Friday, February 05, 2010

Apple iPhone security, privacy claims exaggerated, researcher says; Timelin of A Decade of Malware

Timeline: A Decade of Malware | Negative tech ads (slideshow)

Network World Compliance Alert

Forward this to a Friend >>>


Apple iPhone security, privacy claims exaggerated, researcher says
Apple's sandboxing technology restricts iPhone applications using deny/allow rules at the kernel level, but these and other security permissions are too loose, according to one presenter at the Black Hat Conference. Read More


WHITE PAPER: Tripwire

FISMA Prescriptive Guide
Learn how Tripwire helps federal agencies, as well as the organizations and contractors that store, process or transmit federal information. The FISMA Prescriptive Guide contains case studies from three fictional federal agencies, each capturing the perspective of a key stakeholder in the FISMA compliance process. Click here.

In this Issue


WHITE PAPER: IBM NWW

Profiting from PCI Compliance
Working together, the major payment card providers have developed a set of data security standards and created a council for enforcing them. For many companies, regulatory compliance can already be an overwhelming and confusing area to navigate, and the need to comply with the PCI DSS might feel like yet another burden. Learn More Now

Timeline: A Decade of Malware
ScanSafe security researcher Mary Landesman looks back at some of the notorious malware that has shaped the attack landscape we now face online Read More

Negative tech ads (slideshow)
Tech companies have gone negative in their ad campaigns since long before Verizon's "map" ads and Apple's John Hodgman romps. Here are 26 landmarks in the history of scorched-earth marketing. Read More

IT Outsourcing: Why It Pays to Appraise Your Contract
Most IT outsourcing contracts contain post-execution provisions that, if not reviewed annually, can drive up costs or drive down performance. We've got an 18-point checklist to keep your outsourcing costs and service under control this year. Read More

Facebook, Twitter, Social Network Attacks Tripled in 2009
New report from Sophos finds most Facebook and Twitter users have received spam or malware on the popular social networking sites Read More

Too many people re-use logins, study finds
An analysis of real-world online behaviour has warned of the unsettling phenomenon that led to this week's high-profile Twitter login scare. Far too many people re-use the same logins for more than one site. Read More


WHITE PAPER: IBM NWW

An Executive's Guide to Web Application Security
Unfortunately, network firewalls and network vulnerability scanners can't defend against application-level attacks. It's more important than ever to implement secure application strategies to effectively protect your business. Learn More

Google Working With National Security Agency, Report Says
In a partnership that may inspire some to put their tinfoil hats on, Google has reportedly turned to the National Security Agency for help in improving the company's security infrastructure. The new partnership is still being finalized, but will be aimed at preventing future attacks like the one that hit Google in December, according to The Washington Post. This is not the first time the NSA has been tapped to help a U.S. corporation with cyber security, but the purported partnership would certainly be unique since Google's servers house such a vast collection of user data including search histories, e-mail, and personal documents. Read More

Researcher reveals how IE flaw can turn your PC into a public file server
In a live demonstration Wednesday at the Black Hat DC conference, a security consultant showed how it's possible to exploit a flaw in the Microsoft Internet Explorer browser to remotely read files on the victim's local drive, prompting a security advisory from Microsoft. Read More

Unique network security algorithm stops worms from spreading
Researchers at Pennsylvania State University say they can block the spread of self-propagating worms on corporate networks while keeping infected machines online so they can continue performing their legitimate duties. Read More

US House passes cybersecurity R&D bill
The U.S. House of Representatives has passed a bill that would authorize hundreds of millions of dollars in spending on cybersecurity research and education. Read More

Black Hat: Zero-day hack of Oracle 11g database revealed
A well-known security researcher yesterday showed how to subvert security in the Oracle 11g database by exploiting zero-day vulnerabilities that would let a savvy user gain full and complete control. Read More


WHITE PAPER: HP

WAN Design – Don't Buy More than You Need
This Gartner research note examines the methodology organizations should employ when designing a WAN. It offers advice on how to ensure that important applications are networked with sufficient performance and that there is not an "overspend" on less important applications and provides guidance on meeting unique network needs. Read Now.

Twitter forces password reset to protect some accounts
Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said. Read More

How Wi-Fi attackers are poisoning Web browsers
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time. That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. Read More

Cybersecurity needs duck-and-cover campaign to boost national awareness
Shoring up U.S. cyberdefense should include educational programs that motivate private citizens to fight cyber threats through safer Web practices, much as school children were taught in the 1950s to hide under their desks and cover their heads in case of nuclear attacks, researchers say. Read More

User provisioning: right access to the right people
Last issue we touched on a new definition for identity. Today I'd like to present the definitive view of the first, both historically as well as in the context of adding identity and access management (IAM) to your organization. User provisioning has been called the "killer app" for identity management. It started us down the road to IdM over a dozen years ago. In fact, we almost take it for granted today. But what does it involve, what does it imply, and why does it matter? Read More

Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products
ARLINGTON, VA. -- A researcher with expertise in hacking hardware Tuesday detailed at the Black Hat DC conference how it's possible to subvert the security of a processor used to protect computers, smartcards and even Microsoft's Xbox 360 gaming system. Read More

Conficker worm cripples a U.K. police department
The Conficker worm is alive and well and has shut down the police network in Manchester, United Kingdom, for the past three days. Read More



Join us on LinkedIn

Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today!
- Jeff Caruso, Executive Online Editor

Today from the Subnet communities

Massive giveaway from Cisco Subnet: 50 copies of the Cisco Press CCNP Cert Kits kits are up for grabs. Deadline March 31. 15 books on Microsoft PerformancePoint business analytics available, too.

SLIDESHOWS

10 coolest experiments from Google Labs
When you've got thousands of the world's most brilliant engineers spending 20% of their time on whatever takes their fancy, cool software is the result.

7 social SharePoint apps built in a week
Seven startups competed to develop great SharePoint apps in one week.

MOST-READ STORIES

  1. 10 best IT jobs right now
  2. Seven social SharePoint apps built in a week
  3. How Wi-Fi attackers are poisoning Web browsers
  4. The 10 coolest experiments from Google Labs
  5. Cisco backdoor still open
  6. Black Hat: Zero-day hack of Oracle 11g database revealed
  7. Facebook sees need for Terabit Ethernet
  8. Researcher claims hack of processor used to secure Xbox 360
  9. Don't ever do this while at work and on live TV
  10. How to make new stuff from your piles of obsolete tech

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_compliance_alert as networking.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: