Domain: it-observer.com
Stories and comments across the archive that link to it-observer.com.
Stories · 18
-
Voice Over IP Under Threat?
An anonymous reader writes "The IT Observer is discussing the possible scary future of Voice over IP targeted viruses, and what that could mean for the consumer. The article discusses the likelihood that VoIP is going to become even more popular, and the damage that a targeted 'flash virus' could perpetrate in a very short amount of time. From the article: 'Let's imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name Bank, with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of email addresses using code that simply enters users' address books and modifies any entry under the name Bank to 987-65-43. ... If any of these users receives a message saying that there is a problem in their account, and asking them to call their bank (a typical phishing strategy), they may not be suspicious, as they are not clicking on a link in an email ... If they use their VoIP system to call the bank, they will be calling the modified number, where a friendly automated system will record all their details. ' " -
Crypto Snake Oil
An anonymous reader writes "Luther Martin of Voltage Security has published an article about the perception of cryptography today with regards to quality and honesty in vendors. From the article: 'Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography. Even after you use cryptography, you are never quite sure that it is protecting you like it is supposed to do.'" -
Multi-Layer Security Platforms
An anonymous reader writes "ITO has published a comprehensive article on the new meaning of unified security management: 'In the not too distant past, the information security needs for most organizations were fairly straightforward. From a technology perspective, core defenses included a handful of perimeter-based firewalls to policing traffic originating from the Internet, along with software at desktops, and perhaps email gateways, to counter the emerging threat from viruses.'" -
Agent-based or Agent-less Network Monitoring
An anonymous reader writes "ITO has published an interesting article on agent-based and agent-less network monitoring approaches: "Agents can monitor the status (availability and performance) of applications, servers, and network components in significantly more depth than generic management tools, since they are able to gather data through application-specific interfaces, exercise the full application functionality, and perform localised aggregation and summarisation of high volume metrics for example."" -
Wireless Security Attacks and Defenses
An anonymous reader writes "IT-Observer is running a comprehensive overview of wireless attacks and defenses. From the article: 'Wireless technology can provide numerous benefits in the business world. By deploying wireless networks, customers, partners, and employees are given the freedom of mobility from within and from outside of the organization. This can help businesses to increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers.'" -
Secure VoIP, an Achievable Goal
An anonymous reader writes "ITO is running a comprehensive article on VoIP security issues and how one can protect against them: "VoIP creates new ways of delivering fully-featured phone services that promise big cost savings and open the way for a whole new range of multimedia communication services. After years of 'will it, won't it' speculation and unfulfilled predictions of universal adoption, Gartner is now positioning VoIP firmly on its way to the 'plateau of productivity' on its widely-respected technology hype cycle. But questions about its security and reliability persist."" -
Code for Unbreakable Quantum Encryption
An anonymous reader writes "ITO is running a story on NIST's latest quantum encryption key generation. From the article: 'Raw code for "unbreakable" quantum encryption has been generated at record speed over optical fiber at NIST. The work is a step toward using conventional high-speed networks such as broadband Internet and local-area networks to transmit ultra-secure video for applications such as surveillance.'" -
Open Source For Perimeter Security
An anonymous reader writes "IT Observer has a look at some of the perceived problems with an OpenSource approach to security and what could be done to improve the situation. From the article: 'There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects -- netfilter and Snort -- and also describes some weaknesses that need to be addressed by IT organizations or vendors.'" -
Some Linux Users Violate Sarbanes-Oxley
Goyuix writes "According to the IT Observer, publicly owned companies who are using Linux, could be violating the federal securities laws as part of Sarbanes-Oxley. The article goes on to say that companies are required to "disclose ownership of intellectual property to their shareholders." How are these companies supposed to really list out all the IP owners if they were to install a full desktop or server environment - there could be literally thousands of parties listed! What are the current Fortune 500 companies doing, as many of those use Linux in one form or another?" update several people have pointed out that this is about companies who are violating the GPL, not everyone. -
Intel to Develop Hardware Rootkit Detection
Jack writes "ITO is running a story on Intel's latest initiative - a hardware rootkit detector: 'Intel is trying to eliminate the human factor when dealing with root-kits detection by developing a new hardware-based technique to discover and notify users when they are downloading unintentionally a root-kit to their computer.'" -
Sober Attack on 87th Anniversary of the Nazi Party
Jack writes "ITO is reporting that Sober is scheduled to attack on January 2006 - the data coincides with the 87th anniversary of the Nazi party: "The next planned widespread of 2005's most prolific e-mail worm, Sober, is scheduled to start on January 5, 2006 based on commands hard-coded within the worm. The attack date coincides with the 87th anniversary of the Nazi party."" -
Sensitive Data Stolen Via Digital Cameras
Jack writes "ITO is running an interesting story on a new security threat connecting digital cameras and hackers." From the article: "Following a spate of reports about Bluetooth and iPods devices being used to steal sensitive data from organizations, businesses are now urging to be vigilant as hackers use digital cameras to sidestep security measures. 'Camsnuffling', the latest IT managers headache being used to computer attackers to extract and store data with the help of digital camera." We've previously discussed this problem. -
Red Hat Seeks to Deliver Most Secure Linux
Jack writes "ITO is running a story on Red Hat's plan to become the most secure Linux platform. From the article: "Red Hat officially joined The National Information Assurance Partnership to bring an improved level of security and assurance to Linux. This means that the next version of Red Hat Enterprise Linux will contain kernel and Security Enhanced Linux policy enhancements, developed by IBM, Red Hat, TCS, NSA and the community."" -
Cisco Flaw Opens Routers to Attack
Jack writes "Cisco is suffering from a serious flaw in its router operating system, which might allow execution of remote code: 'Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.'" -
Intel Enters Anti-Virus Market
Jack writes "ITO holds a story on latest Intel investment: "Intel is branching into anti-virus security with a $16 million investment in Czech anti-virus software vendor Grisoft. Grisoft's AVG anti-virus is used on more than 25 million computers worldwide, according to the company." -
New Security Ideas From Intel
Scott writes "Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user. This is one of several ideas were presented at Intel Developer Forum. Intel has also released a hardware-based solution to fight against worm spreading. From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'" -
New Security Ideas From Intel
Scott writes "Intel is developing a new technology that could prevent unauthorized access to wireless networks using the time it takes for packets to arrive from the access point to the Wi-Fi user. This is one of several ideas were presented at Intel Developer Forum. Intel has also released a hardware-based solution to fight against worm spreading. From the report: 'The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.'" -
PDA Security, the Next Big Hurdle for IT?
Jack writes "ITO published an article on a new secure PDA requested by the NSA. 'General Dynamics inked an $18 million contract with the secretive National Security Agency to design and develop a secure mobile personal assistant for defense workers. The PDA will integrate all types of communications including voice, data and web.'" In related news palmtops writes "Insecure Magazine has a great and in-depth article written by Seth Fogie, the VP of Airscanner.com, about Pocket PC security. His summary of PDA attacks states: 'These devices are easy to smuggle into a business and can be used to propagate an attack against network devices. Don't make the mistake of assuming is a PDA is a simple data keeper. As the cliche' goes... it is how you use it that matters.'"