IT Security Jobs & Careers

Internet e-Mail Scams Target Job Seekers
Kathy Kristof

The e-mail said it came from CareerBuilder and offered a job opportunity as a 'trading assistant.' Just one hitch: It wasn't an e-mail from CareerBuilder.com and it was not a job. It was part of a cynical scam that's becoming widespread. This scam is just part of an evolving cacophony of employment frauds that prey on the millions of Americans who are out of work.

U.S. is Striking Back in the Global Cyberwar
Alex Kingsbury and Anna Mulrine

The two-day 'Cyberdawn' exercise, one of the country's premier electronic war games. It is run with the help of volunteers by the private firm White Wolf Security, which also arranges closed war games for some federal agencies. The chance to test their cyberskills has attracted groups from private companies as well as the U.S. military

Securing the Information Highway
Wesley K. Clark and Peter L. Levin

The Obama administration recognizes that the United States is utterly dependent on Internet-based systems and that its information assets are precariously exposed. Accordingly, it has made electronic network security a crucial defense priority. But that is only the tip of the iceberg.

Government Recruits Geeks to Blunt Cybersecurity Threats
Joshua Kucera

The potential threats against the United States from malicious foreign hackers are as poorly understood as they are scary. It's the kind of shadowy, nonstate threat that the U.S. defense and intelligence bureaucracies are traditionally ill equipped to fight, but a new initiative announced last week aims to try.

Cyberwar Is the New Atomic Age
Mike McConnell Interview

A level of vulnerability has been introduced into our way of life that is unprecedented. We now have a smaller connected globe where information can be moved in seconds, where information managed by computer networks -- which runs our utilities, our transportation, our banking and communications -- can be exploited or attacked in seconds from a remote location overseas

Secrets to Saving Your Laptop and Data
David LaGesse

Consumers now buy more laptops than desktop PCs, relishing the power they pack in a portable package. Thieves relish laptops for the same reason. The overwhelming majority of lost or stolen notebooks don't make it back to their owners, according to FBI and analyst reports. But a few laptop-luggers take steps to protect their investments, or the even-more precious data they contain.

U.S. Army worried about Wikileaks in secret report
Army intelligence worried that Wikileaks.org could harm military operations and speculates that criminal prosecution could deter disclosures, document posted Monday indicates.

Microsoft races to plug IE hole after exploit code released
Software giant's patch process speeds up after researcher releases code on Net that can be used to target the vulnerability and take over PCs.

Report names 'enemies of the Internet'
Reporters Without Borders names several countries, including China and Iran, as Internet enemies for clamping down on online freedom and prosecuting bloggers.

Privacy is not dead, says SXSWi keynoter Boyd
Recent PR debacles surrounding Google Buzz and Facebook's privacy settings have put the spotlight on basic misunderstandings by tech companies about how people use social media.

When malware strikes via bad ads on good sites
Who is responsible for malware in ads, Web site owners or ad networks and delivery firms?

ISP interruptions trip up Zeus botnet
But the source of the Zeus banking Trojan is back in action after unidentified agents cut off upstream connectivity to an ISP in Kazakhstan.

Researcher publishes exploit for new IE hole
Clues in McAfee blog post led researcher to existing exploit code, which he then analyzed to write his own code.

LimeWire enlists AVG for user protection
Notorious as a malware ghetto, LimeWire takes its first steps to integrate authoritative threat protection by signing on AVG to provide premium users with download scanning and blocking.

Twitter to block malicious links
Links in direct messages on Twitter and e-mail notifications about direct messages will be filtered in an attempt to stop phishing attacks.

WhitePages.com halts ad networks over malware
Site investigates malware delivered via ads on its site in a fake antivirus attack similar to that on the Drudge Report site.

Privacy is Not Dead, Just Evolving
It's a brave new world. Unfortunately--continuing the literary allusion--Big Brother is watching. As technology makes more information more accessible, it also threatens to expose information that is not intended to be shared. Privacy is a concept that is caught in the middle of the struggle.

Iran Hacks Opposition Web Sites, Arrests Cyber Activists
Iran's Islamic Revolutionary Guards Corps hacked into 29 Web sites affiliated with U.S. espionage networks, Iran's semi-official Fars News Agency reported on Sunday.

Microsoft Hustles on IE Patch, Tests Fix
Microsoft is testing a patch for a critical vulnerability in Internet Explorer, but stopped short of promising to deliver an emergency fix before the next scheduled Patch Tuesday.

FBI: Cyberfraud Losses Doubled in 2009
Last year was a tough one for most businesses, but for cybercriminals it was one of the best yet.

Troyak Takedown, Security Blues, ICANN Meets
The Troyak ISP, which has been linked to the Zeus botnet, was briefly taken down this week. The takedown occurred on the heels of the RSA Conference last week, where there was much talk about the "cat-and-mouse" game of trying to squelch cybercrime. Otherwise, things got a little testy at the ICANN meeting in Nairobi, and iPad pre-orders got rolling. Oh, and the Internet was nominated for a Nobel Peace Prize. Seriously.

Three New Options Emerge for Managing Smartphones in the Enterprise
The surge of iPhones and other smartphones in the enterprise is a major headache for IT departments. Now, there are three new medicines that may help to ease that pain.

Microsoft Admits Office Patch Gaffes
Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

Apple Plugs 16 Holes in Safari As Pwn2Own Looms
Apple has patched 16 bugs in the Safari browser, 12 of them critical, just two weeks before it faces off against rival technologies at the 2010 Pwn2Own hacking challenge.

Former Barclays Programmer Gets Four Years for Role in TJX Attacks
A former Barclays Bank programmer who helped launder money for the mastermind behind the data thefts at TJX Companies Inc. and other retailers, was sentenced to four years in prison by a federal court in Boston.

Data Exfiltration: How Data Gets Out
Cyber criminals are increasingly becoming more sophisticated in their methods of attack. Often we can equate this to the methods of data exfiltration as well. Exfiltration, or exportation, of data is usually accomplished by copying the data from the system via a network channel, although removable media or physical theft can also be utilized.

Security Execs Express Surprise Over CISO's Firing Following RSA Talk
Several security executives today expressed surprise over the firing of Pennsylvanias chief information security officer, apparently for publicly speaking about a security incident involving the Commonwealth's online driving exam scheduling system without getting the required approvals first.

ZeuS Botnet Code Keeps Getting Better...for Criminals
The latest version of ZeuS botnet toolkit includes a $10,000 module that can let attackers take complete control of a compromised PC.

ZeuS Botnet Code Keeps Getting Better...for Criminals
The latest version of ZeuS botnet toolkit includes a $10,000 module that can let attackers take complete control of a compromised PC.

Security Industry Faces Attacks it Cannot Stop
At the RSA Conference in San Francisco last week, security vendors pitched their next generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats.

Security Industry Faces Attacks it Cannot Stop
At the RSA Conference in San Francisco last week, security vendors pitched their next-generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats.

Hackers lock Zeus crimeware kit with Windows-like anti-piracy tech
The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft's Windows, a researcher said today.

Security group preps IT shops to ask vendors 'nasty questions'
The Jericho Forum, which advocates improving e-commerce security through knowledge that network perimeters are fading, says organizations need to ask themselves and their vendors tougher questions.

Trusteer rolls out malware forensic tool for banks
Security vendor Trusteer's latest product will allow banks to remotely investigate their customers' computers if it is suspected the PC has been hacked.

Iran hacks opposition Web sites, arrests cyber activists
Iran's Islamic Revolutionary Guards Corps hacked into 29 Web sites affiliated with U.S. espionage networks, Iran's semi-official Fars News Agency reported on Sunday.

Microsoft hustles on IE patch, tests fix
Microsoft is testing a patch for a critical vulnerability in Internet Explorer, but stopped short of promising to deliver an emergency fix before the next scheduled Patch Tuesday.

FBI: Cyberfraud losses doubled in 2009
Last year was a tough one for most businesses, but for cybercriminals it was one of the best yet.

More Security News
View more Security news and analysis from Computerworld.com

Buyer’s Guide for Identity and Access Governance
Read this white paper for a compliance primer and checklist, plus details on recent mandates. The paper reviews a practical approach to improving your security and compliance posture with Identity & Access Governance solutions. Published by: Oracle Corporation

Managing a Growing Threat: An Executive’s Guide to Web Application Security
Cyber-criminals are leveraging relatively simple application exploits to gain access to sensitive information for fun and profit. It’s more important than ever to implement secure application strategies to effectively protect your business. Read this guide to learn more. Published by: IBM

Native Replication for IBM System Storage™ TS7650 ProtecTIER Gateway & Appliance
Josh Krischer & Associates together with the IBM development lab in Tel-Aviv performed a test of their ProtecTIER Virtual Tape Library solution and the new Native Replication technology. This document outlines the tests performed as well as the specifics of ProtecTIER itself. Published by: IBM

Podcast: Stuff Happens -- How to Assess Risks and Set Objectives for Business Continuity Plans 
Disaster recovery (DR) plans become more complicated and difficult when businesses try to identify all risk scenarios and assign quantitative value to the likelihood of them happening. This podcast will guide you through the process of determining what needs to be protected within your business data and infrastructure. Published by: Marathon Technologies

Getting to know Linux security vulnerabilities
Listen to this expert podcast to learn about some of the most prevalent security risks to Linux environments today. Gain insight into network devices beyond the server system that need security protection. Discover how to tighten your Linux security and minimize long-term information risks. Published by: Trusted Computer Solutions

Tightening up Linux security
Watch this expert webcast to learn about some of the most prevalent security risks to Linux environments today. Gain insight into network devices beyond the server system that need security protection. Discover how to tighten your Linux security and minimize long-term information risks. Published by: Trusted Computer Solutions

Securing Data at the Source: A Guide to Oracle Database Security 
This white paper outlines today’s challenges and Oracle’s solutions, including Encryption and Masking, Advanced Security, Secure Backup, and Data Masking Pack, Access and Authorization, Vault and Label Security, Auditing and Monitoring and Management pack. Published by: Oracle Corporation

Dell Power Solutions - Integrating Virtualized Servers with VMware vStorage-Enabled Dell EqualLogic iSCSI SANs
A comprehensive virtualization strategy encompassing virtual servers and consolidated storage enables unprecedented gains in overall data center efficiency and flexibility. Read this white paper to learn about integrating virtualized servers with VMware vStoarge-Enabled Dell EqualLogic iSCSI SANs. Published by: Dell India

Presentation Transcript: The Top 10 Useful Changes in Windows Server 2008 R2
This presentation transcript will discuss the top ten most useful advantages of Windows Server 2008 R2. Gain insight into improvements made to Terminal Services and Hyper-V that can provide your organization with increased flexibility. Published by: Dell India

Presentation Transcript - Simplifying Data Management
This presentation transcript discusses a technology that has changed the way that hundreds of organizations think about managing data. This transcript will cover file virtualization technology. Read on to find out why it is important for IT organizations, how it works and how some of the benefits can resonate with your own infrastructures. Published by: F5 Networks

Best Practices Guide to Application-to-Application (A2A) Password Management
In datacenters worldwide, it is common practice to hard-code passwords and user IDs in applications and scripts. This paper reviews the security risks associated with hard-coded passwords and will help organizations to gain insight into the security vulnerability that lies on every server, and more! Published by: Cloakware Inc.

E-Guide: Protect Your Data and Your Company’s Reputation through Identity and Access Management
Protecting data is one of the most important things that an organization can do to limit its exposure to security breaches and ensure regulatory compliance. Read this e-guide to go beyond simple checklist audits and use identity and access management to protect your company’s data—and its reputation. Published by: CA

Analyst Webcast with Merv Adrian: Leverage your Data Assets Across the Global Enterprise
As IT infrastructures grow more complex there is a need for data to be synchronized, integrated, consolidated, and migrated. Watch this webcast to learn about the critical issue of data integration environments in the enterprise and how Sybase can help your organization meet its data replication, data movement and real-time reporting needs. Published by: Sybase, Inc.

Introduction to Sybase Replication Server
As IT infrastructures grow more complex there is a need for data to be synchronized, integrated, consolidated, and migrated. Sybase Replication Server, an enterprise class product, can help by offering real-time replication, data access with support for multiple databases and a data modeling tool while maintaining full transactional integrity. Published by: Sybase, Inc.

Pocket E-Guide: How to Prevent Rogue Antivirus Programs in the Enterprise
In this expert pocket e-guide, get tips on safeguarding your organization from rogue antivirus because security education and awareness training isn’t a sufficient method on its own. Published by: ESET

December 2009 Spam Report
Despite anti-spam legislation, spammers continue to deliver their obnoxious email. One year ago, a major spam-hosting ISP was shut down, causing an impressive drop in botnet activity. Today, however, spam authors are more active and smarter than ever. Read this report to gain a greater understanding of current spam threats. Published by: McAfee, Inc.

McAfee Security Spotlight: IT Heroes in Mid-Size Organizations
Real heroes running IT in midsize organizations around the world deal with tremendous pressure every day. While they face the same security risks as larger enterprise organizations, they have to do a hundred other things that are equally important to the business. For these IT generalists, it’s not all about security. Published by: McAfee, Inc.

2010 Threat Predictions
McAfee Labs foresees an increase in threats related to social networking sites, banking security, and botnets, as well as attacks targeting users, businesses, and applications. However, in 2010 an increase in the effectiveness of law enforcement to fight cybercrime is also anticipated. Read this report to learn more about what to expect in 2010. Published by: McAfee, Inc.

Staying a Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Security managers worldwide working for midsize or large organizations share a common goal: to better manage the risks associated with their business infrastructure. This session discusses new and emerging network and application security attacks and ways organizations can protect themselves against Web application and network security threats. Published by: IBM

Malware. Its Everywhere!
Malicious software seems to be everywhere these days. Viruses, Worms, Trojan Horses and other types of malware are becoming a regular part of the daily news, and become more and more sophisticated, outsmarting defenses. Check out this webcast to learn how web application owners can protect themselves from malicious entities. Published by: IBM

Smart Techniques for Application Security: Whitebox + Blackbox Security Testing
Join us for a one-hour Web seminar where members of our security research team will discuss whitebox and blackbox application security testing techniques, highlight how their approaches to vulnerability detection compliment one another and share best practices for embedding application security testing across the software development lifecycle. Published by: IBM

Securing Virtual Data Centers and Clouds: Juniper’s Custom Solution for a Unique Challenge
Watch this webcast with Altor and Juniper to learn more about securing virtual data centers and clouds. In this presentation you will be taken through an overview of market drivers, what lead Juniper and Altor to come together to bring a comprehensive solution in the space, and more! Published by: Altor Networks

IT Outlaw: Making VDI Friendly
Learn how SHI's managed desktop solution, IT Outlaw, leverages the latest virtualization technologies to provide a complete desktop computing environment for a fixed monthly fee, including ongoing support. Published by: SHI International Corporation

Secure at the Source: Implementing Source Code Vulnerability Testing in the Software Development Life Cycle
Secure software starts in development.  A defect-- quality flaws or security vulnerabilities-- caught early in the production cycle costs far less to fix than when caught later in production. How do you ensure that security standards are met as part of your quality measures?  Published by: IBM

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
When delivery is implemented in a collaborative, repeatable, and process-oriented manner, companies can benefit from more efficient development models and secure applications. Integrating security into these processes from the beginning can curb expensive and time consuming “gotchas” at the end of the lifecycle. Read this paper to learn more. Published by: IBM

Control social networking risks with sensible security policies
In this expert podcast, learn how to create an effective social networking policy built on technology and employee training. Learn how to get employees on board and reap the benefits of social networking while reducing the risks. Published by: McAfee, Inc.

E-Guide: Expert Analysis of Virtual Desktop Deployment
While developing a virtual desktop environment isn't an easy feat, there are many reasons why it's worth the effort. This expert e-guide discusses the various benefits associated with a virtual desktop deployment. Discover why many of today’s enterprises are ready for VDI and explore the common pain points addressed by virtual desktops. Published by: SHI International Corporation

Top Tactics for Endpoint Security
This video provides an overview of current endpoint security problems.. Learn best practices for creating a centrally managed endpoint security architecture, get insight into integrating a variety of network-access control technologies and tips for deploying an endpoint architecture that covers all access paths. Published by: McAfee, Inc.

IBM System Storage TS7650 ProtecTIER Deduplication Appliance
This data sheet provides information about the IBM System Storage™ TS7650 ProtecTIER® Deduplication Appliance, a preconfigured solution of IBM storage, IBM server and IBM's revolutionary ProtecTIER data deduplication software. Published by: IBM

IBM ProtecTIER Adds Native Replication
This Product Profile details where ProtecTIER is today, how native replication increases its value to enterprise and mid-market customers, and how customers are using ProtecTIER to protect their critical data. Published by: IBM

Native Replication for IBM ProtecTIER Deduplication Solutions: Replication and Deduplication Combine to Provide Dramatic Improvements in Disaster Recovery
ProtecTIER helps IT organizations prepare for a disaster by providing a safe, simple, and affordable means of transferring key data to the remote site. Read this data sheet for more information. Published by: IBM

Deduplication Enabled Disaster Recovery: An Overview of the Breakthrough ProtecTIER Replication Offering by IBM
This paper describes the native replication feature of ProtecTIER®, IBM’s enterprise-class deduplication solution, and demonstrates that deduplication-enabled replication provides dramatic improvements to Disaster Recovery operations. Published by: IBM

Information Security Magazine - March 2010: Linking ‘Who’ and ‘What’
This month’s cover story, “Linking ‘Who’ and ‘What’”, explains the new trend of joining SIM and IAM strategies to tie system vulnerabilities and policy violations to the user activity that causes them. Other articles in this month’s issue cover topics such as security management, vulnerability assessment, compliance, and more. Published by: Information Security Magazine

VoIP Vulnerabilities
The malicious behavior that we have seen in other media already plagues Internet voice calls. This report examines vulnerability trends as well as protocol- and application-layer attacks. Read this white paper to gain both a general and technical overview to the threats against VoIP and learn how to protect and remediate against them. Published by: McAfee, Inc.

Top 10 Steps to Protecting Your Organization’s Privacy Data
Over the last few years, the challenge of protecting privacy data has been compounded by increasing compliance regulations that can mean fines - or even jail time - if privacy data is mishandled. This white paper presents the top ten regulatory compliance requirements to consider when selecting a privacy data protection solution. Published by: McAfee, Inc.

Maximizing Workforce Management with Best-of-Breed Solutions
This paper describes the challenges organizations face in effectively handling workforce management processes and highlights how automation and tools can enable organizations to improve their workforce management processes and thereby deliver benefits to the business. Published by: Kronos Incorporated

Our System Administrator Did What?
One of the greatest challenges that an organization faces when securing an IBM i environment is protecting the system from the very people who are charged with its care. Fortunately, IBM i lets you audit events in a secure repository for forensic analysis and reporting. Read this article to learn more! Published by: PowerTech

Webcast: Tokenization Success Story
Tune in to this Tokenization webcast where we’ll discuss the business drivers behind tokenization, exactly what ‘tokenization’ is, some best practices for a successful implementation, and lastly, a customer example of tokenization used to reduce the PCI DSS audit scope. Published by: nuBridges, Inc.

Essential Guide to Threat Management
Your organizations are under attack from organized groups that are after the lifeblood of your company. This essential guide from Information Security Magazine will identify those attack vectors and tell you how to best secure your critical digital assets. Published by: Information Security Magazine

Protecting and Securing Privacy Data and Sensitive Information in Today’s Healthcare Organization
This document takes a look at several aspects of data protection and HIPAA compliance and explains how a Data Loss Prevention (DLP) solution can help IT professionals discover sensitive data at rest, monitor traffic in real time, and capture events for after-the-fact investigations. Published by: McAfee, Inc.

Trust, But Verify: Managing Risk In Outsourced Applications
Outsourcing can be a cost effective and efficient solution to the demand for new and specialized applications in today’s Internet-based marketplace. It is absolutely critical, however, that the team responsible for evaluating the outsourced application makes security one of its principal criteria prior to acceptance of each release. Published by: IBM

The Do’s and Don’ts of Data Deduplication 
Data Deduplication continues to gain momentum as one of the most popular backup trends hitting the storage market today. This E-Guide highlights the benefits, as well as key areas to focus on when considering or implementing Data Deduplication, and how to use Data Deduplication in a disk based backup system. Published by: EMC

The Path to a Secure Application
The path to creating a secure application begins by rigorously testing source code for all vulnerabilities and ensuring that use of the application does not compromise or allow others to compromise data privacy and integrity. Published by: IBM

Podcast: SMB Server School: Security considerations for a Windows Server integration
This podcast explores the security implications of integrating a Windows Server into an existing infrastructure.  Gain insight into steps that organizations can take to minimize risks and facilitate a successful integration. Published by: Dell, Inc. and Intel

SMB Server School: Security considerations for a Windows Server integration
This webcast explores the security implications of integrating a Windows Server into an existing infrastructure.  Gain insight into steps that organizations can take to minimize risks and facilitate a successful integration. Published by: Dell, Inc. and Intel

Building a Comprehensive Notes/Domino Archiving Strategy 
This webcast explains why archiving Domino content (including email and applications) is necessary for most companies. Learn about current archiving tool trends and best practices for Domino. Discover how to enlist a strategy that will best fit your organization's archiving needs. Published by: Sherpa Software

Presentation Transcript: Virtual Server Backup: Easy and Economical with Deduplication
Server virtualisation is a top choice for IT investments in this current economical climate. Learn how it will enable you to reduce cost and maximise utilisation. Published by: ExaGrid Systems, Inc.

Server Virtualization Strategies for Disaster Recovery
Server virtualization offers considerable benefits for organizations that want to implement remote replication for disaster recovery (DR) purposes. This includes reducing recovery time objectives (RTOs), the costs associated with remote site server infrastructure and improving ease of implementation of remote DR.  Continue reading for more details. Published by: Hewlett-Packard Company

Compliance: The Five Red Flags - How Technology Can Mitigate Compliance Risks Across Your Workflow
The challenge for Chief Compliance Officers is to understand the risks associated with each of these three drivers of compliance and how they can be mitigated. Read this paper to find out more. Published by: Advent Software, Inc

Replication for Dummies
IT organizations face many data challenges. Data distribution rates and the quantity of data that consumers use is expanding exponentially in the global marketplace. Read this e-book to gain an understanding of the Sybase Replication Server and learn a series of best practices to consider when implementing a database replication strategy. Published by: Sybase, Inc.

MAL_OTORUN2
MAL_OTORUN2

MAL_DOWNADJ
MAL_DOWNADJ

WORM_DOWNAD.AD
WORM_DOWNAD.AD

WORM_DOWNAD
WORM_DOWNAD

MAL_OTORUN1
MAL_OTORUN1

CRYP_MANGLED
CRYP_MANGLED

POSSIBLE_MLWR-13
POSSIBLE_MLWR-13

MAL_XED-22
MAL_XED-22

VBS_LOVELETTER.A
VBS_LOVELETTER.A

POSSIBLE_HIFRM-5
POSSIBLE_HIFRM-5

Is It Doing Anything?
Part two in a series about Norton 360’s smart task scheduler. In this entry, product development manager, Collin Davis, introduces a new tool that gives users insight into what this feature of Norton 360 is doing behind the scenes.

Norton 360’s Smart Scheduler
Norton 360’s smart task scheduler doesn’t rely on a fixed schedule – instead it works around yours. Product Development Manager Collin Davis explains how Norton 360 is always looking for times that you’re away from your desk to perform the routine maintenance tasks it needs to keep your PC safe and tuned.

Do you Yahoo?
I do! And if you’re among Yahoo!’s 27 million users*, you probably do too. A few weeks ago, Yahoo! announced its new Beta version of their popular instant messaging software called Yahoo! Messenger 9.0. Symantec worked alongside Yahoo! to bring additional security to instant messaging by enabling security scans of files that are sent via IM.

Passmark Performance Testing
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Tackling Performance Impact with Norton Internet Security and Norton AntiVirus 2008
As most of our users know, over the years, the threat environment has changed drastically. Viruses gave way to worms, then came spyware, phishing, and botnets. In turn, Symantec responded by updating our consumer products each year with new features designed to protect users against these threats.

Detection and Remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Stray thoughts on security
With the pending trial of alleged spam mogul Robert Alan Soloway, I thought it might be interesting to look at today's threat landscape to see what consumers today are faced with when they switch on their computers.

Security is a funny thing
Security is a funny thing. Everyone knows they want it and need it. Most people using computers today want security software to be vigilantly on guard, but want it to function in the background as an invisible shield without hindering common tasks.

Organized Crime 2.0
Organized criminals are ramping up their use of the Internet as an attack medium.

Stop Cyberbullying Day
Today has been declared "Stop Cyberbullying Day" by Andy Carvin, Internet activist and founding editor of the Digital Divide Network. Recent threatening posts against well-known computer industry blogger, Kathy Sierra, have raised concerns about the increasingly vicious nature of cyberbullying as well as the growth of activity.

Not all Security Solutions are Created Equal
Protecting consumers from the ever expanding universe of online threats requires focus, commitment and experience. Looks like Microsoft- and sadly, users of their Windows Live OneCare software – are finding this out the hard way.

The Envelope Please...

Norton360 Ships!
I’m very pleased to announce the availability of Norton 360 on XP and Vista. Norton 360 is the new flagship product for the consumer team at Symantec, and it spans five key areas of functionality:

New Norton Identity Client Unveiled at DEMO '07
The new Norton Identity Client (NIC) was unveiled this week at

SONAR: Symantec Online Network for Advanced Response and PeaComm
On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat, let’s examine how:

Norton 360 Blog #5
Welcome back from the holidays! I hope everyone’s now had a chance to get more comfortable with the latest Beta build of Norton 360 to support Vista 6000.

Norton 360 Design Philosophy: User Experience and Performance
I’m very pleased to announce the availability of Norton 360 on Vista. I know many of you have been asking about Vista support, so the Norton 360 team is anxious to get your feedback on what you like and what we can improve.

Norton 360 Design Philosophy: Right Balance of Functionality
Hello All, I’m continuing our blog about the design philosophy behind Norton 360.

Norton 360 Blog #2: Design Philosophy Blog: Automation
Hello and welcome again to the Norton 360 blog. I want to share with you our thinking in the design of this product and expand a bit more about our design philosophy.

Spammers hit blogs...
An interesting new trend and vector for spammers.

Norton 360 Blog #1: Welcome Blog
It is my pleasure to say "Welcome!" to the Norton 360 blog community.

The Illusion of Control, Part 3
In two previous posts I’ve talked about why firewalls fail as outbound control mechanisms due to what amounts to lack of visibility into the traffic they are passing.

The Illusion of Control, Part 2
Previously I made the claim that firewalls fail as outbound control mechanisms because they depend on port bindings for protocol identification and because they make the assumption that they can do content inspection. Let’s explore that a little deeper now.

The Illusion of Control
A key aspect of security is control. In recent years, security and network administrators have spent a great deal of time and money attempting to control their networks for the sake of security.

Criminal ingenuity - online identity theft hits brokerages
Criminals are now targeting brokerage accounts to commit identity fraud against consumers. Consumers need to learn how to transact safely online, both by being more cautious and skeptical as well as utilizing new technology that is now available.

Security 2.0 and Identity
Last week we made some announcements about our "Security 2.0" initiative and talked in some detail about the various products and services. One topic that got some attention was identity. I thought I might write a little about digital identity and why we see it as so important.

Upgrading to Norton 2007 products
Upgrading to Norton 2007 products

Where to download Norton Internet Security Add-on Pack
Where to download Norton Internet Security Add-on Pack

FREE NIS Add-on pack available
FREE NIS Add-on pack available

Norton Internet Security Add-on pack
Norton Internet Security Add-on Pack

Threat Landscape
One of the things Symantec has an extremely good viewpoint into is the evolution of the threat landscape on the Internet.

New 2007 releases – Light and Tight!... continued
Norton Internet Security Add-on Pack

Hardware and Software Firewalls – which one should I use?
Home networking equipment often includes a hardware firewall. Norton Internet Security also includes a software firewall. Find out what makes each type of firewall different and what to use for the absolute best protection.

New 2007 releases – Light and Tight!
I am pleased to let you know that we have just shipped Norton Internet Security 2007 and Norton AntiVirus 2007. These releases were the result of the combined efforts of hundreds of Symantec employees, and I am personally very proud to have been a member of this team.

Norton Confidential
Norton Confidential is a new security product we are working on, and it is unlike anything else in the market. When something so different is released, it’s bound to create excitement, and to prompt some questions like: what does it do? Why do I need it?

Viruses, phishing... they happen to me too.
In the last few weeks I have received several instant messages linking to phishing sites. I find myself really disturbed when security threats find their way to one of my computers, or when they happen to someone I know.

Norton Internet Security 2007 beta
Many of our loyal Norton users are beginning to ask what new things we have been working on, and what will be coming out with this year’s product refreshes. A beta version for Norton Internet Security 2007 was posted last week (check it out here:

Beware of Vishing Attacks
In May of this year, our response organization

Online transaction security - protecting your personal information
As online threats change, you need to continue to evaluate your security protection. Online transactions are identity thieves’ sweet spots - is your security software designed to protect you specifically from the new type of threats like phishing and keystroke logging that are designed to steal your passwords, account numbers and other personal information? I have some tips for those of you banking and shopping online as to how to take more responsibility for your own security.

The importance of Network Intrusion Prevention technology
Intrusion Prevention Technology is a critical component of a comprehensive desktop security solution. This blog entry discusses the main benefits behind Network Intrusion Prevention Systems (NIPS), how they complement other security technologies and the importance of their role in defending a system against common attack vectors in today’s security threats.

Follow Me to Safety Town
Here at Symantec, we’ve been experimenting with new ways to capture people’s attention – and warn them about some of the dangers of going online without proper security precautions. Here’s one of our most recent experiments.

Suite Security
Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. They can also be more secure. Let's examine how.

Are all desktop security products created equal, or are they getting harder to test?
It has become increasingly difficult to test the latest security products which use behavior-based systems to protect against today’s real-world threats. Traditionally, security product testing is done by running the product against a set of threats (files), and seeing how many of them are discovered.

Online Identity Theft & Fraud - A Growth Business...continued
Last time I discussed the rise in ID theft and online criminal activity. This week, I’d like to touch on how consumers and companies need to deal with emerging threats, like phishing, pharming, and key loggers.

Welcome to the Norton Protection Blog
Our goal with this blog is to generate an interactive dialog between Symantec and you – our customers, our partners, members of the media, analysts, security experts, and anyone else interested in the issues, technologies, and trends surrounding consumer security and protecting consumers when they go online.

Online Identity Theft & Fraud - A Growth Business
Identity theft continues to rise with reports indicating the vast majority of identity theft takes place offline – I’m not so sure I believe that. Fraud associated with identity theft is often unreported and not prosecuted, and it’s difficult to pinpoint the method by which personal data was stolen. The more technologically challenging the case, the less likely it is the victim will understand how their identity was originally compromised.

They Said It Couldn’t Be Done – A Silent Outbound Firewall and Usable Security
A silent outbound firewall has been made possible by recent innovations at Symantec in the field of Usable Security. While many industry experts believe that you cannot have both security and ease of use, Symantec engineers have applied a unique combination of technologies to provide strong security that is easy to use.

The Rest of the Iceberg
In the consumer security industry, we tend to focus a great deal on the “client software” –Norton Internet Security or some other security software that runs on a user’s PC. While this software is vitally important to effectively protecting people online, it’s really just the “tip of the iceberg” of what’s required to provide comprehensive, effective protection.

What Are the Most Overrated Security Technologies?
Which security technologies are IT shops putting too much faith in? Some readers weigh in.

Internet Hit By Wave of Ransom Malware
Criminals re-used an attack from 2008 to hit the Internet with a huge wave of ransomware in recent weeks, a security company has reported.

Cisco Develops VPN Client for PCs, Smartphones
Cisco Systems will soon release a VPN client for smartphones and PCs aimed at enterprise administrators who want to provide secure access to their networks and ward off malicious software.

Free VirusTotal Uploader Links to 40 Antivirus Programs
The VirusTotal.com Web site offers a free but invaluable security service. It will scan any Web download, e-mail attachment or other file you send it with 40-odd different antivirus scanners to let you know whether it's safe for your computer. The free VirusTotal Uploader utility makes sending a file to the site a breeze by adding a new right-click option for any file.

Old Security Flaws Still a Major Cause of Breaches, Says Report
An over-emphasis on tackling new and emerging security threats may be causing companies to overlook older but far more frequently exploited vulnerabilities, says a recent report.

Virus Comes Back From Dead to Hit Hard Drives
A ‘prank' worm that started as an attack targeted at an off-road Slovakian motorcycle club has escaped beyond its intended victims and started wrecking hard disks as far away as the U.S.

Stop 11 Hidden Security Threats
Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.

Security Manager's Journal: Conficker Worm Keeps on Coming
Many people are worried about H1N1 this flu season, but I'm more concerned about a different kind of virus right now. My company is dealing with an outbreak of the Conficker worm, which uses some fairly sophisticated techniques to evade detection and removal. Meanwhile, some cleverly designed spam is getting past our filters as well. Both of these problems are examples of evolving network threats that present some challenges to the security team.

Improving Network Access Security for Unmanaged Devices
Unmanaged devices such as smartphones and guest users' laptops can be a real problem on any network. Experts from Avenda Systems provide best practice tips on how to balance network access security with the need for productivity.

Adobe Will Be Top Target for Hackers in 2010, Report Says
Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week.

Smartphone Attacks, Rogue Antivirus, Cloud Breaches Top 2010 Security Concerns
There has never been a year in which security threats diminished, so expect more hacks, exploits and scams in 2010, researchers warn.

Security Heavyweights Predict 2010 Threats
Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Plus, Info-Tech on security trends.

Adobe Reader Zero-Day Exploit: Protecting Your PC
Reports that a zero-day vulnerability in Adobe Acrobat and Adobe Reader is being exploited in the wild have been confirmed by Adobe in a blog post. Adobe is exploring the issue to determine how to patch it, but you're on your own in the meantime.

No Regrets From Aussie IPhone Virus Creator
The Australian programmer who claims to have created the world’s first Apple iPhone virus as a prank, has told Computerworld he does not regret writing it.

First IPhone Worm Spreads Rick Astley Wallpaper
The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.

Trusteer rolls out malware forensic tool for banks
Security vendor Trusteer's latest product will allow banks to remotely investigate their customers' computers if it is suspected the PC has been hacked.

Apple plugs 16 holes in Safari as Pwn2Own looms
Apple patched 16 bugs in its Safari browser, 12 of them critical, just two weeks before it faces off against rival technologies at the 2010 Pwn2Own hacking challenge.

IE zero-day exploit code goes public
An Israeli researcher has published exploit code for an Internet Explorer zero-day vulnerability that Microsoft had just disclosed on Tuesday.

Pennsylvania fires CISO over RSA talk
Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealths online driving exam scheduling system.

Hackers love to exploit PDF bugs, says researcher
Hackers adore Adobe Reader, and have pushed it into first place as the software most often exploited in targeted attacks, F-Secure said today.

Hackers exploit latest IE zero-day with drive-by attacks
Hackers are exploiting a just-disclosed unpatched bug in Internet Explorer to launch drive-by attacks from malicious Web sites, security researchers said today.

More Viruses News
View more Viruses news and analysis from Computerworld.com

New Malware Scams: Balloon Boy, Windows 7
Latching on to major headlines tend to be widely used techniques for hackers hoping to spread malware.

Spammers Target Auto Industry
A mere ten percent of the email received by auto industry and its staffers is legitimate.

Electronic Health Records: Privacy Issues Remain
Converting paper records to a digital format creates its own issues, even as it makes the health system more efficient.

Mcafee Unveils Email App as Cloud Hybrid
The security software firm is offering its new email security solution as a cloud or on-premise app, or a hybrid of both.

Windows and Online Banking: A Dangerous Mix
This security expert uses Windows for most functions, yet feels it’s not safe enough for the average user to trust for online banking.

McAfee Launches Mac Endpoint Protection
The software includes antivirus and antispyware protection as well as a system firewall.

Microsoft MMC How To: Hardening Desktops for Improved Security
A free-for-all user desktop environment is a recipe for malware infections, data leaks, or worse. Learn how to take control of your end-user systems with Microsoft MMC and Active Directory.

Ten Back to School Security Tips for Administrators
Soon students and faculty will put many schools' IT departments to the test. Schools (and businesses, too) can take steps to keep their users and their data safe.

Verisign Aims to Deflate 'Pump and Dump' Scams
A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy.

Bandwidth Alert: Brace Yourself for the Beijing Olympics
Enterprises would do well to consider the strain their Internet access will take during the Games -- not to mention increased malware attacks.

Security Basics: A Strong Password is the Key
Protecting your data and your identity starts with a strong password. Here's what you need to know to make your computer life safer and more secure.