Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games

February 8, 2010 · Filed Under Internet Software, Security Software, Software News · Comment 

Company encourages businesses, event advertisers, and corporate and individual attendees to remain vigilant and take information security precautions

Solutionary, has identified the top information and data security risks facing businesses, Olympic advertisers and attendees of the upcoming Winter Olympic Games in Vancouver from February 12th to 28th. In addition, the company has provided precautionary tips to help these people and organizations protect their data and assets.

Solutionary is a trusted security advisor to companies of all sizes around the world, processing more than 300 billion events annually through the company’s Security Operations Centers (SOC). Solutionary’s certified SOC analysts and technology offer 24/7 live and automated event monitoring to ensure the highest levels of protection.

“Hackers, spammers and scammers often take advantage of major events, like the Olympics, to steal confidential consumer and corporate data and information or to generally create chaos,” said Don Gray, Chief Security Strategist of Solutionary. “Since the 2008 Games, new and more malicious threats have surfaced and attacks are more prevalent, from the Google email hacks to Twitter and Facebook denial of service (DDOS) attacks. In the age of Web 2.0 and constant connectivity, it’s more important than ever for businesses and individuals alike to remain vigilant about information security – especially around an event of such international significance.”

Solutionary’s information and cyber security experts have identified the following as the top five information security risks around the Olympics:

Social Networks & Instant Messaging (IM) – In recent months, sites and services like Facebook, Twitter and MSN Messenger have been repeatedly targeted by hackers. Keep your guard up, even during the excitement of the Games. Who you are connecting to? How you are connecting to them? Are you sharing information that could be used for social engineering? Never share files thru IM services and connect only to branded, trusted information sources.

Masquerading Wireless Networks - Always know what network you are connecting to and avoid unsecured wireless networks. Only connect to networks associated with trusted brands/providers and be sure to verify names and credentials of the access points.

Malvertising – Website ads containing malicious exploit code may be hosted by unsuspecting websites in an attempt to maximize online ad revenue around the Games.

Hacktivism – Nationalistic pride can be a powerful motivator in driving hackers to initiate attacks. In the recent Google hacking incident there was evidence of retaliatory hacking affecting Baidu.com.

Whaling – Corporate executives and guests should be trained to recognize attempts to target them, their laptops, and phones for exploit. Promotional items can easily be faked. Emails, devices, CDs, and memory sticks can all convey malicious software.

Solutionary’s experts recommend Olympic attendees, advertisers and Vancouver-area businesses take the below security precautions, at a minimum, leading up to and during the Games:

Awareness – Make sure everyone in your network – whether it’s your kids or your employees – is aware of potential threats. If they are aware of heightened risk, they will be more vigilant and likely to flag suspicious activity or items.

Protect Endpoints - Attendees must protect mobile computers and phones as these devices often are targeted for the data they contain as well
as an exploit path for stealing account credentials, credit card information, etc.

If you can, leave them at home. Consider limiting yourself to one pocket-able device that’s easy to keep track of.

If you must have a laptop, ensure that it is up to date with the latest patches, anti-X (virus, spyware, malware) software.

Remove all non-essential data from laptop before traveling – especially if it’s confidential or sensitive.

If you must travel with sensitive or confidential data, employ strong whole disk encryption.

Check, Double-Check and Re-Check Security Processes – Local businesses and advertisers should review their information security countermeasures, validate that patches are up-to-date, that web applications are not vulnerable, and that wireless networks are secured using WPA/WPA2 authentication and TKIP/AES encryption.

Log Monitoring – Local businesses involved with the Games and advertisers must recognize that their participation brings about the possibility of increased motivated attackers targeting them for nationalistic or political reasons. Ensure security log monitoring is adequate to handle the increased threat level and volume.

Check ATM’s – Attendees and local financial institutions should be vigilant about checking for ATM pin-pad skimmers. Most pin-pad skimmers can be detected by careful examination and physical checking as they are often taped on top of the real card-entry mechanism on the ATM. If there is any doubt, find another ATM to be safe.

Tags: , , , , , , ,

Top 10 Malware Threats for January

February 4, 2010 · Filed Under Security Software, Software News · Comment 

Leading anti-malware developer finds continued prevalence of Trojan horse programs

Sunbelt Software announced the top 10 most prevalent malware threats for the month of January 2010. The report, compiled from monthly scans performed by Sunbelt’s award-winning anti-malware solution, VIPRE® Antivirus + Antispyware, and its antispyware tool, CounterSpy®, is a service of SunbeltLabs(TM).

In January, the malware landscape remained remarkably similar to December, according to Sunbelt Software ThreatNet statistics. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojan horse programs.

Trojan.Win32.Generic!BT – a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growing by nearly 20 percent from 18.69 percent of all detections in December. It is a detection that includes many downloaders associated with scareware or rogue security products.

After holding the top spot on the list for most of 2009, the password-stealing Trojan-Spy.Win32.Zbot.gen held the second position on the list for the third consecutive month, decreasing from 6.23 to 4.91 percent of all detections.

“I think we can expect to see Trojan horse programs continue to be the top detections for the foreseeable future,” said Michael St. Neitzel, Sunbelt Software vice president of Threat Research. “Trojans used to download and install a wide variety of other malware and those are the real moneymakers for the bad guys.”

Other Trojans in the top 10 were:
– Trojan.Win32.Generic!SB.0
– Trojan.Win32.Malware
– Trojan.ASF.Wimad (v)
– Trojan.HTML.FakeAlert.a (v)

Meanwhile, three new detections moved onto this month’s top 10 list. Virtumonde — a generalized description of an adware program with many versions of pop up advertising — constituted 1.23 percent of overall detections. Packed.Win32.TDSS.aa.3 (v) — a sophisticated rootkit and Trojan that is used primarily to redirect search engine results — made up 1.21 percent. Finally, Trojan.HTML.FakeAlert.a (v) — a detection for an HTML file which replaces a desktop background and works with other rogue malware — made up just under one percent of all detections.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of January are:
1. Trojan.Win32.Generic!BT 23.15%
2. Trojan-Spy.Win32.Zbot.gen 4.91%
3. Exploit.PDF-JS.Gen (v) 4.55%
4. Trojan.Win32.Generic!SB.0 2.40%
5. Trojan.Win32.Malware 1.93%
6. Trojan.ASF.Wimad (v) 1.92%
7. INF.Autorun (v) 1.46%
8. Virtumonde 1.23%
9. Packed.Win32.TDSS.aa.3 (v) 1.21%
10. Trojan.HTML.FakeAlert.a (v) 0.98%

Source: Sunbelt Software

Tags: , , , , ,

Microsoft study reveals small and midsize businesses using hosted services have better financial performance

February 4, 2010 · Filed Under Business Software, Internet Software, Productivity Software, Software News · Comment 

Research suggests correlation between IT usage and business growth.

Microsoft released its global SMB IT and Hosted IT Index 2010,(1) which investigates how small and midsize businesses (SMBs) across multiple segments fared during the recession and how they use technology. The research finds that businesses that value IT as an enabler for better business productivity and effectiveness and those that use hosted services performed better fiscally than those that do not.

IT Critical to Revenue Growth

Despite the global recession, more SMBs surveyed in 2010 reported an increase in revenue than in 2008. Those that reported growth view IT as critical to their business success.

– In the past 12 months, 52 percent of SMBs reported an increase in revenue, up from 39 percent in 2008.(2)
– Increasing 20 points since 2008, 55 percent of SMBs view IT as critical to their business.
– Of the SMBs that view IT as critical, 60 percent saw revenues grow over the past 12 months. In contrast, among SMBs that stated IT is not important, less than 29 percent saw revenue increase.(3)

SMBs Moving Toward Cloud Computing

The 2010 index indicates SMBs are beginning to see the benefits of cloud computing; more than 40 percent of the respondents that use hosted or cloud technology reported revenue rises of 30 percent or more compared with 90 percent of respondents not using hosted technology that saw decreases in revenue. The advantages of hosted or cloud technology are viewed as reduced cost and IT management and maintenance, as well as increased business value, productivity and competitiveness.

– Awareness of hosted services is increasing with 65 percent of SMBs using hosted software to some extent, while 73 percent of the remainder have considered it, compared with only 44 percent in the 2008 Index.
– SMBs are beginning to understand the value of “renting” IT as a service — 36 percent said a pay-as-you-go model would be attractive.

Cloud computing has become a watchword for the IT industry as software and services such as e-mail, Web sites and e-commerce are increasingly available in an on-premises, off-premises or hybrid model depending on business need.

“Over the last five years, we have seen nearly 40 percent growth in usage of hosted services,” said Michael Korbacher, director of EMEA Software plus Services in the Communications Sector at Microsoft. “Using pay-as-you-go cloud technologies, small and midsize businesses can now afford and easily have access to enterprise-class, secure services across any platform.”

Correlating Business Performance With Technology Usage

The findings from the research were concluded by analyst firm Freeform Dynamics Ltd., which independently assessed the SMB IT and Hosted IT Index 2010 to ascertain to what degree IT adoption is driving revenue growth specifically within the SMB community.

The SMB IT and Hosted IT Index 2010 commissioned by Microsoft researched 3,193 SMBs in a cross section of private industries in 15 countries. Overall, the findings show greater awareness of the benefits of IT among SMBs and a high reliance on IT across all industries and geographies. The findings indicate a clear path toward better financial performance than for those not currently taking advantage of IT advances such as hosted services.

“Our assessment of the report tells us that an increased focus on IT correlates with good performance in all of the size categories surveyed,” said Dale Vile, research director of Freeform Dynamics. “This whole picture corroborates the notion that technology and hosted services can provide tangible business advantage, even for smaller companies, and it’s not surprising to see that investment in IT and hosting goes hand in hand with good financial performance.”

Role of IT Within Business and Revenue Change

It’s critical to our business; we cannot work without it.
– 14.38 percent – Revenue up more than 30 percent
– 34.01 percent – Revenue up 10 percent to 30 percent
– 11.56 percent – Revenue up less than 10 percent
– 25.49 percent – No change in revenue
– 14.55 percent – Decrease in revenue

It’s very important for the majority of our activities.
– 8.86 percent – Revenue up more than 30 percent
– 28.32 percent – Revenue up 10 percent to 30 percent
– 8.65 percent – Revenue up less than 10 percent
– 40.16 percent – No change in revenue
– 14.01 percent – Decrease in revenue

It’s important but not essential to the running of the business.
– 8.21 percent – Revenue up more than 30 percent
– 18.48 percent – Revenue up 10 percent to 30 percent
– 8.21 percent – Revenue up less than 10 percent
– 46.33 percent – No change in revenue
– 18.77 percent – Decrease in revenue

It complements our business but is by no means essential.
– 7.41 percent – Revenue up more than 30 percent
– 13.89 percent – Revenue up 10 percent to 30 percent
– 7.41 percent – Revenue up less than 10 percent
– 42.59 percent – No change in revenue
– 28.70 percent – Decrease in revenue

The IT Services Outlined in the Research Are as Follows

E-mail
– 67 percent SMBs have on site
– 29 percent SMBs have hosted
– 4 percent SMBs don’t have


File sharing/collaboration
– 56 percent SMBs have on site
– 23 percent SMBs have hosted
– 21 percent SMBs don’t have

Backup
– 71 percent SMBs have on site
– 22 percent SMBs have hosted
– 7 percent SMBs don’t have

CRM
– 52 percent SMBs have on site
– 31 percent SMBs have hosted
– 17 percent SMBs don’t have

Webconferencing
– 40 percent SMBs have on site
– 39 percent SMBs have hosted
– 21 percent SMBs don’t have

Web site
– 49 percent SMBs have on site
– 39 percent SMBs have hosted
– 12 percent SMBs don’t have

Server
– 59 percent SMBs have on site
– 28 percent SMBs have hosted
– 13 percent SMBs don’t have

E-commerce
– 46 percent SMBs have on site
– 33 percent SMBs have hosted
– 21 percent SMBs don’t have

The Microsoft Small Business Technology Index 2010 research report was executed by Vanson Bourne  between November 2009 and January 2010. The research questioned 3,193 small and midsize businesses (up to 500 employees) across 15 countries worldwide: Australia, China, France, Germany, India, Japan, the Netherlands, Norway, Poland, Singapore, South Africa, South Korea, Spain, the U.K. and the U.S.

(1) 3,193 SMBs surveyed in France, Germany, Netherlands, Norway, Poland, South Africa, Spain, U.K., U.S., Australia, China, India, Japan, South Korea and Singapore in a cross section of different industries. Microsoft Small Business Technology Index 2010 available on request.

(2) Microsoft Small Business Technology Index 2008. Available on request.

(3) Table showing correlation between the role of IT within businesses and revenue change

Source: Microsoft Corp.

Tags: , , , , ,

Cowbell2010 iPhone App supercharges the Olympic fan experience

February 1, 2010 · Filed Under Software News · Comment 

Winter Olympics watchers around the world get the full event schedule, real-time medal count, live Twitter feed from hundreds of Olympians and a national flag covered, virtual cowbell, all in one App

The gloves don’t have to come off in Vancouver, or wherever you happen to be watching the Games, to make noise for this winter’s Olympians. The new Cowbell2010 App for the iPhone and iPod Touch enables Winter Olympic Games fans, followers, family and teammates around the world to cheer on the athletes by ringing a virtual cowbell. The traditional, distinctive clamor lets the athletes know they’re being supported.

With the Cowbell2010 App, your iPhone or iPod Touch becomes your very own clanging cowbell, draped in the country flag of your choice, that you can shake until the cows come home — or until your country’s team reaches the medal podium. Whether you’re at the Games in Vancouver, on your couch cheering at home with family or at a pub with friends watching the events, the Cowbell2010 App offers all of the features you need to be a part of the Olympics experience including:

  • A virtual, working, national flag-emblazoned cowbell
  • Real-time medal tally by country
  • Twitter feed that follows hundreds of Olympian tweets
  • Complete event schedule that adjusts to your time zone
  • Favorites folder to manage your Games-watching schedule
  • Live Wall to share photos and texts of your Winter Games experience with friends on Facebook and Twitter, as well as other Cowbell 2010 users around the world.

Much easier to carry than bulky, brass cowbell, the Cowbell 2010 App is a must-have for celebrating this year’s Games. Cowbell 2010 may be downloaded for just $.99 in the iTunes App Store.

More information on the Cowbell2010 App can be found at http://www.cowbell2010.com/

Source: Rage Digital Inc.

Tags: , ,

Hacker attacks targeting healthcare organizations doubled in the 4th Quarter of 2009

January 30, 2010 · Filed Under Internet Software, Security Software, Software News · Comment 

SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported  that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009.

Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

In the Fall of 2009, SecureWorks and the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware, according to King. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim’s browser (including passwords), launch Distributed Denial of Service attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

SQL Injection attacks target vulnerabilities in organizations’ web applications. “We also saw a resurgence of SQL Injection attacks beginning in October,” continued King. “They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data,” said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.

Factors Contributing to Healthcare Attacks
1. Valuable Data Stores – Healthcare organizations often store valuable data such as a patient’s Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.
2. Large Attack Landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

“In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” said Jon Ramsey, CTO for SecureWorks.

SecureWorks has outlined a set of information security guidelines to assist the healthcare industry in protecting their patient data from cyber attacks and other data breaches. Adopting these security measures will also assist organizations in demonstrating their adherence to the HIPAA regulations and the requirements outlined in the new Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act has extended the HIPAA regulations to apply not only to healthcare providers, insurers and healthcare clearinghouses, but also to business associates that are handling personal information about patient health, as well as other protected information, including name, social security number, address and insurance account numbers. These associates must adhere to the Security Safeguards Rules outlined by HIPAA. The HITECH Act has also added a data-breach notification requirement and increased penalties for violation of the HIPAA rules.

SecureWorks’ Recommended Information Security Guidelines for the Healthcare Industry

Security Risk Assessments – Performing regular security risk assessments will give your organization a much better understanding of the actual risks posed to your Protected Health Information (PHI) and Personally Identifiable Information (PII). This process will also look at the controls you have in place compared with regulatory requirements, and help you determine if there are any gaps. It will also give you an opportunity to compare your security posture with others in the industry. Recommendations made as a part of this process can be integrated into your overall information security program, keeping your security safeguards current, as well as helping your organization show diligence and a commitment to compliance.
Intrusion Prevention and Detection Services (IPS/IDS) – The implementation of IDS and IPS enables you to detect and block attempts by cyber criminals to access data on your servers and your network. Proactive alerting mechanisms and monitoring services can notify you of attempted cyber attacks and allow you to respond in real-time as a component of your Information Security Program. It is much less costly, both from a monetary and reputational perspective, to prevent a cyber breach then to be faced with notifying affected individuals and the Department of Health and Human Services (HHS), as required by the HITECH Act.
Data Loss Prevention (DLP) - A DLP solution can help monitor your network traffic for possible leakage of PII such as social security numbers and PHI, such as Health Level 7 (HL7) codes (medical standards/procedures codes), etc.
Log Monitoring – Log Monitoring centralizes and correlates audit logs from your applications and systems to allow you to identify improper access to sensitive patient data from internal or external sources. Proactive monitoring or regular reviews of logs is a key step in ensuring that your patient data is secure, as well as in meeting the short time-window required by the HITECH Act for notification of a breach.
Web Application Security Testing and Web Application Firewalls – Web applications are becoming more common in healthcare environments. Due to their increasing role in the IT business environment and prevalence of security flaws, web applications are a frequent target of Internet hackers. Healthcare organizations and business associates should perform web application security testing regularly and when
significant changes are made to the web applications in order to protect against current security threats. Also, the implementation of a web application firewall can help protect against emerging attacks being launched from cyber criminals.
Encryption – Implementing strong encryption policies and technologies on mobile devices, laptops, portable storage and backup tapes is key to reducing your risks with regards to improper data disclosure.

SecureWorks currently protects 82 healthcare clients in the US. Attack statistics provided are from a 12-month study of 38 clients using SecureWorks’ Managed Intrusion Detection and Prevention service (IDS/IPS) at the edge of their network, giving SecureWorks visibility into all attempted network attacks while blocking them. In addition to healthcare organizations, SecureWorks protects banks, utilities, retailers, technology providers and government organizations. For more information on IT security solutions for healthcare organizations, please visit http://www.secureworks.com/compliance/industries/healthcare.

Tags: , ,

IBM unveils new resources to help software partners gain skills and generate leads

January 26, 2010 · Filed Under Software News · Comment 

More than two-thirds of IBM Software partners expect improved profitability from its new skills initiative according to a global survey of 400 partners, IBM said today. The initiative includes new sales and technical resources for IBM Software partners to help jump-start new business opportunities.

For the first time, IBM will:
– pass new midmarket sales leads valued below $50,000 (USD/EU) to authorized IBM Software partners;
– deliver new cloud computing architecture certification for partners, including education on cloud business models;
– provide direct access to more than 130 industry training sessions online and in local markets worldwide.

Businesses today are adopting technology to become more efficient and transform their organization based on specific industry requirements. IBM is delivering this initiative to help partners build the right skills needed for 21st century transformation projects. Given these requirements, under the IBM Software Value Plus skills initiative, partners can choose which products across the IBM software portfolio to become certified and authorized to sell based on their business model and industries served such as healthcare, banking and financial markets, retail, government, telecommunications, chemical and petroleum and energy and utilities among others.

According to a new Global Business Partner Profitability Survey conducted by Ronin Corporation and commissioned by IBM, 60 percent of IBM Software partners said they expect to increase profitability in 2010 and beyond by participating in Software Value Plus. The same percentage of IBM’s top-tier Software partners said they see more revenue in the form of hardware, software, and services when selling IBM software as compared to revenue generated by other vendors’ top- tier partners. From a growth perspective, 50 percent of IBM’s top-tier Software partners report that cloud computing will be a leading driver of profitability over the next two years, and the same percentage of all IBM Software partners rank consulting services as their top cloud opportunity.

In response to these survey results, IBM is delivering new resources as part of its skills initiative including:

Automatic Lead Passing — For the first time, authorized IBM Software partners can automatically receive new midmarket sales leads through IBM’s Global Business Partner Portal valued at $50,000 (USD/EU) or below. IBM will track incoming sales leads, evaluate the skills and capabilities as required by the client, and notify qualified and authorized IBM Software partners through the portal in markets where skilled partners are available.
Cloud Architecture Certifications — Authorized IBM Software partners can now learn to design public and private cloud computing solutions based on the same IBM software products they are authorized to sell.  As part of the new certification, authorized partners can take advantage of a new cloud business adoption guide that shows how to structure deals based on proven IBM business models. Additionally, IBM will launch new cloud camps for software partners through IBM Innovation Centers and other IBM locations.
IBM Technology and Solutions Training for Software Partners – For the first time, authorized IBM Software partners have an opportunity to train side-by-side with IBM Software Sales teams to learn key topics such as Industry Trends and Directions, IBM Software Industry Strategy, IBM Brand and Cross Brand Solutions and IBM Industry Frameworks. More than 130 industry sessions will be available in 2010 to authorized IBM Software partners around the world through IBM Innovation Centers or online using Virtual Industry Summits.

“Our partners are constantly looking for new ways to demonstrate business value to clients and differentiate themselves from the competition,” said Philip Gallagher, Global President, Avnet Technology Solutions, an IBM value-added distributor. “IBM’s strategy to boost access to sales, marketing and technical skills with initiatives like Software Value Plus can help partners better meet client requirements and improve their profit margins.”

Today’s news comes at a time when IBM is expanding its commitment to increase marketing investments for all IBM Business Partners serving mid-sized companies including a new cross-IBM solutions development team to create a suite of integrated, cross-IBM solution building blocks around areas such as data protection, business analytics and dynamic infrastructure; a $130 million (USD) investment in marketing and demand generation programs including a significant expansion in co-marketing programs to help partners design their own lead generation campaigns; and increased support of local partners through Territory Business Partner Representatives to drive opportunities, develop solutions, maximize co-marketing activities and focus on client satisfaction.

“Clients recognize the value in working with skilled partners to architect and implement solutions that can transform their business,” said Nicolas Jabbour, CEO, Prolifics, an IBM Premier Business Partner. “Our primary goal is to help clients succeed, and many have already switched to Prolifics because of the business and technical skills we bring to the table. IBM’s focus on providing new and relevant skills to software partners complements our core competencies as a systems integrator, and we are now tapping these resources to grow our bottom line.”

The new resources announced today are provided through the IBM Software Value Plus skills initiative that helps software partners build technical, marketing and sales skills on IBM’s software portfolio and key growth opportunities such as business analytics, collaboration and industry transformation. IBM will continue to expand Software Value Plus with additional demand generation, co-marketing and technical skills resources for software partners throughout 2010.

“Business Partners are key to IBM’s success in the marketplace, and we continue to invest in new resources that help ensure their success,” said Sandy Carter, vice president, IBM Software Group Business Partners. “With this new initiative, we are now providing our partners with the same training and resources we provide our IBM sales team. That is why our partners see us as providing the best opportunity and rewards for those who invest in our software portfolio to better serve clients, tap new markets, and sell into new industries.”

For more information on the IBM Software Value Plus initiative, visit: www.ibm.com/partnerworld/softwarevalueplus.

Tags: , , ,

RSA Global Survey reveals confidence in social networking security shaken as online crime rises

January 25, 2010 · Filed Under Security Software, Software News · Comment 

More than 4,500 people divulge concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division

Two in three people reluctant to share on social networks

Three in ten people fall prey to phishing attacks; a six-fold increase in just two years

RSA, The Security Division of EMC, announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.

Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely(1) to interact or share information due to their growing security concerns.

Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 percent) people using social networking websites displayed concern(2) with the safety of their personal information online.

“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”

Consumers more aware of phishing threats, but new attack methods dupe six times as many in just two years

In a similar RSA survey in 2007, one in three (38 percent) consumers reported they were aware of the threat of a phishing attack – and this figure doubled in two years(3) where three in four (76 percent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in ten consumers (89 percent) reported concerns caused by the threat of phishing.

Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in twenty (5 percent) consumers cited they had fallen victim to a phishing scam – and this rate increased six-times in 2009 to represent three in ten (29 percent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing.”

The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported(4) the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.

An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 percent.

Consumers’ safety concerns translate to significant eagerness for better identity protection

Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks in which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.

The RSA survey revealed that consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.

Consumers agreed that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) websites. Nine in ten consumers are willing to use a stronger form of security if offered.

Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”

Survey Methodology
– Respondents totaled 4,539 consumers between the ages of 18 and 65
– Conducted in October 2009 by market research firm InfoSurv, Inc.
– Represented 22 countries across North America, South America, Europe and Asia Pacific
– All respondents actively use the Internet

Addendum
(1) “Less likely” = “somewhat less likely” + “much less likely”
(2) “Concerned” = “somewhat concerned” + “very concerned”
(3) The 2010 Global Online Consumer Security Survey was conducted in October 2009
(4) Source: RSA Monthly Online Fraud Report, November 2009

Source: EMC Corporation

Tags: , , , , ,

IBM delivers Enterprise Secure Mail for Android, iPhone, Nokia Symbian smartphones

January 21, 2010 · Filed Under Business Software, Communications, Internet Software, Security Software, Software News · Comment 

General Motors Goes Mobile with IBM Lotus Collaboration

IBM announced a major expansion of IBM Lotus collaboration software and delivery of enterprise secure mail for Android, the iPhone and Nokia Symbian smartphones.

“We believe IBM has taken a leadership position in providing the broadest mail and collaboration support for mobile devices,” said Kevin Cavanaugh, vice president, messaging and collaboration, IBM.

General Motors (GM) is playing an innovative role in extending mobile collaboration into the automotive industry. Recently, GM’s Chevrolet and OnStar unveiled the auto industry’s first smartphone application that will allow Chevrolet Volt owners 24/7 connectivity and control of vehicle functions and OnStar features remotely. OnStar’s Mobile Application will allow drivers to communicate with their Volt from devices such as the Apple iPhone. It uses a real-time data connection to perform tasks like setting the charge time and unlocking the doors.

“As we reinvent GM, we’re giving our employees the same agility that we give our cars,” said Kirk Gutmann, chief strategy and technology officer of General Motors. “We’re building a workforce that’s mobile, connected and equipped for anything, anytime, anywhere. We have thousands of people on iPhone and BlackBerry® devices tying into their Lotus collaboration tools while in motion, increasing their productivity. The capabilities of Lotus Notes Traveler bring IBM’s enterprise-grade messaging to the iPhone, Symbian and later, Android-based phones, a big plus for those who want one device for their personal and business lives. Downloading the Lotus Notes Traveler Companion app from the Apple App Store is great news, as is getting IBM social software on the BlackBerry.”

As the collaboration leader, IBM is the first to announce plans to expand its enterprise mobile messaging offering in a future release of Lotus Notes Traveler. This will include mail, calendar and contacts support for versions 2.0 and 2.1 of Google’s Android mobile operating system.

Lotus Notes Traveler is no-charge software that can be downloaded by Lotus Notes customers and provides two-way, over-the-air synchronization of information between Lotus Domino data and mobile devices.

In addition, IBM’s new application for the iPhone is called IBM Lotus Notes Traveler Companion, a plug-in to view encrypted mail on the iPhone. Available now in the App Store, the Lotus Notes Traveler Companion download allows Lotus Notes users who synchronize their mail, calendar, contacts and Domino mail via Lotus Notes Traveler to view encrypted mail such as confidential business and personal data on the iPhone. The application requires Lotus Notes Traveler 8.5.1 software.

IBM’s partnership with Nokia has led to a broad spectrum of collaboration capabilities on Nokia’s smartphones including IBM Lotus Notes Traveler, IBM Lotus Mobile Connect, IBM Lotus Sametime and IBM WebSphere Portal, as well as XPages-based applications built with IBM Domino Designer developer software. IBM’s Lotus Connections software also works with Nokia Symbian smartphones, enabling users to collaborate with social networks, update information and access shared files while on the go.

A future version of Lotus Sametime software for the Nokia Symbian smartphone devices is planned to offer users presence awareness and Lotus Sametime Unified Telephony click-to-call capabilities in the native address book on the device. This new Lotus Sametime functionality on Nokia devices is planned for commercial availability by the end of this year.

The Lotus Notes Traveler software also supports Windows Mobile devices.

More than half of the largest global 100 corporations use IBM’s flagship collaboration offerings, Lotus Notes and Domino. These clients include the top aerospace and defense organizations; the top nine automotive firms; the top eight banks; the top four makers of consumer products; the top seven electronics firms; the top eight insurance companies; the top seven pharmaceutical organizations; and the top nine telecommunications carriers.

The Lotus Notes Traveler Companion application is available from the App Store on iPhone or at www.itunes.com/appstore/. For more information for Nokia visit www.nokia.com.

Tags: , , , , , , ,

Panda Cloud Antivirus now compatible with Windows 7

January 20, 2010 · Filed Under Software News · Comment 

Panda Security’s industry acclaimed free antivirus service, Panda Cloud Antivirus, has received Microsoft’s ‘Compatible with Windows 7′ certification after passing the company’s quality checks for both 32-bit and 64-bit systems.

Since the launch of Panda Cloud Antivirus on November 10, 2009, millions of users have enjoyed the simplest, most effective and easy-to-use protection on the market.

Panda Cloud Antivirus is the world’s first free antivirus service that provides real-time protection against the newest and most dangerous viruses. This level of protection is made possible because Panda gathers malware information from its global community of users in the cloud to automatically process malware strains in minutes, versus hours or even days compared to other products. Panda’s approach combines local detection technologies with real-time cloud scanning to maximize protection while significantly minimizing the impact on PC performance.

Panda Cloud Antivirus has recently won the PCMag.com Editor’s Choice Award for Best Free Antivirus, as well as top honors in PCWorld’s comparative review of free antivirus software. Panda Cloud Antivirus is available for download free of charge at www.cloudantivirus.com.

Source: Panda Security

Tags: , , , , , , , , , , , ,

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

January 17, 2010 · Filed Under Security Software, Software News · Comment 

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Tags: , , , , , , , ,

Next Page »