Apr 07 2010

NorCal’s John Muir hospital warns of breach

Category: hipaa,Security BreachDISC @ 12:35 am

thieves like cake and laptops
Image by Sparticus via Flickr

The Associated Press
Posted: 04/06/2010 08:31:15 AM PDT

WALNUT CREEK, Calif.—More than 5,000 patients in the John Muir hospital system have been warned of a potential security breach after two laptop computers that contained personal and health information were stolen.

The laptops were stolen from a perinatal office in Walnut Creek in February. The 5,450 potentially affected patients were sent letters Monday. Hospital officials say there have been no reports that patient information has been accessed.

John Muir Health vice president and privacy officer, Hala Helm, says the laptops were password-protected and contained data in a format that would not be readily accessible.

Officials have arranged free identity theft protection for a year and recommend people place a fraud alert on their credit files.

———

Information from: Contra Costa Times

Related articles by Zemanta

Tags: Contra Costa Times, Identity Theft, john Muir Hospital, laptop stolen, Patient files stolen, Walnut Creek

Apr 02 2010

Man sentenced for hacking restaurant card data

Category: Information Security,pci dssDISC @ 1:47 pm

Seal of the United States Federal Trade Commis...
Image via Wikipedia

By Alan J. Liddle

WASHINGTON (April 1, 2010) Albert Gonzalez, the mastermind of payment card data thefts from Boston Market and Dave & Buster’s and a participant in the hack of a credit transaction processor serving thousands of restaurants, has been sentenced to two 20-year prison terms, the U.S. Justice Department said.

In a separate development, the Federal Trade Commission said late last week that one of the companies targeted by Gonzalez’s ring — Dallas-based Dave & Buster’s Inc. — will be subject to closer scrutiny for 20 years. That is the length of time that conditions laid down by the federal agency must be met by Dave & Buster’s following its agreement to settle FTC charges that the casual-dining chain had “left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges.”

April Spearman, vice president of marketing for 55-unit Dave & Buster’s, said the company had no comment about Gonzalez’s sentencing or its settlement with the FTC. However she reiterated the company’s earlier statements that it had acted immediately after being alerted to the possibility of data theft at 11 of its restaurants in 2007 and had “worked closely with both the Secret Service and Department of Justice and assisted them in their investigations.”

Dave & Buster’s has said that after learning of the data network breach, it retained outside security experts and deployed additional measures to prevent similar thefts going forward.

In a March 26 filing with the U.S. Securities & Exchange Commission, Dave & Buster’s said, “The order does not require [Dave & Buster’s] to pay any fines or other monetary assessments and the registrant does not believe that the terms of the order will have a material adverse effect on its business, operations, or financial performance.”

Requests for comment about Gonzalez’s sentencing by Golden, Colo.-based Boston Market were unanswered as of press time.

Gonzalez, 28, was sentenced March 25 in U.S. District Court in Boston to 20 years in prison for two cases involving conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft, according to the Justice Department. Those charges stemmed from data network intrusions at numerous companies, including 520-unit Boston Market, Dave & Buster’s, the TJX Cos., OfficeMax and Barnes & Noble. Those virtual break-ins were carried out by what federal officials characterized as the “largest hacking and identity theft ring ever prosecuted by the U.S. government.”

To read more @ nrn.com

Related articles by Zemanta

Tags: Albert Gonzalez, Dave & Buster, debit card, Federal Trade Commission, Identity Theft, U.S. Securities & Exchange Commission, United States, United States district court

Mar 31 2010

Debit Card Fraud: Is Your Money at Risk?

Category: Information Security,pci dssDISC @ 2:12 am


by Amy Fontinelle @ investopedia.com

Debit card fraud occurs when a criminal gains access to your debit card number and, in some cases, PIN, to make unauthorized purchases and/or withdraw cash from your account. There are many different methods of obtaining your information, from unscrupulous employees to hackers gaining access to your data from a retailer’s unsecure computer.

When your debit card is used fraudulently, the money is missing from your account instantly. Payments you’ve scheduled or checks you’ve mailed may bounce; you may not be able to afford necessities, and it can take awhile for the fraud to be cleared up and the money restored to your account.

How to Detect Debit Card Fraud

Fortunately, it doesn’t take any special skills to detect debit card fraud. The easiest way to spot problems early is to sign up for online banking, if you haven’t already. Check your balance and recent transactions daily. The sooner you detect fraud, the easier it will be to limit its impact on your finances and your life. If you see unfamiliar transactions, call the bank right away. If you’re the forgetful type, start hanging on to the receipts from your debit card transactions so you can compare these against your online transactions.

If you don’t want to bank online, you can keep tabs on your recent transactions via phone banking. In the very least, you should review your monthly bank statement as soon as you receive them, and check your account balance whenever you visit an ATM or bank teller. However, it can take much longer to detect fraud using these methods.

9 Easy Ways to Protect Yourself

While you may not have any control over hackers and other thieves, there are many things you can control that will help you avoid becoming a victim.

• Get banking alerts. In addition to checking your balance and recent transactions online daily, you can sign up for banking alerts. Your bank will then contact you by email or text message when certain activity occurs on your account, such as a withdrawal exceeding an amount you specify or a change of address.

• Go paperless. Signing up for paperless bank statements will eliminate the possibility of having bank account information stolen from your mailbox. Shredding existing bank statements and debit card receipts using a diamond-cut shredder when you’re done with them will greatly reduce the possibility of having bank account information stolen from your trash.

• Don’t make purchases with your debit card. Use a credit card instead, because it offers greater protection against fraud. If you do make debit card purchases, don’t use your PIN – tell the cashier to select the credit option. The money for your purchase will still be withdrawn from your account right away, but you won’t expose yourself to PIN theft.

• Stick to bank ATMs. They tend to have better security (video cameras) than ATMs at convenience stores, restaurants and other places.

• Destroy old debit cards. Some shredders will take care of this for you.

• Don’t keep all your money in one place. If your checking account is compromised, you want to be able to access cash from another source to pay for necessities and meet your financial obligations.

• Beware of phishing scams. When checking your email or doing business online, make sure you know who you’re interacting with.

• Protect your computer. Use firewall, anti-virus and anti-spyware software on your computer, and keep it updated regularly.

• Use a secured network. Don’t do financial transactions online, when using your computer in a public place and/or over an unsecured network.

What to Do If It Happens to You

If you learn that your debit card information has been compromised, contact your bank immediately to limit the damage the thief can do, and limit your financial responsibility for the fraud. Make contact immediately by phone, and follow up with a detailed letter stating the full name of the bank employee you spoke with, details of the fraudulent transactions, and any ideas you have about how your account may have been compromised. Ask your bank to waive any NSF fees that may be incurred because of the fraud, and to restore the fraudulently withdrawn funds to your account.

Hopefully, you won’t have any trouble resolving the issue directly with your bank, but if you do, you can contact a legitimate consumer advocacy group such as Privacy Rights Clearinghouse. There are also government organizations to contact if your bank isn’t cooperating. The agency to contact depends on the type of bank you use.

• The Federal Reserve Board of Governors handles complaints for state-chartered Federal Reserve System banks, bank holding companies and branches of foreign banks.
• The FDIC deals with state-chartered, non-FRS banks.
• The National Credit Union Association handles federally chartered credit unions.
• The Office of the Comptroller of the Currency (OCC) oversees national banks.
• The Office of Thrift Supervision keeps an eye on federal savings and loans and federal savings banks.
• The Federal Trade Commission handles everything else.

If you’re not sure which one to call, start with the OCC.

If you will have trouble making any of your monthly payments because of the fraud, contact those creditors, explain the situation and ask if they can do anything for you. This step is extremely important, as failure to do so implies your unwillingness to pay them. However, if they know about your hardship, they may be willing to work with you to reschedule payments.

Conclusion

Anything you can do to make a thief’s work more difficult, whether it’s staying on top of your balance, spreading your cash out across multiple accounts or making purchases with credit cards instead of debit, will help safeguard your checking account and decrease your chances of becoming a victim of debit card fraud

Tags: ATM, debit card, debit card fraud, Federal Trade Commission, OCC, PIN theft

Mar 24 2010

8 tips for safer online shopping

Category: Information SecurityDISC @ 6:14 pm

By Microsoft.com
Online threats today come in the form of attacks on you and attacks on your computer. Here are eight (8) ways for you to have a safer online shopping experience:

1. Keep your computer software up to date.
Keep all software (including your web browser) current with automatic updates. If you are not already running Internet Explorer 8, the latest version of our web browser, click the button to the right to get it.

2. Defend your computer.
Use firewall, antivirus, antispam, and antispyware software. For an added layer of protection on your PC, you can download Microsoft Security Essentials for free or find other antivirus solutions.

3. Avoid phishing scams and malware.
By default Internet Explorer 8 runs SmartScreen Filter to help block and warn you of malicious software or phishing threats. SmartScreen Filter alerts you if a site you are trying to open has been reported as unsafe and allows you to report any unsafe sites you find.

4. Protect yourself from emerging threats
Cross-site scripting attacks are one of the increasingly sophisticated methods online criminals use to get your personal information. By default Internet Explorer 8 helps protect you against these attacks with a built-in Cross Site Scripting (XSS) Filter that is always on.

5. Identify fake Web addresses.
Internet Explorer 8 helps you avoid deceptive websites that can trick you with misleading addresses. The domain name in the address bar is highlighted in black to make it easier to identify a site’s true identity.

6. Browse more privately.
When you’re using a public computer to check e-mail or you’re shopping for a “surprise” gift on a family PC, it’s a good idea to use InPrivate Browsing—a feature that helps prevent your browsing history, cookies, and other information from being retained on your computer.

7. Make sure payment websites use encryption.
To confirm that a website uses encryption when processing credit card information, look for:

â–  An “s” after http in the Web address—it should read https:

â–  A tiny closed padlock in the address bar, or at the lower-right corner of the window.

■ A green address bar—Internet Explorer 8 uses this to indicate a trustworthy site.

8. Never respond to unsolicited requests to update your account information.
These e-mail messages might be scams for stealing your identity. Most legitimate companies never send unsolicited e-mail or instant message requests for your passwords or other personal information. And remember, if it sounds too good to be true, it probably is.

Tags: cross site scripting, Internet Explorer, Internet Explorer 8, Malware, Microsoft Security Essentials, phishing, Web browser

Mar 18 2010

Mary’s Pizza hit by hackers

Category: Identity Theft,pci dssDISC @ 3:32 pm

Information Security Wordle: PCI DSS v1.2 (try #2)
Image by purpleslog via Flickr


There is a big misconception out there that PCI DSS compliance does not apply to us, we are relatively small company


The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It is the total cost of ownership which ensures that you keep earning big money. DISC


By MIKE McCOY
THE PRESS DEMOCRAT

Patrons of Mary’s Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker.

Vince Albano, chief executive officer for the 18-store chain, expects to receive a report by Friday detailing the breadth and timing of the breach.

Once that is known, Albano plans to take out newspaper ads to warn diners who ate at the Spain Street outlet during that period that they might want to cancel their credit cards and get new ones.

Albano said his company doesn’t have the ability to notify potential victims directly because the credit card companies won’t release their names.

The breach was first discovered by the restaurant’s in-house technology expert on Feb. 10 after friends and customers called to complain about errant charges on their credit cards, Albano said. He hired a Chicago-based high-tech forensics firm, Trustwave, to pinpoint the problem.

“Trustwave said they traced it to Russia but I also heard it may be Luxembourg,” Albano said of the suspected location of the hacker.

Albano said his company immediately notified banks and credit card companies of the breach to stop further illegal charges to his customers.

Mary’s may not be the only business hit by the hacker, Albano said. Customers at other businesses in the Sonoma Valley also reportedly have been hit, he said.

“We are addressing the issue but the issue is larger than Mary’s Pizza Shack,” he said.

The Sonoma County Sheriff’s Department is heading up the investigation.

Albano declined to speculate how many of his customers may have had their credit card numbers stolen. Pending Trustwave’s report, he declined to say over what period of time the thefts occurred or how many of the cards were fraudulently used.

But he said his company has invested $20,000 to make the computer systems at all 18 outlets “100 percent protected.”

“We want to do right by our customers. We have been locked down tight since Feb. 23,” he said.

Read more in the Press Democrat.

Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question

Related articles by Zemanta

Tags: Chief executive officer, Credit card, Payment Card Industry Data Security Standard, Sonoma Valley, Total cost of ownership

Mar 18 2010

Casinos conned by IT hackers

Category: CybercrimeDISC @ 1:54 pm

Wheel of fortune. Shot wide open using 50mm/f1.
Image via Wikipedia
Casinos conned by IT hackers who printed false betting slips

Humans are the weakest and the strongest link to run computer operated machine. If these two people can create havoc, what do you think the mischief mind of a business owner can do? Think about it when you are back in casino and playing at computer operated poker or black jack machine. I’m sure there are regulations regarding this bamboozling behavior but the key is who is monitoring these casinos, whoever that might be should be totally independent.

“However, the scheme came unstuck after an alert cashier noticed a winning slip for ÂŁ600 for a ÂŁ10 bet at odds of 35-1.”

by Telegraph.co.uk
Andrew Ashley, 30, and Nimesh Bhagat, 31, stole more than ÂŁ33,000 by infiltrating software controlling remote betting machines covering live roulette wheels at four Gala Casinos in London, a court heard.

The pair simply made the machines print out winning vouchers for sums of up to ÂŁ600, whatever the outcome on the wheel.

But they were caught out when a cashier realised a payout was impossible as only ÂŁ10 had been wagered at odds of 35-1, Croydon Crown Court was told.

Officials began an inquiry and quickly traced a string of suspicious wins back to the two contractors, who were employed as problem analysts.

Ashley, from south-east London, and Bhagat, from south-west London, were handed 12-month prison sentences, suspended for two years, after each admitting an offence under the Theft Act 1968.

The two men were ordered to undertake 200 hours of community service and pay back around ÂŁ16,000 each, a police spokesman said.

The convictions are believed to be the first where people have been caught mishandling the computer technology behind Britain’s gaming industry.

They followed an inquiry by officers from Scotland Yard‘s clubs and vice unit into a series of transactions between July 2007 and September 2007.

The scam centred on remote betting terminals at casinos that enable customers to place bets without being at the roulette table.

Those who make winning bets are given a printed ticket with details of their credit that can then be cashed.

Detectives examined computers seized from the men’s homes and looked at CCTV footage that placed the men at the terminals when the offences occurred.

Detective Inspector Ann-Marie Waller said vigilant staff stopped the fraud before hundreds of thousands of pounds were lost.

She said: ”These men not only used their intimate knowledge of two complex systems to break the law and make these fraudulent claims, they also breached the trust of their employers and any semblance of professional integrity.”

Tags: fraud, Gala Coral Group, Gambling, London, Poker, Roulette, Scotland Yard, The Daily Telegraph

Mar 16 2010

Microsoft Power Point 2010 Hacks and Tips

Category: App SecurityDISC @ 1:13 pm

Image representing Microsoft as depicted in Cr...
Image via CrunchBase

San Francisco (GaeaTimes.com) – Microsoft Office 2010 is the latest version of Microsoft Office productivity suite. The new features of Office 2010 are its extended file compatibility and a refined user interface. Microsoft PowerPoint is one of the most important parts of the Office suite and has many advanced features. But Microsoft Office software has been a potential attractor for many hackers and malware publishers. Some weak code or loophole in the programming is their target so that they can get their malicious code injected into the end user computers. It has been a favorite playground for the hackers since Microsoft’s Office’s birth. But the new Microsoft 2010 comes with three new security layers that are very efficient to get rid of hacks and malwares. The three new layers are named as Protected View Mode, Binary File Validation system and Enhanced file blocking system. But we have some hacks that work on this new version.

Opening Password Protected Files through Hacking

Microsoft Office has a feature to password protect the files. But the password protected files can be opened bypassing the password. All you need to have is some hacking. If you don’t know how to hack them, don’t panic. If you don’t know anything about hacking, you can still open the file. There are many softwares available for this purpose. Office Password Remover is a good example of that. Using this software you can hack password protected files and the software will return the files without the password. The software does not take too much time either. It can remove the password within minutes.

Related articles by Zemanta

Tags: Microsoft, Microsoft Office, Microsoft Office 2010, Microsoft Office hacks, Microsoft PowerPoint, Office 2010, office 2010 security, San Francisco

Mar 10 2010

Anti-fraud service bamboozle consumers

Category: Identity TheftDISC @ 1:42 am

Seal of the United States Federal Trade Commis...
Image via Wikipedia

by Edward Wyatt
provided by – NYTimes.com

Lifelock, the company that brazenly broadcast its chief executive’s Social Security number as part of its claim that it could protect anyone against identity theft, agreed on Tuesday to pay $12 million to settle charges that it misled consumers about the effectiveness of its service.

The settlement, announced by the Federal Trade Commission and a group of 35 state attorneys general, requires Lifelock to refrain from making further deceptive claims and take more stringent measures to safeguard the personal information that it collects from customers.

Jon Leibowitz, the chairman of the trade commission, said that “several hundred persons, at least,” who were Lifelock customers had become victims of identity fraud while using the company’s services. Customers typically paid $10 a month for the services, he said.

The commission also claimed that the “fraud alerts” Lifelock placed on individuals’ credit files protected only against certain types of identity theft, mainly the opening of new accounts, which is the cause of fewer than 1 in 5 cases of identity theft.

Lifelock’s customers were left vulnerable to having their current accounts misused, the most common form of the crime. About eight million Americans have their identity used illegally each year, the officials said.

“This was a fairly egregious case of deceptive advertising from our perspective,” Mr. Leibowitz said.

In an interview, Todd Davis, the Lifelock chief executive, said that the company had adopted a new advertising campaign that complied with the trade commission’s request. “We have differing views on what the intent of the message was” of the earlier ads, Mr. Davis said, adding that he believed the commission’s actions “set a standard for the entire industry to follow.”

Lisa Madigan, the Illinois attorney general, who joined Mr. Leibowitz in announcing the action at a news conference in Chicago, said that while Lifelock did provide some legitimate services, “most of what they did, you can do on your own and you can do it free.”

The biggest problem with the company’s claims, she said, was its guarantee to prevent identity theft from ever happening. “There is nothing you can do or you can purchase that is a 100 percent guarantee against identity theft,” Ms. Madigan said.

Mr. Davis knows the truth of that. After he began broadcasting his Social Security number, dozens of attempts were made to secure credit or identification using the information. At least one attempt succeeded, when a man in Texas secured a $500 payday loan using Mr. Davis’s Social Security number.

Tags: Attorney general, Federal Trade Commission, Identity Theft, Jon Leibowitz, LifeLock, Lisa Madigan, Social Security number, Todd Davis

Mar 08 2010

Nuke hack attack puts military on high alert

Category: CybercrimeDISC @ 2:56 pm

Chinese, North Koreans suspects in security breach
By Mike Maloof

WASHINGTON, D.C. – A message that North Korea had conducted a nuclear attack on the Japanese island of Okinawa turned out to be false, but the fact it was delivered via U.S. military communications has prompted a high alert, according to U.S. officials who asked to remain anonymous.

U.S. military channels were hacked either by the Chinese or North Koreans, the source said. Access to such communications – even unclassified military systems – suggests a serious breach of technology security.

A Pentagon spokesman declined comment.

A purportedly “U/FOUO” or “Unclassified but For Official Use Only” message claimed to have been put out Saturday by the Office of National Intelligence and prepared by the Defense Intelligence Agency. It said:

“Today, March 06, 2010 at 11.46 AM local time (UTC/GMT -5 hours),US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to (sic) National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead (sic). The explosion caused severe destructions (sic) in the northern part of the (sic) Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.”

An analyst noted the grammatical errors suggested the text was written by someone who has not yet mastered the English language use of articles.

The report included a long list of U.S. agencies that should be on alert, from the Central Intelligence Agency, the Department of State and the Department of Homeland Security to the Air Force, Army, Coast Guard, Marine Corps and Navy.

U.S. officials have expressed growing concern over cyber attacks, especially from China. The attacks have targeted not only Google and other Western companies but also the Pentagon.

Chip Gregson, assistant secretary of defense for Asian and Pacific affairs, said that in addition to their nuclear and space programs, the Chinese have undertaken an aggressive cyber assault that presents “an asymmetrical threat to our ways of doing business.”

The latest hacking effort follows urgent warnings that also have gone out through the North Atlantic Treaty Organization to protect all classified databases due to the recent surge of Chinese cyber attacks.

Last Friday, a U.S. report said that the number of cyber attacks on U.S. government agencies and Congress rose exponentially in the past year to an estimated 1.6 billon a month.

Only a few months ago, there were reports that a powerful cyber attack overwhelmed computers at U.S. government agencies and South Korean agencies for several days. The report said the attacks also targeted the White House, Pentagon and the New York Stock Exchange.

Tags: china hack, Chinese cyber attacks, Congress, cyber attacks, Defense Intelligence Agency, north korea hack, NYSE, Okinawa, Pentagon

Mar 05 2010

RSA 2010 and Cybercrime Strategy

Category: Cybercrime,Information SecurityDISC @ 2:31 pm

Howard Schmidt
U.S. Cybersecurity Coordinator

In a keynote address at RSA, national cybersecurity coordinator Howard Schmidt announced that the White House was releasing an unclassified version of its plan for securing government and private industry networks which is called Comprehensive National Cybersecurity Initiative, and now available for download from the White House Website (PDF).

Among Schmidt’s priorities are the “resilience” of federal government networks and ensuring those networks are properly secured, and ensuring that private-sector partners also have sufficiently secured systems and networks. “The government is not going to secure the private sector,” Schmidt said. “But we are making sure our private sector partners have more security as part of what we’re doing.”
View Video

Panel Discussion: Big Brother
Panel includes Richard Clark, Michael Chertoff and Marc Rotenberg

Panelists agreed that the U.S. faces rapidly escalating problems with cyber warfare and cyber espionage, data theft and malware attacks on corporations and federal infrastructure that will persist as long as glaring vulnerabilities in government networks remain.

Clarke said that U.S. networks are continually under attack, citing last year’s logic bomb hack on the U.S. electrical grid. Clarke said that the attack indicated the likelihood of future assaults on U.S. infrastructure. “That’s not cyber espionage, that’s preparation for warfare,” he said.

“We’re talking about the cloud as if it’s the most important issue,” Clark continued. “We are being attacked. We’re being attacked by the governments and criminal gangs from China and Russia.”

However, viewpoints diverged on how to address the problem. Rotenberg argued that while U.S. networks are plagued with security holes, imposing sweeping security restrictions, monitoring systems and security policies on users’ online behavior would inevitably create a myriad of privacy issues that could violate Constitutional law.

“Privacy is what ends up being collateral damage,” Rotenberg said. “Every one of those (security) scenarios becomes a justification for some kind of intrusion for the user that has done nothing wrong.”

Clarke suggested that the government have oversight on an outside agency or private organization that would conduct deep packet inspection on tier 1 ISP networks in search of malware.

Rotenberg warned that NSA deep packet inspection could give the agency carte blanche to search for other information and could potentially lead to unlawful surveillance.

“I think we have to be careful if we go down that road,” Rotenberg said. “The folks at NSA are not just interested in looking for malware.”
View Video

Janet Napolitano
U.S. DHS Secretary

US secretary of homeland security Janet Napolitano says a secure cyber environment is as much about people, culture and habit as it is about machines.

“Even the most elegant technological solution will ultimately fail unless it has the support of talented professionals and a public that understands how to stay safe online,” she told the RSA Conference 2010 in San Francisco.

“We need to have an ongoing multifaceted effort with the public at large,” she said, but added that government needs to be mindful of the fact that it is addressing a wide variety of audiences, from teenagers to grandparents.

On the technology side, IT security professionals have an important role to play, she said, in helping to ensure that the information systems are safe and secure by improving the level of performance of the supporting technologies”
View Video

Tags: howard schmidt, Janet Napolitano, Marc Rotenberg, Michael Chertoff, Richard Clark, RSA 2010, San Francisco

Mar 02 2010

HITECH Act increases HIPAA security requirements

Category: hipaaDISC @ 3:03 pm

by Marcia Savage
The health care industry was buzzing with the news: For the first time ever, a hospital was being audited for compliance with HIPAA security requirements. The audit of Piedmont Hospital in Atlanta by the U.S. Department of Health and Human Services’ inspector general in 2007 was surprising for hospitals, health insurers and others in an industry accustomed to a lack of enforcement of federal privacy and security requirements.

A year later, HHS took another unusual step, meting out a $100,000 fine to Seattle-based Providence Health & Services for HIPAA security and privacy violations. The organization had lost backup tapes, optical disks and laptops containing unencrypted protected health information on more than 360,000 patients.

But those enforcement actions could be small potatoes compared to what’s ahead. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act signed into law last year, earmarks about $19 billion in incentives to encourage adoption of electronic health record technology but also expands on HIPAA’s security and privacy requirements. In addition to instituting new breach notification rules and extending the rules to health care business associates, HITECH implements a new tiered system that increases civil monetary penalties for noncompliance and also allows state attorney generals to file civil actions for HIPAA violations.

“HITECH is perceived as the enforcement arm of HIPAA,” says Barry Runyon, research vice president covering health care providers at Gartner. “The stakes are higher and more people can enforce it.

“What it’s done has kind of jump started HIPAA. Health care delivery organizations’ programs languished for a while,” he adds. “When there’s no enforcement, people tend to get complacent. HITECH is making them revisit their security plans and look at their controls — essentially what they should have been doing.”

Let’s take a look at the ramifications of the HITECH Act on security and privacy in the health care industry and its impact so far.

To read further on HITECH Act increases HIPAA security requirements

Tags: arra and hitech, arra hitech provisions, arra hitech security "business associate", HHS, hipaa, hipaa security, hitech act, status of arra and hitech

Feb 23 2010

New phishing scams attack with precision

Category: Identity TheftDISC @ 1:10 pm


Phishing: Cutting the Identity Theft Line

When TippingPoint’s president and chief technology officer, Marc Willebeek-Lemair, received an e-mail from the Federal Trade Commission informing him that a client was filing a complaint against his network security company for overcharges, he was directed to download the complaint – a Microsoft Word file – from an FTC Web page and return the attached form with any questions about the process.

The message, sent in 2008, was an elaborate scam targeting top-level executives.

TippingPoint researchers discovered the sender’s address had been “spoofed” (faked) and the link didn’t lead to the FTC’s Web site. In fact, the document – which looked like an FTC complaint – was infected with a data-stealing Trojan horse. Because the message referred to Willebeek-Lemair by name and no one else in TippingPoint received the message, the company concluded that criminals studied its chain of command and selected their target.

“It specifically said something that a C-level executive would get immediately alarmed about,” said Rohit Dhamankar, director of security research at TippingPoint’s DVLabs.

The message is an example of an increasingly common hacker technique known as spear-phishing, a much more effective and carefully crafted variation of the phishing lures that seek to trick victims into surrendering their private data.

Researchers believe that as spam-filtering technology has improved and people have become savvier at recognizing phishing ploys (such as the classic Nigerian e-mail scam), criminals are now dedicating more time and resources to going after specific groups of individuals. They often trick users into downloading malicious software from infected Web pages or e-mail attachments like Adobe Reader PDFs and Microsoft Office documents.

Carefully planned
In these attacks, the hackers identify specific individuals or groups of people with something in common. To make their attacks more effective, criminals take pains to impersonate credible sources, adorning messages with professional graphics and composing well-written stories to hook their targets.

To personalize the messages and make them more convincing, security researchers believe criminals run simple search queries to find biographical information, including a person’s position within an organization and their responsibilities. Hackers can also learn names of friends.

“This is very easy to do. Google, Facebook, LinkedIn and other sites can provide valuable information about anybody,” Dhamankar said.

The extra homework pays off. The Anti-Phishing Working Group estimates that less than 1 percent of people who receive one of the billions of generic phishing schemes sent every day take the bait. Meanwhile, estimates from several experts place the success rate of these tailored attacks between 25 and 60 percent.

In a 2006 experiment by the department of computer science at Indiana University, researchers sent e-mails with test links to almost 500 students purporting to come from friends with the intent of finding out how many would unwittingly have fallen for a real attack.

Even though researchers placed obvious clues to recognize the test – like prominently displaying the word “phishing” in the phony Web site – 72 percent of respondents gave their user names and passwords away.

“That is a dramatic yield. That’s the power of using the spear,” said Markus Jakobsson, principal scientist at the Palo Alto Research Center and one of the experiment’s authors.

Nilesh Bhandari, product manager at Cisco IronPort Systems’ security technology unit, estimated targeted attacks comprise less than 1 percent of all phishing schemes, but he said criminals intentionally keep the volume low. The fewer of these ploys there are, the more difficult it is for researchers to study and filter them out.

“The challenge is really finding the needle in the haystack,” Bhandari said.

Targeted attacks can go after anyone: from job seekers, gamers and gamblers to military contractors, pro-Tibet activists and people who just happen to live in a geographical area selected by the criminals. Last year, the FBI said that small and medium-size businesses have lost at least $40 million since 2004 to criminal exploits like spear-phishing.

“Most advanced users do not fall for regular phishing but (they) do fall for targeted attacks,” said Mikko Hypponen, chief research officer at Finnish security firm F-Secure. “You get an e-mail from someone you know, talking about real events and pointing to a normal-looking attachment. Would you open it? Of course you would.”

In spear-phishing samples collected by F-Secure, criminals hacked e-mail addresses from the domains of George Washington University, the Washington Post and even the State Department.

Attack on Google
The most notable instance of spear-phishing recently is the January attack on Google that attempted to hack into the Gmail accounts of Chinese human rights activists and steal valuable source data from the search giant and more than 30 other tech companies.

Researchers now know that criminals identified key Google staffers, found out who their friends were and fashioned attacks to lure them to infected Web pages.

“They were all attacked for a particular reason. (The hackers) knew the machines and networks they wanted to access. They knew who was sending e-mails to their targets and who they were receiving them from. It speaks to the reconnaissance they did beforehand,” said David Marcus, director of security research at McAfee Labs.

These types of attacks are particularly dangerous because, as the attack on Google demonstrated, anyone can fall for them.

“In terms of internal security, it’s the weakest link – people who might not be involved with security technology – who fall for these attacks,” Dhamankar said. “If someone was targeting an entire company and sends spear-phishing to all employees, even if one or two people click on that link, (the tactic) succeeds because the criminal has gotten a foothold in the enterprise.”

Dodging the spear
It is difficult to fend off an attack from a crook determined to steal your information, but security experts suggest a few simple precautions that can go a long way:

— Above all, keep your security software up to date.

— If a link is malicious, rolling the cursor over it without clicking sometimes reveals a URL leading to a different address than the one it promises.

— Never share personal information solicited through e-mail. When in doubt, go to the Web site of the organization purporting to send the message instead of clicking on any links.

— Be suspicious of links and attachments sent through e-mail or social networks.

Sources: Cisco Systems and TippingPoint

By Alejandro MartĂ­nez-Cabrera: Read more: http://www.sfgate.com

Tags: Anti-Phishing Working Group, Nigerian e-mail scam, spam-filtering, spear-phishing

Feb 16 2010

Security risk assessment process and countermeasures

Category: Security Risk AssessmentDISC @ 4:01 pm

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements.

• Identify the business needs of the assessment and align your requirements with business needs.
• Assess the existing security policies, standards, guidelines and procedures for adequacy and completeness.
• Review and analyze the existing assets threats and vulnerabilities
• Analyze the impacts and likelihood of threats and vulnerabilities on assets
• Assess physical controls to network and security infrastructure
• Assess the procedural configuration review of network and security infrastructure based on existing policies and procedures
• Review logical access and physical access and other authentication mechanism
• Review the level of security awareness based on current policies and procedures
• Review the security controls in service level agreement from vendors and contractors
• At the end of review develop a practical recommendations to address the identified gaps in security controls

To address the existing gaps in infrastructure we have to select the appropriate countermeasures to address the vulnerability or thwart a threat of attack. Four types of techniques are used by countermeasures:

• Deterrent controls reduce the likelihood of an attack. Blocking phishing sites at ISP is an example of deterrent control
• Preventive controls reduce exposure. Firewall is an example of preventive control
• Corrective controls reduce the impact of successful attacks. Antivirus is an example of corrective control
• Detective controls discover attacks and trigger preventive or corrective controls. IDSs and SIEM systems are example of detective control.

Related articles by Zemanta

Tags: authentication, countermeasure, Firewall, phishing, Risk Assessment, security controls, Security policy, security review, Security Risk Assessment, security risk assessment process

Feb 11 2010

Spam, malware proliferate in late 2009

Category: MalwareDISC @ 2:16 pm

SPAM !
Image by colodio via Flickr

Alejandro MartĂ­nez-Cabrera

Online security firm Websense has released a report on the cyberthreat landscape during the second half of 2009, and some of the findings are jaw dropping:

The firm, which scans millions of Web sites and e-mails a day looking for malicious content, found that 95 percent of all user-generated content came laced with some kind of spam or malicious link.

“The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it’s mostly making suckers out of all of us,” tech Web site Ars Technica said.

Also surprising: Remember last year when the New York Times said a page on its Web site had been sending malware through its ad network? That was the most high-profile example of how criminals have managed to infiltrate trusted Web sites through a tactic known as drive-by downloading, in which a Web user picks up a virus simply by visiting an infected page. According to Websense, 71 percent of all Web sites generating malware in the second half of 2009 were infected legitimate Web sites.

Echoing what other research has found, the report said the number of infected Web sites went through the roof last year. Websense estimated there was a 225 percent growth in the number of malicious sites in 2009 compared with the year before.

The problem declined slightly in the second half of the year, with the decrease attributed to criminals moving away from attacks on traditional Web sites and attempting to exploit social-networking sites.

Websense also found that 85.8 percent of all e-mails sent in the second half of 2009 were spam.

More surprising is that 81 percent of all e-mail sent during the same period had some kind of malicious link. That means there was a 4-in-5 chance that a link pasted into an e-mail would lead you to download an infected file or take you to an infected Web site. (You usually don’t see all of the junk mail because it’s often filtered by your e-mail provider, browser or antivirus software.)

Finally, Websense found that in the second half of 2009, it took security vendors an average 46 hours – almost two days – to repair damage by malware after it had been identified (compared with 22 hours in the first half of 2009).

“The idea that computer users are not protected for days at a time, or even weeks or a month, may be compared with leaving your laptop in a public space for three weeks and hoping it won’t be used or abused,” the report said.

On Feb 1oth this article appeared on page D1 of the SF Chronicle

Related articles by Zemanta

Tags: Antivirus software, E-mail, Malware, New York Times, Social network service, Spam, User-generated content, websense

Feb 08 2010

Long Awaited ISO/IEC 27003:2010

Category: ISO 27kDISC @ 2:43 pm


The long awaited international standard to the implementation of an information security management system, ISO/IEC 27003:2010, is now available.

It’s a must have –

To Download a copy of ISO27003 – Implementation Guidance

Key Features and Benefits:

  • The first standard to offer comprehensive guidance on implementing an ISO/IEC 27001:2005 ISMS. Using this standard during an ISMS implementation will improve your organisation’s chances of becoming ISO/IEC 27001 certified.
  • Fully aligned with the rest of the ISO/IEC 27000 family of standards, meaning the strengths of all of the ISO/IEC 27000 standards together can be leveraged. Bringing about a higher level of information security, compliance, and cost savings, etc
  • Written in a generic, practical manner, making the advice and guidance within applicable no matter the size, type or location of your organisation.


Get your copy today >>

To Download a copy of ISO27003 – Implementation Guidance

Tags: iso 27000, iso 27001, iso 27003, ISO 27k, ISO/IEC 27003

Feb 03 2010

UCSF laptop containing patient files stolen

Category: hipaa,Security BreachDISC @ 3:46 pm

UC Berkeley-UCSF Joint Medical Program
Image via Wikipedia

The Associated Press

SAN FRANCISCO—The medical records of more than 4,000 patients at the University of California, San Francisco may have been compromised after a laptop they were on was stolen.
Officials with the university said Wednesday the laptop was recovered earlier this month after it was taken from a medical school employee during a flight in November. It does not appear that anyone gained access to the computer or the confidential patient information, but officials say the records still could have been exposed.

The files contained patients’ names, medical record numbers, ages and clinical information, but no Social Security numbers or financial data.

School officials say they are notifying the 4,400 patients whose records were on the computer. They were all treated in 2008 and 2009.
———
Information from: San Francisco Chronicle, http://www.sfgate.com/chronicle


Here we have another unnecessary major security breach in a large healthcare organization which resulted in a loss of patient data demonstrating poor baseline security. They clearly are not ready for the new HIPAA provision ARRA and HITECH. Evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question if you think, this may apply to you.

The Practical Guide to HIPAA Privacy and Security Compliance

Related articles by Zemanta



Tags: arra and hitech, confidential patient information, Data, hipaa, Medical record, medical records breach, Medicine, Patient files stolen, San Francisco, San Francisco Chronicle, UCSF, University of California San Francisco

Feb 01 2010

Google attack highlights ‘zero-day’ black market

Category: Information SecurityDISC @ 2:40 pm

Beck at Yahoo! Hack Day
Image by Laughing Squid via Flickr

By Jordan Robertson, AP

The recent hacking attack that prompted Google’s threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.

Because no fix was available, the linchpin in the attack was one of the worst kinds of security holes. Criminals treasure these types of “zero day” security vulnerabilities because they are the closest to a sure thing and virtually guarantee the success of a shrewdly crafted attack.

The attackers waltzed into victims’ computers, like burglars with a key to the back door, by exploiting such a zero-day vulnerability in Microsoft Corp.’s Internet Explorer browser. Microsoft rushed out a fix after learning of the attack.

How did the perpetrators learn about the flaw? Likely, they merely had to tap a thriving underground market, where a hole “wide enough to drive a truck through” can command hundreds of thousands of dollars, said Ken Silva, chief technology officer of VeriSign Inc. Such flaws can take months of full-time hacking to find.

“Zero days are the safest for attackers to use, but they’re also the hardest to find,” Silva said. “If it’s not a zero day, it’s not valuable at all.”

The Internet Explorer flaw used in the attack on Google Inc. required tricking people into visiting a malicious Web site that installed harmful software on victims’ computers.

The attack, along with a discovery that computer hackers had tricked human-rights activists into exposing their Google e-mail accounts to outsiders, infuriated Google and provoked a larger fight over China’s censorship of the Internet content. Google has threatened to shut down its censored, Chinese-language search engine and possibly close its offices in China.

Pedram Amini, manager of the Zero Day Initiative at the security firm TippingPoint, estimated that the IE flaw could have fetched as much as $40,000. He said even more valuable zero-day flaws are ones that can infect computers without any action on the users’ part.

Zero days refer to security vulnerabilities caused by programming errors that haven’t been “patched,” or fixed, by the products’ developers. Often those companies don’t know the weaknesses exist and have had zero days to work on closing the holes.

In this case, Microsoft actually knew about the flaw since September but hadn’t planned to fix it until February, as companies sometimes prioritize fixing other problems and wait on the ones they haven’t seen it used in attacks.

Microsoft often fixes multiple vulnerabilities at once because testing patches individually is time-consuming and costly, said Chris Wysopal, co-founder of security company Veracode Inc.

But criminals know how the patch cycle works, and Wysopal said the Google attackers may have realized their zero-day flaw was getting old — and thus struck in December just before they thought Microsoft was going to fix it.

“They likely thought the bug would be fixed in January or February,” he said. “They were right.”

Microsoft certainly could have fixed the bug earlier and prevented it from being used on Google, but security experts caution that an adversary that is well-funded or determined could have easily found another bug to use.

“Zero days aren’t difficult to find,” said Steve Santorelli, a former Microsoft security research who now works with Team Cymru, a nonprofit research group. “You don’t have to have a Ph.D. in computer science to find a zero-day exploit. It really is a factor of the amount of energy and effort you’re willing to put in.”

In fact, such exploits are widely available for the right price. VeriSign’s iDefense Labs and 3Com Corp.’s TippingPoint division run programs that buy zero-day vulnerabilities from researchers in the so-called “white market.” They alert the affected companies without publicly disclosing the flaw and use the information to get a jump on rivals on building protections into their security products.

There’s also another, highly secretive market for zero days: U.S. and other government agencies, which vie with criminals to offer the most money for the best vulnerabilities to improve their military and intelligence capabilities and shore up their defenses.

TippingPoint’s Amini said he has heard of governments offering as high as $1 million for a single vulnerability — a price tag that private industry currently doesn’t match.

Little is publicly known about such efforts, and the U.S. government typically makes deals through contractors, Amini said. Several U.S. government agencies contacted by The Associated Press did not respond to requests for comment.

One researcher who has been open about his experience is Charlie Miller, a former National Security Agency analyst who now works in the private sector with Independent Security Evaluators. Miller netted $50,000 from an unspecified U.S. government contractor for a bug he found in a version of the Linux operating system.

Whether to pay — and seek payment — is hotly debated among researchers.

“I basically had to make a choice between doing something that would protect everybody and remodeling my kitchen — as terrible as that is, I made that choice, and it’s hard,” Miller said. “It’s a lot of money for someone to turn down.”

Companies whose products are vulnerable generally won’t pay outside researchers for bugs they’ve found. Microsoft said offering payment “does not foster a community-based approach to protecting customers from cybercrime.” The company declined further comment on its practices and the timing of the fix for the flaw used in the Google attack.

On Thursday, Google announced that it will start paying at least $500 to researchers who find certain types of bugs in its Chrome browser, calling the program an “experimental new incentive.” That mirrors a reward that Mozilla has been offering for critical bugs found in its Firefox browser.

Computer vulnerabilities are so dangerous that one day private companies such as Microsoft might be pressured into buying from the black market to prove they’re doing all they can to keep customers secure — especially the most critical ones such as the military and power companies.

“I think it’s only a matter of time,” said Jeremiah Grossman, founder of WhiteHat Security Inc. “Something really bad has to happen first, and it hasn’t yet. When a virus runs through a children’s hospital and causes loss of life, it’s going to matter a lot.”

Related articles by Zemanta

Tags: china, Chris Wysopal, Google, Internet Explorer, Microsoft, VeriSign, vulnerability, Zero day attack

Jan 22 2010

If Your Password Is 123456, Just Make It HackMe

Category: Information SecurityDISC @ 2:20 pm

by Ashlee Vance, NYTimes

Back at the dawn of the Web, the most popular account password was “12345.”

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

“This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are also examining the data.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”

Some Web sites try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid-1990s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

“Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.”

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”

Related articles by Zemanta

Tags: facebook, Federal Bureau of Investigation, Florida State University, Google, MySpace, RockYou, Security, Social network service

Jan 22 2010

How to manage risk in the cloud

Category: Cloud computingDISC @ 3:06 am

What is Cloud Computing and does it provide more protection to your business?

  • Pre-order the Softcover;

  • Pre-order the eBook.

    • Cloud Computing will bring many benefits to organisations, some of which include reducing operating costs, reducing power consumption and freeing you up to focus on your core business.
    The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of Cloud Computing is falling so dramatically that considering outsourcing to the Cloud is no longer rare, and it is now accessible enough that any individual or organisation can use it to their advantage.

    Above the Clouds: Managing Risk in the World of Cloud Computing
    For Cloud Computing to be a viable option, you need to be confident that your business information will be secure and that the service you offer to your customers will still be reliable. So if you want to adopt a Cloud Computing strategy, you need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data. However, the author challenges the assumption that Cloud Computing will offer less protection to your data than relying on an in-house server. Buy Now!>

    Cloud Computing not only allows you to make economies of scale; it can also offer you the increased security that comes from sharing the resource. The author argues that moving over to Cloud Computing can actually help to defend your organisation from threats such as denial of service attacks, viruses and worms.

    Cloud service providers will tell you that Cloud Computing is bound to be better, faster and cheaper. The reality is that before switching over to Cloud Computing, you need to think carefully about whether it will really work for your business. This book shows you what you need to do to ensure that with Cloud Computing you will continue to give the standard of service your customers require. It also offers you some valuable tips on how to choose your provider of Cloud services.

    Published date: 9th February 2010.

    Pre-order this book using Voucher Code: “cloud2010” to save 10%!

  • Pre-order the Softcover;

  • Pre-order the eBook.

    • Related articles by Zemanta

    Tags: Business, cloud, Cloud computing, cloud computing benefits, cloud computing concerns, cloud computing risks, cloud computing security, cloud security, cloud services, cloudcomputing, Computer Science, Denial-of-service attack, Distributed Computing, due diligence, Economy of scale, Outsourcing, Security

    Jan 19 2010

    Protection Suite Small Business Edition

    Category: Information Security,MalwareDISC @ 3:39 pm

    An Easy-to-Use, All-in-One Suite

    Symantec™ Protection Suite Small Business Edition is an easy-to-use, all-in-one suite that protects critical business assets by securing them against today’s complex malware and spam threats, and rapidly recovering computer systems. By upgrading, you will receive multiple layers of protection through award-winning technologies from the market-leading endpoint security, messaging security, and backup and recovery provider. The new Symantec Protection Suite Small Business Edition includes:

  • Symantec Endpoint Protection Small Business Edition 12.0
  • Symantec Mail Security for Microsoft® Exchange with Premium AntiSpam
  • Symantec Norton™ AntiVirus for Macintosh
  • Backup Exec™ System Recovery Desktop Edition 8.5



    • This all-inclusive suite creates a secure environment and unmatched defense against email-borne threats and security risks. It also enables reliable recovery of data in seconds or complete systems in minutes, ensuring high availability and avoiding business-interruption threats. Small businesses can now save both time and money with this ready-to-go, comprehensive suite that is trouble-free and straightforward to install, deploy and manage. Symantec protection suite protect critical business data and meet compliance requirements. Comes with 12 months free support.

    Checkout detail features and key benefits for Symantec Protection Suite SBE

    Tags: business edition, complex malware, critical business asset, email-borne threats, multiple layer, protection suite SBE, security risks, Symantec, symantec mail security, system recovery

    « Previous PageNext Page »