Month: February 2006

Symantec has settled a lawsuit with Hotbar.com over the security firm’s right to label the Hotbar application as low risk adware and remove it from users’ systems. Under the terms of the settlement, Hotbar acknowledges that Symantec’s security software will detect the application, brand it as ‘low risk’ and assist users in removing it. Symantec filed the lawsuit in June 2005 in response to a ‘cease-and-desist’ letter sent by the adware maker. “Through our risk evaluation process we classify various adware programs in three categories: low risk, medium risk and high risk,” David Cole, a director with Symantec Security Response, … Continue reading Hotbar bows to low risk adware label

Computer viruses are the single biggest cause of security problems for UK businesses, a survey by the Department of Trade and Industry shows. The study found almost 50% of the biggest security breaches suffered by companies in the last two years were due to infection by malicious programs. In some cases viruses crippled key systems such as e-mail for more than a day while companies cleaned up. It also found that the worst outbreaks can take up to 50 days to fix. BBC

For two days in mid-November, Symantec security experts drove through neighborhoods in seven areas of Houston: Galleria/Memorial, the Heights, the Third Ward, Midtown/Montrose, Shadow Creek/Silverlake near Pearland, the Villages off I-10 West, and parts of the Westchase/near-Katy area. The specific Zip codes: 77056, 77008, 77004, 77006, 77002, 77584, 77024, 77082 and 77079. As they drove, they used WiFi “sniffing” devices to look for signals from wireless routers, a practice known as wardriving. They checked each one to see if it was encrypted — meaning signals between the routers and the devices that connected to them are scrambled — and whether … Continue reading Symantec ranks Houston high in WiFi security survey

AUSTIN – Texas Attorney General Greg Abbott today sent out an urgent message for all Texans to be on the lookout for official-looking e-mails purporting to originate from major financial institutions asking for personal account information. In the latest series of so-called “phishing” scams, the e-mail sender claims to represent financial institutions such as Comerica, Chase or others. The message instructs the “account holder” to submit personal account information because “bank officials” have reason to believe his or her account may have been accessed by an unauthorized party. Consumers who believe they may have received such bogus e-mails may file … Continue reading Attorney General Abbott warns Texans about recent bank scams to tap personal accounts

The Indiana University School of Informatics and affiliated start-up RavenWhite have developed “active cookie” technology to guard against such attacks as phishing, pharming, wireless hijacking, and man-in-the-middle.  Active cookies are cached pieces of executable code that can authenticate a browser to a server.  While the technology does not work well for roaming users, Indiana University and RavenWhite expect it to be of interest to financial institutions, which will find that active cookies will complement their current authentication measures. http://www.theregister.co.uk/2006/02/21/active_cookie/

Consultants Robert Baldwin and Kevin Kingdon, speaking at the RSA Conference, predicted that video and audio files could become the next big attack vector.  Copy protection software embedded in video files can prevent security scans from working, making video files a likely vector for malware.  Many video consumers have a trusted source for content, such as cable television and iTunes, but many are circulating content downloaded from random source on the Internet.  Enterprises may begin to see video threats as they begin using more video in business presentations and other operations. TechTarget

Commentary by Jon Oltsik. According to security professionals, the top source of worm attacks were employee laptops at 43%, contractor laptops at 34%, and home computers connected over a virtual private network (VPN) at 27%. The market offers many solutions to such problems, such as network access control, end-point security, and network integrity, but this has only confused the marketplace.   However, the Trusted Computing Group could offer a unified means for identifying devices, checking their integrity, and controlling access.   Seeing no other technology with the same potential as trusted computing, Oltsik advises professionals to fit trusted computing into its network … Continue reading Perspective: Time to send a consistent message on security

Sniping between a controversial adware company and a prominent anti-spyware researcher continues as 180solutions defended its practices and called critic Ben Edelman “irresponsible”. Story at http://www.securitypipeline.com/180207091

There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself. http://www.us-cert.gov/cas/tips/ST06-002.html Topics: How are these myths established?Why is it important to know the truth?What are some common myths, and what is the truth behind them?