Iain Thomson at Black Hat 2010 in las Vegas, V3.co.uk, Thursday 29 July 2010 at 09:52:00
DNS Security Extensions could cripple man-in-the-middle attacks
The Internet Corporation for Assigned Names and Numbers (Icann) has announced
what it claims…
.::anti-abuse.com::.
Security Revealed
enterprise-security-technology's archive
A week in security: Google tightens up Apps
Posted in May 8th, 2010
Phil Muncaster, V3.co.uk, Saturday 8 May 2010 at 18:11:00
V3.co.uk rounds up the top security stories of the week
It’s been fairly quiet on the security front this week. Microsoft has
announced that its next Patch Tuesday update will be fairly light, while Google
has tightened up its cloud security, and new research from VeriSign and Symantec
Hosted Services proves that there is still a lot to keep security professionals
busy.
First up is the news that a college student is
facing
over 20 years in jail and huge fines after guessing the password to the
Yahoo email account of onetime vice presidential candidate Sarah Palin.
David Kernell was convicted of obstruction of justice and using unauthorised
access to obtain information from a computer, which comes with a maximum term of
20 years in jail. He was found innocent of wire fraud, and a charge of identity
theft was dismissed after a retrial.
Google, meanwhile, has
released
a new tool that allows administrators at firms using Google Apps to remotely
reset cookies to ensure that sensitive data cannot be accessed if a device is
lost or stolen.
Google Apps software engineer Will Smit said in a blog post that the feature
offers improved cloud security for organisations concerned that more information
is being stored in the cloud than ever before.
Also this week, the
perils
of Facebook were highlighted again in a new survey which found that almost a
quarter of Facebook users do not do enough to protect their own data on the
social networking site.
Web authentication firm VeriSign published a report this week offering advice
on how to guard against the
growing
threat of distributed denial-of-service attacks. The
DDoS
Mitigation report is designed to guide enterprises through the minefield of
internet security, which VeriSign said had changed dramatically over the past 12
months.
Meanwhile, Symantec Hosted Services released new research indicating that a
lack of knowledge and awareness about how to use Linux mail servers could be
contributing to the disproportionately large number of Linux machines being
exploited
to send spam.
“One reason there is so much spam from Linux could be that many companies
that have implemented their own mail servers, and are using open-source software
to keep costs down, have not realised that leaving port 25 open to the internet
also leaves them open to abuse,” said malware data analyst Mat Nisbet.
Finally, Microsoft has published its
advance
notification for this month’s Patch Tuesday update on 11 May. Security
administrators will be pleased to hear that it will be a relatively light affair
with fixes for two critical vulnerabilities in Windows and Office.
Comments Off
VeriSign warns of growing denial-of-service threat
Posted in May 6th, 2010
David Neal, V3.co.uk, Thursday 6 May 2010 at 11:48:00
Report offers advice for protecting against attacks
Web authentication firm VeriSign has published a report offering advice on
how to guard against the growing threat of distributed denial-of-service (DDoS)
attacks.
The
DDoS
Mitigation report is designed to guide enterprises through the
minefield of internet security, which VeriSign said had changed dramatically
over the past 12 months.
“If the past year has shown us anything, it is that DDoS threats represent a
moving target that is growing more sophisticated and difficult to defend
against, even as the attacks themselves grow more frequent,” said Ken Silva,
chief technology officer at VeriSign.
“We published this white paper as a blueprint for organisations looking to
stay ahead of this rapidly evolving threat to revenues, operations, customer
loyalty and network reliability.”
VeriSign cited a recent survey from analyst firm Forrester which found that
just under three-quarters of IT decision makers had experienced some kind of
DDoS attack in the past year, and that almost a third had suffered a disruption
of service.
The company warned that hackers had matured over the past year, and are
creating subtle “custom” attack bots that mimic legitimate traffic.
VeriSign added that even “budget-minded amateurs can spawn successful attacks
by renting botnets for as little as $200 [£132] for 24 hours”.
The report offers a range of best practices for organisations looking to keep
their business running in the face of an attack.
Companies should centralise data gathering, for example, making it easier to
analyse the appearance of normal traffic and create policies for reacting to an
attack.
Comments Off
VB tests bring good news for anti-spam vendors
Posted in May 5th, 2010
Shaun Nichols in San Francisco, V3.co.uk, Wednesday 5 May 2010 at 03:23:00
18 of 21 pass latest round of spam tests
VirusBulletin has posted the results of its latest round of anti-spam tests.
The security publication said that of the 21 products tested as part of its
May VB Spam report, 18 were able to claim certification as having passed.
The test pits products against a collection of spam messages and grades
products both based on the ability to block spam messages while avoiding “false
positive” blocks on legitimate messages.
A final score is calculated by multiplying the false positive percentage by 3
and then subtracting that number from the percentage of genuine spam blocked. To
pass, the product must receive a final score higher than 96.
The company said that of the 20 products that took the full test, 17 were
able to meet the criteria.
An additional product, the Spamhaus ZEN plus DBL blacklist, was classified as
a partial solution meant to be used alongside other products, and as such was
tested and given certification in a separate category.
Of the three products that did not pass the test, none recorded false
positive rates higher than 2 per cent or spam catching scores under 98 per cent.
Higher false positive rates appeared to prevent passing scores for MessageStream
and modusGate, each of which caught more than 99 per cent of legitimate spam.
Sunbelt’s Vipre offering scored slightly less than 98.5 per cent caught with
a false positive rate of under 1 per cent to fall short of certification.
Among the products placed the highest on the test’s ‘quadrant’ ranking system
were Microsoft Forefront, Libra Esva, Sophos, BitDefender and Symantec
Brightmail.
Comments Off
Advertisments
Popular Tags
Recent Entries
- Bugtraq: CFP NcN 2010
- Bugtraq: [security bulletin] HPSBUX02556 SSRT100014 rev.2 – HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
- Infocon: green
- Web Traffic Analysis with httpry, (Fri, Jul 30th)
- Bugtraq: [HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
- 6 Ways to Make Sure Your Sex Life Stays Private
- Information Security Investigator: BlackHat 2010 Video! The ATM Hack and Jackpot
- The Register: UK population to be guaranteed mobile 768Kb/sec service
- Wired: Exclusive – Google, CIA Invest in Future of Web Monitoring
- Tutorial: Replace Windows with OpenSUSE 11.3
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |