Web Security Review

By: MJ

The fastest web security hardware in the industry, the IronPort S-Series combines together highly exclusive Web Reputation technology with their new breakthrough, a Dynamic Vectoring and Streaming engine that enables signature-based spyware filtering. The new scanning technology is delivered through robust management and reporting tools as consumers benefit from the ease of administration and complete awareness of all threat-related activities.

As of now, more than 80% of corporate PCs are infected with spyware since opponents and competition are more than willing to know the corporate secrets through less than friendly means. A study showed that only 10% of corporations have deployed perimeter spyware defenses.

The FBI, Federal Trade Commission (FTC) and Earthlink have jointly issued a warning on how the growing ranks of Internet crooks are using new tricks called “phishing” and “spoofing” to steal your identity.

In an FBI press release, Assistant Director of the agency’s Cyber Division, Jana Monroe says, “Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.

The FBI’s Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony “Customer Service” type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.

“Spoofing,” or “phishing,” frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case.

Continue reading from:� usgovinfo.about.com

By Ryan Narain

A hacker finds a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the browser.

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar.

In an IM interview with eWEEK, Raff said multiple versions of the toolbar allows spoofed information to be presented to the user when adding a new browser toolbar icon/button.

Read more from eweek.com

Mi5 Networks’ Webgate appliance provides URL filtering, antivirus scanning, malware protection, and limited file leakage protection.

By Adam Ely

The internet can be a great productivity tool. It’s also a prime source of trouble. From Web-based malware to inappropriate use of the Internet at the office, today’s enterprises need to protect themselves from Internet misuse.

Mi5 Networks, named after Britain’s domestic security service, offers a single-appliance approach to solving the problems the Internet creates. Providing URL filtering, antivirus scanning, malware protection and cleaning, and limited file leakage protection, the Webgate Web security appliance advertises zero latency while protecting systems and company data. We tested the Webgate 005 model.

Webgate is a competent URL and malware filter that does its job without adding latency to network traffic. It detects and blocks inbound threats. It’s also useful for blocking outbound traffic, such as botnet or spam activity. And it includes a malware cleaning tool to remove infections.

Continue reading from� InformationWeek.com

For readers with a MySpace or Facebook account, please be vigilant and careful when accepting apps or widgets from your friends; they main contain Trojan viruses that steal information from your site and then send it all back to the one who created it. They usually do this by sending Trojans through apps or widgets that your friends sent you. According to researchers at Finjan, cyberattackers are now going to these social networking sites such to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t, kindly delete it immediately. If it did come from them, research on the app or widget from previous users.

Source

By Lisa Vaas

An attacker could exploit the flaw with a malicious MP4 file to trigger the buffer overflow.

Even as Microsoft prepared to release critical updates for flaws in multimedia frameworks and APIs, proof-of-concept exploit code came out over the weekend that shows how an attacker can target the Winamp multiformat media player, a media player from Nullsoft that runs on Windows and is second only to Windows Media Player in worldwide popularity.

Symantec on Dec. 8 produced a security advisory warning that attackers can take over systems due to a vulnerability in how Winamp processes some MP4 files. Nullsoft has since addressed the issue, which boils down to a buffer overflow problem, in Winamp 5.35. The problem affects Winamp 5.02 through 5.34.

Read more from eweek.com

BitDefender was an excellent performer among security suites, but it’s best for experts who don’t need guidance regarding security extras and pop-up alerts and who don’t mind through interface.

BitDefender Internet Security 2008 ($40 for one PC, $50 for three PCs) pairs shining success with disappointing failure. It outperformed every other suite in crucial malware detection tests, unmasked every rootkit sample, and finished second among the eight suites evaluated for our “All-in-One Security Suites: Tried and Tested” roundup on a separate spyware and adware detection test.

But this stellar performance behind the scenes was seriously marred by an unpleasant user experience. From aggravations with the initial installation to difficulties with warning pop-ups, BitDefender’s flaws are hard to brush off.

Continue reading more from: PCWorld.com

by Matt Hines

EC-Council University’s security science program aimed at helping qualified IT professionals advance their skills and take on high-level industry jobs.

EC-Council University, a New Mexico-based distance learning company, has launched the program to help qualified workers advance their training and move to the next level of the security profession.

Founded in 2006, the school is a spin-off of the International Council of Electronic Commerce Consultants, an online trainer that claims to have certified more than 40,000 IT professionals already, including 12,000-plus security specialists.

With the growing need for highly skilled security experts among businesses, EC-Council founders say there’s a scarcity of people who have all the know-how necessary to make the leap to CTO-level work.

“Traditionally, a lot of white hat hackers have been people with computer science backgrounds who taught themselves about hacking, but we’re trying to change the surface of the industry because we can’t leave this field of study up to chance,” said Jay Bavisi, president of EC-Council.

Continue reading from: infoworld.com