Information Security Philippines

The National Institute of Standards and Technologies released three new drafts of security-related special publications today. They cover e-mail security, intrusion detection and prevention, and securing Web services and applications.

The first is called “Guidelines on Electronic Mail Security,” an update to SP 800-45 released in 2002. The guide includes policy suggestions for deploying and configuring e-mail servers, training employees on security, and applying encryption. NIST will accept public comments on this publication at sp800-45a@nist.gov until Oct. 6.

The second publication is titled “Guide to Intrusion Detection and Prevention Systems.” It provides assistance to agencies for designing, implementing, configuring, securing, monitoring and maintaining IDP systems for an entire enterprise and smaller divisions. It also provides guidance for different network-based IDP systems. NIST will take comments at 800-94comments@nist.gov until Oct. 20.

The third publication, “Guide to Secure Web Services,” deals with Web services security, specifically in applications. It also details security features in Extensible Markup Language; Simple Object Access Protocol; and the Universal Description, Discovery and Integration protocol and related open standards. NIST will accept comments at 800-95comments@nist.gov until Oct. 30.

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net - WindowsIT Pro

Rootkits are a growing problem, and as you might expect, the list of tools that can help you prevent rootkit infiltration is also growing.

The list of standalone tools that can help with rootkit detection and removal is also expanding. This week, I give you a list of the standalone detection and removal tools that I know about.

The alphabetical list below can be a resource to help you add some useful tools to your security toolkit. As with antivirus and antispyware tools, using multiple rootkit detection and removal tools is a good idea because not every tool can detect and remove every rootkit.

Of the tools listed, I’ve used RootkitRevealer, F-Secure BlackLight, Sophos Anti-Rootkit, and IceSword, all of which are from entities that I’m familiar with and trust to some extent or other.

(more…)

Since July of 2005, attrition.org has been tracking data loss and data theft incidents not just from the United States, but across the world.

Attrition.org’s archives go back to the year 2000, and with over 142 MILLION records compromised in over 300 incidents across six years, we would finally like to introduce a very basic and rudimentiary database that will assist others in tracking these incidents.

DLDOS (Data Loss Database - Open Source) is a simple flat comma seperated value file that can be imported into your database of choice, whether it be MySQL, Microsoft Access, or Oracle (good luck). We provide the date, the company that reported the breach, the type of data impacted, the number of records impacted, third party companies involved, and a few other sortable items that may be of interest. At this point, attrition.org is not hosting an actual database itself, but the raw data is free and available for use as long as attrition.org is credited for the use of said data. Really, we’re not trying to be jerks, but if you’re going to use our data in your research, be it a web site or paper written for a commercial entity, just give us a shout out please.

(more…)

Phishers have begun using SMS messages as an attack vector. Users have reported receiving SMS messages purporting to confirm that they have signed up for a dating service and notifying them they will be charged US$2 a day until they cancel the order at a certain web site. That site downloads a Trojan horse program onto their phones, allowing it to be controlled by the attackers. The practice has been dubbed SMiShing.
(more…)

Following the directions that come with mobile devices, such as phones and PDAs, to remove data before selling or recycling them is not enough to ensure the next person who holds the device will not be able to see your private information.

Data can still be retrieved from phones that have been reset. A security software company that purchased 10 used smartphones and PDAs on eBay found sensitive, personally identifiable information on nearly all of them.

The company plans to return all the phones to their original owners and has kept all the data it retrieved from the phones on a computer not connected to its corporate network.

Some companies have provided stronger data wiping functions in their newer devices.
http://www.theage.com.au/news/Technology/Software-Can-Resurrect-Cell-Phone-Info/2006/08/31/1156816976190.html
http://software.silicon.com/security/0,39024888,39161863,00.htm
http://www.vnunet.com/vnunet/news/2163176/pdas-sold-ebay-loaded-sensitive

The National Institute of Standards and Technology (NIST) has released Special Publication 800-88, “Guidelines for Media Sanitation.” The draft guide addresses sanitation techniques for magnetic, optical, electrical and other media types. NIST is careful to note that the “guide is intended to assist organizations and system owners in making practical sanitation decisions based on the type of information on their system media. It does not, and cannot, specifically address all known types of media however; the described draft sanitation decision process can be applied universally to all forms of media and categorizations of information.”
http://www.fcw.com/article95849-08-30-06-Web&printLayout
http://csrc.nist.gov/publications/nistpubs/800-88/SP800-88_Aug2006.pdf
(more…)