Apple iPhone security, privacy claims exaggerated, researcher says; Timelin of A Decade of Malware

	Timeline: A Decade of Malware | Negative tech ads (slideshow)
	Network World Compliance Alert				Forward this to a Friend >>>
	Apple iPhone security, privacy claims exaggerated, researcher says Apple's sandboxing technology restricts iPhone applications using deny/allow rules at the kernel level, but these and other security permissions are too loose, according to one presenter at the Black Hat Conference. Read More WHITE PAPER: Tripwire FISMA Prescriptive Guide Learn how Tripwire helps federal agencies, as well as the organizations and contractors that store, process or transmit federal information. The FISMA Prescriptive Guide contains case studies from three fictional federal agencies, each capturing the perspective of a key stakeholder in the FISMA compliance process. Click here. In this Issue Timeline: A Decade of Malware Negative tech ads (slideshow) IT Outsourcing: Why It Pays to Appraise Your Contract Facebook, Twitter, Social Network Attacks Tripled in 2009 Too many people re-use logins, study finds Google Working With National Security Agency, Report Says Researcher reveals how IE flaw can turn your PC into a public file server Unique network security algorithm stops worms from spreading US House passes cybersecurity R&D bill Black Hat: Zero-day hack of Oracle 11g database revealed Twitter forces password reset to protect some accounts How Wi-Fi attackers are poisoning Web browsers Cybersecurity needs duck-and-cover campaign to boost national awareness User provisioning: right access to the right people Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products Conficker worm cripples a U.K. police department WHITE PAPER: IBM NWW Profiting from PCI Compliance Working together, the major payment card providers have developed a set of data security standards and created a council for enforcing them. For many companies, regulatory compliance can already be an overwhelming and confusing area to navigate, and the need to comply with the PCI DSS might feel like yet another burden. Learn More Now Timeline: A Decade of Malware ScanSafe security researcher Mary Landesman looks back at some of the notorious malware that has shaped the attack landscape we now face online Read More Negative tech ads (slideshow) Tech companies have gone negative in their ad campaigns since long before Verizon's "map" ads and Apple's John Hodgman romps. Here are 26 landmarks in the history of scorched-earth marketing. Read More IT Outsourcing: Why It Pays to Appraise Your Contract Most IT outsourcing contracts contain post-execution provisions that, if not reviewed annually, can drive up costs or drive down performance. We've got an 18-point checklist to keep your outsourcing costs and service under control this year. Read More Facebook, Twitter, Social Network Attacks Tripled in 2009 New report from Sophos finds most Facebook and Twitter users have received spam or malware on the popular social networking sites Read More Too many people re-use logins, study finds An analysis of real-world online behaviour has warned of the unsettling phenomenon that led to this week's high-profile Twitter login scare. Far too many people re-use the same logins for more than one site. Read More WHITE PAPER: IBM NWW An Executive's Guide to Web Application Security Unfortunately, network firewalls and network vulnerability scanners can't defend against application-level attacks. It's more important than ever to implement secure application strategies to effectively protect your business. Learn More Google Working With National Security Agency, Report Says In a partnership that may inspire some to put their tinfoil hats on, Google has reportedly turned to the National Security Agency for help in improving the company's security infrastructure. The new partnership is still being finalized, but will be aimed at preventing future attacks like the one that hit Google in December, according to The Washington Post. This is not the first time the NSA has been tapped to help a U.S. corporation with cyber security, but the purported partnership would certainly be unique since Google's servers house such a vast collection of user data including search histories, e-mail, and personal documents. Read More Researcher reveals how IE flaw can turn your PC into a public file server In a live demonstration Wednesday at the Black Hat DC conference, a security consultant showed how it's possible to exploit a flaw in the Microsoft Internet Explorer browser to remotely read files on the victim's local drive, prompting a security advisory from Microsoft. Read More Unique network security algorithm stops worms from spreading Researchers at Pennsylvania State University say they can block the spread of self-propagating worms on corporate networks while keeping infected machines online so they can continue performing their legitimate duties. Read More US House passes cybersecurity R&D bill The U.S. House of Representatives has passed a bill that would authorize hundreds of millions of dollars in spending on cybersecurity research and education. Read More Black Hat: Zero-day hack of Oracle 11g database revealed A well-known security researcher yesterday showed how to subvert security in the Oracle 11g database by exploiting zero-day vulnerabilities that would let a savvy user gain full and complete control. Read More WHITE PAPER: HP WAN Design – Don't Buy More than You Need This Gartner research note examines the methodology organizations should employ when designing a WAN. It offers advice on how to ensure that important applications are networked with sufficient performance and that there is not an "overspend" on less important applications and provides guidance on meeting unique network needs. Read Now. Twitter forces password reset to protect some accounts Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said. Read More How Wi-Fi attackers are poisoning Web browsers Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time. That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. Read More Cybersecurity needs duck-and-cover campaign to boost national awareness Shoring up U.S. cyberdefense should include educational programs that motivate private citizens to fight cyber threats through safer Web practices, much as school children were taught in the 1950s to hide under their desks and cover their heads in case of nuclear attacks, researchers say. Read More User provisioning: right access to the right people Last issue we touched on a new definition for identity. Today I'd like to present the definitive view of the first, both historically as well as in the context of adding identity and access management (IAM) to your organization. User provisioning has been called the "killer app" for identity management. It started us down the road to IdM over a dozen years ago. In fact, we almost take it for granted today. But what does it involve, what does it imply, and why does it matter? Read More Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products ARLINGTON, VA. -- A researcher with expertise in hacking hardware Tuesday detailed at the Black Hat DC conference how it's possible to subvert the security of a processor used to protect computers, smartcards and even Microsoft's Xbox 360 gaming system. Read More Conficker worm cripples a U.K. police department The Conficker worm is alive and well and has shut down the police network in Manchester, United Kingdom, for the past three days. Read More
	Join us on LinkedIn Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today! - Jeff Caruso, Executive Online Editor Today from the Subnet communities Massive giveaway from Cisco Subnet: 50 copies of the Cisco Press CCNP Cert Kits kits are up for grabs. Deadline March 31. 15 books on Microsoft PerformancePoint business analytics available, too. SLIDESHOWS 10 coolest experiments from Google Labs When you've got thousands of the world's most brilliant engineers spending 20% of their time on whatever takes their fancy, cool software is the result. 7 social SharePoint apps built in a week Seven startups competed to develop great SharePoint apps in one week. MOST-READ STORIES 10 best IT jobs right now Seven social SharePoint apps built in a week How Wi-Fi attackers are poisoning Web browsers The 10 coolest experiments from Google Labs Cisco backdoor still open Black Hat: Zero-day hack of Oracle 11g database revealed Facebook sees need for Terabit Ethernet Researcher claims hack of processor used to secure Xbox 360 Don't ever do this while at work and on live TV How to make new stuff from your piles of obsolete tech
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_compliance_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **