In this article, a new study show that 90% of people could not trust an organization that could not protect their confidential data.
http://www.darkreading.com/document.asp?doc_id=132598
[Editor's Note (Valle): Common sense but many companies won't adequately budget for security until they lose confidential date and their executives end up on the front page of the Wall Street Journal.]
There is a lot of hype about how IDS is being replaced by IPS but here is an article that believes IDS products will still be in demand 5 years from now while IPS will be mostly part of firewall products
http://searchsecurity.techtarget.com/original
Content/0,289142,sid14_gci1268979,00.html?track=sy160&asrc=RSS_RSS-10_160
[Editor's Note (Valle): Most customers are still wary of putting their ASAs or IDS products in IPS mode. As more network attacks circumvent signature-based defenses, the real value of IDS comes from their ability to do deep packet inspection and report to SIM/SEM devices like MARS which in turn can activate mitigating instructions within the network.]
Earlier this month Visa USA warned banks that process card transactions for non-PCI compliant Level 1 and 2 merchants that they will face higher commission fees and monthly fines of at least $25,000 starting October 1st. These banks then passed the news on to their merchants. Non-compliant Level 1 merchants will be fined starting in October and Level 2 merchants in January 2008.
http://www.darkreading.com/document.asp?doc_id=131608&f_src=darkreading_informationweek
[Editor's note (Valle): Many large companies that transact over 6 million credit card transaction a year (Level 1) or 1-6 million transaction (Level 2) are still not PCI compliant. In our experience many companies ultimately decide to purchase internal firewalls and IDS products for their PCI project.]
Hackers have created a new technique for compromising computers that totally evade signature-based anti-virus detectors.
http://www.infoworld.com/article/07/08/03/Malignant-Javascript-mutates_1.html
[Editor's Note (Valle): As hackers find more and more ways to outsmart signature-based A/V technologies, behavioral-based A/V technologies like CSA are no long "nice to have" as an extra layer of defense. The are a "must have".]
Automatic spam tool can post 1100 posts to websites, forums, and blogs in under 15 minutes.
http://www.net-security.org/secworld.php?id=5370
[Editor's Note (Valle): The disturbing thing is that this tool can read even difficult to decipher CATCHA systems. As more 2.0 technologies and websites depend on user feedback and content creation, this sort of spam issue has the potential to seriously cripple their value proposition.]
A good article on attacks that are specific to Unified Communications. Includes descriptions of Toll fraud, Vishing, DDOS, and platform compromises.
http://searchsecurity.techtarget.com/tip/0,289483
,sid14_gci1260359,00.html?track=sy320
[Editors Note (Valle): Companies that are rolling out Unified communications need to have better (multi-layer) security than other non-UC companies because much more is depending on their network and more attack vectors exist]
Analysts at RSA security have discovered a phishing tool that can create a phishing site on a compromised server in about two minutes.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026709&source=rss_topic17[Editor's Note (Valle): The best way to not fall victim to a phishing attack is to never click on links within an email but rather to type the URL into a browser to make sure you are going to the right website. If you do end up at a compromised server and it tries to download malicious code, having CSA would stop it from executing.
Spammers have changed tactics and are starting to use the PDF format to send out their spam. An analysis shows that it was launched by a botnet that spanned 167 countries.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026840&pageNumber=1
[Editor's Note (Valle): Now that anti-spam companies that learned how to identify and stop image spam fairly well, the spammers have found a new technique to get their messages into people's email boxes. Yahoo is usually very good at blocking out spam but recently I have been getting 3-4 spam messages a day for the last few weeks and surprise, surprise- they all had PDF attachments.
I talked with the IronPort folks and they said they were all over this and their customers would not be affected by this PDF spam.
Many companies don’t realize it but they have compromised computers that are being used by spammers.
http://www.networkworld.com/news/2007/062007-companies-send-spam.html?fsrc=rss-spam
[Editor's Note (Valle): This is a huge liability issue for companies and they need to get their arms around it before some enterprising lawyers do. A good defense against this kind of threat is the IronPort S series that can scan outgoing emails for spam.]
An interesting blog post that speculates that the Hotmail and Yahoo CAPTCHA systems have been compromised by spammers.
http://tech.blorge.com/Structure:%20/2007/07/08/spammers-overcome-hotmail-and-yahoo-captcha-systems/
[Editor's Note (Valle): I'm sure the good guys are developing new CAPTCHA systems that can't be easily read by computers. In the meantime, we will all probably see a rise in spam. The IronPort S series appliance with its SenderBase technology would help mitigate this issue.
