SoftwareManagers.org - security

New-style Zombies

2006-10-31T07:44:12Z

Joris Evers, CNET News.com, reports on the most serious security threat on the Internet, the new-style zombies. Command-and-control centers of hijacked computers (zombies) are moving from Internet Relay Chat (IRC) to new Web-based technologies. Zombies are networked into botnets. These networks are put "to work mounting denial-of-service attacks against online businesses in extortion schemes; hosting faked Web sites used in phishing scams; and relaying spam."
Evers describes the mediums and ongoing efforts to find and block these command centers in his article, Zombies try to blend in with the crowd.
"As new command-and-control mediums emerge, the good guys will adapt their containment and investigatory techniques," says Adam Meyers, a security expert at consulting firm SRA International.

Modern Zombies

2006-10-28T05:22:06Z

I’ve often wondered how effective the annoying spam e-mail marketing has been. Having an e-mail pop up that advertises a strictly male product certainly doesn’t amuse this woman! Where does spam come from? Why has it been so difficult to identify the sources?
In march the modern-day zombies! According to the Glossary on CipherTrust’s website, a zombie is “a computer that has been hijacked, and is being used to send out spam or other malicious attacks." CipherTrust has a ZombieWatch™ where you can observe, in real-time, the last hour’s zombie activity of the three top zombie-infected countries. On the same page you can also see the "origination of the messages and the number of infected machines by country" with their ZombieMeter™.
Companies have been working hard to rid us of spam, virus attacks, worms, hackers and zombies. In 2001 McAfee formed a zombie-killer alliance with Arbor Networks, Asta Networks and Mazu Networks to combat the virus writers and hackers who seem to have pooled resources.
Man does rise to the occasion. Cooperation returns big time benefits. There are many other network and computer security products available that we’d like to hear about.

Laptop Travel Dilemma

2006-08-18T08:14:35Z

"Opinion: New air travel safety concerns have made it more likely that you'll have to send your laptop as checked luggage." In eWEEK.com, August 17, 2006, Wayne Rash gives a solution for protecting a laptop with a lockable hard case in his article The Art of Checking Your Laptop as Luggage.
One comment to this article pointed out that laptops, though physically protected from rough baggage handling, are at greater risk of being stolen when checked as baggage. If it comes to having to check laptops, perhaps putting the protective laptop case into another suite case buried between clothing layers could help.
See Rescue Me! for ways to protect data and find a stolen laptop.

Rescue Me!

2006-08-18T08:18:52Z

How many thousands of laptops have been stolen over the years from airports, cars, hotel rooms, and out the company door? Advances have been made in finding stolen laptops crying for help.
In John Edwards’ article on CFO.com, Help! I'm Your Laptop and I've Been Stolen, solutions are presented for finding stolen laptops, protecting and destroying sensitive data that may be on those laptops when they are logged on to the Internet.
Absolute Software’s CompuTrace has had an 80% success rate for recovering laptops that have been reported as stolen. Beachhead Solutions can destroy residing data. Encryption has matured to protect data. Cited leading software are PGP Whole Disk, open-source TrueCrypt and BitLocker Drive, Micrsoft’s addition to its forth coming operating system.
Stolen laptops also provide an avenue for software piracy.

Windows Genuine Advantage - Is it Spyware or Something Else?

2006-07-06T05:01:13Z

Brian Livingston published this column recently:
--------- Included Stuff Follows ----------------
Dump Windows Update, use alternatives
By Brian Livingston
The Internet interprets Microsoft as damage and routes around
it.
My apologies to John Gilmore for tweaking his famous 1993
quote about censorship. But the above statement just happens
to sum up the alternatives Windows users are adopting ever
since Microsoft's "Windows Genuine Advantage" (WGA) debacle.
It was only a few weeks ago when the Redmond software giant
started quietly auto-installing WGA to Windows machines in the
U.S., U.K., and a few other countries. The code, which
qualifies as spyware under any objective definition, was
programmed to contact Microsoft's servers every 24 hours. Now,
after hearing from plenty of outraged customers, the company
back-pedaled on June 27, saying it would release a version
that calls home less often.
That's not really a solution, as I'll explain below. Since
that's the case, the entire affair has given enormous momentum
to third-party products that render Microsoft's Windows Update

IT Security Harmonisation

2005-03-30T07:28:27Z

In looking for a standard metadata format and taxonomy to describe commercial software products/applications I found a research report published by the Information Systems Audit and Control Association. A brief excerpt from their sample of a research report Information Security Harmonisation: Classification of Global Guidance available on their home page states:

Are There Spys In Your Computer?

2005-01-23T09:45:55Z

Spyware is a pain and security risk to computer users. WHATIS.com defines spyware while Lavasoft describes different carriers of spyware and what it can do.

Technical, Legal & Business Dependencies

2005-01-15T07:35:15Z

A recent press release from a security company named Red Siren announced the availability (after registration) of survey results (1.2 MB PDF). Responses from more than 300 information technology and security professionals working in the public, private and government sectors were collected during November. A C|Net news story Security workers praise Sarbanes-Oxley highlighted some of the survey results, drew on past C|Net articles and added some of it's own conclusions.