Understand the Factors behind the Rise of Application Security

Research and Markets has announced the addition of “The Rise of Application Security” to their offering.

In recent months, application security risks have captured increasing attention—and headlines. Threats now include crime and fraud specifically pursuing financial gain. Sensitive application data has become a high-value target. Regulators have become aggressive in enforcing control of these risks, as well as controls to assure effective IT governance.

In this research report, Enterprise Management Associates (EMA) examines this evolution and looks at the domains that are today defining the rise of application security. Participants in secure development and source code security, operational application assessment, Web and database application security, and emerging technologies such as Web Services and Service Oriented Architectures (SOAs) are profiled, with a view toward the role of each not only throughout the software development lifecycle (SDLC), but in operations as well. Readers will gain insight into the landscape of this evolving aspect of IT security and risk management, and will be able to compare their organization’s level of maturity in application security against indicators of maturity in multiple application security domains.

Companies Mentioned:
Acunetix, Ltd.
Application Security, Inc.
Cenzic, Inc.
Citrix Systems, Inc.
Coverity, Inc.
F5 Networks, Inc
Fortify Software, Inc.
Forum Systems, Inc
Guardium
Imperva, Inc.
IPLocks, Inc.
Klocwork, Inc
Lumigent, Inc.
NetContinumm, Inc.
NT OBJECTives, Inc.
Ounce Labs, Inc.
PreEmptive Solutions, Inc.
S.P.I. Dynamics, Inc.
Tizor Systems, Inc
VeriSign, Inc.
Watchfire, Inc.

Read the report:  http://www.researchandmarkets.com/reports/c81294
http://www.businesswire.com/portal/site/newsnow/index.jsp?ndmViewId=news_view&ndmConfigId=1004993&newsId=20080131005424&newsLang=en

Storm Worm Directing Users to Medical Spam Web Sites

US-CERT is aware of a variant of the Storm Worm that sends unsolicited email messages to users and attempts to evade spam filtering. When a user receives this email message, it will contain a link in the format of:

http://<IP Address>/<random directory name>

When visited, the user will be directed to a website containing medical spam information.
http://www.us-cert.gov/current/index.html#new_storm_worm_tactic

Rogue ads infiltrate Expedia and Rhapsody

This story was corrected throughout to name Expedia.com as one of two sites found by Trend Micro and Sandi Hardmeier to be serving malicious banner ads. While Excite.com has been found in the past to also host attack ads, there are no recent reports it has done so recently.

Expedia.com and Rhapsody.com are the latest name-brand websites to be found serving advertisements that try to install malware onto users’ machines, security researchers said. The sites join a Rogue’s Gallery of mainstream destinations that include MySpace, Excite, Blick, and CNN.com, which all have been caught carrying tainted ads over the past few months.

Both Expedia and Rhapsody hosted banner ads that produce messages falsely claiming end users should install software that will fix malware infections or other problems that plague their machines, according to a research note from Trend Micro. The messages are produced using malicious links injected into the ad graphics, which use Adobe Shockwave. Frequently, such ads are tailored to look strikingly similar to official Windows dialog pop-ups, in an attempt to trick the users.

The rogue ads on Expedia were reported earlier this week by Microsoft MVP Sandi Hardmeier’s blog. An update Wednesday produced additional banners she said were malicious.

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/

Online advertiser pays $200,000 for deceptive claims

When ‘free’ isn’t free

An online advertiser that falsely claimed consumers had won free prizes has agreed to pay a $200,000 penalty to the Federal Trade Commission, which says the outfit failed to disclose that people had to spend money first.

Member Source Media, which operated under names such as ConsumerGain-dot-com, PremiumPerks-dot-com and FreeRetailRewards-dot-com, also agreed to disclosure the costs and obligations to qualify for any future incentives it may offer.

According to the FTC, the company and its principal, Chris Sommer, violated the federal CAN-SPAM act and other laws that bar deceptive advertisements. The company sent emails bearing subjects such as “Congratulations. You’ve won an iPod Video Player” and “Nascar Tickets Package Winner.” Web-based ads contained statements such as “CONGRATULATIONS! You Have Been Chosen To Receive a FREE GATEWAY LAPTOP.”

http://www.theregister.co.uk/2008/01/31/deceptive_advertising_settlement/

Does Windows Live OneCare include the technology behind Windows Defender?

Security At Home:

The technology behind Windows Defender, Microsoft’s popular antispyware software, is built into the Windows Live OneCare online safety and security software subscription service. If you use OneCare, you do not need to download Windows Defender.

If you already have Windows Defender installed on your computer, and then you download Windows Live OneCare, you do not need to uninstall Windows Defender. OneCare will automatically turn off Windows Defender so you won’t get messages from two different versions of the program.

http://www.microsoft.com/protect/computer/spyware/onecaredefender.mspx

Symantec Research Debunks Common Myths that Contribute to IT Failures

63% of IT professionals expect one major IT failure per year.  And 53% of those failures are a result of process issues.  Also, 46% expect a serious data loss once per year. That’s the story based on the results of Symantec’s 2nd annual IT Risk Management Report. The comprehensive report, driven by the analysis of more than 400 in-depth, structured surveys and interviews with IT executives and professionals worldwide, provides an unparalleled view into the state of IT Risk Management—identifying key issues, trends, and common myths that contribute to IT failures.

Read about it at:

http://www.symantec.com/business/theme.jsp?themeid=inform

http://www.symantec.com/about/news/release/article.jsp?prid=20080130_01

Podcast: http://www.symantec.com/about/news/podcasts/detail.jsp?podid=ent_itrm_v2_overview.

From Myth to Reality- Evaluating the State of IT Risk Management

Microsoft Marks the One-Year Anniversary of Windows Vista Worldwide Release

365 days and 100 million licenses later, enthusiasm for a safe, reliable and engaging Windows Vista experience is high. In a roundtable Q&A, members of the Windows Vista team and others about the past year and how Vista’s presence in the marketplace is maturing.

Since the worldwide release of Windows Vista one year ago today, people are doing more and getting more out of their Windows experience. From pictures and videos, to games and family safety settings, users are finding out that they can do more with Windows Vista.

To get the full picture of what the past year has brought for Windows Vista customers, PressPass gathered a group of people representing many different viewpoints: Neil Charney, General Manager, Microsoft Windows Client; Robin Mason, a mom whose family participated in the “Life With Windows Vista”, program (in which 50 ordinary families gave feedback for the development of Windows Vista); Jeff Price, Senior Director in the Windows Group at Microsoft ; Richard Russell, Principal Development Manager in the Windows Client Performance Group; Austin Wilson, Director, Windows Client Security Product Management; Kevin Unangst, Senior Global Director of Games for Windows; and Chen Shaopeng, Lenovo’s Senior Vice-President and President of Greater China Region.

Read about it at http://www.microsoft.com/presspass/features/2008/jan08/01-30VistaAnniversary.mspx