A Penton Media Property
January 9, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74877-0-0-0-1-2-207
IN FOCUS
--What to Expect in 2008
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The New Year celebrations are finally over, and with 2008 now in full
swing, it's time to take a sobering look at some security predictions
that could come to fruition during this year.
Getting right down to business, we can fully expect to see even more
mergers and acquisitions. Long story short, the security industry will
continue to consolidate. The biggest players will grow even bigger, and
the small fish will feed their growth.
We'll also see companies in the security industry change hands as
investors move to take advantage of potential revenue streams. One
prime
example is 3Com, which is in a limbo of sorts as Boston-based Bain
Capital and China-based Huawei Technologies work to acquire control of
the company. It seems that the US Treasury Department is somewhat
suspicious of a Chinese company gaining 15 percent interest in a major
computer hardware vendor, particularly one that makes popular security
products.
Of course, botnets won't fail to make even more news this year. We're
already seeing new companies appear whose sole purpose is to defend
against botnet infiltration. As was pointed out in a previous edition
of
this newsletter (at the URL below), botnets operators are becoming
slightly more creative, and as a result, botnets are becoming more
difficult to detect.
www.windowsitpro.com/Article/ArticleID/97851/97851.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74878-0-0-0-1-2-207)
Not to be outdone by botnet creators, proliferators of spyware intend
to
command their fair share of attention. We've already seen a number of
major Web sites (including MLB.com, NHL.com, Monster.com, MySpace,
Excite, and others) used to spread malware through banner ads. We've
also seen MySpace used to spread worms. In a more recent indication of
similar ongoing trends, Facebook is being used to spread a social
networking worm that installs spyware onto computers. Some entities are
more overt about spreading spyware. Last week, Sears was found to be
using suspect methods of installing spyware onto customer computers.
You
can get links to stories about Facebook and Sears in the Security News
and Features section below.
On the wireless front, the field is wide open. Countless numbers of
wireless networks remain unprotected, and many willingly allow open
access to all comers. I don't see anything wrong with the latter
openness. In fact, I find it representative of the same spirit we
sometimes forget about and then remember again during the holiday
giving
season. But an open network does present an enticing lure for
Grinch-like criminal minds. Add to that a number of vulnerabilities in
wireless routers and not so suddenly, there's room for a real problem
to
occur.
Researchers at Indiana University ran simulations that reveal how "tens
of thousands of Wi-Fi routers [can become] infected in as little time
as
two weeks, with the majority of the infections occurring in the first
24
to 48 hours." So will it happen? Probably. You can read a synopsis of
the research at the URL below. You can also find several hundred (if
not
several thousand) reports about the issue at various sites around the
Internet. Use your favorite search engine to look for the terms "Steven
Myers" and "WiFi" (or "Wi-Fi").
security.informatics.indiana.edu/research.php
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74879-0-0-0-1-2-207)
Last, but certainly not least, it would seem that the past exposure of
millions of people's private information would have gotten nearly
everyone's attention--especially the attention of those charged with
handling such information. But sadly that isn't the case. Huge data
breaches continued throughout 2007, and they will undoubtedly continue
throughout 2008 because various handlers of people's private
information
will miserably fail to adequately protect that information. Shouldn't
that be a serious criminal offense? Maybe we'll see a federal lawmaker
propose a bill to that effect. But I doubt we'll see that happen in
2008.
----------------------------------------
ADVERTISEMENT
Lucid8
The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing in
e-mail today, you are more likely to find evidence sitting in someone's
inbox than in their filing cabinet or on a file share. The growing
importance of e-mail has not been lost on the lawyers, courts, or
government regulators. In fact, e-mail is being placed at the center of
legal discovery requests and is increasingly used in a variety of legal
and regulatory proceedings, from e-discovery for civil lawsuits to
providing the grounds for prosecuting criminal cases. Download this
guide to find out how you can be better prepared.
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74880-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Social Networking "Worm" Unleashed at Facebook
The exploitation of social networking sites and other popular Web sites
is a growing trend. Recently yet another exploit was discovered in
which
Facebook users fell prey and wound up with spyware on their computers.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74881-0-0-0-1-2-207
--Is Sears Spying on You?
How many businesses let their employees do a little holiday shopping
online? Hopefully, those that did allow it didn't find that their
employees shopped at Sears.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74882-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities.
You
can also find information about these
discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74883-0-0-0-1-2-207)
----------------------------------------
ADVERTISEMENT
Neverfail
Ensuring User Continuity
When your systems go down, your users' productivity grinds to a halt.
User downtime is one of the fastest growing concerns among businesses.
This free Web seminar teaches you how to keep your users continuously
connected and your business up and running. View the On-Demand Web
seminar now!
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74884-0-0-0-1-2-207
----------------------------------------
GIVE AND TAKE
--SECURITY MATTERS BLOG: Wireshark Users Receive Security Fixes
by Mark Joseph Edwards
Users of Wireshark need to upgrade their software. The new version,
Wireshark 0.99.7, fixes more than two dozen dangerous vulnerabilities.
Read the blog to learn about the upgrade, plus learn about Bluetooth
headset vulnerabilities and how to quickly reverse MD5 and SHA-1 hashes
to plain text.
www.windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74885-0-0-0-1-2-207)
--FAQ: See the OSs in Your Boot Configuration
by John Savill
Q: How can I view the OSs listed in the boot configuration data store?
Find the answer at
www.windowsitpro.com/Article/ArticleID/97918
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74886-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions
in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print
your
submission, you'll get $100. We edit submissions for style, grammar,
and
length.
PRODUCTS
--Protect Computers from End Users
by Renee Munshi
NetSupport Software announces NetSupport Protect 1.51, a new version of
its desktop security software that prevents users from performing
undesirable actions on their computers. NetSupport Protect can hide
files and folders, lock control panels and settings, prevent renaming
and deletion of files and folders, prevent creation of specified types
of files, restrict Internet downloads, and control access to USB
devices
and CD-ROM and DVD drives. The new version also provides a mechanism
for
automatic restoration on reboot. For more information, go to
www.netsupport-inc.com (http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74887-0-0-0-1-2-207)
RESOURCES AND EVENTS
Attend Black Hat DC on February 18-21. This Washington, DC, version of
the world's premier technical event for ICT security experts features
lots of new content, including a focus on wireless security.
www.blackhat.com (http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74888-0-0-0-1-2-207)
Today's hackers are going after your enterprise data using tools and
services provided by a sophisticated, fast-growing criminal support
industry. Even more surprising--and worrying--is how ineffective
today's
standard enterprise security practices are at stopping these
sophisticated attacks. Attend this Web seminar to learn how high-tech
criminals compromise your computers and profit by putting your
enterprise's confidential information up for sale.
www.windowsitpro.com/go/seminars/Bit9/ConfidentialData/?code=010108er
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74889-0-0-0-1-2-207)
Learn how to more efficiently manage midsized-business systems in this
Web seminar. Unlike enterprise-class IT organizations, IT departments
in
mid-market companies rarely have a large IT staff or the ability to
dedicate a lot of resources to proactive IT management. These
challenges
have been poorly addressed by third-party system management offerings.
Attend this Web seminar to learn how to deal with mid-market IT
management challenges.
www.windowsitpro.com/go/seminars/microsoft/ITmanagement/?code=010108er
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74890-0-0-0-1-2-207)
FEATURED WHITE PAPER
Enterprise Protection at an Affordable Price
Looking for an alternative to expensive licensed options for Exchange
protection? This white paper discusses continuous data protection
solutions not only for customers who are unable to utilize block-level
protection, but also for SAN customers who want an alternative to
expensive licensed options for Exchange protection.
www.windowsitpro.com/go/wp/appassure/affordable/?code=010108e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74891-0-0-0-1-2-207)
ANNOUNCEMENTS
Exchange 2007 Mastery Series: January 28, 2008
Three info-packed eLearning seminars for only $99!
Hosted by Windows IT Pro
Mark Arnold--MCSE+M and Microsoft MVP--will coach you through Exchange
2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.
www.windowsitpro.com/go/elearning/masteringexchange2007
(http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74892-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74893-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74894-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74895-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74897-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription --
mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE --
mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-1161-803-202-62923-74898-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment