Security

Facebook's 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steals passwords and other data, according to security researchers at McAfee.

Social media sites need to grow up or risk being shut down, according to a security industry veteran.

A bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said today.

After an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers.

The ARN round table was held in conjunction with Firewall Systems and its vendor partners, AirMagnet, Blue Coat, Check Point, Network Box, TippingPoint and WatchGuard.

Laptop computers have become mobile stores of massive amounts of information. Add to that the proliferation of removable hard drives, and it becomes crystal clear how much sensitive data is on the move in the world, most of it woefully underprotected.

Kaspersky Lab may not be a household name in the United States, but in some parts of the world, it's the most popular consumer antivirus software. In China the company boasts 100 million users, and the software is also popular in Germany, and, of course, Russia, where Kaspersky got its start in 1997.

The need to keep information secure is not a recent development. To satisfy this need, most organisations construct a list of security requirements based on common sense. This has proven fairly effective with simple and well understood media such as pen and paper. As information management (and its security) has become more complex in nature, the likelihood of a gap in that common sense list of requirements has increased.

Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management.

Although he acknowledges businesses have yet to embrace IPv6, security guru, Scott Hogg, says that doesn’t mean IT executives can ignore the security problems that the next generation Internet protocol can present.

Security experts say it all the time: If a company thinks it has suffered a data security breach, the key to getting at the truth unscathed is to have a response plan in place for what needs to be done and who needs to be in charge of certain tasks. And, as SANS Institute instructor Lenny Zeltser advised in CSOonline's recent How to Respond to an Unexpected IT Security Incident article, "ask lots and lots of questions" before making rash decisions.

Australian Geoff Huston is one of the foremost authorities on Internet routing and scaling issues. We sent Huston, a former Chief Scientist, Telstra Internet, a few questions about the U.S. government's plan to bolster R&D to secure the Internet's core routing protocol, the Border Gateway Protocol (BGP). Here are excerpts of from what Huston had to say:

We recently got the opportunity to interview Eugene Kaspersky, the man behind Kaspersky Anti Virus. Here's what he had to say about the evolution of malware, the future of cybersecurity, the problems with the Internet, and more.

Over the past seven months, I have led a team of IT representatives in making sure that all mobile devices are aligned with our new security policy. I thought this was going to be straightforward -- a few mouse clicks to check off some boxes, and our policy would be in effect on our entire inventory of mobile devices.

In April 2004 I wrote my first article on the topic of virtualization security. I was trying to bring attention to the security aspects of this "new" technology that was getting quite a bit of hype at the time. The hope was that this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naïvete of youth!

A Symantec/Ponemon report points to an ominous byproduct of the economic crisis: laid-off employees stealing data in acts of vengeance. Bill Brenner is skeptical of this report's news value.

George Peppard said as his character Hannibal Smith on The A-Team, "I love it when a plan comes together." Several trends, if not a plan, are coming together in interesting ways in technology for small businesses. Mix equal parts of online applications, netbooks, and constant wireless networking together, and you get new ways to do more work in more places for less money.

IronPort S160

Many sandbox security vendors claim that their products stop all known and unknown attacks. Even assuming the ability to curtail all known attacks could be proven, it's simply impossible to believe that any piece of software could halt all unknown attacks. Of course, that doesn't prevent the vendors from making empty promises or the malware authors from proving them wrong.

The Internet is a scary place. Criminal malware lurks on legitimate and illegitimate Web sites alike, looking to steal your money one way or the other. Vendors have been scratching their collective heads attempting to make more consumers safer, more often. One of the results has been a class of anti-malware software that I call sandbox protection products. These items encapsulate Internet browsers (and e-mail programs and sometimes any other program you can run) within a virtual, emulated cocoon designed to keep malware from reaching and modifying the underlying host computer.

Fans of all-in-one security suites should take a serious look at the just-released Kaspersky Internet Security 2009, which includes modules for antivirus, antispyware, firewall and more, yet uses little enough system resources and RAM that it won't slow down or clog up your system.