| Security | page 1 page 2 | |
| computerbeveiliging.startpagina.nl | | Research: Security gaps open when ISPs hire third parties
By JORDAN ROBERTSON – April 24
SAN JOSE, Calif. (AP) — When Internet providers hire third-party companies to serve up advertisements on unused Web pages, that creative attempt to make money can open major security vulnerabilities they can't control, a researcher has found.
One such vulnerability — described last weekend at a security conference by Dan Kaminsky, director of penetration testing for Seattle-based computer security consultant IOActive Inc. — works like this:
Say you mistype the name of a Web site into your browser. Instead of getting an error message, you get a wall of advertisements whose profits flow back to your Internet provider.
A hacker who breaks into the computer system of the company hired to display those ads can cause all kinds of mayhem, injecting code onto the pages you see or altering the pages to trick you into coughing up sensitive personal information.
"The security of the Web for these ISPs is limited to the security of these random ad servers," Kaminsky said in an interview. | Safe Internet Foundation (SIF). De stichting neemt initiatieven om internet-gebruikers voorlichting te geven over het veilig gebruik van het internet. Ook wil zij dat gebruikers oplossingen geboden worden waarmee zij zich kunnen beschermen tegen de risico’s die met het internetten gepaard gaan, zoals ongewenste informatie, misbruik van persoonlijke gegevens, virussen en andere integriteitsaanvallen en frauduleus betalingsverkeer. | Malware's next big trends? - July 13, 2007
Always on the lookout for new and less-noticeable means for carrying out online fraud and other cyber-crimes, hackers are increasingly moving to adopt techniques including response splitting and cross-site forgery as they continue to mature their attacks, according to Web security and testing expert Jeremiah Grossman.
Grossman, founder and CTO of Web site vulnerability testing specialists WhiteHat Security, said that he has recently begun noticing more attacks in the wild that employ the two methods -- both of which have been understood for some time, but were thought to be avoided by most hackers based on their complexity and the availability of easier means to trick Web sites and end users. | digibewust - www.digibewust.nl
Campagne wil de kennis van en het vertrouwen in de mogelijkheden van digitale middelen versterken, met aandacht voor beveiliging en bescherming. | SenderBase.org Website Designed to Empower Internet Community in War against Spam, Viruses, Spyware and Identity Theft | GOVCERT.NL vergaart en verspreidt kennis op het gebied van ICT-beveiliging. Wij stellen deze kennis en ervaring van onze medewerkers en van aanverwante organisaties zoveel mogelijk ter beschikking van deelnemende organisaties. Verder stimuleren we onderlinge kennisuitwisseling tussen deelnemende organisaties. Onze kennisbank speelt hierin een centrale rol.
De kennisbank biedt cases en overheidsdocumenten die betrekking hebben op informatiebeveiliging. Een voorbeeld van een dergelijke best practice is het document Bescherming tegen dDoS-aanvallen. Ook kunnen medewerkers van GOVCERT.NL en van de deelnemende organisaties op dit systeem hun opgedane ervaringen kwijt. | European Government CERTs (EGC) group
The EGC group is an informal group of governmental CSIRTs that is developing effective co-operation on incident response matters between its members, building upon the similarity in constituencies and problem sets between governmental CSIRTs in Europe. | The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. | Computer Security Infiltration and Menace Rising Fast in Africa
By Syl Juxon Smith
Computer security breaches has shown a dramatic rise in serious attacks against African companies over the past year. This includes computer viruses and virtual break-ins, as well as fraud, theft and misuse involving computers and infrastructure, LAN, WAN, INTRANET and INTERNET. The figure has risen significantly in 2007.
The rise and blame squarely is on lack of in-house security template and daily monitoring controlling the use of ICT infrastructure in increasing use of the Internet by businesses for communication and transactions. Another factor is the growing number of people accessing their company servers from outside the office, which creates more potential points of entry for viruses and hackers.
Denial of service
Majority of all African firms are infected by a computer virus. This remains their single biggest security problem, accounting for 80 percent of all incidents. But large companies - those with more than 200 staff - also reported suffering so-called denial of service attacks. These involve an assailant using an array of remote-controlled PCs to bombard a server or network with junk traffic, a process that can put the target out of action. The number of direct hacking attempts has also risen, with 67 per cent of all companies, and 33 per cent of large companies suffering incidents and not reporting it. This point out that many organizations has weak firewall and lack intrusion detection - this makes them unable to detect such probes.
Large companies have their network probed at least once a week by hackers while 40 per cent of companies were successfully hacked into, far higher than in 2006. The battle to contain the information security menace will be a long one, and it is far from won globally in countries far much more advance with hardware and software firewalls in place. This is not a battle African businesses can afford to lose. To combat the problem, better investment in security measures is needed, as well as better security policies and contingency planning. The emergence of computer viruses that also send out spam or contain a backdoor for a hacker is particularly worrying. We are now experiencing a dangerous link between spam, viruses and hacking activity within African growing enterprises, financial institutions, government bureaucracy and its security apparatus. But authorities and companies are continuing to deal with the problem as separate issues. | | | | | | | | | | | | | | | | | | | |
|
