In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
It seems obvious that the current certificate security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.
Malware authors continue to pursue delivery mechanisms that can confuse different malware detection systems.
Coordinated efforts between experts/authorities against cybercriminals seem like the most efficient method for combating cybercriminals. Different experts and authorities are then able to focus on the part of the criminal chain that corresponds to their ability and expertise.
Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.
It is almost impossible to protect completely against a targeted cyberattack against an organization.
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
As one of the largest companies in the software industry, Microsoft's policy will influence the way vulnerabilities are handled.
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
The RSA Conferences are among the most important annual security conferences. This year's US conference was held in San Francisco 14 - 18 February.
Advertisements (ads) on the web have become part of a multi-billion industry. These days it is almost impossible to read news on the web without being overwhelmed by a plethora of ads for everything from cars to diapers. However, it is presumably not optimal to display the car ads to children. Nor are most teenagers particularly interested in diapers.
A new report, “Reducing Systemic Cybersecurity Risk”, has received quite a lot of attention. The report is part of the Organisation for Economic Co-operation and Development (OECD) Project on “Future Global Shocks”, and addresses the question: "How far could cyber-related hazards be as devastating as events like large-scale pandemics and the 2007-10 banking crisis?"
We have previously advocated the view that endpoint security is just one of several tools needed to accomplish secure environments. This article will examine one particular threat against the Internet community and discuss how it may be overcome.
In a press release 25 October the Dutch High Tech Crime Team (THTC) of the National Crime Squad announced a successful takedown of a major botnet. 143 malicious computer servers were taken down from the internet resulting from collaboration with a Dutch hosting provider, the Dutch Forensic Institute (NFI), the internet security company Fox IT and GOVCERT.NL and the Dutch computer emergency response team.
A message similar to the one in this article's title may seem like a nightmare for most of us, as we have become increasingly dependent - some even addicted - to using resources available on the Internet for necessary as well as trivial tasks.
Last week in our article "Ways to use botnets", we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material.
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
A few days ago the Australian House of Representatives' Standing Committee on Communications published its report on cyber crime and security. This document has the ambitious title "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime", and is an impressive, almost 300 pages reading with statistics, examples, and of course suggestions on how to solve the cyber crime problem.
Domain names are a crucial part of the Internet's infrastructure. However, as we have shown in previous security articles, registration of special domain names may be used as an attack vector for spreading malware.
The RSA Conferences are among of the most important annual security conferences. This year's US conference was held in San Francisco 1 - 5 March. One of the speakers was Microsoft's Scott Charney, Corporate Vice President Trustworthy Computing. His speech covered several interesting topics, of which we will discuss one: the ability, usefulness and implications of treating infected computers in a similar manner as infected human beings.
Diese Woche wurde ein neuer Bericht über Sicherheitsrisiken veröffentlicht. Der Bericht „The Top Cyber Security Risks“ (Die größten Sicherheitsrisiken im Cyberspace) wurde von den Sicherheitsorganisationen TippingPoint, Qualys und SANS gemeinsam erstellt. Im Sicherheitsartikel dieser Woche möchten wir einen bestimmten Punkt in diesem Bericht besprechen: Patches für Software.
Nmap (Network Mapper) ist vielleicht das bekannteste und am häufigsten verwendete Hackertool, das es gibt. Seit seiner Einführung im Herbst 1997 hat das unter dem Pseudonym Fyodor (wahrer Name Gordon Lyon) geschriebene Tool zahlreichen Hackern dabei geholfen, wertvolle Informationen über ihre Angriffsziele zu sammeln. Diesen Sommer wurde Nmap Version 5 veröffentlicht. Laut Insecure.org soll dies „die wichtigste Nmap-Version seit 1997“ sein.
Seit Jahren warnen verschiedene Sicherheitsorganisationen vor den Risiken und Gefahren, die sich für Privatpersonen, Unternehmen und den öffentlichen Sektor aus der Nutzung des Internet ergeben. Leider wurden diese Warnungen oftmals nicht im notwendigen Maße ernst genommen. Die Rede von Präsident Obama ist daher eine willkommene Anerkennung aus den höchsten politischen Kreisen.
ATLAS betrachtet Angriffe auf Computer aus einem globalen Blickwinkel und trägt dazu bei, neue Netzwerkangriffe vorherzusagen. Dazu werden Daten aus verschiedenen Quellen analysiert.
We have previously discussed the fact that national police may not be sufficiently equipped to fight ecrime in its various forms. One of the problems with fighting today's ecrime by national means is that ecrime is not bound by national borders.
Vor kurzem haben wir bemerkt, dass einige der Großen auf der "dunklen Seite" der Internet-Community aus dem Internet entfernt wurden. Aktivitäten mit böswilligen Absichten gingen sofort überraschend stark zurück.
Experten – selbsternannte und andere – stellen häufig die Behauptung auf, bösartige Software (Malware) sei das ultimative Mittel zum Zweck für terroristische Vereinigungen.
Ein Honey Pot kann als ein Mittel definiert werden, mit dem jemand (oder etwas) durch einen Trick dazu gebracht wird, eine bestimmte Aktion im Honey Pot statt an der wirklichen Sache auszuführen. In der Computersicherheit werden Honigtöpfe unterschiedlichster Art häufig als Sicherheitseinrichtung verwendet.
Wenn wir Jasim Saleh Al-Azzawi glauben können, wird seine neueste Erfindung uns alle arbeitslos machen. Er hat eine Festplatte mit Zusatzfunktionen „erfunden“, die alte, aktuelle und zukünftige Viren unschädlich machen.
How does the user know that their security application, say their antivirus product, works and that the appropriate actions are taken by the antivirus product? An ‘easy’ but less secure and non-advisable way is to send yourself a virus by email or to launch it on your corporate network.
On 10 April, IBM announced that it will bring mainframe inspired security to the world of consumer products, medical devices, defense systems and digital media. The technology, named "SecureBlue" can be applied to a variety of imaginable equipment that contains valuable confidential or private information as mobile phones, PDA’s, PC’s, notebooks, etc.
On 5 April 2006, Apple has released a beta version called “Boot Camp" that enables the Intel-based Macintosh machines to install Windows XP.
Investigating teams mayoperate and act much faster if they are allowed to put technical aids in the computer of suspects.
Seit der Veröffentlichung der Karikaturen des Propheten Mohammed ist die Zahl der Hackerangriffe deutlich gestiegen. Bestimmte Einzelpersonen und Organisationen scheinen Hackerangriffe als die optimale Methode zu erachten, um ihre Meinung kundzutun.
There are several securities issues involved in using the Internet for conducting corporate business, as well as issues involved in protecting individuals for misuse of their personal information. This article will discuss some of those
Sommer, Sonne und süße Sünden verbinden die meisten Leute mit Glück und harmlosen Freuden. Die wenigsten Menschen, die unter wolkenlosem Himmel an ihren Notebooks arbeiten - ob sie nun im Park liegen, in der Cafeteria sitzen oder sich im Ferienhaus erholen -, machen sich Gedanken über Hacker und Computerspione. Doch Diebe machen keinen Betriebsurlaub! Und es gibt eine Menge Übeltäter unter der Sonne.
Industriespionage kommt während der Sommermonate ebenso häufig vor wie zu anderen Zeiten im Jahr. Nicht immer ist der Täter außerhalb des Unternehmens zu suchen; auch illoyale Mitarbeiter und frühere Angestellte sind imstande, Informationen zu stehlen oder zu zerstören. Eine aktuelle britische Studie kommt zu dem Ergebnis, dass über 30 % aller britischen Unternehmen schon einmal in irgendeiner Form einem Angriff ausgesetzt waren, der von Mitarbeitern oder ehemaligen Mitarbeitern ausging. Es ist nicht immer einfach, sich vor solchen Eindringlingen zu schützen, und die üblichen Tools, sprich: Firewall-, Antiviren- und Ad-aware-Programme, erweisen sich oft als unzureichend.
Drahtlose Netzwerke (WLAN) erfreuen sich sowohl bei Privatanwendern als auch bei größeren Unternehmen zunehmend größerer Beliebtheit. Die meisten Menschen sind sich der zahlreichen Vorteile von drahtlosen Netzwerken bewusst, nicht alle wissen jedoch über die möglichen Gefahren Bescheid, die auftreten können, wenn nicht die entsprechenden Sicherheitsmaßnahmen getroffen werden.
Nachfolgend finden Sie wichtige allgemeine Informationen rund um das Thema der verschiedenen Sasser Wurm-Varianten.
Heutzutage werden Ihnen die meisten Organisationen zusichern, dass ihre Daten ausreichend geschützt sind - und zwar in der Regel durch Systeme zur Erkennung unbefugter Zugriffe auf das Netzwerk sowie durch Antiviren-Lösungen, Sicherungsroutinen und Firewalls.
Security Information Week 38, 1999 Our weekly security information for week 12 points to different places where security information is available. One kind of such places ...
Security Information Week 14, 1999Many organizations, especially smaller ones do not have a specified security policy. This may cause several different problems, among those that ...
Security Information Week 6, 1999All the time reports are published about famous and not-so-famous organizations which have had their networks and computers compromized by crackers. ...
Security Information Week 50, 1999IntroductionDuring the latest months viruses have been using e-mail clients to spread themselves. The most famous one is of course W97M/Melissa.A ...
Security Information Week 43, 1999During the last weeks different security issues which involves Internet Explorer version 5 has been discovered. These have to do with ...
Security Information Week 18, 1999Some time ago the long-awaited Service pack 4 to Windows NT version 4.0 was released. Last week Microsoft surprisingly released another ...
Security Information Week 22, 1999 The need to secure information is for many organizations and persons extremely important. This includes of course business secrets, which could ...
Security Information Week 12, 1999 On the Internet there are several sites which offer very good security information. The different sites are of two kinds: Security sites ...
Security Information Week 10, 1999A person who is interested in breaking in to an organization's computers wants to know as much about these computers as ...
Security Information Week 40, 2002IntroductionOne of the ongoing discussions regarding security is about informing the public about new security risks. The two extremes are on ...
Security Information Week 26, 2000SANS Institute's web site is one of the most useful resources to visit/use for those interested in computer security issues.One of ...
Security Information Week 6, 2000During the first days of this week several high-profile web sites fell victim of what seems to be Denial of Service ...
Security Information Week 4, 2000The high frequency of updates to antivirus packages - weekly or even more often - has come about partly as a ...
