Nov 18 2011

Protection of credit card and ATM/debit card transactions

Category: Cybercrime,pci dssDISC @ 1:16 pm


By Azie Amini
Protection of credit card/ATM card transactions and the latest trends in banking, credit card or internet fraud.

• As we go towards the end of the year, one by one report each credit card missing and get a new one with a new account number (make sure you ask for a new account number, sometimes they send a new card with the same number). When you get each one, call the other credit card company and report the other one missing. Do this for each card so that when you start the new year with new credit cards. (The reason for it is that often thieves want to collect many stolen credit cards and then they sell a batch of hundreds of thousands of credit cards to a buyer. They often wait a year or two to collect many credit cards so often your credit card number is stolen sitting in their files without you knowing. All of a sudden they sell their large list of stolen credit cards and within a few days you will get hit with many transactions so your card is maxed in a very short time) and you will have the headache of having to report each transaction as false and hope your bank will not charge you. So change all your credit cards at least once a year to be safe.

• If any credit card company or bank calls you to report suspicious activities on one of your cards, do NOT give them your card number just tell them to read the number they have and you just say Yes or No. Also if they asked for the 3 digits on the back of your card, do NOT give it to them. They should tell you what info they have and all you say is Yes or No, nothing more. With me when I get calls like that, I tell them that I prefer to dial their toll free telephone number to talk to their fraud dept and see what may be the problem. Always suspect that the person calling is not really from your bank or credit card company but is a crook.

• Frequently check the balance of each banking account you have, as there are a lot of “Wire Transfer” fraud and often you only have 24 hours to stop a wire transfer, if you notice it later your bank may NEVER pay you back even though you did NOT authorize the wire transfer. (I know this sounds strange but I have talked to many lawyers whose clients lost their savings on unauthorized wire transfers and there is NO law to protect the person, the money is GONE). Check your bank balance daily.

• When you look for something on Internet, say using “Google” and you see a website that has all kinds of things posted on it; e.g. airplane tickets, charity stuff, news about movies, etc. Do NOT click on any links, these strange websites that have everything interesting on them are often set up by very smart crooks, very smart, and the links will direct all kinds of spyware (keyboard collection tools say to collect your banking user name and Passwords) loaded into your PC. Just exit and do NOT click on any links!

• Alway download the lastest Microsoft browser, word, Adobe updates, etc. These companies constantly try to add security features to their software. The moment you get an update from Microsoft or Adobe, load it asap. They sent you the updates because they have just fixed a security issue.

• Next time you order checks, do NOT put your first name and just have your initial and last name on them. If someone takes your check book they will not know if you sign your checks with just your initials or your first name but your bank or credit union will know how you sign your checks.

• When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the “For” line. Instead, just put the last four or five numbers. The credit card company knows the rest of the number and anyone who might be handling your check as it passes through all the check processing channels won’t have access to it.

• Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. Never have your Social Security Number printed on your checks!. You can add it if it is necessary.

• Place the contents of your wallet on a photocopy machine, do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. Also, carry a copy of your passport when traveling anywhere.

Very important, when you know your credit cards are stolen do this:
• Call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number.
The alert means any company that checks your credit knows your information was stolen and they have to contact you by phone to authorize new credit.
Here are the phone numbers to contact:
Equifax: 1.800.525.6285
Experian: 1.888.397.3742
Trans Union: 1.800.680.7289
Social Security Administration (fraud line): 1.800.269.0271

Related articles and Books

Credit Card Scams II

Fraud Prevention Techniques for Credit Card Fraud

100% Internet Credit Card Fraud Protected

Nov 15 2011

Top 10 Cyber Scams During Holiday Season

Category: cyber security,CybercrimeDISC @ 10:49 am

By Paul C Dwyer

“Tis the season to get scammed!”

Phishing Scams: PCD Says “Beware of emails that appear to be from charities. Not all will be real and bogus sites could steal your credit card details. These “Phishing” emails can also pretend to be banks, telephone companies and even the revenue commissioners. There is even now a category of “recession based” scams which involve targeting consumers with products such as pre approved loans etc. There is also an increase in “Smishing” attacks, that is phishing messages sent out by text.”

PBX / Telephone Fraud: PCD Says “This is the time of year when SME’s and indeed large enterprises phone systems often get hacked. Hackers penetrate the phone system and can reroute Euro 1,000’s of calls through the companies phone system. The criminals often sell call cards openly in markets and on the streets which operate off these hacked phone systems. The first the company know about it is when they return after Christmas to a massive phone bill. Consider having a security audit on your phone system.”

Free iPad’s: PCD Says “Offers of free iPads and similar gadgets are included in most cyber scams lists at the moment. Victims are often requested to participate in some sort of basic quiz or supply their mobile telephone number. In many cases their mobile phone is then “subscribed” to some sort of service that costs Euro X per week.”

Fake Delivery Services Invoices: PCD Says “Over the Christmas period, cyber criminals will email fake invoices and delivery notifications appearing to come from legitimate courier companies. The emails will indicate that they were unable to deliver a package to your address and of course ask you to confirm your address and provide credit card details pay for delivery.”

Smartphone App Scam: PCD Says “Malicious spyware is disguised in a game or an application, which is then marketed to users. If downloaded, the malware steals data from the phone, such as passwords and financial details. Always check a developer is legitimate and review comments regarding the app.”

Fake Goods: PCD Says “Don’t be stupid, if the offers looks too good to be true it probably is. Beware of imitation goods for sale, most are sub standard, many are dangerous and in some cases lethal. Be especially careful when buying computers good such as laptops etc, we have come across a number “preloaded” with key logging software. There are also lots of fake auctions and classified ad sites appear that over Christmas, make sure you are dealing with a genuine business.”

Social Networking Friend Requests: PCD Says “Scammers take advantage of this social time of year by sending out authentic looking friend requests via email. You should not click on the links in the email but sign into your social networking site and look there for friend requests. If you click on a link it could install malware on your computer. Beware of related scams such as “Help I’ve been Mugged!”, this is when you receive a fake distress message from someone in your network requesting money as they have been robbed whilst traveling.”

Fake Christmas Cards: PCD Says “Be careful if clicking on a Christmas E-card or Gift Cards. This method is used to install Malware and other bad stuff. Many E-cards look genuine and authentic so be very careful when considering click on them. If you use an E-Card service obviously make sure it is a reputable one.”

PC Support Fraud: PCD Says “Criminals will attempt to gain access to your computer by calling up and saying you have a problem with your computer. They often claim to be from large legitimate corporations and will either ask for a payment to fix your computer or ask you to download a software patch. In the first case they will steal your credit cards details and in the second instance they will infect your machine with spyware or malware that will provides access to your machine bandwidth to support other attacks.”

Social Network Virus: PCD Says “This is very basic and involves a friend posting a link on your social network wall page or in the status update. This gives the impression that the site is a safe site to visit. However, in some cases it is the result of malware and could result in the download of viruses on your machine.”

Shopping smart and avoid scams: financial literacy during the holiday season: hearing before the Committee on Banking, Housing

Nov 12 2011

A guide to the realities of the subversive multi-vector threats

Category: CybercrimeDISC @ 9:07 pm

Cybercrime and Espionage

A guide to the realities of the subversive multi-vector threats (SMTs) now emerging as potential bearers of doom for organisations and countries

This guide will enlighten you to the dangers posed by SMTs like cyber crime and espionage in the 21st Century. Forewarned is forearmed, and this is what this book will help you to achieve by having the knowledge of these threats so you can prevent them affecting your organisation or country.

The goals of these SMTs are many, but below listed are some of the potential consequences posed by these threats:

> The sale of intellectual from one organisation to a competitor
> Compromise of financial data and systems
> Undermine the security posture of a nation by another nation

These threats are very real, and as more people and nations become connected to the Internet the dangers increase.

In addition to what you’d expect from a book covering cyber crime and espionage, this book also delves into the psychological profiles of those perpetrating these crimes or attacks.

Key Features and Benefits:

  • A guide to SMTs that provides you with the knowledge necessary to defend against them. The knowledge you’ll glean from this book will help you to keep your company or nation’s systems safe and secure.
  • Covers not only corporate white-collar crime but also international espionage i.e. threats to national security. This book is particularly ideal for those in large public organisations where national security is a priority.
  • Written by two highly experienced information security professionals, they have extensive experience in both the private and public sectors having worked for such organisations as the CIA, McAfee and IBM to name a few.

    • To buy -> Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats

    Nov 10 2011

    Cloud services breached via Google code search

    Category: Cloud computingDISC @ 10:32 pm

    Researchers at Stach & Liu, a security consulting firm, have advised organizations against storing critical information on the public cloud until there are better intrusion detection systems available for cloud services, the Dark Reading website reports.

    The firm made the recommendation after discovering that access codes and passwords to thousands of public cloud services could be found via a simple Google search. The firm first reported the results of their cloud services security research at the Hacker Halted conference in October in Miami, according to Dark Reading.

    “It is not a good idea to put sensitive data out in the cloud right now — at least not until there are intrusion-detection systems that would let users see these types of searches on their cloud services,” Fran Brown, managing director of the firm, told Dark Reading.

    Nov 08 2011

    Looking for a secure USB stick with hardware encryption

    Category: Access Control,data securityDISC @ 10:55 pm

    CESG Approved USB Stick
    CESG is the UK Government’s National Technical Authority for Information Assurance

    Over 1 million SafeSticks are now in use in the NHS helping to keep patient data and other confidential data secure! Buy your SafeStick today!

    SafeStick is a secure USB stick with AES 256 bit hardware encryption and is FIPS 197 certified.

    SafeStick includes brute force attack lockdown protection. This means should the password to your SafeStick be entered incorrectly a number of times, the SafeStick is disabled or the data on it wiped.

    The antivirus and anti-mailware software available for SafeStick (at an extra cost) prevent any nefarious software from spreading on your SafeStick. With one in four virus or mailware attacks now spread by USB sticks, this is an essential control to have in place.

    Key Features and Benefits:

  • Uses AES 256 (FIPS 197 certified) hardware encryption to protect your data – this makes it highly unlikely that, should a drive be lost, that anyone would be able to access the data.
  • This stick is the one that was chosen for use by the UK’s National Health Service (NHS). To date over 1 million SafeSticks are now in use in the NHS helping to keep patient data and other confidential data secure!

    • SafeStick is a fully manageable enterprise solution when used in partnership with SafeConsole (available at an extra cost). SafeConsole allows you to kill a stick if it has gone missing. It also enables you to enforce group policies, allowing you to enforce such policies as allowing certain file types to be put on the drive whilst denying others. You can also reset passwords using SafeConsole.

    SafeStick is tough, durable, waterproof, heat resistant, crush proof. It can take anything you can throw at it.

    SafeStick is compatible with Windows 7, Vista, XP, 2000, 2003, 2008, Mac OSX, Linux and Citrix in an ultra small form factor and can be used as a either a standalone or enterprise solution.

    Simply plug in a SafeStick and within minutes you can be up and running. All you need do is set a password and any data placed on the SafeStick is encrypted.

    Order your SafeStick today!!!

    BlockMaster SafeStick 1G Encrypted USB Flash Drive

    BlockMaster SafeStick 2G Encrypted USB Flash Drive

    BlockMaster SafeStick 32G Encrypted USB Flash Drive

    Nov 03 2011

    Knowledge Management finally gets it’s own book: WKIDM

    Category: Data mining,data securityDISC @ 9:11 am

    by Melanie Watson
    That’s right, Knowledge Management finally has it’s own book: Information Lifecycle Support: Wisdom, Knowledge, Information and Data Management (WKIDM).

    The primary role of Knowledge Management is to “improve the quality of decision making” by making sure that information throughout the Service Lifecycle is accurate, reliable and trustworthy. This book covers all four areas of knowledge: data, information, knowledge and wisdom.

    This book, (endorsed by the OGC – the creators of the ITIL methodology) provides a comprehensive and much-needed source of information on data and information management. It examines the effective production, coordination, storage, retrieval, dissemination and management of information from internal and external sources.

    Information Lifecycle Support: Wisdom, Knowledge, Information and Data Management (WKIDM)

    Tags: it service management, ITIL, ITSM

    Nov 02 2011

    Inside IT: Cloud Computing & Security

    Category: Cloud computingDISC @ 2:13 pm

    IT Best Practices: The IT organization is undergoing rapid change. Changes like virtualization and consumerization present new opportunities for business, and new challenges for IT. Cloud computing shifts IT to more of a creator and distributor of services, but brings with it increased security concerns. In this podcast, Alan Ross, who leads the Security Architecture and Technology Development Team at Intel IT, talks about data security, application security, compliance, privacy, and other issues around these evolving technologies.




    Securing the Cloud: Cloud Computer Security Techniques and Tactics


    Cloud Security: A Comprehensive Guide to Secure Cloud Computing


    The Cloud Security Rules: Technology is your friend. And enemy. A book about ruling the cloud.

    Nov 01 2011

    CIA Mind Control Operation MK-ULTRA PSYCHOLOGICAL WARFARE

    Category: social engineeringDISC @ 10:52 am

    “MK-ULTRA” PSYCHOLOGICAL WARFARE

    CIA Mind Control Operation MK-ULTRA PSYCHOLOGICAL WARFARE . Mirrored. Documentary: The Most Dangerous Game. Interesting documentary on brainwashing and psychological warfare. CIA.

    http://www.youtube.com/watch?v=5ATYYqIrSI8

    Psychological Warfare (WWII Era Reprint)

    Mind Control: The Ancient Art of Psychological Warfare

    Ideas as Weapons: Influence and Perception in Modern Warfare

    Psychological Warfare and the New World Order: The Secret War Against the American People

    Oct 31 2011

    Hacker Halted: McAfee’s George Kurtz Discusses the War on Security

    Category: cyber securityDISC @ 11:55 am

    Presentation Abstract:by Anthony M. Freed

    “The explosive growth of Internet and IP-enabled devices is reshaping communication, collaboration and commerce opportunities for individuals and organizations around the world. At the same time, miscreants are abusing the Internet’s open and any-to-any communication architecture for malicious purposes, leaving many users at risk and the future of a secure Internet as an aspiration rather than a reality.”

    “The current cybersecurity model is reactive, disconnected and unable to keep pace with the seismic explosion in malware. Providing protection to a heterogeneous world of connected devices requires a new approach to security.”

    “McAfee CTO George Kurtz will show that incremental improvements can’t bridge the opportunity gap and explain the required paradigm shift of driving security down the stack.”

    Hacker Halted: McAfee’s George Kurtz Discusses the War on Security

    Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition by George Kurtz

    Oct 28 2011

    Richard Clarke says clearly China As Source Of Cyber Hacks

    Category: cyber securityDISC @ 12:36 pm

    Richard Clarke the former Cybersecurity Czar for President George W. Bush and a noted expert on cyber war and counter-terrorism, in which Clarke identifies China’s government and its industries as a major source of the cyber security hacking and espionage that is taking place in 2011. In addition to discussing China’s cyber activity on the video, Clarke outlines four main buckets of cyber attacks today, and why many people consider 2011 the “Year of the Hack.”

    The Clarke video was put together and released in October 2011 to coincide with the Eighth Annual National Cyber Security Awareness Month, which is sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

    Cyber War: The Next Threat to National Security and What to Do About It

    Oct 27 2011

    GAO Report on Information Security Breaches

    Category: cyber securityDISC @ 10:31 am

    Per Greg Wilshusen (GOA Information Security Director) vulnerabilities exist in all 24 federal agencies and 11 out of 24 federal agencies have significant deficiencies. There has been a 650% increase in the incidents. Take a listen to the video to know more about the details of these vulnerabilities and more importantly the plans to mitigate these risks especially 11 agencies that have significant risks.

    On The Communicators, Greg Wilshusen, director of the Government Accountability Office’s (GAO) Information Security department, will discuss a report the GAO released this month that said 24 federal agencies’ computer systems are at risk of security breaches.

    Oct 26 2011

    A guide to contract and commercial management for professionals

    Category: Vendor AssessmentDISC @ 9:42 pm

    Contract and Commercial Management

    “Almost 80% of CEOs say that their organization must get better at managing external relationships. According to The Economist, one of the major reasons why so many relationships end in disappointment is that most organizations ‘are not very good at contracting’. This ground-breaking title from leading authority IACCM (International Association for Contract and Commercial Management) represents the collective wisdom and experience of Contract, Legal and Commercial experts from some of the world s leading companies to define how to partner for performance. This practical guidance is designed to support practitioners through the contract lifecycle and to give both supply and buy perspectives, leading to a more consistent approach and language that supports greater efficiency and effectiveness. Within the five phases described in this book (Initiate, Bid, Development, Negotiate and Manage), readers will find invaluable guidance on the whole lifecycle with insights to finance, law and negotiation, together with dispute resolution, change control and risk management. This title is the official IACCM operational guidance and fully supports and aligns with the course modules for Certification.”

    This is an Operational Guide. This book is a management guide to contract and commercial management that is both is both practical and straightforward.

    Based on the knowledge of contract, legal and commerce professionals, this guide will support you through each phase of the contract lifecycle and help you to take common language and approach that enables a progressive way of working.

    In this book you will find the information presented in four sections, these are:
    > Bid
    > Development
    > Negotiate
    > Manage

    Topics covered in these sections include:
    > Risk
    > Finance
    > Negotiation
    > Dispute resolution
    > Change control

    This title is endorsed by the IACCM (International Association for Contract and Commercial Management) – the association that represents contract and relationship management professionals and organisations.

    Key Features and Benefits:

      * A guide to best practice in the world of negotiating contracts and building relationships. This guide will give you the knowledge to take a comprehensive approach to negotiating contracts by using a common language.
      * The methods in this book are based on the experiences of practitioners worldwide, they are also progressive. Whereas some other approaches are adversarial and negative.
      * Endorsed by the IACCM the best practice organisation for contract and relationship management professionals. This proves the quality and relevance of the material

    to build commercial relationships get a copy of Contract and Commercial Management

    Oct 25 2011

    Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick

    Category: cyber security,CybercrimeDISC @ 8:45 am

    The Ghost in the Wires is a well written and captivating tale of Kevin Mitnick which tells his story of how artfully he used social engineering time and again as a first step for some of his famous hacks. During his social engineering hacks how he became an absolute authority on subject at hand and got the trust of a person on phone in just a matter of minutes.

    “When you use social engineering, or “pretexting,” you become an actor playing a role. I had heard people try to pretext and knew it could be painfully funny. Not everybody could go on stage and convince an audience; not everybody could pretext and get away with it.”

    Per Kevin what he likes about the best of Ghost in The Wires is his life story because it’s kind of like a Catch Me If You Can version for a computer hacker. What is unique about it that it is a true story. People really seem to like it.

    Ghost in the wires have been on the New York Times best seller list for a month so far. the only hacking book that made the bestseller list was a book called The Cuckoo’s Egg by Cliff Stoll.

    Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

    Audiobook Chapter:

    Oct 24 2011

    New Stuxnet-Like Worm Discovered

    Category: MalwareDISC @ 12:42 pm

    By Jeff James : Twitter at @jeffjames3
    In June 2010, security experts, analysts, and software providers were warning IT managers about Stuxnet, a new computer worm that was spreading rapidly over the internet. Stuxnet was distributed by Windows machines, and the intent of the worm wasn’t immediately clear. After a few months it was revealed that the vast majority of Stuxnet infections were in Iran, and Stuxnet seemed to have been specifically targeting the Siemens industrial control equipment used in the Iranian nuclear program.

    German security expert Ralph Langner was interviewed by NPR reporter Tom Gjelten earlier this year about Stuxnet, and Gjelten reported that Langner told him that the worm was so complex and sophisticated that it was “almost alien in design” and believed that only the United States had the resources required to create Stuxnet and orchestrate the attack. As more details emerged, it became clear that Stuxnet was likely developed by either Israeli or American intelligence agencies in an attempt to impede Iran’s nuclear program.

    Both Israeli and American security officials have sidestepped questions about their involvement, but Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, stated at a December 2010 conference on Iran that “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them.” [Source: NPR’s Need to Know]

    Now security researchers from Symantec have revealed that they’ve discovered a new Stuxnet-like worm called W32.Duqu that shares much of the same code with Stuxnet. Symantec’s Security Research blog posted details about Duqu yesterday:

    “Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
    According to Symantec, Duqu also functions as a keylogger designed to “capture information such as keystrokes and system information” but lacks the specific code related to “industrial control systems, exploits, or self-replication.” Symantec’s research team believes that Duqu is collecting information for a possible future attack, and seem to point the finger at the original creators of Stuxnet, since the creators of Duqu seem to have direct access to Stuxnet source code:

    The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
    The arrival of Stuxnet signaled that cyberattacks have entered a new phase, with nation states and professional, highly-skilled programmers helping elevate cyberwarfare to a new, more sophisticated (and dangerous) level. Microsoft Technical Fellow Mark Russinovich offers up a fictional account of what can happen when terrorist groups turn to cyberwarfare in his novel Zero Day, and it’s a chilling preview of what the future of warfare could look like.

    While many fingers are pointing at U.S. and Israeli intelligence service for creating Stuxnet – and possibly Duqu — what happens when a hostile nation or well-organized terrorists develop the same level of cyberwarfare capability? Questions like these are undoubtedly keeping IT security professionals and experts at government security agencies awake at night.

    For more technical information on the Duqu worm, see Symantec’s W32.Duqu: The Precursor to the Next Stuxnet whitepaper [PDF] and a Symantec post that provides additional Duqu technical details.

    The New Face of War: How War Will Be Fought in the 21st Century

    Has Israel Begun A Cyber War On Iran With The Stuxnet ‘Missile’?: An article from: APS Diplomat News Service

    Oct 23 2011

    Palo Alto Networks takes Firewalls to next Level

    Category: Network security,next generation firewallDISC @ 8:50 pm

    Ashlee Vance, Bloomberg Businessweek
    For the past 15 years or so, security pros have relied on the trusty firewall and other hardware to keep bad guys from running amok on corporate networks. For the most part, this has meant blocking tainted e-mails and keeping workers away from harmful websites.

    The latest wave of Web services, like Skype and Google Docs, has introduced fresh problems. They can transfer files, store data and allow remote computer access in ways that can’t be easily patrolled by the standard sentinels.

    Nir Zuk has another option. He’s a veteran of the traditional firewall and security industry who struck out on his own six years ago to create a product for today’s Web. The company he founded, Palo Alto Networks, sells a next-generation firewall that makes modern Web services safe for the workplace and gives companies precise control over how their employees can use them.

    “Our customers don’t want to block Facebook,” Zuk said. “They want to use it, but they also want some control.”

    As interest in Web-based software has surged, so too have Palo Alto Networks’ sales. The company has hopped from office to bigger office since its birth at Zuk’s Palo Alto house in 2005. This year, the company moved into a giant headquarters in Santa Clara.

    A year ago, Palo Alto Networks had 1,000 customers; today it has 4,500, including Qualcomm, the city of Seattle, and eBay. Sales will exceed $200 million this year, according to Zuk, who adds that the company is gearing up for an initial public offering.

    Zuk says Palo Alto Networks owes much of its success to modern computing habits, which require more sophistication than what’s provided by traditional security products. Older firewalls are designed to monitor one-way traffic. E-mails and data from websites pour in, and the security products look for suspicious patterns. Yet threats can snake their way through a network in various ways: A worker might go to Facebook, click on a nefarious link, and download a virus. Soon enough, he’s using software from enterprise cloud computing company Salesforce.com to upload those infected sales data files and send them to colleagues.

    “Most security groups used to focus on blocking apps like Skype or GoToMyPC but now are often required to allow them to be used,” says John Pescatore, an analyst at the research firm Gartner. “That’s why firewalls needed to evolve.”

    Palo Alto Networks gives each Web service its own signature. This means that Palo Alto’s systems know when employees are using Skype or Salesforce.com, and have a general idea of what they’re doing there. Customers can set policies for how an application is used so that, for example, all employees can view Google Docs files, but only some can actually create them.

    Keeping track of all the traffic flowing through a corporate network requires a lot of computing horsepower, and part of Palo Alto Networks’ secret sauce is a homegrown chip that chews through data quickly. A Palo Alto Networks system can even peer into encrypted traffic: It’s fast enough to decrypt packets of information, check whether they’re safe, and then pass them on to the employee who requested them, all without much lag.

    Norm Fjeldheim, the chief information officer at chipmaker Qualcomm, says the Palo Alto Networks systems he bought replaced not just firewalls but also things such as intrusion detection hardware and other types of security systems. “They are doing the work that was done by multiple things in the past,” Fjeldheim said. “They watch over everything.”

    To date, Palo Alto Networks has raised a total of $65 million. In August, Palo Alto Networks lured Mark McLaughlin from his role as CEO of VeriSign to run the young company and prepare it for an IPO.

    Venture capital firm Sequoia Capital is one investor.

    Said partner Jim Goetz: “I don’t think we’ve ever seen an enterprise technology company grow as quickly.”

    Download the e-book now!
    Download a Free copy of “Next-Generation Firewalls for Dummies” ebook to find out why traditional firewalls can’t protect your network | Checkout the sample chapter online

    PALO ALTO NETWORKS RECOGNIZED FOR ENTERPRISE FIREMALLS.: An article from: Computer Security Update

    Oct 21 2011

    Britain Would Strike First in Cyberwar, Government Says

    Category: cyber securityDISC @ 8:32 am

    UK Foreign Secretary Hague: Britain willing to strike 1st to defend itself against a cyberattack from enemy state

    @FoxNews
    LONDON – Britain is prepared to strike first to defend itself against a cyber attack from an enemy state, Foreign Secretary William Hague said Tuesday.

    His warning was the first clear signal that the UK has developed new weapons for the online battlefield.

    Hague told The Sun that the globe was in the grip of a new and financially-crippling “arms race in cyberspace.”

    He said he could not guarantee that Britain would be able to repel a major cyber assault on the nation’s essential infrastructure — including water works, power plants and the air traffic control system.

    But he said, “We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place.”

    Hague gave no clues on the makeup of Britain’s new electronic arsenal, saying, “The rest of the world will have to guess.”

    The British government is pouring an extra £650 million ($1 billion) into developing deterrents to hostile viruses, which are being produced almost constantly.

    “We are trying to prevent an arms race in cyber space,” Hague said. “Given that the Internet changes every day, and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous.”

    He added, “There is no 100 percent defense against this, just as there isn’t against any other form of attack. We have to defend critical national infrastructure. We have to defend national security. We have to defend our entire commercial and economic system.”

    Hague spoke ahead of a cyberspace conference. Senior officials from more than 60 nations and bosses of online giants will meet in London next month to discuss the cyber menace and draw up an “international rule book” on how best to fight it.

    Oct 20 2011

    Finding And Securing Sensitive Data In The Enterprise

    Category: data securityDISC @ 9:40 am

    By Robert Lemos @ DarkReading.com

    Your organization’s most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn’t leak out

    When Michael Belloise joined human resources outsourcing firm TriNet four years ago as the IT manager, the amount of sensitive data held by the company put him on edge.

    TriNet handles payroll and benefits for its customers. As such, its systems store Social Security numbers, birth dates, employee ID numbers, and addresses for 100,000 workers at other companies. That data isn’t necessarily subject to the kind of detailed privacy and security rules covering financial transactions or healthcare information, but it’s highly sensitive nonetheless.

    Belloise brought in data loss prevention vender Vontu (now part of Symantec) to install a data discovery appliance that finds and monitors all data leaving the company’s network. The results, says Belloise, were shocking.

    “I dare not drop any numbers about what we saw, but it was egregious,” he says.

    TriNet had secure ways of transmitting and storing data, but its employees were using alternative, less-secure methods, including unencrypted portable media, drop boxes, and attachments to email sent from personal accounts. In most cases, they were skirting the rules in order to serve customers faster, but some of the activity looked questionable and possibly malicious. The security violations didn’t result in any data breaches, but the results were eye opening, Belloise says.

    “It was to the point where you couldn’t put your head in the sand anymore, because it was that shocking,” he says.

    Belloise called a meeting of C-level execs and embarked on a mission to secure the company’s data. TriNet first studied its data to gauge the risk it faced. Then it altered processes and educated employees to minimize misuse of data, and also installed a DLP system to monitor compliance.

    TriNet’s experience isn’t all that unusual. Sensitive data has a habit of spreading throughout companies and ending up in places it shouldn’t be–places it’s more likely to be stolen or accidentally leaked. Lost, stolen, and inappropriately disposed-of laptops have accounted for the greatest number of breach incidents in most of the last five years, according to The Leaking Vault 2011, the Digital Forensics Association’s comprehensive report. But much of the information that’s on those laptops shouldn’t have been there to begin with.

    Read more on Finding and Securing Sensitive Data >>>

    Related topics to Secure the Enterprise Data

    Data Protection for Virtual Data Centers

    The Data Asset: How Smart Companies Govern Their Data for Business Success

    Privacy and Big Data

    Oct 16 2011

    iPhone 4 hackers open password marketplace

    Category: Smart PhoneDISC @ 10:09 pm

    A huge source of personal data in the palm of your hand – that’s what a smartphone has become nowadays. But all the private information kept on your hi-tech device can easily become public knowledge.
    Privacy For Sale: iPhone 4 hackers open password marketplace

    Smartphone security: here’s how to start securing smartphones and the data they’re accessing.(Security): An article from: Mobile Business Advisor

    Oct 15 2011

    How IPSEC Stops the Three Most Common Attacks Against Your Network

    Category: Network securityDISC @ 2:05 pm

    Oct 11 2011

    California governor allows warrantless search of cell phones

    Category: Smart PhoneDISC @ 9:12 pm
    Cell phone Sagem my202X ubt

    Image via Wikipedia

    Here’s another reason to password-protect your mobile phone: California’s governor just recently vetoed a bill that requires a court-ordered warrant in order to search mobile phones upon arrest. This means that if you get arrested in the state of California, the arresting officer can search your smartphone — which gives him access to emails, call logs, texts, location data, banking apps, and more — without needing a warrant.

    To Read More on the CNN article….

    Tags: Arrest, california, California Supreme Court, CNN, Jerry Brown, Mark Leno, mobile phone, Search warrant

    « Previous PageNext Page »