A Deal Too Good To Be True…

By Guy Bunker | December 16, 2009 | Leave a Comment 

Guy Bunker

… Then it probably is. What am I talking about, well deals from unknown people on the Internet. The largest online auction counterfeit scam was uncovered recently and the perpetrators have now been found guilty.

Buying items over the Internet, especially on auction sites can enable you to find great bargains, but this story also sends a warning – on the Internet you really don’t know the provenance of goods, especially those from individual sellers. In this case the primary conman has persuaded family and friends in on the act to use their accounts as well as his own – so even the use of dodgy accounts had been somewhat obscured.

What to do? Well, if you are buying over the Internet, then look for recognisable shops or outlets. Look at reputation scores, do a quick search on Google for the company if you are not sure, if there is a problem, then someone (or many people) will have posted their displeasure somewhere. If buying from an individual, just be wary. Be extra vigilant with credit card numbers and personal information.

And remember if a deal looks too good to be true… then it probably is.

Guy Bunker

Deck the Halls with Spam and Folly

By admin | December 15, 2009 | Leave a Comment 

admin

Spammers have been capitalising on the shift towards online Christmas shopping, warns according to Symantec’s November State of Spam report outlines that sales of ‘luxury goods’ and counterfeit brands continue to dominate spam emails as the holiday season approaches. The top ten subject lines between October and November 2009 were:

  1. Sales receipt from Amazon
  2. Sales Order from walmart.com
  3. Incredible sale for luxury goods
  4. Re: what she wants for Christmas
  5. Give her luxury this holiday season
  6. Bling yourself up this Christmas
  7. Get the perfect gift for Christmas
  8. Impress your friends this holiday season
  9. Xmas on-line cookies
  10. Time limited Christmas promotion

In addition, fake airline ticket spam has also taken off during the holiday season with the promise of cheap deals on airfare used to attract attention from unsuspecting internet users.

British shoppers are expected to spend upwards of £6.8bn online this Christmas, and spammers are desperate to get a slice of the cake. To do this they are crafting subject lines that people are more likely to click on. The top two subject lines indicate that spammers are tricking people into believing that they have a transaction email from two well-known retailers. Although we usually see these types of subject lines associated with phishing or fraud messages, this tactic was actually re-directing users to a bogus online pharmacy site. 

Other key findings from the State of Spam report, include a 9 per cent reduction in spam originating from the EMEA since June 2009 (the region now accounts for 25 per cent of all spam).

 So how do you best safeguard yourself against falling victim to seasonal spam and phishing attacks:

-       Use directions provided by your mail administrators to report missed spam if you have an option to do so

-       Delete all spam

-       Avoid clicking on suspicious links in email or IM messages as these may connect you to spoofed websites

-       Type web addresses directly into the browser rather than relying upon links within your messages

-       Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite

 Amanda Grady

Moving Towards A True Utility…

By Guy Bunker | December 15, 2009 | Leave a Comment 

Guy Bunker

Amazon has just announced ‘Spot Instances‘ in their cloud. In essence, you can set a price for the compute power you need and when the cloud has the spare capacity your job will run – of course, if there isn’t the capacity, or someone else has bid a higher price you run the risk of it not happening.

This is not dissimilar to some of the grid computing ideas (and practices) from a decade ago – and it makes a lot of sense for Amazon to start to offer it. They get to use more of their IT estate, more of the time, and they also get more customers, who would then be more likely to use them rather than  different service for other jobs that need a compute farm.

One issue I see arising with this (and it’s pretty much the same as for all cloud environments) is security and auditing. It is tough enough to get the appropriate information from cloud vendors to satisfy auditors on security and data handling, without then moving to instances which can chop and change depending on market needs. Perhaps this is why they Amazon say it is ideal for number crunching apps, rather than anything else…

Spot Instances are taking us towards a real compute utility, where price and flexibility rule. Variable pricing based on when you get to use the resources will be a potential boon for smaller customers who, for now, cannot afford the fixed term pricing. It will be interesting to see what the other cloud service providers respond with.

Guy Bunker

Watch your laptops and smartphones in Christmas party season

By admin | December 10, 2009 | Leave a Comment 

admin

As we head into Christmas party season we can expect that alcohol-fuelled “forgetfulness” will see many work laptops and smartphones left in bars and varying forms of public transport as people raise a glass to celebrate the festive season as well as having survived an incredibly difficult year.

In an increasingly mobile workforce the number of corporate devices with sensitive data on them, such as laptops and smartphones, is growing. In fact, ABI Research recently stated that the number of smartphones shipped this year was 178.3 million.

With that in mind, please be careful that you store your laptops and phones in a safe place before ordering your first tipple.

So course Christmas parties are a time to let your hair down and have fun. However, losing a work laptop or smartphone could leave you with more than just a hangover. If your business doesn’t operate daily back-ups then it may not be able to recover your precious corporate information. The worst case scenario will be if the device has fallen into the wrong hands, as it poses an incredible security risk. A criminal will be able to use the unprotected laptop or smartphone to access very sensitive corporate information – which they could then sell for considerable profit in the black market.

Listed below are 10 of the most common documents a cybercriminal will try to access should your device inadvertently fall into the wrong hands:

1. Your credit card information e.g. credit card number, magnetic stripe information, transaction data

2. Your employee information e.g. employee ID, salary and benefit information, personal health information

3. Sensitive customer data e.g. name, date of birth, national ID number

4. Price lists

5. Design documents

6. Source code

7. M&A contracts

8. High net worth client lists

9. Marketing plans

10. Financial earnings reports (during quiet period)

With this abundance of precious information available on corporate laptops and devices, make sure you take necessary precautions to minimise risk, should they fall into the wrong hands. Firstly both laptops and smartphones should be locked with strong passwords. Also, you shouldn’t forget about physical security – laptops can locked down with cables and Kensington locks and PDAs can be protected in locked cases.

However, should you fall victim, follow this guide and also informing your IT manager immediately, so that the device can be remotely disabled.

Chi-Chi Liang

Next-generation security and storage solutions through the Amazon

By admin | December 10, 2009 | Leave a Comment 

admin

Symantec today announced it is offering its next-generation security and enterprise-class storage management solutions through the Amazon Elastic Compute Cloud (Amazon EC2). Symantec Endpoint Protection and Veritas Storage Foundation Basic are now available on Amazon EC2. Businesses can leverage the Symantec solutions to add additional protection to their Windows servers in the cloud with comprehensive threat prevention and manage their cloud storage online with a single toolset that delivers reliability, scalability and high performance.

“As many businesses increasingly leverage the cloud for applications and services, they want to protect and manage those environments with the security and storage management solutions they are used to from Symantec,” said Greg Hughes, group president, Enterprise Product Group, Symantec. “By taking the same proven security and storage management solutions that organizations have come to rely on in their data center and extending them to Amazon EC2, Symantec is delivering on its commitment to provide value in the cloud.”

“As a web service that provides resizable compute capability on demand, Amazon EC2 makes web-scale computing easier for customers of all sizes,” said Steve Rabuchin, General Manager of Developer Relations and Business Development for Amazon Web Services (AWS). “We’re pleased that our mutual customers can now extend familiar Symantec security and online storage management solutions to the AWS cloud.”

Amazon EC2 users now have access to key protection technologies provided by Symantec Endpoint Protection. Symantec Endpoint Protection combines Symantec AntiVirus with advanced threat prevention to deliver defense against malicious attacks such as viruses, worms, spyware, Trojans, zero-day threats, and rootkits. Symantec Endpoint Protection helps ensure information remains safe and business assets are protected wherever that information resides.

Amazon EC2 users also now have access to advanced online storage management capabilities provided by Veritas Storage Foundation Basic from Symantec, allowing them to manage multiple hosts from a central interface and optimize storage performance and availability online. Storage Foundation enables non-disruptive storage operations through GUI-based management and online configuration with dynamic disks.

“We have been running Symantec Endpoint Protection locally to secure the endpoints and servers in our computing environment and have been very pleased with the level of protection it has provided,” said David Jordan, CISO of Arlington County. “As our infrastructure becomes more of a mix between on-premise and off-premise offerings, we look forward to leveraging these new delivery models for security and storage solutions.”

Today’s announcement marks another significant step in Symantec’s cloud strategy to deliver customers unmatched choice in the adoption of cloud solutions based on the company’s enterprise class products. For more information, please visit http://www.symantec.com/cloud.

Licensing and Availability

Symantec Endpoint Protection and Veritas Storage Foundation Basic are available now in the form of custom Amazon Machine Images (AMIs) that allow customers to run Symantec provided instances on Amazon EC2 on a pay-as-you-go, hourly basis.

Customers can subscribe to these custom AMIs and find additional information about Symantec and Amazon Web Services at http://www.symantec.com/amazon.

Darren Thomson

You Know What – Part 2

By Guy Bunker | December 8, 2009 | Leave a Comment 

Guy Bunker

I wrote previously on Google opening up it’s information on what it knows about you – well, now Yahoo has as well. The Yahoo Ad Interest Manager dashboard allows you to see what you have signed up for and to opt out of various items. It also tells you what else Yahoo knows about you, IP address, location, screen size (!) and any personal info it holds.

From my perspective the best news is that you can opt out from targeted ads completely, of course, if we all did that then there wouldn’t be much of a revenue stream for the search companies… so while I applaud their new found openness and it’s good to see what they have and to better control over your own online experience, it does seem like they may just be shooting themselves in the foot!

Guy Bunker

Symantec Technical Strategy 100

By admin | December 3, 2009 | Leave a Comment 

admin

Over the past few weeks I have been hosting “Symantec Technical Strategy 100” workshops in the UK. The workshops are designed to bring 100 senior technical design authorities from our customer-base together to discuss all things “VERITAS”.

Fifteen companies have been involved so far and, I must say, that it has been engaging and rewarding to see the users and designers of our storage and availability management product coming together and speaking so openly and candidly about this area of their technology stack. There has been a real sense of “community” in the sessions and we now hope to run further workshops, create a secure portal for community discussion and start a series of webcasts to ensure that our most important customers fully understand our storage and availability strategy.

If you think that you would like to represent your company within the community and you are already users of the VERITAS portfolio, please get in touch with me at darren_thomson@symantec.com. Now… off to the continent to gather more community members..!

Darren Thomson

‘Tis The Season To Be Skimming…

By Guy Bunker | December 2, 2009 | Leave a Comment 

Guy Bunker

In a novel twist on card skimming, a car park in New Zealand has been subjected to the fraud with an estimated 100,000 people being effected. While we are used to being warned by cashpoint machines to look out for anything dodgy, this is the first time that something other than a cashpoint machine has been used for the scam. (We should distinguish here between skimming devices and changes in hardware ROMs, which was the method used for the petrol station scams a few years back.)

As more local pay and display carparks get the ability to pay by credit card, you should now be on the lookout for strange looking credit card machines. A quick search on Google images will show you that the skimming devices can be tough to spot, but they are not perfect. If you use a device regularly, then you should be able to spot if it changes – and if you are really worried, then just use cash!

Unfortunately the Holiday Season doesn’t mean its also a holiday for the cyber-criminals, this is their busiest time of year, so take a little longer to look at things and protect your information.

Guy Bunker

Tips for staying safe whilst using social networks

By admin | December 2, 2009 | Leave a Comment 

admin

If anyone is in any doubt about the power of social media sites I will relay some of the stats which Tim Bradshaw at the Financial Times was sending out this morning on Twitter from a press event with Facebook….

  • Facebook has 350 million users globally
  • Facebook has 23 million users in the UK alone
  • 25 minutes is the average length of time users visit Facebook every day
  • 10 million users become fans of brands on Facebook – A DAY

The numbers are vaste and that’s just one social media channel.

Today’s business are increasingly looking to how they can utilise social media channels, and what level of access they provide their increasingly social media aware staff. However, web-based attacks are now the primary vector for malicious activity over the Internet and many of these are increasingly coming via social networks. By hiding behind the reputation and brand trust built by legitimate social networks, spammers are able to distribute an increasing number of malicious and phishing emails, something that recent research by Symantec shows is only set to grow over time. With employees increasingly accessing social networking sites on their business PCs and laptops, any attack via social networking platforms can place company data directly at risk.

So how to best protect yourself?

1. Don’t click on unknown links: Sharing links social sites is a common act but avoid clicking on blind links where the destination website cannot be seen in the url (as is increasingly common with URL-shortening applications such as bit.ly).

2. Don’t share personal information: Avoid including personally identifiable information when communicating online, such as date of birth, postal address and certainly not bank details.

3. Set strong passwords: Simple acts such as developing strong passwords, which you change at least every 45-60 days, can dramatically improve IT security with minimal intrusion on time.

4. Beware fake friends: A common phishing attack that users are seeing occurs when criminals hi-jack social networking accounts and distribute messages to all the contacts in that individual’s contact book.

5. Invest in security software: Don’t cut corners when it comes to anti-virus software and better still use security software which provides multiple layers of defence.

Dominic Cook