IT Security Jobs & Careers

Preparing for Cyberattacks
Reader Comments

James Lewis at the Center for Strategic and International Studies says cyberattacks are a cause for concern; expert Marcus Ranum argues that we should focus our security efforts elsewhere. Your feedback

Documents Reveal Al Qaeda Cyberattacks
Alex Kingsbury

Buried inside hundreds of pages of heavily redacted court documents from the case of a man accused of being one of al Qaeda's chief recruiters, is evidence that the terrorist group has launched successful cyberattacks, including one against government computers in Israel. This was the first public confirmation that the terrorist group has mounted an offensive cyberattack.

To Protect U.S. Against Cyberwar: Best Defense Is a Good Offense
James Lewis

We have at least two opponents with the ability to launch damaging cyberattacks against the United States -- Russia and China. They have probably done the reconnaissance and planning necessary for these attacks, probing American networks for vulnerabilities. But they have not launched them. Why not?

Cyberwar Rhetoric Scarier Than Threat of Foreign Attack
Marcus Ranum

Suddenly, the steady drumbeat of computer network security has been pushed to center stage, and now our government is talking about cyberwar and pointing a finger at China. Unless you've been asleep for a decade, you ought to be worried when our government starts using the rhetoric of warfare -- especially vocabulary like pre-emptive and deterrence. Why the sudden change?

Internet e-Mail Scams Target Job Seekers
Kathy Kristof

The e-mail said it came from CareerBuilder and offered a job opportunity as a 'trading assistant.' Just one hitch: It wasn't an e-mail from CareerBuilder.com and it was not a job. It was part of a cynical scam that's becoming widespread. This scam is just part of an evolving cacophony of employment frauds that prey on the millions of Americans who are out of work.

U.S. is Striking Back in the Global Cyberwar
Alex Kingsbury and Anna Mulrine

The two-day 'Cyberdawn' exercise, one of the country's premier electronic war games. It is run with the help of volunteers by the private firm White Wolf Security, which also arranges closed war games for some federal agencies. The chance to test their cyberskills has attracted groups from private companies as well as the U.S. military

Securing the Information Highway
Wesley K. Clark and Peter L. Levin

The Obama administration recognizes that the United States is utterly dependent on Internet-based systems and that its information assets are precariously exposed. Accordingly, it has made electronic network security a crucial defense priority. But that is only the tip of the iceberg.

Government Recruits Geeks to Blunt Cybersecurity Threats
Joshua Kucera

The potential threats against the United States from malicious foreign hackers are as poorly understood as they are scary. It's the kind of shadowy, nonstate threat that the U.S. defense and intelligence bureaucracies are traditionally ill equipped to fight, but a new initiative announced last week aims to try.

Cyberwar Is the New Atomic Age
Mike McConnell Interview

A level of vulnerability has been introduced into our way of life that is unprecedented. We now have a smaller connected globe where information can be moved in seconds, where information managed by computer networks -- which runs our utilities, our transportation, our banking and communications -- can be exploited or attacked in seconds from a remote location overseas

Secrets to Saving Your Laptop and Data
David LaGesse

Consumers now buy more laptops than desktop PCs, relishing the power they pack in a portable package. Thieves relish laptops for the same reason. The overwhelming majority of lost or stolen notebooks don't make it back to their owners, according to FBI and analyst reports. But a few laptop-luggers take steps to protect their investments, or the even-more precious data they contain.

Black Hat shines light on security (roundup)
Las Vegas is the setting this week for two of the most popular annual security events. First comes Black Hat for the professional crowd, followed by the more antic Defcon gathering.

Can your mobile calls be intercepted? This tool can tell
Airprobe software, combined with hardware and crypto cracker tool allows people to test the snoop-factor of their GSM phones, and even intercept calls of others.

U.S. military cyberwar: What's off-limits?
Ex-NSA and CIA head tells Black Hat crowd that rules for when military can attack foreign networks might exempt power grids and financial networks.

Searchable Facebook user data posted to Pirate Bay
The names and Facebook profile Web addresses for 171 million accounts are scraped from the site and posted on file-sharing site Pirate Bay.

Expert: Critical system flaws a 'ticking time bomb'
Combining legacy SCADA systems that have their own weaknesses with Internet technologies is a dangerous mix for protecting systems that provide energy, water and other basic needs, Black Hat presenter says.

Security researcher demonstrates ATM hacking
IOActive's Barnaby Jack reveals at Black Hat how he found ways to remotely log into ATMs without a password and force them to spit out cash.

DHS tries to defuse privacy criticism, asks for help
At Black Hat, Homeland Security's second in command receives mixed response when trying to downplay privacy concerns, asks attendees for help.

Adobe to follow Microsoft plan of sharing security info
The company will begin sharing vulnerability information early with security vendors just as Microsoft does. Plus: a new toolkit from Redmond.

U.K.: Privacy abuse unlikely in Google Street View flap
Information Commissioner's Office finds no "meaningful personal details" in the data collected in the Street View snapshots of Wi-Fi networks.

Check counterfeiting using botnets and money mules
SecureWorks uncovers bizarre criminal operation that uses digital techniques to aid in old-school check counterfeiting.

FBI Rings Organizers Over Defcon Contest
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves.

Black Hat Gets Its Video Feed Hacked
A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.

U.S. Should Seek World Cooperation on Cyber Conflict, Says Ex-CIA Director
The U.S. needs to consider working with other leading nations to develop rules of engagement in cyberspace, retired general and former director of the CIA Michael Hayden said during a keynote address at the Black Hat conference here on Thursday.

'Unhackable' Android Can Be Hacked
LAS VEGAS -- Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010.

Verizon: Data Breaches Often Caused By Configuration Errors
Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

Microsoft's Bug Reports Fail to Produce Prompt Patches
The Microsoft Vulnerability Research program said Wednesday that third party developers have patched less than half the bugs it reported to them over the past 12 months.

Security Firm Sourcefire Gaining Financial Strength
Sourcefire, a 10-year-old firm specializing in intrusion detection and prevention, Thursday announced increased year-over-year second quarter revenue and earnings and predicted an even better third quarter.

Trusteer Service Eradicates Malware on Banking Customer PCs
Trusteer is taking its online banking security services a step further and will start removing malware that it finds trying to interfere with bank customers' financial transactions.

Important Lessons From the Black Hat ATM Hack
A security researcher named Barnaby Jack amazed attendees at the Black Hat security conference by hacking ATM machines in a session titled "Jackpotting Automated Teller Machines Redux". There are some important lessons to be learned from the hacks Jack demonstrated, and they apply to more than just ATM machines.

Malware Openly Available in China, Researchers Say
Researchers at the Black Hat conference this week said that China is becoming a hotspot for hacking activities at least partly de to easy access to malware tools.

Sleazy Marketers Game Google's Sponsored Ads
Companies that deal in shady free gift card offers have managed to game Google's sponsored search results so they can pass themselves off as representing the official sites of such huge brands as Walmart, Best Buy, McDonald's and Hooters, among others, PCWorld has found.

ATM Hack Gives Cash on Demand
Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.

ATM Hack Gives Cash on Demand
Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.

Security Suites: Big Protection, Little Fuss
Just a few short years ago, all a PC needed for protection was a basic antivirus program to guard against any malware that arrived via an e-mail attachment, embedded in a shareware application or piggy-backed on a floppy disk.

Apple Patches Safari Ahead of Black Hat Talk, Launches Add-on Gallery
Barely 24 hours before a researcher was set to dive deeper into a Safari bug at the Black Hat security conference, Apple today fixed that flaw and 14 others.

FBI sought data on Defcon 'social engineering' contest
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves.

Black Hat gets its video feed hacked
A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.

U.S. should seek world cooperation on cyber conflict, says ex-CIA director
The U.S. needs to consider working with other leading nations to develop rules of engagement in cyberspace, retired general and former director of the CIA Michael Hayden said during a keynote address at the Black Hat conference here on Thursday.

'Unhackable' Android can be hacked, Black Hat researchers say
Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010.

Former PA CISO: Cybersecurity bill won't work
The Lieberman, Collins, Carper cybersecurity bill would do nothing but slow down real progress and undercut Howard Schmidt's authority, former State of Pennsylvania CISO Robert Maley warns.

Verizon: Data breaches often caused by configuration errors
Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

More Security News
View more Security news and analysis from Computerworld.com

Virtual Desktop Deployment Healthcare Case Study: Seton Family of Hospitals
The Seton Family of Hospitals, the largest healthcare provider in Central Texas, approached Sychron about its interest in designing and deploying a highly scalable, server-based, virtual desktop system. Read this case study to learn more. Published by: Sychron, Inc.

eGuide: Top 5 Ways a Virtual Desktop Infrastructure Can Improve Enterprise Security
This expert e-guide from SearchVirtualDesktop.com details the top ways VDI can enhance security for your enterprise. Get the maximum return on your virtual desktop investment with these security tips and best practices. Plus get insight into security pitfalls to avoid. Published by: Western Blue, an NWN Company

8 Essentials of Business Analytics
Leading banks use business analytics to predict and prevent credit fraud, saving millions. Retailers use business analytics to predict the best location for stores and how to stock them. But these advanced business applications tell only part of the story. What's going on inside these market-leading companies that sets them apart? Published by: SAS Institute Inc.

Countdown: Top Five Ways to Improve Log Management Maturity Models
In this podcast, Diana Kelley, Partner at consulting firm SecurityCurve, discusses the top five ways that enterprise organizations can improve their log management maturity models. Published by: Novell Inc.

Log Management Strategies that Work
In this video presentation, Diana Kelley of consultancy SecurityCurve gives expert advice on how to tune log management tools and policies so they pick up on only the necessary events. Published by: Novell Inc.

The Malware Report: Can Microsoft Minimize the Damage from Identity Theft?
Matt Grant talks with Randy Abrams about a new internet fraud alert from Microsoft. Unfortunately, fraud alerts are always around. In this podcast, Randy dishes out some advice on how to stay safe with your account information online. Published by: ESET

The Malware Report: Stuxnet Worm Attacks Without Clicking on a Link
Matt Grant talks with Randy Abrams about the Stuxnet Worm attacks. Unfortunately, worms are attacking Stata Systems in power plants to removable devices. In this podcast, Randy dishes out some advice on how to prevent getting a worm attack. Published by: ESET

The Malware Report: Microsoft Windows 7 Vulnerability May Lead to Crash or Computer Takeover
Matt Grant talks with Randy Abrams about Microsoft Windows 7 vulnerability. Unfortunately, there’s always going to be vulnerabilities with software. In this podcast, Randy dishes out some advice on how to prevent getting a quick fix until there’s a patch. Published by: ESET

Community Medical Centers: Improving patient care and compliance with IBM Tivoli Access Manager for Enterprise Single Sign-On
Community Medical Centers was able to improve quality of care and employee productivity, while strengthening security for all of their applications and addressing HIPAA compliance by implementing IBM Tivoli Access Manager for Enterprise Single Sign-On. Check out this video to learn more. Published by: IBM

Achieve Both PCI Compliance and Web Security
Watch this webcast to learn how to protect your organization from the surreptitious software and malware that allows criminals into the heart of the system enabling them to steal data. Published by: Akamai Technologies

Case Study: Hospital I.T. Infrastructure
Building a brand new, state-of-the-art medical campus from the ground up requires an I.T. infrastructure capable of supporting newer, more advanced healthcare applications and the massive volumes of digital data generated by these systems. Read this white paper to learn how CDW Healthcare helped a Michigan medical campus to accomplish their goals. Published by: CDW Healthcare

Assessing the Value of Virtual Infrastructures to Business Continuity
This IDC white paper examines the challenges companies face when trying to ensure business continuity and disaster recovery for their business applications. In an effort to help businesses address the need to have continuous operations, HP and VMware have brought solutions to market which enable organizations to achieve their desired results. Published by: Hewlett-Packard Limited

The Case for NSF - How Archiving in NSF Format Preserves Data Integrity
The need for archiving electronic records, including electronic mail [email] continues to grow. Large volumes of electronic records, including email, increased storage limitations, government regulations and legal implications have made the need to archive information a critical business issue. Is there a preferred storage format? Published by: Sherpa Software

Protection Starts with Security Management Solutions from Novell
Enterprises are under constant attack from internal and external threats. Repelling today’s threats requires a new approach to security—an approach that emphasizes centralized log management and security event management. Novell makes it simple to get on the path to better security with our Security Management solutions. Published by: Novell Inc.

Data Availability for Today’s Business: How to Improve Backup and Archive Data Availability with NEO® 8000e
Access this paper for an in-depth look at the many advantages Overland’s NEO 8000e offers to help protect and recover your company’s data. Published by: Overland Storage

Sentinel Log Manager Review
This paper is a review of the stand-alone Sentinel Log Manager and how it stands up to keyconcerns that survey respondents raised about log managers, including collection, storage andsearching/reporting capabilities. Published by: Novell Inc.

Security Guidance for Critical Areas of Focus in Cloud Computing
This paper, written by the Cloud Security Alliance, provides a simple framework to help evaluate initial cloud risks and inform security decisions. Published by: 3PAR

Presentation Transcript: Effective and Secure User Account Provisioning
Effective provisioning means not only working with an identity and access management provider and its product, but it is also about business process, effective communication and phased implementation. Published by: Hitachi ID Systems, Inc.

Impact Brief: How to Get Started with Enterprise Risk Management
To implement a strategic, efficient and sustainable governance, risk and compliance (GRC) program, organizations need integrated technologies, expert resources and a unified view into business processes across IT, Finance, Operations and Legal domains. Published by: RSA, The Security Division of EMC

Compliance Driven Security
Complying with the PCI DSS is a requirement for any organisation that processes, transmits or stores credit card data. Read this white paper to learn about existing threats, how to effectively implement PCI compliance and the business benefits you'll achieve from it. Published by: SecureWorks

Novell Sentinel Log Manager 1.1 Appliance Demo (32 Bit)
To simplify compliance with PCI-DSS, Sarbanes-Oxley and other regulations, Novell® Sentinel™ LogManager enables you to collect, store, analyze and manage data logs from all across your enterprise.  Published by: Novell Inc.

Understanding and Simplifying Sharepoint 2007 Permissions Management
Authentication to a SharePoint environment is the process in which a company’s IT architecture approves a user’s credentials. To fully understand the spectrum involved with managing permissions in a SharePoint environment, you need to know the components involved with permissions and how they work with one another. Published by: Idera

E-Guide: Expert guide to server virtualization
This expert e-guide on virtual security reveals four key points you must keep in mind to ease security integration as your virtualization project comes together. In addition, Gartner explains the six most common server virtualization security risks, along with advice on how to address each issue. Published by: CA

3 Ways to Reduce Power Consumption Costs
When power management is not centralized nor built into your overall IT operational processes, it can often impede system maintenance, patching and vulnerability scans. That’s why organizations must carefully consider their tools, strategies and policies around power management if they’re seeking to go green. Published by: Proofpoint, Inc.

Opportunity Versus Risk: What is the Right Balance When Adopting Virtualization
Join Neil MacDonald, Vice President and Research Fellow at Gartner, Inc., as he looks at the opportunities and risks – both for security and service – in adopting virtualization. Then, Gijo Mathew, VP of Security Management at CA, reveals how effective management approaches can provide a catalyst to achieving IT’s business and strategic goals. Published by: CA

Identity as Security Glue for the Cloud
Join Matthew Gardiner, Director of Security Management at CA, for this webcast, in which he provides a framework for thinking about identity and how it relates to both the different modes in the cloud as well as the consumption and use of the cloud. Published by: CA

E-Guide: Building a Strong Case for Deduplication
Read this e-guide for tips on implementing data deduplication, one of the hottest technologies in data backup and primary storage. Learn all about the advantages and disadvantages of data deduplication as well as the key dos and don’ts of implementing this technology. Published by: Quantum Corporation

10 Ways Malicious Code Reaches Your Private Network
As of 2010, there are nearly three million unique forms of known malicious code, and thousands of new ones are discovered daily. The risk of being infected is greater than ever. The following are 10 common ways malicious code reach your private network that you need to be aware of. Published by: Global Knowledge

Employee-owned Smartphones: Seize the Opportunity
With the increasing demand for employees to use personal smartphones for work-related duties, IT management must take a leadership role in setting up mobile strategies, new policies, and a fresh approach to allowing smartphones access to corporate resources. Continue reading to learn more. Published by: BlackBerry

Security
Every day your network–and the confidential data it contains– is under siege. Let CDW's security experts help fortify your defense. Published by: CDW Corporation

Business Continuity
The power fails. A virus is unleashed. How does your business continuity plan stack up? Learn how to keep critical operations functioning in any emergency. Published by: CDW Corporation

PODCAST: Replicate Smarter with EMC Data Domain Deduplication Storage Systems
Join EMC backup and recovery systems division to learn about their new solutions including Data Domain deduplication storage systems, dedupe for fastest time-to-DR readiness and more. Published by: EMC

Replicate Smarter with EMC Data Domain Deduplication Storage Systems
Join EMC backup and recovery systems division to learn about their new solutions including Data Domain deduplication storage systems, dedupe for fastest time-to-DR readiness and more. Published by: EMC

Hardware and Software Authentication: Choosing the Right Approach
This paper compares the strengths and weaknesses of hardware and software-based authentication approaches, and offers five key considerations for evaluating which approach is right for the specific needs of your organization. Published by: SafeNet, Inc.

SMS Authentication: 10 Things to Know - Before You Buy
SMS authentication can present a host of benefits to organizations looking to improve security while maximizing the productivity of end users and administrative staff. In choosing any authentication solution, organizations will be well served by taking many key considerations into account. Read this paper to learn more! Published by: SafeNet, Inc.

Industry Analyst Reports - Getting in Front of IT Compliance and Risk Management
Read this Forrester Consulting analyst report to find out about the trends in managing IT compliance and risk. This report discusses the result of an evaluation conducted by Forrester for CA. Published by: CA

IDC White Paper – Identity and Access Management for Approaching Clouds
Cloud computing is in the process of changing the enterprise IT landscape. Read this paper to learn about the security issues of the cloud and how to improve its security and visibility. Published by: CA

Identity and Access Management: You Have to Be Compliant, You Want Security and Efficiency. Why Not Get it All?
Learn how to not only meet your compliance challenges, but improve security and operational efficiency. In this business brief by Quest Software, discover how to extend the power of Active Directory and Windows Group policy, and make it easy to achieve and prove compliance. Published by: Quest Software

E-Guide: A Guide to Securing Data in the Cloud and Meeting Cloud Compliance Regulations
This e-guide evaluates the current loop holes within the public cloud landscape, and lists questions to ask before moving forward with the process. Learn how the importance of where your data resides plays a large role in compliance and data protection. Published by: CA

eBook: Chapter 2 - Disaster Recovery is Not High Availability
The first chapter clarified that disaster recovery is not the same as high availability. It isnow time to consider disaster recovery in its own right and discover what is meant by thatterm. In order to cover the topic properly, let’s consider what is meant by disaster. Published by: Marathon Technologies

Video: Equip iPhone for Enterprise Productivity. Watch Now!
The iPhone's popularity has generated high demand for enterprise use. But before adoption takes place, IT departments must solve specific security and management issues to maintain control and ensure compliance. Watch this video to learn how Sybase can help integrate the iPhone into your enterprise. Published by: Sybase, Inc.

Identity Finder Enterprise Suite 4.5
Identity Finder accurately finds and allows remediation of sensitive data across desktops, laptops, servers, databases, and websites. This can be performed agent or agentlessly with full dynamic policy and reporting capability. Published by: Identity Finder, LLC

Free Trial: Fluke Networks Protocol Analyzer
Fluke Networks ClearSight Analyzer is an application-centric packet analysis and troubleshooting analyzer that helps you quickly and easily get to root cause of application performance issues. No need to be a packet decode expert. Download free 14-day trial now. Published by: Fluke Networks

Video: Understanding Security Challenges with Cloud Computing Adoption
This webcast focuses on why cloud security is so challenging, highlighting areas of cloud security which IBM has been exploring in the enablement of our customers in cloud computing. Published by: IBM

Resource Center: Reduce Risks and Protect Critical Information with Ease
With stealthier cyber threats always emerging, anti-virus only solutions are not enough to protect your organization from risk. The content in this resource center features a simple, affordable security and backup solution that offers superior performance and ease of management to protect your business from today's most dangerous threats. Published by: Symantec Corporation

7 Questions You Should Ask Before Deploying Deduplication - Considerations for the Midrange Data Center
This white paper discusses important questions for IT managers to ask as they consider deploying deduplication in a midrange data center. Published by: Quantum Corporation

Quantum DXi Deduplication Appliance Makes Backup and Recovery an Easy Case
When Baker & McKenzie’s tape-based data protection strategy reached its limits, they decided to switch to a centralized backup solution with a DXi deduplication appliance as the foundation. Read this case study to learn why Baker & McKenzie decided to go with Quantum’s solution to handle their backup and recovery needs. Published by: Quantum Corporation

Managing the Tidal Wave of Data Tivoli Storage Management
This white paper describes how IBM Tivoli storage management solutions can help organizations build dynamic storage infrastructures that scale to meet evolving business requirements by addressing unified recovery management, storage virtualization, and storage management. Published by: IBM

New Data Protection Strategies
As the demands for data capacity and higher service levels grow, protecting corporate data becomes more challenging. Continuous Data Protection, as discussed in this white paper by Evaluator Group and IBM, can cost-effectively improve security with minimal impact to business. Published by: IBM

Storage ISM JAM: How Unified Recovery Management Can Cut Your Costs and Improve Service Levels
Protecting and ensuring recoverability of data across today's diverse and distributed enterprises can be complex and costly, and usually involves deploying point solutions from several vendors. Check out this webcast to learn about a comprehensive approach to managing data. Published by: IBM

MAL_OTORUN2
MAL_OTORUN2

WORM_DOWNAD.AD
WORM_DOWNAD.AD

MAL_DOWNADJ
MAL_DOWNADJ

WORM_DOWNAD
WORM_DOWNAD

CRYP_MANGLED
CRYP_MANGLED

MAL_OTORUN1
MAL_OTORUN1

TROJ_DOWNADJOB.A
TROJ_DOWNADJOB.A

POSSIBLE_HIFRM-5
POSSIBLE_HIFRM-5

CRYP_HILOTI
CRYP_HILOTI

MAL_XED-22
MAL_XED-22

Is It Doing Anything?
Part two in a series about Norton 360’s smart task scheduler. In this entry, product development manager, Collin Davis, introduces a new tool that gives users insight into what this feature of Norton 360 is doing behind the scenes.

Norton 360’s Smart Scheduler
Norton 360’s smart task scheduler doesn’t rely on a fixed schedule – instead it works around yours. Product Development Manager Collin Davis explains how Norton 360 is always looking for times that you’re away from your desk to perform the routine maintenance tasks it needs to keep your PC safe and tuned.

Do you Yahoo?
I do! And if you’re among Yahoo!’s 27 million users*, you probably do too. A few weeks ago, Yahoo! announced its new Beta version of their popular instant messaging software called Yahoo! Messenger 9.0. Symantec worked alongside Yahoo! to bring additional security to instant messaging by enabling security scans of files that are sent via IM.

Passmark Performance Testing
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Tackling Performance Impact with Norton Internet Security and Norton AntiVirus 2008
As most of our users know, over the years, the threat environment has changed drastically. Viruses gave way to worms, then came spyware, phishing, and botnets. In turn, Symantec responded by updating our consumer products each year with new features designed to protect users against these threats.

Detection and Remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.

Stray thoughts on security
With the pending trial of alleged spam mogul Robert Alan Soloway, I thought it might be interesting to look at today's threat landscape to see what consumers today are faced with when they switch on their computers.

Security is a funny thing
Security is a funny thing. Everyone knows they want it and need it. Most people using computers today want security software to be vigilantly on guard, but want it to function in the background as an invisible shield without hindering common tasks.

Organized Crime 2.0
Organized criminals are ramping up their use of the Internet as an attack medium.

Stop Cyberbullying Day
Today has been declared "Stop Cyberbullying Day" by Andy Carvin, Internet activist and founding editor of the Digital Divide Network. Recent threatening posts against well-known computer industry blogger, Kathy Sierra, have raised concerns about the increasingly vicious nature of cyberbullying as well as the growth of activity.

Not all Security Solutions are Created Equal
Protecting consumers from the ever expanding universe of online threats requires focus, commitment and experience. Looks like Microsoft- and sadly, users of their Windows Live OneCare software – are finding this out the hard way.

The Envelope Please...

Norton360 Ships!
I’m very pleased to announce the availability of Norton 360 on XP and Vista. Norton 360 is the new flagship product for the consumer team at Symantec, and it spans five key areas of functionality:

New Norton Identity Client Unveiled at DEMO '07
The new Norton Identity Client (NIC) was unveiled this week at

SONAR: Symantec Online Network for Advanced Response and PeaComm
On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat, let’s examine how:

Norton 360 Blog #5
Welcome back from the holidays! I hope everyone’s now had a chance to get more comfortable with the latest Beta build of Norton 360 to support Vista 6000.

Norton 360 Design Philosophy: User Experience and Performance
I’m very pleased to announce the availability of Norton 360 on Vista. I know many of you have been asking about Vista support, so the Norton 360 team is anxious to get your feedback on what you like and what we can improve.

Norton 360 Design Philosophy: Right Balance of Functionality
Hello All, I’m continuing our blog about the design philosophy behind Norton 360.

Norton 360 Blog #2: Design Philosophy Blog: Automation
Hello and welcome again to the Norton 360 blog. I want to share with you our thinking in the design of this product and expand a bit more about our design philosophy.

Spammers hit blogs...
An interesting new trend and vector for spammers.

Norton 360 Blog #1: Welcome Blog
It is my pleasure to say "Welcome!" to the Norton 360 blog community.

The Illusion of Control, Part 3
In two previous posts I’ve talked about why firewalls fail as outbound control mechanisms due to what amounts to lack of visibility into the traffic they are passing.

The Illusion of Control, Part 2
Previously I made the claim that firewalls fail as outbound control mechanisms because they depend on port bindings for protocol identification and because they make the assumption that they can do content inspection. Let’s explore that a little deeper now.

The Illusion of Control
A key aspect of security is control. In recent years, security and network administrators have spent a great deal of time and money attempting to control their networks for the sake of security.

Criminal ingenuity - online identity theft hits brokerages
Criminals are now targeting brokerage accounts to commit identity fraud against consumers. Consumers need to learn how to transact safely online, both by being more cautious and skeptical as well as utilizing new technology that is now available.

Security 2.0 and Identity
Last week we made some announcements about our "Security 2.0" initiative and talked in some detail about the various products and services. One topic that got some attention was identity. I thought I might write a little about digital identity and why we see it as so important.

Upgrading to Norton 2007 products
Upgrading to Norton 2007 products

Where to download Norton Internet Security Add-on Pack
Where to download Norton Internet Security Add-on Pack

FREE NIS Add-on pack available
FREE NIS Add-on pack available

Norton Internet Security Add-on pack
Norton Internet Security Add-on Pack

Threat Landscape
One of the things Symantec has an extremely good viewpoint into is the evolution of the threat landscape on the Internet.

New 2007 releases – Light and Tight!... continued
Norton Internet Security Add-on Pack

Hardware and Software Firewalls – which one should I use?
Home networking equipment often includes a hardware firewall. Norton Internet Security also includes a software firewall. Find out what makes each type of firewall different and what to use for the absolute best protection.

New 2007 releases – Light and Tight!
I am pleased to let you know that we have just shipped Norton Internet Security 2007 and Norton AntiVirus 2007. These releases were the result of the combined efforts of hundreds of Symantec employees, and I am personally very proud to have been a member of this team.

Norton Confidential
Norton Confidential is a new security product we are working on, and it is unlike anything else in the market. When something so different is released, it’s bound to create excitement, and to prompt some questions like: what does it do? Why do I need it?

Viruses, phishing... they happen to me too.
In the last few weeks I have received several instant messages linking to phishing sites. I find myself really disturbed when security threats find their way to one of my computers, or when they happen to someone I know.

Norton Internet Security 2007 beta
Many of our loyal Norton users are beginning to ask what new things we have been working on, and what will be coming out with this year’s product refreshes. A beta version for Norton Internet Security 2007 was posted last week (check it out here:

Beware of Vishing Attacks
In May of this year, our response organization

Online transaction security - protecting your personal information
As online threats change, you need to continue to evaluate your security protection. Online transactions are identity thieves’ sweet spots - is your security software designed to protect you specifically from the new type of threats like phishing and keystroke logging that are designed to steal your passwords, account numbers and other personal information? I have some tips for those of you banking and shopping online as to how to take more responsibility for your own security.

The importance of Network Intrusion Prevention technology
Intrusion Prevention Technology is a critical component of a comprehensive desktop security solution. This blog entry discusses the main benefits behind Network Intrusion Prevention Systems (NIPS), how they complement other security technologies and the importance of their role in defending a system against common attack vectors in today’s security threats.

Follow Me to Safety Town
Here at Symantec, we’ve been experimenting with new ways to capture people’s attention – and warn them about some of the dangers of going online without proper security precautions. Here’s one of our most recent experiments.

Suite Security
Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. They can also be more secure. Let's examine how.

Are all desktop security products created equal, or are they getting harder to test?
It has become increasingly difficult to test the latest security products which use behavior-based systems to protect against today’s real-world threats. Traditionally, security product testing is done by running the product against a set of threats (files), and seeing how many of them are discovered.

Online Identity Theft & Fraud - A Growth Business...continued
Last time I discussed the rise in ID theft and online criminal activity. This week, I’d like to touch on how consumers and companies need to deal with emerging threats, like phishing, pharming, and key loggers.

Welcome to the Norton Protection Blog
Our goal with this blog is to generate an interactive dialog between Symantec and you – our customers, our partners, members of the media, analysts, security experts, and anyone else interested in the issues, technologies, and trends surrounding consumer security and protecting consumers when they go online.

Online Identity Theft & Fraud - A Growth Business
Identity theft continues to rise with reports indicating the vast majority of identity theft takes place offline – I’m not so sure I believe that. Fraud associated with identity theft is often unreported and not prosecuted, and it’s difficult to pinpoint the method by which personal data was stolen. The more technologically challenging the case, the less likely it is the victim will understand how their identity was originally compromised.

They Said It Couldn’t Be Done – A Silent Outbound Firewall and Usable Security
A silent outbound firewall has been made possible by recent innovations at Symantec in the field of Usable Security. While many industry experts believe that you cannot have both security and ease of use, Symantec engineers have applied a unique combination of technologies to provide strong security that is easy to use.

The Rest of the Iceberg
In the consumer security industry, we tend to focus a great deal on the “client software” –Norton Internet Security or some other security software that runs on a user’s PC. While this software is vitally important to effectively protecting people online, it’s really just the “tip of the iceberg” of what’s required to provide comprehensive, effective protection.

Microsoft Expands Intune Beta to 10,000 More Users
Microsoft's hosted desktop management service Intune moves to the second beta stage

Testing Reveals Security Software Often Misses New Malware
New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.

Panda Security Expands Free Cloud Antivirus Protection
Panda Security blazed new trails in PC security when it launched its free cloud-based antivirus protection last year. Now, Panda Security is expanding the protection provided in the free version, and adding a Pro Edition with additional features and capabilities. Panda Cloud Antivirus delivers malware protection that small and medium businesses need, and the price is right.

Facebook Users Warned of Sexy 'Candid Camera Prank' Attack
Security firms are warning Facebook users to beware of what's being called the "Candid Camera Prank" attack recently spotted on Facebook that tries to use the lure of a sexy video of a scantily clad woman on a bicycle to download a video player that's actually Hotbar adware, and maybe worse.

Researchers to Cure Blue Pill Virtualization Attacks
North Carolina State University researchers develop virtualization security software HyperSafe

The LoveBug Worm: Ten Years Later
Ten years ago today, on May 4, 2000, a security team with MessageLabs, a provider of messaging security services, came in to work and discovered the number of viruses its system had intercepted in the last several hours was off the charts.

McAfee Debacle Shows Why Malware Defense Must Evolve
Last week a flawed DAT file from McAfee led to false positives crashing Windows XP systems and leading to a massive cleanup effort. It would be very easy to simply point the finger at McAfee, terminate the employment of a scapegoat security engineer or two, and continue on with the status quo, however the whole incident is an illustration of why the anti-malware industry--not just McAfee--need to embrace the U.S. Marines mantra to improvise, adapt, and overcome.

Recovering From the Flawed McAfee Update
Nothing ruins an IT administrator's day faster than a software update from a security vendor wreaking havoc on the computer systems it is intended to protect. That is exactly the predicament faced by many IT administrators today when a flawed McAfee update rendered Windows XP PC's essentially useless.

McAfee Flub Sets Off Twitter Backlash Storm
After dealing with McAfee’s most recent fix that sabotaged Windows XP PC clients worldwide, users of the anti-virus software to Twitter to vent their rage, creating a public-relations and legal nightmare that will likely continue long after the last machine is patched.

Anti-Virus/Anti-Malware Cheat Sheet
Keeping up with the latest in anti-virus and anti-malware news can be a challenge for even the most diligent IT professional. This Network World “Anti-virus/anti-malware cheat sheet” is designed to give you a leg up on the latest news, trends, analysis and opinion in this most critical of IT subject areas.

Google Upgrades E-Mail Management Hosted Service
Google is adding two features to its Google Message Security, a hosted service for monitoring and managing e-mail systems that filters message content based on pre-established policies and protects against spam, viruses and other threats.

Maximum Security: 2010 Internet Security Suites
The year 2009 was a bad one for PC security: Online attackers created more malware last year than in the previous 20 years combined. Clearly, this means that in the realm of computer security, the rules have changed, and you can no longer rely solely on traditional definition-based antivirus software and firewalls to protect your PC. Instead, to meet this new breed of threats, you need a new breed of security.

Millions in China have No Antivirus Software, Survey Shows
The massive number of Chinese Internet users running no antivirus software increased last year, a survey showed, even though online security risks continued to multiply in the country.

Tech Secrets: 21 Things 'They' Don’T Want You to Know
Yes, the truth is out there. But they don't want you to know about it.

N.Y. Man Sues McAfee Over Antivirus Auto-Renewal Fees
The New York man who sued Symantec two months ago for automatically renewing his subscription to that company's antivirus software has doubled down by suing rival McAfee over the same practice.

Verizon: Data breaches often caused by configuration errors
Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

Microsoft's bug reports fail to produce prompt patches
The Microsoft Vulnerability Research program said Wednesday that third party developers have patched less than half the bugs it reported to them over the past 12 months.

Malware openly available in China, researchers say
Researchers at the Black Hat conference this week said that China is becoming a hotspot for hacking activities at least partly de to easy access to malware tools.

Barnaby Jack hits ATM jackpot at Black Hat
Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.

BitBlaze tool boosts bug-hunting productivity 10-fold
Researchers and developers -- and hackers -- can dramatically slash the time it takes to root out exploitable security vulnerabilities by using an open-source toolkit created at UC Berkeley, noted bug hunter Charlie Miller said today at Black Hat.

Apple patches Safari ahead of Black Hat talk, launches add-on gallery
Barely 24 hours before a researcher was set to dive deeper into a Safari bug at the Black Hat security conference, Apple today fixed that flaw and 14 others.

More Malware and Vulnerabilities News
View more Malware and Vulnerabilities news and analysis from Computerworld.com

New Malware Scams: Balloon Boy, Windows 7
Latching on to major headlines tend to be widely used techniques for hackers hoping to spread malware.

Spammers Target Auto Industry
A mere ten percent of the email received by auto industry and its staffers is legitimate.

Electronic Health Records: Privacy Issues Remain
Converting paper records to a digital format creates its own issues, even as it makes the health system more efficient.

Mcafee Unveils Email App as Cloud Hybrid
The security software firm is offering its new email security solution as a cloud or on-premise app, or a hybrid of both.

Windows and Online Banking: A Dangerous Mix
This security expert uses Windows for most functions, yet feels it’s not safe enough for the average user to trust for online banking.

McAfee Launches Mac Endpoint Protection
The software includes antivirus and antispyware protection as well as a system firewall.

Microsoft MMC How To: Hardening Desktops for Improved Security
A free-for-all user desktop environment is a recipe for malware infections, data leaks, or worse. Learn how to take control of your end-user systems with Microsoft MMC and Active Directory.

Ten Back to School Security Tips for Administrators
Soon students and faculty will put many schools' IT departments to the test. Schools (and businesses, too) can take steps to keep their users and their data safe.

Verisign Aims to Deflate 'Pump and Dump' Scams
A fraud-detection service warns online brokerages when they're about to make a trade that looks fishy.

Bandwidth Alert: Brace Yourself for the Beijing Olympics
Enterprises would do well to consider the strain their Internet access will take during the Games -- not to mention increased malware attacks.

Security Basics: A Strong Password is the Key
Protecting your data and your identity starts with a strong password. Here's what you need to know to make your computer life safer and more secure.