In an article titled "A Cyber-Attack on an American City", Bruce Perens writes: "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities..." more
Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more
Amidst hype and anticipation of the Conficker worm which is expected to become active in millions of Windows system within the next few hours, IBM Internet Security Systems team reports they have been able to locate infected systems across the world by reverse-engineering the communications mechanisms. Holly Stewart, X-Force Product Manager at IBM Internet Security Systems, writes: "... the details are still unfolding, but we can tell you from a high level where most infections are as of today. Asia tops the charts so far. By this morning, it represented nearly 45% of all of the infections from our view. Europe was second at 31%. The rest of the geographies held a much smaller percentage overall." more
While most people I know are at either VoiceCon or CTIA this week, this one is worth staying home for. Also, I'm sure all the Skype followers are focused today on the news about working with the iPhone -- and that IS a big story. However -- for very different reasons -- I'm sure you'll find this one of interest too. This was a front page story in today's Globe and Mail, and no doubt many other Canadian dailies... more
A report released over the weekend by Information Warfare Monitor along with an exclusive story by the New York Times, revealed a 10-month investigation of a suspected cyber espionage network (dubbed GhostNet) of over 1,295 infected computers in 103 countries. 30% of the infected computers are labeled as high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. Greg Walton, editor of Information Warfare Monitor and a member of the Toronto academic research team that is reporting on the spying operation, writes... more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 3 of this series I began to discuss Cisco technologies as a standard for enterprise data security. In this article we take a look at how Cisco firewall and packet filtering technologies can be used at the network perimeter to enhance enterprise security. more
The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors. more
C-SPAN interviews professor Gene Spafford from Purdue University on the topic of cybersecurity and how the current Internet is a conduit for all types of "cybercrime". He also talks about the much discussed article "A New Internet?" by John Markoff in the February 14, 2009, New York Times in which he was quoted. The piece argued for a new type of Internet that is more secure with the trade-off of users giving up more of their anonymity. Professor Spafford talks about alternative solutions and he responded to questions via telephone calls and email. more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies. Each article in the series will cover a different aspect of security technologies and designs and how each can be deployed in the enterprise to provide the best security posture at the lowest possible budgetary and administrative cost. In Part 2 of this series I discussed security risks and vulnerability. In this article we begin to focus on the role Cisco network and security technologies play in ensuring the safety and security of network data. more
As enterprise information security spending is scrutinized in unprecedented fashion in 2009 Information Technology management will seek to get more for their security dollar. While budgets tighten and risks grow due to the global economic downturn IT departments will be looking for point solutions, not suites of security tools. more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 1 of this series, I provided an overview of the critical role that properly designed data security architectures play within an Internet-connected organization. Before we begin to discuss the security designs, processes and recommendations related to Cisco technology, let's first discuss some of the ways a network becomes unsecure... more
A study comparing best-of-breed computer security vendors suggests more than half of active malware and phishing threats on the Internet go undetected, with an average detection rate of 37% for malware and 42% for phishing. "Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Because the majority of damage occurs during the first 24 hours of an attack, early detection of attacks is crucial." more
With the alarming increase in cyberattacks, criminals are literally turning businesses against their own customers in order to steal consumer's personal data, warns the latest annual X-Force Trend and Risk report from IBM. "The security industry puts a lot of effort into the technical evaluation of security threats, examining, sometimes at great length, the potential threat that each issue might present to corporations and consumers. Criminal attackers out for profit, however, have considerations that the security industry does not always take into account, such as monetization cost and overall profitability." more
While the news will not be terribly surprising to CircleID readers, Google's latest report on the status of spam and 2009 predictions posted today, might be of particular interest due to the company's shear email processing volume at 2 billion enterprise email connections per day (drawn from company owned Postini Message Security network)... more
A World-Renowned Source for Internet Developments. Serving Since 2002.