Search This Blog

Friday, January 21, 2011

Most notorious Web attack toolkits; Is retaliation the answer to cyber attacks?

Is retaliation the answer to cyber attacks? | Quirky moments at Black Hat DC 2011

Network World Compliance

Forward this to a Friend >>>


MPack, NeoSploit and Zeus top most notorious Web attack toolkit list
About two-thirds of malicious Web activity can be traced back to botnets and exploit code built using popular attack toolkits like MPack and Zeus sold in the underground economy, according to a new Symantec report. Read More


WHITE PAPER: Tripwire

Pulling the Plug on Legacy Log Management
When it comes to log management today, CSOs have been left in the lurch. According to a new IDG Research Services survey, organizations are poised to "rip and replace" legacy technology to get a better handle on compliance and security. Read More!

In this Issue


WHITE PAPER: Riverbed

Case Study - Psomas
As a high-growth firm, Psomas needed to accelerate application performance to accommodate a changing set of demands from the business as well as employees. With Riverbed Steelhead products deployed worldwide, their employees can now share work and leverage resources wherever they happen to be. Read now!

Is retaliation the answer to cyber attacks?
Should revenge assaults be just another security tool large IT shops use to counter cyber attacks? Read More

Quirky moments at Black Hat DC 2011
A Black Hat Conference is nothing if not quirky as security geeks try every stunt possible to show what a clueless world we live in when it comes to security. Anyway, here are some such moments from this week's event. Read More

Social networking security threats taken too lightly
There's a gap between reports of malware generated from social networking sites and the potential threat businesses perceive, according to results of Sophos' s "Security Threat Report 2011". Read More

Mastering computers easier than riding a bike for kids, survey finds
Children five years old and younger are acquiring at least some computer skills at rates higher than they pick up more traditional childhood activities like swimming and bike riding, a survey says. Read More

WikiLeaks obtains much secret data from P2P nets, not leaks, firm claims
WikiLeaks officials deny claims by a security firm that it has obtained some sensitive documents on P2P networks rather than from anonymous whistleblowers. Read More

Can the government prevent a DDoS attack?
On Dec. 8, 2010 a group of hackers launched distributed denial-of-service (DDoS) attacks against the Visa and Paypal Web servers and also on a Swedish Government Web site. The attacks were successful and the services offered by all these sites were severely disrupted. If major corporations, which operate in a multi-national environment, couldn't prevent these attacks, can the UK government stop such an attack on one of their Web services? Read More

Gaping security flaw exposed on anti-tamper devices
Security devices used in transportation, packaging and even in accounting for nuclear materials are very vulnerable to attack, two security researchers are warned on Tuesday at the Black Hat security conference. Read More


WHITE PAPER: IBM

Crunching Data Warehousing Workloads Cheaper Than Ever
IBM's Balanced Warehouse solutions address diverse DW price points and requirements, ranging from high-end enterprise DWs down to smaller, function-limited DWs and departmental data marts. Balanced Warehouses build on and extend the Balanced Configuration Unit (BCU) DW appliance solutions that IBM had introduced almost two years prior. Read now!

Mobile device makers react differently to attack info, researcher says
When a researcher at an ethical-hacking firm discovered mobile devices from Apple, Google, RIM and HTC had a flaw in them that would allow an attacker using malicious Web code to freeze them up and crash them, he contacted the companies last year. Read More

Researcher releases attack code for just-patched Windows bug
Attack code for a Windows vulnerability that Microsoft patched last week was released by a researcher one day after the company fixed the flaw. Read More

Public cloud services can provide useful tools for criminals
Buying public cloud services passwords as demonstrated this week at the Black Hat D.C. conference is not the only malicious use these computational and storage resources might offer, according to one security expert. Read More

Cisco beefs up Wi-Fi mobile payment security
Cisco is beefing up wireless transaction security with new software features for its Wi-Fi access points. The vendor says the changes add needed protection over and above that mandated by the Payment Card Industry (PCI) standard. Read More

Fake GSM base station trick targets iPhones
While his Black Hat DC Conference demonstration was not flawless, a University of Luxembourg student on Wednesday did show that it's possible to trick iPhone users into joining a fake GSM network. Read More

Oracle patching fewer database flaws as it adds more products
Oracle's fast growing product set may be hampering its ability to create patches for database flaws in a timely fashion, security experts say. Read More

Hackers steal $150,000 with malicious job application
Small businesses have a new scam to worry about: criminal job applicants who want to hack into online bank accounts. Read More


WHITE PAPER: Emerson Network Power

Taking the Enterprise Data Center into the Cloud
Get a detailed overview of cloud computing technology— common types of architectures and services and perceived risks impacting widespread adoption. Learn best practices for optimizing critical systems for cloud deployment in existing facilities and see how next-generation technologies forge a path toward an integrated DCIM approach. Learn More

Experts: Gov't trusted Internet identities a long way off
The White House makes a renewed push for trusted identities on the Internet. While many applaud the government for taking a hands-off approach, others say it will take years for anything to reach fruition. Read More

Will electronic toll systems become terrorist targets?
Weaknesses in 802.11p vehicular wireless networks could make them targets for terrorists seeking to wreak havoc on the nation's highways, according to a briefing scheduled this week at the Black Hat DC conference. Read More

Feds charge professed White Hat hackers in breach of AT&T iPad customer data
Professed White Hat hackers face federal criminal charges for grabbing the e-mail addresses of 114,000 AT&T 3G customers who use iPads. Read More

Security fail: When trusted IT people go bad
It's a CIO's worst nightmare: You get a call from the Business Software Alliance (BSA), saying that some of the Microsoft software your company uses might be pirated. Read More

Decoy networks, separation tactics part of AT&T security chief's infrastructure protection plans
As chief security officer at AT&T, Edward Amoroso has long observed how cyberattacks impact customer and service-provider networks. In his newly published book, Amoroso says it's time to unite to create the equivalent of a national cyber-protection shield to guard against attacks on industry and government networks by terrorists, state-sponsored attackers and plain old thieves. Read More

DHS puts weight behind USC "mini-Internet" security testbed
The University of Southern California has signed a 5-year, $16 million contract with the Department of Homeland Security to expand USC's DETERlab "mini-Internet" security testbed. Read More

NASA appoints new information security chief
NASA named a veteran government IT official to serve as its deputy CIO for Information Technology Security. Read More

Israel tested Stuxnet worm, says report
The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was reportedly created by Israel and the U.S. Read More



BECOME AN INSIDER
Get premium content, in-depth reviews, practical tips and exclusive research. All for just signing up. Sign up for free today.

SLIDESHOWS

12 geekiest snow and ice sculptures
Not all tech weenies hunker down indoors when the snow starts piling up and the ice coats the streets. Some put on their mittens and boots and go to work creating fantastic snow and ice sculptures celebrating their tech favorites.

2011's 25 Geekiest 25th Anniversaries
Our fifth annual collection of the year's "geekiest anniversaries" kicks off with The Mentor's "Hacker's Manifesto" and includes such memorable characters as Captain Midnight and Ferris Bueller, institutions the likes of the IETF and Spy magazine, and inventions like the Super Soaker and disposable camera.

MOST-READ STORIES

  1. Yahoo IPv6 upgrade could shut out 1 million Internet users
  2. Cause of Windows Phone 7 data spikes found
  3. Fake GSM base station trick targets iPhones
  4. Apple reveals most downloaded iPhone, iPad apps of all time
  5. NASA background security checks do not go too far
  6. NSA breaks ground on Utah 'spy center' data center
  7. Cisco IOS vulnerabilities uncovered
  8. Cisco's 800-pound gorilla: Xsigo
  9. Panic time quiz: How prepared are you for IPv6?
  10. Gamers hijacked your server? Might be an inside job

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_compliance_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: