InfoSec Impressions…

By Guy Bunker | April 30, 2010 | 1 Comment 

Guy Bunker

InfoSec closed yesterday and it has been an interesting show. There were as predicted quite a few iPads being given away as prizes – I didn’t manage to win one… next time maybe?

Mobile was the hot topic, lots of products out there to deal with the issues around securing these pesky devices which are as powerful as laptops but easier to lose than a wallet. I have a feeling that it will take a specific breach event to drive the buying cycle – time will tell.

Also there was a whole load of disk crunchers, a couple of years ago I wrote of one company Secure I.T. Disposals Limited who crunched disks, it was good to see them still there – but there were a whole load or others as well. From ones that crunch out the centre spindle to degaussing systems. ‘Hard’ data disposal is a big issue – and there are an increasing number of solutions to hand.

It was also good to see that ‘security’ now means more things to more people – smaller network companies were there along with large numbers of secure storage vendors intermingled with the security vendors. Universities seemed to be back to having a bigger presence as well as a number of small innovative companies displaying their new ideas and products.  The one thing that seems to have taken a bit of a back seat was ‘the cloud’. Last year you couldn’t move for cloud stuff, this year, while it was around, the emphasis had changed and so mobile dominated.

I wonder what the buzz will be next year…

Guy Bunker

The End Of An(other) Era…

By Guy Bunker | April 27, 2010 | Leave a Comment 

Guy Bunker

From next year Sony is going to stop making floppy disks… shock horror! Well it’s more of a shock that they are still making them… after all even an average presentation won’t fit on the maximum 2MB storage they offer. USB sticks offer 4,000 times the storage in a rather more convenient size…

I still have a couple of boxes of floppy disks from 20 years ago along with a couple of drives to read them… but have I used them (countless copies of PhD thesis drafts and copious quantities of data for speech recognition) – no. I guess I’ll keep them for posterity like my record collection…

Guy Bunker

It’s Showtime…

By Guy Bunker | April 27, 2010 | Leave a Comment 

Guy Bunker

  InfoSec 2010  starts today at Earls Court in London and as per usual it will be fun. Will there be as much glamour as last year – well you will just have to be there to find out.

The keynotes and education program are looking as strong as ever and mobile seems to be the top topic. Since moving to Earls Court last year the space for the exhibitors is much improved – and with 300+ companies there, there will be plenty to think about. Security is as old as the hills, but there are new ways to approach old problems and as businesses turn to ‘the cloud’ and mobile devices proliferate (I wonder how many iPad’s will be stand draw prizes?) so new solutions need to be found.

See you there.

Guy Bunker

Lost Abroad…

By Guy Bunker | April 27, 2010 | Leave a Comment 

Guy Bunker

So, I was one of the tens of thousands who were stuck overseas due to the now infamous volcanic ash cloud. I got back at the weekend after an uneventful trip – ok, so it was a week later than expected, but it all worked out. However… while away I started to receive interesting SMS messages from my bank – but from different numbers! In essence they were offering to increase overdraft limits to help me cover any potential costs while being stranded. Or were they…

As with the post on credit card companies – the problem is not who you are (hopefully you know), but on who is purporting to be on the other end of the phone. Was it really my bank, or some enterprising cyber-criminals who were making the most of a bad situation? In this case, it could well have been both – one genuine message and then several copycat ones. There was no indication that they even knew who I was – no personalization in any way.

So… the moral of the story remains the same, if someone contacts you and says they are from the bank or a credit card company a little healthy paranoia is a good thing – take their name and department and say you will call them back on a number you have. Take your bank’s main number on holiday - preferably not the ‘freephone’ one as that probably won’t work abroad. And of course don’t use numbers given in text messages or any they may give you…

Guy Bunker

Don’t forget your free Orange Juice at InfoSec!

By admin | April 22, 2010 | Leave a Comment 

admin

So we gave you the exciting news that Symantec has launched a cool new app for your iPhone and iPod Touch; well now the good news just keeps rolling in as it is now available for the Blackberry AND you get a free orange juice if you download either version of the app and attend InfoSec 2010 in London next week…..

Could it get any better?

The app includes a guide to the show, event itinerary, and other special offers and discounts. It even delivers the latest security threats and alerts from Symantec experts direct to your phone. Plus it even looks good!

Just go to your iTunes store and download it right now or for the Blackberry version download here: http://www.emea.symantec.com/infosec2010app/

Dominic Cook

Safari – be careful in the Internet wild

By abigail_lovell | April 21, 2010 | Leave a Comment 

abigail_lovell

ISTR3

The launch of the Internet Security Threat Report has been keeping Symantec’s security experts busy. Articles about the report are everywhere from the BBC to the Independent, Computing to V3, even Vatican Radio in Rome!

There’s clearly lots of interesting information in the report. Some stats that I found particularly interesting is that vulnerabilities of browser-based applications are the fastest-rising information security flaws. During 2009, Mozilla Firefox was the most targeted browser platform, whereas Google Chrome and Apple’s Safari took the longest to gain protection after a flaw was identified.

From the report, we see that the average window of exposure for Internet Explorer in 2009 was less than one day, based on a sample set of 28 patched vulnerabilities. For Safari, the average window of exposure was 13 days, but the maximum time it took for Apple to patch a vulnerability in 2009 was 145 days.

Browser vulnerabilities are a serious security concern due to their role in online fraud and in the propagation of malicious code, spyware, and adware. They are particularly prone because they are exposed to a greater amount of potentially untrusted or hostile content than most other applications. There is an increased reliance on browsers and their plug-ins as the internet becomes integral to business and leisure activities, so it is important that when a vulnerability is identified, they are patched right away.

Abigail Lovell

Criminals rack up more than 100 potential attacks a second on the world’s computers, reveals Symantec report

By Greg Day, EMEA Security CTO for Symantec | April 20, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

ISTR4 (3)Symantec today released its new Internet Security Threat (ISTR) report, highlighting key trends in cybercrime – and what a year 2009 has been. The web saw two very prominent Cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – and Symantec’s ISTR reveals continued growth in both the volume and sophistication of cybercrime threats.

In fact, Symantec blocked an average of 100 potential attacks per second in 2009.

The full report can be viewed online here, but we’ve outlined the key findings below in an easy to digest form. Over the course of the week we will be investigating in more detail some of the top findings, so for more in depth analysis, join us again tomorrow.

Key ISTR findings:

  • An increase in the number of targeted threats focused on enterprises. Given the potential for monetary gain from compromised corporate intellectual property, cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to create socially engineered attacks on key individuals within targeted companies.  Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.
  • Web-based attacks continued to grow unabated. Today’s attackers are using social engineering techniques to lure unsuspecting users to malicious websites.  These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files.  In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

  • Malicious activity takes root in emerging countries. The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Dominic Cook

Find your way around InfoSec 2010

By admin | April 19, 2010 | Leave a Comment 

admin

hero_earls_courtIf you are planning to go to the InfoSecurity Show in London, Europe’s No. 1 Information Security Event, which starts on 27th April you must download this free application developed by Symantec for the iPhone, iPod Touch and even iPad.

The app includes a guide to the show, event itinerary, special offers and discounts. It even delivers the latest security threats and alerts from Symantec experts direct to your phone. Plus it even looks good! Just go to the iTunes store and download it right now.

http://itunes.apple.com/gb/app/symantec-infosecurity-2010/id366994403?mt=8

Dominic Cook

Skeptical? Cynical? Paranoid? Or Healthily Questioning…?

By admin | April 19, 2010 | Leave a Comment 

admin

OK so I’ve worked for Symantec for quite a while now and I know that there are lots and lots of bad guys trying to fleece you and scam you, and I am fully prepared to accept I am as a result even more skeptical about any emails or calls I get. But I had a call last week from my credit card company which made me think.

It seems that my monthly statement was lost somehow and as a result I didn’t made a payment last month – now quite apart from the questionable customer service given this is the first time I’ve ever missed a payment, and it was just one month – I received a call from a call centre asking me to give them my bank account details so I could make the payment over the phone.

So if you got a similar call would you go ahead and give your details? They seemed to know who I was and had my account details and obviously my phone number….. But they seemed genuinely confused when I suggested that they might be scammers and how did I know they were from my credit card company at all? They simply couldn’t handle this line of questioning.

I even spoke to the ‘team leader’ and she just didn’t get it either!

So my advice is always, do not EVER respond to an un-solicited phone call or email asking for your bank details. ALWAYS question who it is who is contacting you and whether they are who they say they are. NEVER send or give your details to anyone until you have confirmed who they are. Be SKEPTICAL and yes a little PARANOID about any online or on the phone transactions because there are really bad people out there in the Underground Economy trying to scam and steal from you!

Oh and yes I did make my payment in the end, but I did it online via my banking site protected by the Norton 360 I run on my home PC. I’ll also be looking for a new credit card company who understand customer service and security!

Dominic Cook

Where’s your online data and who’s responsible for protecting it?

By john_turner | April 14, 2010 | 1 Comment 

john_turner

BrusselsYesterday at the European Cyber Security Awareness Day event in Brussels the Business Software Alliance (BSA) released some interesting research. They found that people in Germany, France, Poland, Spain, and the UK are confused over where their online data is stored.

About one in five citizens admitted to being unaware of whether their personal data is being held ‘in the cloud’, and 60% said they didn’t know what ‘in the cloud’ means.

When it comes to who should take responsibility for protecting online data, respondents were confused, with more than a quarter expressing a belief that a combination of stakeholders including government, businesses, technology companies, and consumers should be responsible for securing data held ‘in the cloud.’ The BSA says that this suggests that there may be a need for better coordination between government, businesses, and users and better education on cyber risks and best practices.

Coordination between government and business can go a long way in fighting cybercrime and protecting online data. Sound cyber security policies and technologies that protect the online environment are crucial but education can’t be overlooked. Users need to be made aware of online risks and know how to spot and protect themselves against malicious activity. I believe that better education is key to good cyber security.

John Turner

Next Page »