Around The Horn vol.1,19

Alerts

Jan 23, 2009 (13 hours ago)
Monster.com and USAJobs.gov's databases compromised, (Fri, Jan 23rd)

from SANS Internet Storm Center, InfoCON: green
We got a tip from a reader (thanks David!), that apparently Monster.com's database and USAJobs ...(more)...

Security News

9:35 PM (10 hours ago)
Top 10 Mistakes When Crafting a Security RFP, (Fri, Jan 9th)

from SANS Internet Storm Center, InfoCON: green
Creating RFPs for security solutions and processing the responses is not an easy task. Having respon ...(more)...

10:14 PM (9 hours ago)
Monster.com: yet another breach

from CGISecurity - Website and Application Security News by Romain Gaucher
Monster.com has recently experienced yet another breach. "As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken,...

Jan 23, 2009 (20 hours ago)
Pay to install free software

from McAfee Avert Labs by Oliver Devane
I was dealing with customer escalations the other day and came across this interesting sample. If you believe the filename install_wrar380.exe it would install WinRar on your system, for some reason I didn’t believe it .

9:14 PM (10 hours ago)
Monster.com suffers database breach deja vu

from The Register - Security
Millions (more) at risk
For the second time in 18 months, employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed.…

Jan 23, 2009 (15 hours ago)
BOFH-loving botmaster wants life as security consultant

from The Register - Security
Feds want him in prison
An American security consultant who stole hundreds of thousands of online bank passwords by employing a massive botnet that he often administered from work deserves at least five years in prison, prosecutors have told a federal judge.…

Jan 23, 2009 (20 hours ago)
TJX closes book on infamous security breach with sale

from The Register - Security
Everything must go
TJX, the discount retailer that was the target of one of the largest information security breaches on record, rewarded customers with a a special sale offering 15 per cent discounts in all its US and Canadian stores on Thursday.…

Jan 23, 2009 (19 hours ago)
Judges grant McKinnon extradition review

from The Register - Security
Gimme shelter
Judges have granted a review of the Home Secretary's decision to continue with extradition proceedings against Pentagon hacker Gary McKinnon.…

Jan 23, 2009 (23 hours ago)
Countdown to Conficker activation begins

from The Register - Security
A superbotnet will rise
Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm.…

4:58 AM (2 hours ago)
Monster.com reports theft of user data

from Network World on Security
Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database.

4:58 AM (2 hours ago)
Conficker hitting hardest in Asia, Latin America

from Network World on Security by Robert McMillan
Computer networks in Asia and Latin America are the most susceptible to a fast-spreading computer worm, which has infected between 6 million and 9 million PCs worldwide, security experts said.

4:58 AM (2 hours ago)
VeriSign buys Certicom after RIM withdraws bid

from Network World on Security
VeriSign said it plans to buy Certicom, just three days after Research In Motion's hostile bid for the security company unraveled.

4:58 AM (2 hours ago)
Fortinet: Holiday season saw spike in Trojan activity, spam

from Network World on Security
The year-end holiday season saw a surge in Trojan activity and spam worldwide, according to network security provider Fortinet.

4:58 AM (2 hours ago)
Gemalto warns against dangerous IT security complacency

from Network World on Security
Digital security firm Gemalto has warned of the risks of the common complacency, across the Asia Pacific, about internet security, despite it being a 'hot region for phishing attacks'.

4:58 AM (2 hours ago)
Social networking sites a hotbed for cyber crime

from Network World on Security
The distribution of malware on social networking sites first occurred in small amounts towards the end of 2007, but that trend appears to be on the rise.

4:58 AM (2 hours ago)
Digital security firm announces Asia expansion

from Network World on Security
Gemalto provides telecommunications, financial services, eGovernment identity and access management, plus IT security and mass transit systems for more than one billion people worldwide. In Singapore, the firm has some 1,000 employees, with 160 engineers engaged in research and development. MIS Asia editor Ross O. Storey, spoke to Ng Fook Seng, Gemalto's Senior Vice-President, Security Business Asia, about the firm's Asia plans.

4:58 AM (2 hours ago)
Downadup/Conflicker worm: When will the next shoe fall?

from Network World on Security by Ellen Messmer
The Downadup worm—also called Conflicker—has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon.

Jan 23, 2009 (14 hours ago)
Heartland tries to rally industry in wake of data breach

from Network World on Security by Ellen Messmer
The CEO of Heartland Payment Systems is calling for the card payments industry to share security information and consider end-to-end encryption.

4:58 AM (2 hours ago)
Compensation, Data Center Budgets, Social Spammers and More

from Network World on Security
A Call to Tie Pay to Risk

Jan 23, 2009 (14 hours ago)
Researchers wait for Downadup worm's second act

from Network World on Security
The worm that's infected millions of Windows PCs is a "very well-engineered" piece of malware, according to one security expert. But researchers still have no clear idea what the hackers plan to do with the collection of computers they've compromised with "Downadup."

Jan 23, 2009 (14 hours ago)
Amazon cloud could be security hole

from Network World on Security
Cloud services are now vulnerable to malicious use, a security company has suggested, after a techie worked out how Amazon's EC2 service could be used as a BitTorrent file harvester and host.

Jan 23, 2009 (14 hours ago)
F-Secure Internet Security 2009

from Network World on Security
F-Secure Internet Security 2009 (US$60 for three users as of 12/23/08) ranked an unimpressive seventh out of the group of nine in "Paying for Protection," our 2009 roundup of security suites. It started with middling malware detection, and then it slipped further due to its generally slow scan speed and its lack of extra features, such as backup and antiphishing. The suite's reasonably intuitive and easy-to-use interface, as well as its useful startup wizard, weren't enough to outweigh its faults.

Jan 23, 2009 (14 hours ago)
Kaspersky Internet Security 2009

from Network World on Security
Kaspersky Internet Security 2009 was the most expensive security package we tested for "Paying for Protection," our 2009 roundup of nine security suites (US$80 for three users as of 12/23/08). That cost might be justified if the package delivered top-notch performance and a smooth user experience--but it doesn't. Its overall malware-detection rate was below average, and the suite proved aggravating to use in several different scenarios.

Jan 23, 2009 (14 hours ago)
Webroot Internet Security Essentials

from Network World on Security
Webroot's Internet Security Essentials (US$60 for three users as of 12/23/08) marks the antispyware company's first foray into security suites. This patchwork suite brings together an antivirus scanner from Sophos, a firewall from Privacyware, and online backup using Webroot's own servers. But it lacks parental controls, antispam, and browser-based antiphishing capabilities, and it fared poorly at the core task of identifying malicious software.

Jan 23, 2009 (14 hours ago)
Avira Premium Security Suite 8.2

from Network World on Security
Avira Premium Security Suite (US$54 for one user as of 12/23/08) excels where it counts. This package beat the competition in "Paying for Protection," our 2009 roundup of nine security suites, in detection tests, continuing Avira's long history of strong performance in such tests.

Jan 23, 2009 (14 hours ago)
McAfee Internet Security Suite 2009

from Network World on Security
McAfee Internet Security Suite 2009 (US$60 for three users as of 12/23/08) landed smack dab in the middle of the rankings for "Paying for Protection," our 2009 roundup of security suites, ranking fifth out of the nine tested products. The 2009 version features Artemis, a new Internet-based malware detection feature. Offsetting Artemis and McAfee's otherwise generally good malware detection rate, however, were its slow scanning speed, its interface annoyances, and its very poor performance in proactive, behavioral detection tests.

Jan 23, 2009 (14 hours ago)
Trend Micro Internet Security Pro 2009

from Network World on Security
Trend Micro Internet Security Pro 2009 (US$70 for three users as of 12/24/08) fails badly at any security suite's most important task: Identifying malware before it can attack your PC. In tests for "Paying for Protection," our 2009 roundup of nine security suites, Trend Micro's newest offering didn't just come in last place in that crucial category--its dismal 69.3 percent detection rate was a full 20 percentage points behind the next worst competitor. In AV-Test.org's tests, which put each suite up against a huge array of bots, password stealers, and other malware, top performers tagged about 99 percent of the 654,914 samples--but Trend Micro's package let three out of every ten pieces of malicious software go by untouched. That just doesn't cut it for security software.

Jan 23, 2009 (14 hours ago)
Panda Internet Security 2009 Security Software

from Network World on Security
Panda Internet Security 2009 boasts an extensive feature set and an easy-to-use interface, both of which helped it attain a third-place finish in "Paying for Protection," our 2009 roundup of security suites, after Norton Internet Security 2009 and BitDefender Internet Security 2009. But its ability to block malicious software didn't rank as well, and the suite had some genuine difficulty dealing with some especially nasty malware, despite its new Internet-based scanning feature.

Jan 23, 2009 (20 hours ago)
Brief: Obama pledges better cybersecurity, top advisor

from SecurityFocus News
Obama pledges better cybersecurity, top advisor

Jan 23, 2009 (23 hours ago)
“Physicalized” servers may offer virtualization alternative

from Ars Technica by jhruska@arstechnica.com (Joel Hruska)
Server virtualization has become increasingly popular in recent years as a way of improving data center efficiency and lowering IT costs. There are alternatives, however, including what one company is referring to as physicalization.

10:06 PM (9 hours ago)
Monster.com Reports Theft of User Data

from PC World Latest Technology News
Monster.com revealed that information including user e-mails has been stolen from its database.

10:06 PM (9 hours ago)
Conficker Hitting Hardest in Asia, Latin America

from PC World Latest Technology News
Asia and Latin America have been hardest hit by the Conficker worm, security experts say.

Jan 23, 2009 (13 hours ago)
Study: Spam Is Getting More Malicious

from PC World Latest Technology News
Sophos study confirms that, beyond being a major annoyance, spam is even more malicious than ever.

Jan 23, 2009 (13 hours ago)
Mac BitTorrent Users Warned of Trojan

from PC World Latest Technology News
Pirated copies of Apple's iWork 09 software include a most unpleasant surprise.

Jan 23, 2009 (19 hours ago)
Security Software Makers Respond to IWork Trojan Threat

from PC World Latest Technology News
Following Intego's announcement Thursday that pirated copies of iWork '09 may contain a trojan horse, Symantec and...

-- Aurora Report says Monster, Conficker, Cyberczar, and internet security suites reviewed as Mac exposed as virus target too.