• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Safe Eyes 6 adds new protections for children online, including industry-first ratings-based Internet TV content filter

Major Upgrade to Leading Family Internet Manager

InternetSafety.comannounced Safe Eyes® 6, a major upgrade to its award-winning family Internet management software that includes an industry-first Internet TV content filter enabling parents to restrict children’s access to inappropriate online TV shows and movies based on standard TV and movie ratings. Parents will be able to block children’s access to explicit music lyrics, enforce tamper-proof safe search on major search engines, receive daily or weekly reports on children’s online activities by email, and use a new easy setup wizard to quickly tailor settings to each child.

These new features will enhance Safe Eyes’ established tools for safeguarding and managing children’s Internet usage. The software also automatically blocks objectionable websites in a choice of 35 categories as well as by user-defined URLs and/or keywords to shield children from undesirable online content; provides instant messaging controls, email blocking and social network monitoring to protect against risky online communications; and allows parents to schedule Internet usage in order to manage the time that their family spends online.

Safe Eyes 6 adds:
– Internet TV filtering on Hulu, iTunes and major TV network websites including ABC, NBC, CBS and Fox, based on the ratings level that parents deem appropriate for their children. Parents can set the software to limit content by user to TV-G and G-rated, TV-PG and PG-rated, TV-14 and PG-13-rated, or TV-MA and R-rated TV shows and movies. No other family Internet manager has these filtering capabilities.

– Blocking the viewing or purchase of songs with explicit lyrics on iTunes by selecting the appropriate setting on the setup page.

– Stronger protection against objectionable search results, with the ability to enable safe search features on popular sites such as Google, Yahoo, Bing and YouTube from Safe Eyes and thereby prevent children from disabling the safe search setting.

– Easy-to-understand daily or weekly activity reports sent by email, offering an at-a-glance overview of each user’s top search terms, most visited websites, blocked websites and programs, personal information posted online, and time-of-day Web usage patterns.

– Easy setup wizard giving parents the option to copy settings from one child to another, utilize InternetSafety.com’s suggested settings based on age, or customize user settings for each activity (websites, videos, music, instant messaging, games, social networking and email) from dropdown menus.

“There is a major disconnect in managing children’s media activities today. You can have parental controls on a TV that prevent children from watching a show that you consider objectionable, but the child can watch the same show on the family computer. One of our primary goals in Safe Eyes 6 was to remedy that problem,” said InternetSafety CEO Forrest Collier. “At the same time, we have added other new protections, simplified setup, and equipped parents with more meaningful reports that keep them informed and aware of their family’s Internet activities.”

Safe Eyes 6 will be available for download at www.safeeyes.com later this month. A one-year $49.95 subscription will cover up to three PCs with the ability to customize settings for each child. An advance demo can be seen at the InternetSafety.com booth (#3128) in the Living in Digital Times area at the 2010 International CES conference in Las Vegas.

Source: InternetSafety.com

Trend Micro 2010 Future Threat Report

Virtualization, Cloud-Computing and a Shifting Internet Infrastructure Will Widen the Scope of Cybercrime

Using news headlines and the latest technological trends, cybercriminals are brilliantly agile at exploiting whatever is trendy for cash and profit. Now, the growing popularity of cloud computing and virtualization among companies is likely to catch the attention of criminals scheming for the next hot cyber-swindle.

According to the Trend Micro 2010 Future Threat Report, cloud computing and virtualization — while offering significant benefits and cost-savings — move servers outside the traditional security perimeter and expand the playing field for cybercriminals. The industry already witnessed Danger/Sidekick’s cloud-based server failure that caused major data outages in November 2009, highlighting cloud-computing risks that cybercriminals will likely abuse. Trend Micro believes cybercriminals will either be manipulating the connection to the cloud, or attacking the data center and cloud itself.

The Internet infrastructure is changing, opening more opportunities for cybercrime

The “next-generation” protocol designed by the Internet Engineering Task Force, Internet Protocol v. 6, is still in the experimentation stages of replacing the current IPv4, now 20 years old. As users start to explore IPv6, so will cybercriminals, and we can expect to see proof-of-concept elements in IPv6 start to materialize in the upcoming new year. Possible avenues for abuse include new covert channels or C&C. But don’t expect active targeting of IPv6 address space–at least not in the very immediate future.

Domain names are becoming more internationalized and the introduction of regional top-level domains (Russian, Chinese, and Arabic characters) will create new opportunities to launch age-old attacks through look-alike domains for phishing – using Cyrillic characters in place of similar looking Latin characters. Trend Micro predicts this will lead to reputation problems and abuse that will challenge security companies.

Social media and social networks will be used by cybercriminals to enter the users’ “circle of trust”

Social engineering will continue to play a big role in the propagation of threats. But given the increasing saturation of social media with content intended to be shared via online social interactions, cybercriminals will definitely try to penetrate and compromise popular communities more than ever in 2010.

Social networks are also ripe venues for stealing personally identifiable information (PII). The quality and quantity of data posted openly by most trusting users on their profile pages, combined with interaction clues, are more than enough for cybercriminals to stage identity thefts and targeted social engineering attacks. The situation will worsen in 2010, with high-profile personalities suffering from online impersonators or stolen bank accounts.

The extinction of global outbreaks, and the growth of localized, targeted attacks

The threat landscape has shifted and we are no longer seeing global outbreaks like Slammer or CodeRed. Even the much covered Conficker incident of 2008 and early 2009 was not a global outbreak by its true definition; rather it was a carefully orchestrated and architected attack. Moving forward, localized and targeted attacks are expected to grow in their number and sophistication.

More key forecasts for 2010 and beyond:
– It’s all about money, so cybercrime will not go away.
– Windows 7 will have an impact since it is less secure than Vista in the default configuration.
– Risk mitigation is not as viable an option anymore-even with alternative Browsers /alternative operating systems.
– Malware is changing its shape – every few hours.
– Drive-by infections are the norm – one Web visit is enough to get infected.
– New attack vectors will arise for virtualized/cloud environments.
– Bots can’t be stopped anymore, and will be around forever.
– Company/Social networks will continue to be shaken by data breaches.

Source: Trend Micro Incorporated

CA report: Fake security software, search engines and social networks 2009’s Top Internet Threats

CA “State of the Internet 2009″ Report Analyzes Top Internet Threats; Researchers Predict Online Threats for 2010

The latest State of the Internet 2009 report issued today by CA, Inc. states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report, based on data compiled by CA’s Global Security Advisor researchers, compiles trends from the first half of 2009. CA security researchers also offer predictions for the top Internet threats for 2010, including an increase in “malvertising” and the potential for another big computer worm outbreak like Conficker.

“Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff,” said Don DeBolt, director of threat research for CA’s Internet Security Business Unit. “Cybercriminals keep up with trends, major events, holidays, and the like, and focus on where they’ll get the biggest returns. Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals. In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.”

CA researchers tracked the following trends in 2009:
– Rogue or Fake Security Software: Software that poses as legitimate Internet security software but is actually malware has experienced a significant surge in popularity. In the first half of 2009, CA added detection for 1,186 new variants of Rogue security software, which is a 40% increase compared to the last half of 2008.
– Search Index Poisoning: Google is a frequent target of online threats. Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections.
– Social Networks/Web 2.0: Popular online communities, blogs and social media sites, such as YouTube, MySpace, Facebook and Twitter, are highly targeted. Financially motivated organized groups are among the aggressive attackers, creating hundreds of bogus profiles to perform various tasks, including distributing malware, spamming and stealing users’ online identities to perpetrate further cybercrime. Win32/Koobface is an example of a worm propagating through social networking sites. It uses the affected user’s login credentials to send messages to the user’s list of connected friends and family. In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.
– Identity Theft: Attacks targeting online credentials allowed attackers to distribute further cybercriminal activities, such as email address harvesting for Spam bots, sweeping FTP accounts for web infection and attributing to social network worm propagation, like Win32/Koobface. Stealing Trojans accounted for 23% of the most prevalent malware infections in 2009.
– Cybersquatting and typosquatting: Malicious Web sites that masquerade as legitimate, reputable sites deceive users into undertaking transactions or activities in which they divulge sensitive data.
– Mac OS X Threats: Security threats have come to the Mac. In 2009, CA ISBU has added 15 intelligent signatures detecting Mac OS X threats. The most prevalent being OSX/Jahlav.

“Malware doubled in 2009 and the ability to purchase bots and other malicious programs online is becoming more prevalent,” DeBolt continued. “It is a cat and mouse game. Cybercriminals are evolving along with the malware community and are constantly looking for new vulnerabilities to exploit, from online banking to search index poisoning.”

While spam and phishing scams are still on the rise, the breakdown for how malware was distributed in 2009 was dominated by the Internet at 78 percent, followed by email (via attachments or phishing) at 17 percent, and finally removable media (such as USB drives, digital photo frames, etc.) with 5 percent.

CA forward looking online security predictions for 2010:

1. Search engine optimization exploits and malicious advertising (Malvertising) will increase as a means to distribute Malware.
2. Another big computer worm like Conficker is likely. The increasing popularity of web-based applications and discovery of critical zero-day vulnerabilities, especially for new operating systems such as Windows 7 and Google Chrome, present good opportunities for a new worm outbreak.
3. Threats to Web 2.0 technologies such as social networks will continue to grow.
4. Denial-of-Service attacks will increase in popularity as a means to make a political statement. Popular websites like Twitter and Facebook are likely to fall victim once again.
5. Banking Trojans: These Trojans manifest as banking-related threats orchestrated to steal users’ identities for financial gain.
6. Malware actors will focus on the 64 bit and Apple platform.

The CA 2009 State of Internet Security report is intended to inform consumers and businesses of the newest and most dangerous Internet threats, forecast trends and provide practical advice for protection. The analysis provided is based on incident information from the CA Global Security Advisor team, submitted by CA customers and consumers from January to June 2009, as well as publicly available information. For the full CA 2009 State of Internet Security report, please visit www.ca.com/securityadvisor.

The CA Global Security Advisor Team delivers the around-the-clock, dependable security expertise, offering trusted security advice to the world for more than 16 years. Providing a complete threat management resource, CA’s Security Advisor Team is staffed by industry-leading researchers and skilled support professionals. CA Global Security Advisor is available at www.ca.com/securityadvisor. It offers free security alerts, RSS feeds, PC scans and a regular blog updated by the worldwide team of researchers. CA’s entire portfolio of threat-related products for home, small and medium businesses, and enterprises are updated and protected by the CA Global Security Advisor team.

Source: CA

Security Trends to Watch in 2010 – Symantec

Symantec  2010 Security Predictions

Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.

Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

Windows 7 Will Come into the Cross-Hairs of Attackers - Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL Shortening Services Become the Phisher’s Best Friend - Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs shorteners to carry out their own evil deeds.

Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX. Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.

As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

CAPTCHA Technology Will Improve – As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

Instant Messaging Spam - As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.

Non-English Spam Will Increase – As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.

Source: Symantec Corp

WatchGuard launches new family of E-mail security appliances for small to medium sized businesses

WatchGuard, Leader of Unified Threat Management Appliances, Expands Offerings; Unveils New Family of E-mail and Spam Security Appliances

WatchGuard® Technologies, a global leader of business security solutions, launched a new family of extensible content security solutions specifically designed for small to medium sized businesses. These new appliances fall under the umbrella of the WatchGuard XCS platform and provide advanced protection against spam, viruses, spyware and malware, as well as reliable, always-on e-mail security and full featured centralized management and reporting.

“Small to medium sized businesses stand at the crossroads of being the most at risk to an e-mail based threat, and yet, the most challenged to have state of the art e-mail and spam protection,” said Bryan Nairn, Senior Product Manager at WatchGuard Technologies. “Until now, these businesses had few options for spam and malware protection. With WatchGuard, they can have a no compromise, fully featured messaging protection solution at an affordable price point.”

The WatchGuard family of XCS appliances for SMBs consists of the WatchGuard XCS 170, the XCS 370 and the high-performance XCS 570 series. All of these appliances come complete with the WatchGuard e-mail security suite, which provides advanced protection against spam, phishing, viruses, malware and other forms of e-mail based threats. Additionally, they all sport advanced management and reporting capabilities, which include archiving, on-box reporting, messaging logs, customizable granular policies and reports, TLS encryption and message redundancy.

Furthermore, these WatchGuard XCS appliances can take advantage of WatchGuard’s innovative in-the-cloud security technology, ReputationAuthority. With 99.99 percent accuracy, ReputationAuthority eliminates up to 98.3 percent of spam e-mail before it ever gets to a small business network by use of DNS blacklists, IP traffic volume, behavior analysis and content inspection. Given that spam e-mail is a major carrier of viruses, phishing and blended threats, having ReputationAuthority pre-screen and eliminate this unwanted traffic makes networks, applications and data better protected as part of WatchGuard’s defense-in-depth architecture.

For larger businesses with up to 1,000 users, WatchGuard offers the XCS 570 appliance, which provides advanced messaging security for businesses that truly require enterprise-grade protection. For these customers, the WatchGuard XCS 570 provides bi-directional protection from internal and external threats, as well as data loss prevention to keep confidential information from escaping out of organization e-mail boundaries. To keep mail from ever being lost due to failures or other events, the XCS 570 provides queue replication, a first for a product at this price point. As well, the XCS 570 includes compliance dictionaries, content filtering, outbound attachment control and scanning, outbound content scanning, optional third-party e-mail encryption, e-profiling, instant-on data loss prevention, and clustering – all making the XCS 570 an unbeatable solution for small to mid-sized organizations.

Pricing and Availability

The WatchGuard XCS series of appliances will be available worldwide from WatchGuard channel partners within 30 days. The WatchGuard XCS 170 starts at $2,475, the WatchGuard XCS 370 is $5,500 and the WatchGuard XCS 570 is $8,500; all have no per user license fees.

Source: www.watchguard.com

Teradata Enterprise Analytics Cloud extends architectural flexibility and business agility

First public and private Cloud Computing offer for rapid analytics

Teradata Corporation, the world’s largest company solely focused on data warehousing and enterprise analytics, announced that the Teradata Enterprise Analytics Cloud(TM) provides Teradata customers architectural flexibility, which enables them to meet their expanding analytic needs by leveraging cloud computing technologies. Initial offerings include the Teradata Agile Analytics Cloud, Teradata Express on Amazon EC2, and Teradata Express for VMware Player.

For the business user, public and private clouds provide flexible, self service for the rapid building of short term analytic data marts, allowing users to pay only for the computing power actually used. More importantly, these cloud solutions offer business users and developers another means of improving decision making with agility and speed.

Teradata Agile Analytics Cloud

The Teradata Agile Analytics Cloud, Teradata’s entry into private Cloud Computing, is a unique set of products, capabilities and services designed to enable agile analytics in a Teradata private cloud environment. This allows for rapid development and sandbox-style analytics. Business users can create data marts inside their Teradata system within minutes. This eliminates the need to build separate, costly physical data marts, because the production data can be accessed directly, without data movement or duplication. Built on the proven Teradata Database and platforms, the Teradata Agile Analytics Cloud combines advanced workload management, the new Teradata Elastic Mart Builder tool, and a services methodology to enable business users to rapidly exploit data marts inside their Teradata System. The Teradata Elastic Mart Builder is a Teradata Viewpoint self-service portlet that makes it easy to create data marts for application development. It is flexible and allows external data to be combined with existing data facilitating the discovery of new insights. The Teradata Elastic Mart Builder is being released as a free tool to be deployed through Teradata Developer Exchange. Teradata Active System Management, the company’s flagship workload management product, is a key enabler because it optimizes priorities between experimental analytics and production workloads.

The Teradata Agile Analytics Cloud allows the business user to rapidly analyze data and respond to market opportunities with speed and confidence. This solution helps chief information officers control data mart proliferation, reduce costs for software licenses and servers, and lower training and labor costs.

“Many IT organizations are under-resourced and under tremendous pressure to cut costs, driving some business users to create their own ’shadow IT’ organizations to meet their needs,” said Scott Gnau, chief developer officer, Teradata Corporation. “These shadow IT groups create conflict between the business users and IT groups. The Teradata Agile Analytics Cloud helps to eliminate the conflicts and brings business and IT together, saving money and enriching their analytical insights.”

Teradata Express Cloud Offerings

The two new Teradata Express cloud offerings are built on Teradata Express, which is a free, non-production version of Teradata Database software intended for developers and evaluation scenarios. The cloud versions of Teradata Express support up to one terabyte of data and are powered by Novell SUSE Linux Enterprise Server 10.

Teradata Express on Amazon EC2

Teradata Express on Amazon EC2 is available on the flexible Amazon Elastic Compute Cloud (Amazon EC2). This prepackaged edition is a free developer version of the Teradata Database for use in the scalable, robust Amazon EC2 environment. Customers can quickly launch Teradata Express on Amazon EC2 and begin their collaborative work from any location in the world. Customers benefit from the easy self-service, flexible configurations, and the cost effective Amazon Web Services infrastructure, resulting in faster time to value and the quicker completion of projects.

Teradata Express for VMware Player

Teradata Express for VMware Player delivers a fully configured Teradata Database bundled for private cloud analytics. Once VMware software is installed, the Teradata Database can be loaded in minutes, taking advantage of the many features of VMware. For the Teradata Database, VMware is an important stepping stone towards delivering internal private clouds for developers and information technology operations managers. The value for customers will be the easy creation of Teradata test and development environments with a significant reduction in capital costs from server consolidation.

According to Gnau, “Teradata is all about choice that no other vendor can offer. Teradata’s advocated architecture is an integrated data warehouse, but we offer the flexibility for customers to leverage the power of Teradata in any architecture they chose to meet their business need. Our entry into loud Cloud Computing is one alternative and an extension to our Platform Family, which positions ‘Teradata for all your analytical needs.’”

Teradata is the only vendor to offer a broad family of platforms with price and performance that spans the unique business and analytical data warehouse needs of companies, making Teradata suitable to be everywhere in the enterprise. The family is supported by the high performance and dependable Teradata 13 Database, the most significant and technically advanced database for analytics.

8 safety tips for teens when Hanging Out online

ID Experts Supports National Protect Your Identity Week

Online socializing–Facebook, instant messaging and texting–is the new “hanging out” among teens. When teens interact with friends online, they often share personal information that makes them vulnerable for identity theft. Scam artists are relying on teens to be impulsive and naive to steal personal information for their own gain.

To kick off National Protect Your Identity Week, October 17-24, ID Experts offers eight safety tips for teenagers when online, to protect their identity and their financial future when it’s time to apply for that first credit card or buy that first car:

1. Don’t give out your numbers. This includes your social security number, driver’s license number, debit card, phone card, insurance card, library card, medical ID card, or credit card.
2. Don’t post your personal information online. Nearly 50% of Facebook users put enough personal information–including full name, full date of birth, address, phone number, or school–to enable thieves to fill out credit card applications.(i)
3. Don’t participate in email or social networking quizzes. These seemingly fun personality quizzes can access your personal profile information–your religion, political affiliation, wall posts–that could be used against you.(ii)
4. Don’t be specific about where you are or where you are going. Naming your school, sports team, clubs, or where you work could leave a trail for an identity thief.
5. Set your profile to “private.” Be in control of who can view your content. Only add people you know to your Friends list. A friend of a friend might not be someone you know.
6. Use a different, isolated email just for social networking. Never use the “trusted” email you use to communicate directly with your friends, coworkers and classmates.
7. Secure your connections. Password-protect your phone. Find out from your carrier if additional security features (encryption) or software (a malware protector) are available. Don’t access your social networking sites or email from public Internet connections or public computers.
8. Be selective about what pictures you text or post on your page. Is it a photo you would want your parents to see? Treat your Internet activity like a digital tattoo. Once you post something, it cannot be taken back. Even if you erase the posting, there are cached versions and backups on servers across the country.

(i) http://clarkhoward.com/liveweb/shownotes/2007/08/16/12548/

(ii) Identity Theft Resource Center, 2009

Source: idexpertscorp.com

In Rogues We Trust: Webroot survey reveals internet users of all skill levels fall for cybercriminals tricky tactics

Webroot Also Finds 2 Out of Every 10 Threats Detected in August Were Fake Security Alerts & Products

Computer-savvy consumers are more susceptible than novices to “fake alerts” and rogue security products – bogus malware infection warnings and malicious programs masquerading as legitimate security applications – according to a new survey from Webroot, a leading provider of Internet security for the consumer, enterprise and SMB markets.

Surveying nearly 1,200 individuals ranging in age and computer proficiency levels, Webroot explored the risks and consequences of infection by malware associated with fake alerts. Among the key findings:

– Advanced users clicked on suspicious messages at a greater rate than less experienced users
– 20 percent of respondents strongly trust the first page of search results – a common target for fraudulent links
– Nearly one fifth reported varying levels of financial or data loss following infection
– Over half experienced infections consistent with those of fake alert-related malware

“Cybercriminals prey on our curiosity,” said Mike Kronenberg, chief technology officer of Webroot’s Consumer Business Unit. “Links to seemingly real search results and videos — and now even ads on reputable news sites – trigger fake warnings claiming you’re infected or need ‘Home Antivirus 2010′ or another bogus product. And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programs and variants created in an attempt to bypass security technology. But with the right education, vigilance and technology, consumers can take steps to protect themselves.”

The Anatomy of a Fake Alert

Webroot has seen a rise in the incidence of fake alerts and rogue security products. According to the Webroot Threat Research team, two out of every 10 threats detected by Webroot’s products in the month of August were associated with fake alerts and rogue security products.

The appearance of fake alerts changes frequently. Ranging from phony Windows Security Center warnings to notifications for security scans and viewer or codec downloads, each is designed to appear legitimate and urgent. According to the Webroot Threat Research team, Internet users can encounter fake alerts through three main vectors:

– Fraudulent links appearing at or near the top of search results. For example, on Monday Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to “Windows PC Defender,” a known rogue security product.
– Phony file links. Webroot recently reported on its Threat Blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of Facebook, MySpace, Twitter and other social networks. The links trigger viewer download messages that activate infection when clicked.
– Ads on legitimate Web sites. Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com earlier this month which contained code leading to a fake alert and rogue product.

Key Findings

Results from the Webroot survey indicate a general lack of awareness of fake alerts and rogue security products, a higher rate of engagement among advanced and power users, and costly and inconvenient consequences of infection.

Lack of awareness leaves individuals vulnerable:
– 20 percent strongly agree the first page of search results includes trustworthy links
– 40 percent did not know the meaning of “fake alerts,” and 69 percent were unfamiliar with “rogue security products”
– 25 percent clicked on links to unfamiliar sites
– 13 percent clicked on pop-up messages requiring the download of a special viewer or codec

Experienced computer users are more susceptible:
– Over 50 percent of advanced users encountered a fake Windows Security enter alert, versus 33 percent of novice users
– 26 percent of advanced users encountered a fake security scan, compared to approximately 10 percent of less experienced users
– 23 percent of advanced users clicked on a fake alert and in some cases purchased rogue security products; conversely, 10 percent of novice users did the same

Clicking a fake alert can lead to consequences ranging from nuisance to costly:

– 43 percent of respondents experienced ongoing pop-up messages after clicking
– 26 percent had to have their computers repaired
– 11 percent lost files and documents following infection
– 8 percent had to purchase a new computer or experienced unauthorized credit card charges

Tips for Safer Surfing

Webroot recommends the following actions to protect against the risks and consequences of fake alerts:

Be vigilant – Do not click pop-up security alerts from unfamiliar companies, or poorly worded messages from known providers. Only purchase security products from reputable companies. Check for links to familiar sites among search engine results. On social networks, do not follow suspicious video links from “friends,” or emails, friend requests, site links and other items from unknown sources
Even with security programs in place, remain vigilant – Malware authors are continually writing new programs to avoid detection, so pay close attention to suspicious behavior
Always install updates – Equally if not more important, if you’re using antimalware software, be sure to install updates which include the latest malware definitions to protect you from new variants of known threats; do the same with updates to your operating system
If you’re not protected – Scan your machine for dormant viruses with a free scan; and protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies

Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with Spy Sweeper®, and Webroot® Internet Security Essentials. For more information about these and other products, please visit http://www.webroot.com/En_US/consumer.html.

PandaLabs uncovers online Facebook password hacking service

According to its Ukraine-based creators, hacking an account costs $100, payable through Western Union

PandaLabs, Panda Security’s malware analysis and detection laboratory, today announced the discovery of an online service that promises to hack into any Facebook account for $100. The creators claim, “Any Facebook account can be hacked,” promising to provide clients with the login and password credentials to access any account on the popular social networking site.

According to Luis Corrons, Technical Director of PandaLabs, “The service’s real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service. In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft. Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen. Similarly, those accounts can also be used to send malware, spam or other threats to the victim’s contacts. In the case of celebrities of other well-known entities, they can be used to defame the account holder, spread information in their name, etc. In any event, this is criminal activity.”

In addition to extorting money and obtaining access to clients’ bank account information, the service also has characteristics in line with hacker affiliate programs. Common among cybercriminals, hacker affiliate programs offer other cybercriminals money to spread malware. This strategy is now being used with everyday Internet users through this Facebook hacking site, by offering extra dollar-credits to spend on the service when users hack more accounts. They can become affiliates to help hackers reach a broader audience, receiving 20 percent of what they sell in credits for hacking more accounts.

It is likely that the cybercriminals behind this operation are members of an Eastern European Internet mafia because payments are conducted online through Western Union wire transfers to a payee in Ukraine. The domain that hosts the service is registered in Moscow, providing further evidence of this theory.

The company claims to have been offering this service for four years with only one percent of accounts hack-proof. In these cases, they offer clients a money-back guarantee. However, the domain is just a few days old.

A series of images illustrating the sales flow can be found on the PandaLabs blog: http://www.pandalabs.com/.

Next Page »

• Recent Posts

  • Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months
  • SonicWALL identifies growing threat of cybercriminals attacking new searches
  • Introducing the Fraud Prevention Suite to combat fraud in international eCommerce
  • Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement
  • SAP Business One 8.8 beckons new era of software for small businesses
  • Microsoft announces global launch of Windows MultiPoint Server 2010
  • SIIA announces finalists for 2010 CODiE Awards in Education categories
  • New Emotional Technology in KODAK Picture Kiosks creates opportunity to tap into trillions of images
  • Cybercriminals continue to show their love for Valentine’s Day
  • Tableau launches free software to make data social
  • Apple releases Aperture 3
  • Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
  • Top 10 Malware Threats for January
  • Microsoft study reveals small and midsize businesses using hosted services have better financial performance
  • Cowbell2010 iPhone App supercharges the Olympic fan experience

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software service software Software News tech technology threats Trend Micro United States US USA Windows Windows 7