I came across this embedded PowerPoint slideshow at eWeek.com with 12 simple slides about how to add security to any deal. Basic stuff, but a good reminder.
Click the “Play” icon to start the slideshow
http://www.eweek.com/slideshow/0,1206,pg=0&s=26842&a=203659,00.asp
1) NAC Attack: Today’s Products will Fail,..
Forrester Reseach report contends that many NAC products focus solely on compliance with security policies instead of remediation.
http://www.eweek.com/article2/0,1759,2112120,00.asp
[Editor's note (Valle) A good article that differentiates Cisco's NAC from others. A good NAC solution should have authentication, quarantine, posture assessment, and remediation.]
2) Has the end arrived for desktop antivirus?
Analysts say traditional desktop antivirus, signature-based protection won’t protect corporate jewels-whitelisting, behavior-blocking technology is the answer
http://www.networkworld.com/news/2007/040507-desktop-antivirus-dead.html?page=1
[Editor's Note (Valle) The need for CSA is reinforced]
3) Polymorphic viruses call for new antimalware defenses
Why virues are becoming more difficult for signature-based defenses to catch
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1249912,00.html?track=sy320
4) The Final ‘Final’ Nail in WEP’s Coffin?
A new method of attacking WEP can break a 104 bit WEP key in less than 60 seconds.
http://www.eweek.com/article2/0,1759,2111876,00.asp?kc=EWRSS03129TX1K0000614
[Editor's Note (Valle) Many network admins running Wi-Fi networks are still running WEP thinking that a large bit key will protect them. Even the PCI 1.1 standards mentions that if you have to use WEP you should use 104 bit keys in conjunction with other security measures.]
5) JavaScript botnet code escapes ShmooCon..
A new type of software that can turn a Web browser into an unwitting hacker’s tool is accidently released.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015382&source=rss_topic85
Editor’s Note (Valle) This highlights the danger of javaScript. I like security specialist, Steve Gibson’s suggestion about using javaScript: Turn off javascript by default in your browser and use the browser’s built-in trusted zones to turn on javascript only on websites you trust.]
Microsoft Corp. has acknowledged that the emergency patch it released last week for the Windows animated cursor file (ANI) bug has caused at least four applications to break.. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015923&source=rss_topic85
[Editor's Note (Valle) Not only can CSA stop the ANI vulnerability but this a a good example of why network and system administrators do not take patching lightly. Very often the patches themselves cause problems with commercial and customer applications.]
The Dutch bank ABN Ambro (which is planning to be merge with Barclays) has compensated four of its customerswho lost cash when hackers stole money from their accounts using a malware phishing technique.
The hackers overcame the bank’s two-factor authentication system by first sending the victims an e-mail containing an attachment.
http://www.computerweekly.com/Articles/2007/04/03/222857/abn-pays-out-over-hacked-accounts.htm
[Editor's Note (Valle) This is a good example of how even when using some of the best security (two-factor tokens) available, a bank was not able to protect their customer because the customer's computer had already been compromised. Using a heuristic (behavioral) agent such as CSA would not have allowed this malware to run on the customers computers. This should be a real wake-up call for any business that does transactions over the Internet. If a hacker can steal the information going between the customer and a company, they can do a lot of damage to the trust the customer has in the company. Financial institutions like banks and brokerage are just starting to give out security tokens to enhance their customer's security. I can see a day where these companies start giving out products like CSA to make sure their customer's computers are secure.]
