UK identity scheme
The risks for IT suppliers bidding to build the UK Home Office’s
biometric identity card and register were highlighted this week
by a parliamentary vote demanding more financial detail on the plans.
17 January 2006
Compliance points way to risk management
Recent and current pressures on IT security managers in publicly
quoted companies to tick regulation boxes have about five more years
to run. NetIQ security strategist Chris Pick believes that the discipline
of risk management, taking companies beyond mere compliance, is
"not there yet” as a driver of IT security spending,
but that it will be soon.
16 January 2006
Forensic company forced to do
self-analysis
Guidance Software, a computer forensic company, is embarking on
a computer investigation of its own corporate systems.
16 January 2006
Focused attacks and botnets
greater threat than WMF type vulns
While the Microsoft Windows Metafile vulnerability may have generated
a frenzy of media attention, the real threat in the year ahead will
consist of increasingly stealthy, targeted attacks.
9 January 2006
Apps under fire
Infosecurity professionals will increasingly focus on threats to
applications rather than operating systems in 2006, according to
experts.
22 December 2005
Skype an attack
surface here to stay
For the last 18 months, Skype has blazed a trail in the Voice over
IP arena, offering free calls to anyone with a broadcast connection.
Its popularity hasn’t gone unnoticed by the hacker community.
22 December 2005
Hidden costs of
software piracy
Organized criminal gangs are using software piracy as a cash cow
to fund more complex operations.
21 December 2005
Cross-European
information security poor
Europe’s culture of security with respect to information is
still in its infancy. Not only is personal awareness of suitable
security measures inadequate, but inter-government cooperation and
harmonization activities are poor.
20 December 2005
Keep infosec special
says Standard Chartered security leader
John Meakin, Group Head of Information Security at Standard Chartered,
told an audience of leading information security professionals yesterday
to resist a trend to “lump infosec in with other disciplines”.
9 December 2005
Infosec pros tool up with
certificates
Information security professionals are stepping up training to capitalize
on a new found business prominence. Worldwide, more than 43% of
the IT security budget is being spent on personnel, education and
training, an IDC survey conducted on behalf of (ISC)2 has found.
9 December 2005
Bank of Ireland
plans two-factor authentication
Bank of Ireland is planning to introduce two-factor authentication
for online banking customers within the next year. The bank will
most likely issue customers with security tokens, which dynamically
change numbers, for each transaction. However, it is also looking
at biometrics and keystroke dynamics, said the Bank’s Manager
of Group Information Security.
9 December 2005
US Financial regulator tells banks
to shape up
A US regulator of financial firms has released guidelines for banks
to secure online transactions with stronger authentication.
8 December 2005
Hackers turn on security
systems says Sans
Hackers are attacking security applications instead of operating
systems revealed a report on the top 20 vulnerabilities this year.
30 November 2005
Sober worm returns as largest outbreak
of 2005
The anti-virus firm F-Secure has put the latest variant of the worm,
Sober.Y, on Radar Level 1 Alert. Level 1 is the highest alert level
on F-Secure’s 3-step alerting system.
25 November 2005
ID card scheme tackled
at London University
John Daugman, Cambridge-based pioneer of iris recognition told an
audience of sixty security professionals, lawyers, and privacy advocates
last night: “it is Orwellian to base a political campaign
on disinformation”. Daugman had in his sights the LSE report,
published in July, critical of the UK government’s identity
cards scheme.
25 November 2005
Irish Gov declares
national security day
The Irish Government dedicated a day in November to IT security
to tackle the lack of awareness on how to protect PCs.
18 November 2005
Internal system
vulnerabilities poorly patched
Gerhard Eschelbeck, CTO of Qualys and leading vulnerabilities researcher,
said that internal systems are still not being patched fast enough
compared with external ones. “There is a bigger perceived
risk with external vulnerabilities”, Eschelbeck told delegates
at CSI 2005 in Washington earlier this week, “but the reality
is otherwise”.
18 November 2005
Government infosec salaries
holding up
Information security staff working in the government sector are
not the Cinderellas of the profession. Thirty one per cent of them,
working for the US government, earn between $100k and $125k, while
most infosec pros are earning $80k to $120k.
7 November 2005
DoS attack not illegal, says London
judge
A judge has decided the UK’s Computer Misuse Act (CMA) does
not cover denial of service (DoS) attacks, when clearing a teenager
who was accused of sending his former employer five million emails.
6 November 2005
Hi-tech Crime Unit goes
on tour
UK National Hi-Tech Crime Unit (NHTCU) ambassadors plan to tour
major British cities to teach home computer users how to keep safe
on the Internet.
6 November 2005
UK data
protection office says ID cards signal surveillance society
The UK Information Commissioner, Richard Thomas, has said that the
large amount of personal information that the UK Government plans
to collect for the ID card national register is “unwarranted
and intrusive”.
3 November 2005
Espionage-linked silent exploits
grow in threat potential
Ross Brown, recently appointed chief operating officer at security
research and vulnerability management software firm, eEye has confirmed
that zero day exploits are being increasingly used in targeted attacks
on large western enterprises.
3 November 2005
Attack simulation tool
aimed at Christmas market
Spirent Communications has launched a tool capable of replicating
extreme digital attacks. The tool simulates network attacks by creating
data packets that mimic the behaviour of viruses and worms. It was
released in June in North America, and is now available elsewhere.
1 November 2005
Microsoft investigates
spammers with trick computer
Microsoft has traced the source of zombie botnet masters by sacrificing
a lone computer.
The computer trap enabled Microsoft to trace bot hackers in the
act of compromising the PC. The Redmond giant then filed lawsuits
against unidentified spammers who used remotely compromised zombie
computers to send junk emails.
25 October 2005
Juniper installs infranet
controller
Juniper has announced the availability of its 'Infranet Controller'
4000 and 6000 appliances, and 'Infranet Agent'. The company says
these products use a combination of identity-based policy and endpoint
intelligence to give enterprises real-time visibility and policy
control throughout a network. The products compete with Cisco's
network admission control programme, and instantiate a trend towards
using originally remote security technologies to secure internal
networks.
24 October 2005
Oracle rolls out biometric access
controls
Oracle, the world’s second-largest software firm, has extended
its use of biometrics to control access to buildings and rooms,
following a successful deployment at its top-security data centre
in Austin.
21 October 2005
Fingerprints fail
for under-sixes
Fingerprint-based biometric technology is impractical for children
under the age of six, according to research by TNO, the Dutch statutory
technology research organisation. TNO found that facial recognition
can be used for young children, although with adaptations to standard
hardware.
21 October 2005
UK to take fingerprints
from 2009
The UK plans to add digitized fingerprints to all its biometric
passports and identity cards from 2009, and will begin producing
passports with microchips, initially holding only a facial photograph,
from next February.
18 October 2005
Infosec pros gain business
influence in Europe
European information security professionals feel they are gaining
influence in their businesses, says a new (ISC)2 survey.
6 October 2005
Gone phishing in Halifax
One of the UK’s largest consumer banks last month sent a marketing
email to customers which showed several signs of being an attempt
at ‘phishing’, without informing its security staff.
6 October 2005
Malware chases the money
Trojan-based attacks will replace traditional email phishing scams
in Europe and the US, according to a report from the Information
Security Forum (ISF).
5 October 2005
Exit old fashioned phishing –
enter hardcore Trojans and moles
Trojan-based attacks will replace traditional email phishing scams
in Europe and the US, according to a report from the Information
Security Forum (ISF).
30 September 2005
European ICT leaders demand
secure internet for economic growth
The head of ENISA, the Hungarian minister of informatics and communications,
and a senior DTI spokesman called for a significant increase in
network and information security to speed economic growth across
the continent. All spoke earlier this week at the ISSE conference
in Budapest.
20 September 2005
UK-based infosec institute
set in train
"Project managers don’t design bridges”, BP chief
security officer Paul Dorey told 83 infosec professionals at Royal
Holloway College, University of London last night.
19 September 2005
Qualys clones data centre in Germany
Qualys, a vulnerability management and policy compliance vendor,
has opened its first Secure Operations Centre (SOC) in Europe.
12 September 2005
nCipher launches crypto key
management product
Cambridge-based cryptography company nCipher has released a product
that provides an administration framework for enccyption keys. Called
nCipher keyAuthority, it is a management system that consolidates
and automates the management of cryptographic keys and c | 
