security holes

41 million credit card numbers hacked

Judi Hasson — Wed, 06 Aug 2008 10:27:40 -0400

Here we go again, like a broken record. The Justice Department this week charged 11 people with stealing more than 41 million credit and debit card numbers in what has been described as the largest hacking and identity theft ring ever exposed.

The government said the scheme was engineered by a multinational organized crime ring, and hit major national retail chains like OfficeMax, Barnes & Noble, BJ's Wholesale Club, the Sports Authority and T. J. Maxx.

"Computer networks and the Internet are an indispensable part of the world economy. But even as they provide extraordinary opportunities for legitimate commerce and communication, they also provide extraordinary opportunities for criminals, said Michael B. Mukasey, the United States attorney general, at a news conference in Boston to announce the indictments.

According to the indictment, the ring leaders drove around and scanned the wireless networks of retailers to find security holes. Once they identified technical weaknesses in the networks, they installed so-called sniffer programs and intercepted customers, PINs and debit and credit numbers that were stored there.

For more on this scheme:
- see The New York Times article

BlackBerry gets to dance with Google

Judi Hasson — Sat, 28 Jun 2008 19:26:21 -0400

The BlackBerry now has a number of new Google search enhancements that should make life easier for those out of the office and in quick need of information. Many of the changes copy the functionality of Google's current desktop search. "We have taken desktop elements that have tested well on mobile and further optimized them for the mobile use case," reads a post on the official Google Mobile blog. "Improving mobile search is a continuous process and we hope you find the releases this past month to move the needle on what we care most about: quality, speed and ease of use."

For more on BlackBerry's two-steps with Google:
- see this CIO.com article

For more tech stories from the FierceCIO network:
> New security holes found in Internet Explorer. Article
> Small startup sues Google for $1B. Article
> Brit telecom workers to go on mobile blackout. Article

Watch out for your IT security scorecard

Thu, 06 Mar 2008 06:59:58 -0500

A quarterly review of a company's information security is essential for top IT personnel trying to ensure their systems are airtight. While it's important for the IT department not to get lost in trivial details, it's key to recognize the company's vulnerability. And that means sharing the results of the information security scorecard with the IT team and moving quickly to seal any security holes. For most CIOs, it's essential to know about viruses and a system's susceptibility to an attack.

For more on the importance of the scorecard:
- see this ComputerWorld article

Security woes dog Microsoft

Mon, 03 Dec 2007 06:59:59 -0500

Microsoft Office, as well as other pieces of enterprise software, has security holes that are causing problems for Internet users, according to the SANS Institute's annual security report. According to the report, one of the largest problems is that developers aren't using secure enough coding techniques to create Web applications. And that gives hackers a chance to tap into reams of databases with information connected to them.

Overall, the report spells bad news for Microsoft as the company struggles to deal with problems connected to Vista and other applications. The report pointed to vulnerabilities in the applications suite which jumped nearly 300 percent between 2006 and 2007. New flaws in Excel allow hackers to construct documents that can infect a computer with malicious software if they are opened. The report also said that there is a rise in spyware--programs that surreptitiously collect data on a user's computer. The number of websites rigged with spyware increased 187 percent this year.

If you think you have escaped the hackers' attacks, think again. The report said hackers are getting smart about attaching malicious documents to email with an enticing name. To add to the bait, the hacker makes it look like it is coming from someone the recipient knows. If this is a problem for you, remember that training is the best defense against an offense.

For more on the SANS security report:
- See this Washington Post article

Bolstering mobile security

Wed, 25 Apr 2007 20:01:38 -0400

Typically, corporations employ a triple line of defense for protecting mobile technology: a comprehensive set of IT security appliances, hardened operating systems and security software, along with personal firewall and antivirus software, and tough security policies. But once a laptop starts roaming outside of the enterprise governed network, this defense system no longer works, because the laptop is essentially no longer protected by the corporate security appliances layer and is exclusively dependent on the security software installed on the local operating system. To combat the problem, some companies have chosen to place computers behind a robust security gateway, usually a dedicated security appliance, to counteract the current weaknesses in laptop security. These appliances are equipped with hardened operating systems that don't have security holes, "back-doors," or unsecured layers. They can't be uninstalled and have non-writable memory. The use of hardware allows for the combination of a comprehensive set of security solutions in a single device. Hardware also allows the combination of best-of-breed enterprise-class solutions with proprietary developments working on both the lower and higher levels.

Learn more about ironclad mobile security:
- read the article at SecurityPark.net

ALSO:
- read this on why mobile security is Job One
- this for best practices in managing mobile devices
- this on why a mobile security effort is a mandate
- this on balancing mobile functionality with security
- and this for mobile security tools for SMBs

ALSO NOTED: CIOs on the job with Web security; New approaches to solving spam problem;

Sun, 15 Apr 2007 20:01:38 -0400

> Study: Most CIOs use content filtering and blocking software or have acceptable Web browsing policies. Article

> Innovators offer hope of curing spam. Article

> IT equipment leases dip, while software leases will rise. Article

> Cisco fixes security holes. Article

> New Storm worm outbreak blasting Internet. Article

> Dangerous DNS server bug in Longhorn code. Article

And Finally…. Are SMBs missing the open-source boat? Article

ALSO NOTED: Major vendors backing SML; Dangerous claims about smartphone security;

Sun, 25 Mar 2007 20:01:38 -0400

> Major computer vendors are backing the Service Modeling Language (SML) spec for XML-based IT management. Article

> Dangerous claims about smartphone security. Article

> Windows has less security holes but more critical flaws than Red Hat and Mac OS X, report says. Article

> The regulatory burden is making the U.S. less competitive. Blog

> Security slows adoption of on-demand software. Article

> Feedback on sustainable IT. Blog

And Finally … Avoiding turf wars. Podcast

Ethical hacking

Wed, 21 Mar 2007 20:01:38 -0400

When it comes to finding out where security holes might exist, nothing is off limits--not even arranging to have your own systems hacked into. In fact, many companies are doing just that--engaging an independent computer security professional to attempt to break into the network, using the same tools and techniques that actual hackers would use. Generally, a hired gun will use both penetration testing and vulnerability assessment. For the vulnerability assessment, hackers use either automated tools or manual methods to pinpoint weaknesses. Penetration testing focuses on evaluating computer or network security by actually replicating an attack by a hacker. A hacker then would use information about the wall's faulty or weak materials to break through it. Ethical hacking is gaining steam in every business area, due in part to a change in attitude about information security. Businesses are beginning to realize that as computer networks become more complex, it is not possible to protect everything. Instead, company managers must prioritize security efforts to protect the most critical assets.

Read more about ethical hacking:
- read the article at cayCompass.com

ALSO: read this about ethical hacking

ALSO NOTED: Plugging the biggest security holes; Weighing the outsourcing dilemma;

Mon, 19 Feb 2007 19:01:38 -0500

> How to plug the biggest security holes. Article

> Weighing the outsourcing dilemma. Article

> Online disaster recovery still spotty in mid-sized companies. Article

> Is open-source really superior? Article

> Getting open-source and traditional applications to play well together. Article

> Symantec report details problems in mitigating IT risk. Article

And finally… What IT can do to help itself. Blog

Sometimes hackers are the good guys…

Wed, 31 Jan 2007 19:01:38 -0500

Although you might be tempted to consider all hackers scourges of society, there is one subset of hacker that is actually doing you a favor by trying to break into your system. It's the job of these professionals, called ethical hackers, to find security holes before real hackers find them, protecting your company and its data in the process. To ensure that you find a reputable ethical hacker, make sure you run a thorough background check and make sure the candidate understands sophisticated hacking techniques such as DNS host identification abuse, cache poisoning, password cracking, spoofing, SSL session hijacking and malicious log editing.

Read on for more information on how to hire an ethical hacker:
- Read the article at RedmondMag.com