security report

Symantec: Microsoft patches fastest

Mehan Jayasuriya — Fri, 11 Apr 2008 11:20:16 -0400

Mirror, mirror on the wall, who's the fastest of them all? If you're talking about security patches, it looks like the answer is Microsoft. Contrary to popular belief, Microsoft was found to be the overall fastest when it comes to patching vulnerabilities, in security vendor Symantec's latest security report on the malware industry. Covering the period from July 1 to December 31, 2007, the comprehensive report reveals that Microsoft released a total of 60 patches over the course of 2007, with an average patch time of 18 days during the first half of the year, and just six days during the second half. In second place was Red Hat, with an average patch time of just over a month--quite a bit higher than Microsoft. Meanwhile, Apple, HP and Sun all lag far behind.

For more on the report:
- see this Ars Technica article

Security woes dog Microsoft

Mon, 03 Dec 2007 06:59:59 -0500

Microsoft Office, as well as other pieces of enterprise software, has security holes that are causing problems for Internet users, according to the SANS Institute's annual security report. According to the report, one of the largest problems is that developers aren't using secure enough coding techniques to create Web applications. And that gives hackers a chance to tap into reams of databases with information connected to them.

Overall, the report spells bad news for Microsoft as the company struggles to deal with problems connected to Vista and other applications. The report pointed to vulnerabilities in the applications suite which jumped nearly 300 percent between 2006 and 2007. New flaws in Excel allow hackers to construct documents that can infect a computer with malicious software if they are opened. The report also said that there is a rise in spyware--programs that surreptitiously collect data on a user's computer. The number of websites rigged with spyware increased 187 percent this year.

If you think you have escaped the hackers' attacks, think again. The report said hackers are getting smart about attaching malicious documents to email with an enticing name. To add to the bait, the hacker makes it look like it is coming from someone the recipient knows. If this is a problem for you, remember that training is the best defense against an offense.

For more on the SANS security report:
- See this Washington Post article

Opportunity vs. risk: Fixed-Mobile Convergence

Sun, 01 Apr 2007 20:01:38 -0400

The opportunity provided by fixed-mobile convergence--the delivery of voice, video and data across networks, integrating IP telephony and other applications into the network infrastructure--is potentially staggering. For enterprises, FMC will offer significant savings by allowing users with dual-mode devices to switch transparently between cell and WLAN VoIP connections. As a result, productivity is bound to rise. But before jumping in, consider the security implications. The threat of cellular devices is much greater when FMC is introduced, because FMC gives them access to IP networks. Many security companies have jumped into the fixed-mobile convergence security market, such as Check Point Software, Sipera Systems and Reef Point Systems, to address these issues. That's important, because traditional security solutions don't scale well for this environment. The sheer number of users, the rich mix of applications and the diverse types of carriers require highly customized solutions.

To learn more about security and fixed-mobile convergence:
- read the article at Computer Weekly

Related Articles:
VoIP networks can be difficult to manage. Report
vendors shoring up VoIP security. Report
Mobile security is Job One. Report

Wireless connectivity can breed wireless insecurity

Sun, 11 Mar 2007 20:01:38 -0400

Wireless connectivity is a fact of life in today's corporate world, but leaving wireless devices connected indiscriminately and unchecked can expose your organization's confidential data and critical assets to the outside world. The key is finding a way to quickly discover and eliminate network infrastructure that poses a risk to the organization. The most dangerous are unauthorized devices connected to a wired network. These dangerous wireless devices consist of rogue access points (access points connected to the LAN without acknowledgment from the network administrator) and rogue peers (end-user computers that have both bridging and wireless enabled). Other security concerns come from other unauthorized network devices, such as web cameras connected to a LAN. Organizations should look for solutions that find and eliminate rogue devices that are easy to deploy and manage, not to mention cost-effective. These systems should identify and accurately classify each device and remedy the situation through Ethernet port disabling.

For more on protecting your networks against unauthorized wireless devices:
- read the article at Small Business Computing

Related Articles:
Boosting wireless security. Report
Managing the chaos of mobility. Report

ALSO NOTED: Industry group collects big on software infractions; Business networking site now boasts Q&A feature; and much

Mon, 15 Jan 2007 19:01:33 -0500

> Industry group collects big on software infractions. Article

> Business networking site now boasts Q&A feature. Article

> U.K. looks to boost data sharing. Article

> Seagate aims to get sexier for customer adoption. Article

> The big tech innovations to track this year. Article

> Two approaches to migrating data and apps to Vista. Article

> The energy issue with wireless technologies. Article

> Growing adoption drives need for better mobile device security. Report

And Finally... A search engine for cranky Web surfers. Article

ALSO NOTED: Security report: 7 million phishing attempts taking place daily; Symantec releases betas tied to Vista; and much mo

Thu, 30 Nov 2006 19:01:33 -0500

> Security report: 7 million phishing attempts taking place daily. Article

> Symantec releases betas tied to Vista system. Article

> Some alternatives to the "dying" WLAN. Article

> UK enterprises still wrestling with risk management process. Article

> HP sued for stock sales before spying incident was revealed. Article

> Laptop incidents pushing enterprises to check out alternative brands. Article

And Finally... A mouse that does yoga. Article

SPOTLIGHT: Mobile security issues will bring about new tool use

Mon, 13 Nov 2006 19:01:34 -0500

Given the recent reports that smartphones will only grow in popularity--and the advancing security issues that comes with such mobile devices--it's not hard to believe a new security report that warns mobile security needs to get greater attention. According to research firm J.Gold Associates, the need for better security will also bring about a big strategy change from pure software to using tougher tools such as personal hardware appliances. Article

Best practices in managing mobile devices

Sun, 05 Nov 2006 19:01:36 -0500

A growing task facing today's tech leaders is the management of mobile devices--from deciding who needs what type of device and functionality, to educating users on theft prevention and security risks. In a big enterprise, it can be a full time job for a tech manager and as with any new responsibility, it's a good practice to get a jump on the many management issues that come into play. Not only does IT have to support this new breed of user, it needs to make sure that policies are in place and being enforced. Get a good look at what to do before handing out those new business devices, so that security and management take root before the headaches arise.

For best practices in managing mobile devices:
- read the analyst report at CSO online

Related Articles:
The need to scrub mobile devices clean. Report
Lessons learned in mobile device security. Report
Why a mobile security effort is a mandate. Report

Trojans overtake virus, worms in popularity

Wed, 05 Jul 2006 20:01:37 -0400

If you've been tracking IT security news, you likely know that Trojans are increasing by the week. According to one security report, the 'ransomware' Trojan is getting more popular with hackers these days. In fact, the malware is outnumbering worms and viruses by a ratio of four to one, says Sophos, a security vendor.

For more on why Trojans are getting popular:
- read this article at NetworkWorld