What afflictions are in store for 2008?; The trusted user threat; Holiday spam on the rise

Security Alert NetworkWorld.com | Security Research Center | Update Your Profile Attackers poised to exploit Olympics, presidential elections in 2008 By Ellen Messmer In 2008, look for a rising number of compromised Web sites that quietly attack unsuspecting visitors, "parasitic" malware that eats desktop files, and a stream of exploits targeting high-profile events such as the 2008 Olympics and the U.S. presidential elections, security experts warn. Read full story Senior Editor Ellen Messmer covers security for Network World. Contact her at emessmer@nww.com. MORE STORIES SPONSORED BY NORWICH UNIVERSITY NSA Designated Masters in Information Assurance National Security Agency has designated Norwich University's Master of Science in Information Assurance program as a center of Academic Excellence in Information Security. The program is specifically designed with the proper balance of technical and management skills. Learn to manage and lead an organization-wide information security program, in 18 months. RELATED NEWS: Trusted users pose significant security threats, survey finds, 12/10/07 It probably doesn't give security managers much comfort to hear that the majority of internal employees that pose a significant threat to network security are well-meaning, innocent offenders -- as opposed to those with malice on the mind. Holiday time fertile ground for IM, Web-based threats, 12/11/07 Symantec's holiday spam listing is seeing an increase in threats which capitalize on the concept of a trusted source or Web site. Microsoft Patch Tuesday has three on critical list, 12/11/2007 Microsoft Tuesday released two critical patches for Windows and one for Internet Explorer that is being actively exploited, according to Microsoft ... (Plus: Cisco aims to soothe Microsoft Patch Tuesday Cisco's revamped security center aims to help network admins cope with Microsoft Patch Tuesday alerts.) iPhone to be target of hackers in 2008, 12/11/07 The iPhone has been the target of many users who wanted to customize the way it looks and hackers who wanted to use the device on other wireless networks since it was released in June. However, Arbor Networks predicts the seriousness of attacks on the iPhone will increase in 2008. DNS attack could signal Phishing 2.0, 12/11/07 Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet. NBA: Your last line of defense, 12/10/07 There’s a new weapon in the security arsenal that monitors network traffic and issues real-time alerts when it spots unusual or suspicious behavior on the network. Data breaches, regulations fueling data encryption adoption, 12/10/07 Data encryption grows in government and business in reaction to data-breach fiascos, regulatory requirements. Private customer data vulnerable during application testing, 12/10/07 Sixty-two percent of companies surveyed by the Ponemon Institute report that during the application development and testing process, they use real customer data-including employee, vendor and customer records, and credit card and Social Security numbers-instead of disguised data to test applications. IT managers fight to keep up with ESX patches, 12/10/07 An increasingly large number of patches are being issued for VMware's ESX Server, and system administrators could be struggling to keep up, so says a virtualization blog site Virtualization.info. Oops! Skype forgets to tell users of bug or patch job, 12/10/07 Skype Monday blamed an "unintentional communication oversight" for not notifying users a month ago that it had patched the Windows version of its VoIP client software against a critical bug. iPhone gains secure VPN solution, 12/11/07 Astaro Corporation is offering iPhone support to VPNs controlled by its Astaro Security Gateway appliance. Best practices for avoiding IPsec VPN blackout Cisco Subnet blogger Mark Lewis gives recommendations for preventing IPsec VPN failures. HOLIDAY GIFT GUIDE Find the very best tech holiday gift ideas. '07 ENTERPRISE ALL-STARS Honoring outstanding technology projects. SPONSORED BY NORWICH UNIVERSITY NSA Designated Masters in Information Assurance National Security Agency has designated Norwich University's Master of Science in Information Assurance program as a center of Academic Excellence in Information Security. The program is specifically designed with the proper balance of technical and management skills. Learn to manage and lead an organization-wide information security program, in 18 months. Holiday Tech Toys Stumped on what gadgets and gizmos to give this holiday? Have no fear, Cool Tools' Keith Shaw is here. We do all of the heavy lifting of wading through hundreds of submitted technology products to find the very best holiday gift ideas. Click here to view our holiday gift guide: http://www.nww.com/PSA2_1210 Featured reader resource 90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds. Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount)   12/12/07 TODAY'S MOST-READ STORIES: Microsoft pulls plug on potty-mouth Santa Scary tech stories Open source software targets math programs AT&T expands reach of 40G backbone Former Microsoft employee charged The nine worst Microsoft products 2007 Cool Yule Tools gift guide Net coding: networking's next revolution? Cyberattack on national labs Review: Who's got the fastest firewall? TOP 100 OF 2007 Executive Guide The Security Treadmill This Executive Guide offers interviews with leading, real-world security experts who tell you how to get inside users' heads, fight for a bigger security budget, and whether VoIP security issues are overstated or underrated, and much more. Review this informative guide today. Click Here for More Information IT Buyer's Guides Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now.   To continue receiving NetworkWorld's Security Alert newsletter, please add @nwfnews.com to your white list. COMPLIMENTARY SUBSCRIPTIONS AVAILABLE As a NW newsletter subscriber you are eligible to receive 50 issues of Network World Magazine, in print or electronic format, free of charge. Sign up for your subscription today: Apply here. International subscribers,click here.   SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Terms of Service/Privacy Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007