Rogue SharePoint sites pose security menace; IT security on the cheap; Lessons from Melissa virus

What IT and end users have learned about viruses and worms over the past decade Security Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Purewire Hackers New Playground- Employees Surfing the Web Learn how hackers are exploiting your employees Web surfing to gain entry into your network. New technologies such as AJAX and Silverlight are fueling attack methods such as; Clickjacking, XSS and Request Forgery. Recent research shows that 70% of Web sites serving malware are actually legitimate sites. Download this white paper now! Spotlight Story Rogue SharePoint sites pose security menace Gartner estimates that 30% of SharePoint servers are rogue deployments, launched by business managers without the IT department's knowledge. Read more. Related News: IT security on the cheap IT security freebies and cheap solutions include leaning on interns, using Twitter and other Web 2.0 tools, and even enticing employees to act in awareness videos. Podcast: Lessons Learned 10 Years After Melissa Virus The virus named after an exotic dancer on March 26, 1999, helped kick off a bunch of high-profile threats that changed the security and IT world rapidly. On the eve of the 10th anniversary of the virus, Keith Shaw talks with Symantec's Kevin Haley about lessons that security vendors, IT and end users have learned about viruses and worms over the past decade. (8:13) Nasty New Worm Targets Home Routers, Cable Modems A computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear. Cisco security updates squash router bugs Cisco has released eight security updates for the Internetwork Operating System (IOS) software used to power its routers. Adobe details secret PDF patches Adobe revealed Tuesday that it patched five critical vulnerabilities behind the scenes when it updated its Reader and Acrobat applications earlier this month to fix a bug already under attack. Expert cites "major problem" with security policy compliance Attendees at this week's SecureWorld Boston conference got a stern talking-to Wednesday morning: Keynoter Charles Cresson Wood said organizations need to get their information security policies in order or risk going down the tubes. New 'scareware' Trojan holds users to ransom A Trojan that normally peddles bogus antivirus scareware' has hit on a new way of persuading users to part with money for a worthless license - it encrypts their data first. Critical flaws found in HP OpenView Critical vulnerabilities have been found in HP's OpenView product, which could potentially affect millions of organizations currently using the systems and network management software. 4 Telecommuting Security Mistakes According to figures released recently by the Nemertes Research Group, an Illinois-based research advisory firm, as many as 71% of U.S. companies offer full-time or part-time telecommuting to employees. Despite the large number of employees who work out of office, another recent study from The Center for Democracy and Technology found many continue to sideline the issue of telecommuting security in favor of more urgent needs. Cold-boot attacks change the data leakage landscape Until 2008, the consensus had been that there would be no practical way to remove a RAM chip from a computer system without losing all contained data. However, last July, researchers published a paper about something quite amazing: most RAM chips maintain their data for several seconds without any power, thus allowing a channel for data leakage from any computer to which an attacker has physical access. Cold-boot attacks: The 'frozen cache' approach Part one of this pair of columns described "cold boot attacks" and their security implications, in particular for software-implemented full-disk encryption. Security expert Jürgen Pabel continues with part two. Geer: Risk Management Should Change the Future "The dean of the security deep thinkers," "security luminary, " and "risk-management pioneer" are all phrases that have been used to describe Dan Geer. Considered one of the foremost leaders in information security, his resume includes time as president and chief scientist at Verdasys Inc, a critical role in Project Athena at MIT, and a now famous firing from @Stake for co-writing a paper warning that a Microsoft monoculture threatened national security. Also see: Compass Award Winners: Security Leadership In Trying Times Security management: 3 key considerations What should you ask when buying security information management software? Enter for a Microsoft training giveaway from New Horizons New Horizons Computer Training is offering a free Microsoft training course worth up to $2,500 to be given to one lucky Microsoft Subnet reader. Deadline for entry is March 31. Network World on Twitter Get our tweets and stay plugged in to networking news. App to no good A look at the top 10 iPhone apps that could get you into trouble. CEO payday breakdown A detailed account of how much tech chiefs made in 2008. Sponsored by Purewire Hackers New Playground- Employees Surfing the Web Learn how hackers are exploiting your employees Web surfing to gain entry into your network. New technologies such as AJAX and Silverlight are fueling attack methods such as; Clickjacking, XSS and Request Forgery. Recent research shows that 70% of Web sites serving malware are actually legitimate sites. Download this white paper now! Case Study: Successful LAN Support Successfully deploy a wired/wireless Ethernet network and keep it running with exceptional up-time. Ensure your network is ready for new technologies by running assessment tests that provide you with the data you need. Resolve connectivity issues and quickly address network performance complaints. Get all of the details today. Download this whitepaper now. What you need to see all 7 layers Get all the tools you need to see all 7 layers of your network. Fluke's OptiView Analyzer combines protocol analysis, active discovery, and device and traffic analysis in a mobile solution, giving you the information you need to control your network and minimize disruption. Click here for your free trial.   03/26/09 Today's most-read stories: CEO payday: How much tech chiefs made in '08 Melissa virus turning 10 ... (age of the stripper unknown) Hidden commands Linux penguin mascot gives way to Tuz What is Nortel up to? 10 great free sites and downloads Eight great free security tools Strike looms for AT&T Microsoft to present open source blueprint for down economy Microsoft again delays identity management server Students learn through robot battles Network World on Twitter: Get our tweets and stay plugged in to networking news The Need for an Adaptive Threat Management Architecture - Live March 31. Create a more secure and efficient network. Find out how in this Live Webcast, "The Need for an Adaptive Threat Management Architecture." Join us on Tuesday, March 31, 2009, at 1:00 p.m. ET/10:00 a.m. PT. Get real-world advice from Jon Oltsik, senior analyst at consulting firm Enterprise Strategy Group. Register today for this Live Webcast. Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com