eScan announced that it would be a part of the esteemed GITEX Technology Week 2009, the annual consumer computer and electronics trade show taking place in Dubai, United Arab Emirates. GITEX Technology Week (GTW) 2009 is scheduled from 18th to 22nd October 2009.

eScan will be exhibiting its latest advancements in the eScan range of products in GTW this year. Built on the revolutionary MicroWorld Winsock Layer Technology and combined with multi layer protection eScan provides total protection even against zero day threats. MicroWorld Winsock Layer (MWL) is a revolutionary technology developed by MicroWorld that works on the Winsock Layer and prevents all threats before they enter the user’s system.

Mr. Govind Rammurthy, CEO & Managing Director of eScan, said “The advent of Web 2.0 and the large scale adoption of social networking sites have opened up several opportunities for the cyber criminals. Therefore, an information security solution like eScan is very essential to deal with the ever increasing risk of malicious attacks. Now eScan also features two new additions, eScan Remote Support (ERS) and eScan Auto Backup/Restore that will help us in providing instant support to customers globally and proactive protection to our customers from all Information Security threats.”

Back to Top

In a city like Bangalore, India's Silicon Valley, the Internet has become indispensable with millions of e-mails sent daily, electronic transactions made and data transferred. But how secure is the World Wide Web? A Bangalore Mirror and TIMES NOW team travelled from Koramangla in South Bangalore to 'Electronic City' and found over 40,000 unsecure Wi-Fi networks in the city.

Electronic City is considered a software hub, and as the world celebrates 40 years of the Internet, we found 40,000 unsecure Wi-Fi networks in the city with 600 alone in the 12-kilometre stretch the team covered.

The thousands of access points make for easy pickings for a terrorist with the right resources.

Armed with laptops and two powerful wireless antennae, the team began 'War Driving'—the process of scanning for vulnerable wi-fi networks to crack into their domains. The process was somewhat tedious—beginning with a scan for unsecure wi-fi networks, then searching for open air networks, and finally a scan for networks with WEP or Wired Equivalent Privacy-enabled networks—considered the weakest.

Accompanying us were Members of the Indian Cyber Army, a group of anti-hackers.

Once a vulnerable wi-fi user was scanned thoroughly, his WEP key was cracked by the Wireless Penetration Testing system. Then we used the same WEP key to get to the access point of the network provider. After successfully acquiring the access point, we acquired an Internet Protocol from the same network which enabled us to access the internet. Finally, we sent mails from those hacked access points to the Karnataka police.

Here are the do's and don'ts to secure a wi-fi network.

1. You must use strong encryption keys and a user-based authentication.
2. Don't use a default password for your network.
3. Always disconnect your network when not in use.

Back to Top

At no extra charge, enterprise IT managers can now deploy Comodo Disk Encryption with Comodo's Endpoint Security Manager, a centralized administration console for business networks.

With Comodo Endpoint Security Manager, every computer in the company can now be encrypted and protected. Encryption uses a mathematical algorithm to change computer files into gibberish that only the computer owner or administrator can change back into readable characters. Encryption can include the entire computer disk, or only parts of it.

With Comodo's root drive encryption, security settings prevent the operating system from starting for an unauthorized user. The critical instructions that permit the operating system to start are stored in a virtual drive known as the root drive. With the root drive encrypted, a thief or a hacker cannot use the computer, preventing unauthorized access to an unattended or stolen computer.
Encrypted sectors will only read their instructions after the computer users prove their identities. Proof of identity can come in three forms

• The user enters a password, authorizing the computer to boot up
• The user inserts a designated USB key
• The user employs two-factor authentication by both providing a password and a USB key

Back to Top

IBM has announced new and extended collaboration with three engineering and technology colleges in the state of Madhya Pradesh to provide a platform for development of software skills among the students. The collaboration has brought the establishment of a series of IBM Centers of Excellence (COE), creating a unique opportunity for students to learn new skill sets on IBM software products—DB2, WebSphere, Lotus, Rational and Tivoli—as well as develop world-class business solutions.

The COEs were launched at Government College Jabalpur, Shri Vaishnav Institute of Technology and Science (SVITS), Indore and Mahakal Institute of Technology (MIT), Ujjain. IBM will follow a two-pronged approach, providing the colleges with access to technologies relevant to the market while ensuring the right skills are taught. The students can gain firsthand experience of the software products that are installed at the campus. Through this initiative, IBM will work closely with the colleges in the state of Madhya Pradesh, leveraging the selected colleges as centers of learning.

Back to Top

Social networking web sites have created distinct ways to communicate and share information, which has made them an enduring part of everyday life for millions of users worldwide. They are extremely popular among a wide range of cyberspace users and most users draw little distinction between their real life and online life. People have started using social networking sites as a platform to create, maintain and develop their private and business networks, to search for their lost ones, to share their emotions and thoughts etc.

Identity is the major concern while surfing on the web, but case studies of many of the social networking sites surprisingly bring to light that they are prone to organized crimes. Social networking sites are attractive to bad guys not only because of potential security holes in them, but because the very nature of the sites works as a way to affect more people.

"Social Networking website based crimes are major part of the cybercrime scenario today. Cyber stalking and cyber bullying are also major issues that use social networking site platforms on the Internet" says Mr. Swanand Shinde, cyber security expert at Quick Heal Technologies, Pune. Mr. Shinde has been doing extensive research on cyber crimes on Social Networking websites since last one year and has observed that there is exponential growth in different types of threats related to these websites.

Back to Top

Accidental security incidents by company insiders happen more frequently and has the potential for greater negative impact than malicious insider attacks according to new IDC findings announced today by research sponsor RSA, The Security Division of EMC. The IDC White Paper also shows a misalignment of security concerns by a majority of CXOs who give higher priority to protecting against malicious insider attacks over investing to prevent more frequent and potentially more damaging accidental insider security incidents.

The just-released IDC White Paper “Insider Risk Management: A Framework Approach to Internal Security,”sponsored by RSA addresses insider risk—the potential threat that an organization is exposed to by internal users who have access to critical systems and confidential information. While aware that users create information security risks within their organizations, external threats often overshadow the importance of protecting against internal risks. The new research uncovers a misalignment of CXO security concerns with the greater number of internal breaches and the threat posed to a business’ bottom line by accidental security breaches, inappropriate access and misuse of information by its employee base.

“Security is everyone’s job, not just the job of the security team,” said, Christopher Young, Senior Vice President of RSA Products, “Internal risks are growing and to remain competitive, CXOs must change the way they defend their business and expand security priorities to address the heightened need for protection from risk both intentional and accidental from an insider. CXO’s must adopt a holistic strategy to mitigating insider threat that focuses on protecting critical information from misuse, leakage and loss by internal users, whether accidental or deliberate. ”

The IDC White Paper sponsored by RSA, “Insider Risk Management: A Framework Approach to Internal Security,” is available on the RSA website at www.rsa.com/insider-risk.

Back to Top

Comodo announced an alliance with SafeMashups Inc., an application authentication pioneer. "Be it an eCommerce site interacting with a payments processor, or with a new mashup technology, Internet applications continue their relentless march. Consumers get their functionality from multiple interacting web services now," said James Langman, VP of Business Development at Comodo Group Inc. "In this new environment it is critical for web applications interacting through a user's browser to be able to establish a secure, mutually-authenticated channel, even in the presence of a potentially malicious user.

SafeMashups' innovative MashSSL repurposes the tried and tested SSL infrastructure to solve this issue."
The MashSSL specification and software are available as free downloads at safemashups.com. The technology was named a finalist at the 2009 RSA Conference Innovation Sandbox. NetworkWorld recently named SafeMashups one of the Top Ten Companies to watch out for in the next year.

"We are pleased that an industry leader like Comodo would choose to partner with us in making MashSSL ubiquitous", said Ravi Ganesan, Founder and CEO of SafeMashups. "MashSSL has the potential to fill a significant hole in the fabric of the Internet with a secure and standard protocol. MashSSL will also drive the adoption of SSL certificates, including EV-SSL certificates in a significant fashion".

Both companies reiterated their commitment to work with other partners to rapidly make the standard completely open.

Back to Top

Tata Communications, a leading provider of a new world of communications, today announced that it will start providing built-in Distributed Denial of Service (DDoS) detection and mitigation services as part of its Dedicated Internet Access offering in North America.

With the launch of its Internet Clean Pipe service, Enterprises will be able to leverage Tata Communications’ global network and Managed Security Service (MSS) offering to mitigate DDoS attacks. The Internet Clean Pipe service rides on the world’s largest DDoS scrubbing architecture* that is able to absorb the enormous traffic volumes generated by botnets, buying time to activate countermeasures.

DDoS attacks are the single biggest risk to a company’s Internet connectivity as they consume or most of the network bandwidth and their prevention can save companies many millions of dollars in business costs a year. To mitigate DDoS attacks before they start to block traffic to the targeted enterprise, the Internet Clean Pipe service is able to absorb attacks the moment the attack traffic is detected on Tata Communications’ global IP backbone. Due to its extensive network presence, Tata Communications has the network scale needed to negate DDoS incidents before they turn into crisis situations that can create reputation and liability issues for companies.

Back to Top

Check Point Software Technologies Ltd has recently announced that Check Point IPS solutions shield customers against exploits associated with the FTP Service in Microsoft Internet Information Services vulnerability. Successful exploitation of this unpatched vulnerability could allow hackers to take over an affected company’s systems.

Although no Microsoft patch is currently available for this vulnerability, Check Point Security Gateway R70 customers using the IPS Software Blade are automatically protected. No action is required if they are using the “Recommended Profile” setting. Check Point VPN-1NGX R65, VSXNGX R65 and IPS-1NGX R65 customers also have existing protections and should check they are activated.

Microsoft Internet Information Services (IIS) is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a FTP server service for exchanging and manipulating files over a TCP computer network. The vulnerability is due to an error in IIS that fails to do sufficient bounds checking when processing an FTP NLST command. The vulnerability could allow remote code execution on affected systems that are running the FTP service and are connected to the Internet. Enterprise users at risk for this vulnerability have either IIS 5.0, IIS 5.1, or IIS 6.0.

Check Point’s IPS Software Blade, IPS-1 appliances, and SmartDefense are supported by Check Point update services, which provide ongoing and real-time updates and configuration advisories for defenses and security policies. Check Point protections are developed and distributed by Check Point’s Security Research and Response Centers located around the globe.

Back to Top

IBM has reveals the results from its X-Force 2009 Mid-Year Trend and Risk Report. The report's findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge to create an untenable risk landscape.

According to the report, there has been a 508 percent increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.

The X-Force report also reveals that the level of veiled Web exploits, especially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled.

Back to Top

RSA, The Security Division of EMC (NYSE: EMC) today released a new RSA Security Brief titled: "Security Compliance in a Virtual World," offering actionable best practices for organizations faced with proving compliance in virtualized environments.

As more organizations accelerate virtualization deployments, a more critical eye is turned towards compliance programs. The new RSA Security Brief offers executives and technology practitioners some practical guidance for establishing a solid foundation to mitigate risk and address compliance with various regulations, industry standards and internal policies in the context of virtual infrastructures. Authors of the RSA Security Brief include many of the industry’s foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer for EMC’s RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and other senior EMC technologists.

"EMC and VMware are in a unique position to offer sound advice for how organizations can best achieve and maintain compliance in virtualized environments," said Jon Oltsik, Senior Analyst, Enterprise Strategy Group. "Maintaining compliance in a virtualized environment requires the business to understand the impact of this new system on the overall IT risk management program."

Back to Top

IT security and data protection vendor Sophos today announced that its industry-recognized anti-malware technology, Sophos Anti-Virus, will be offered free for one year to HP Integrity server customers who select Sophos for comprehensive protection against the latest viruses and other malware threats. Unlike many vendors' anti-malware solutions, Sophos supports all platforms that run on HP Integrity servers1—UNIX, Linux, Windows and OpenVMS—in one all-inclusive license.

"We are pleased to offer Sophos Anti-Virus to HP customers to help them proactively protect their Integrity servers against the latest malware threats," said Mike McGuinness, senior vice president, worldwide sales and field operations at Sophos. "With support for the broadest range of platforms, including all HP Integrity servers, customers who select Sophos Anti-Virus will benefit from complete, easy-to-manage, cross-platform malware protection from a single vendor solution."

"Customers need to protect their servers against today’s emerging threats while reducing the complexities of frequent software updates," said Lorraine Bartlett, vice president of marketing for Business Critical Systems at HP. "HP Integrity servers running Sophos anti-virus software help customers cost-effectively manage infrastructure security, mitigate their risk and concentrate on driving business growth."

Back to Top

VeriSign has launched a new monitoring-only service for Distributed Denial-of-Service (DDoS) attacks. The monitoring service is an extension of the VeriSign Internet Defense Network, a cloud-based DDoS mitigation service introduced earlier this year.

VeriSign Internet Defense Network is a network and hardware agnostic DDoS monitoring, mitigation and attribution service that detects and filters malicious traffic away from enterprise Web sites, helping maintain critical online applications and services. Leveraging VeriSign's industry-leading expertise in building and protecting large-scale infrastructures, VeriSign Internet Defense Network uses a proprietary filtering technology to stop a DDoS attack in the cloud before it reaches a customer's network. In addition, the service requires no hardware installation, making it more cost effective than premise-based solutions.

"A number of recent high-profile attacks against the United States and South Korean governments and popular social networking sites have moved DDoS up the list of concerns for many CISOs," said Ken Silva, CTO of VeriSign. "Customers who attempt to overprovision their bandwidth are lulling themselves into a false sense of security against a real DDoS attack. Keeping bad traffic from reaching your doorstep requires a new cloud-based service such as VeriSign Internet Defense Network. The addition of a DDoS monitoring-only service will help many companies that depend on online commerce and communication by providing a means of watching for changes in Web site traffic that may indicate an impending attack."

Back to Top

Websense affirmed its advanced content security solutions provide protection from the growing number of shortened URLs used and shared on social networking sites such as Facebook and Twitter and in blog comments.

Unlike other Web security solutions that rely primarily on antivirus signatures to detect malware— unique to Websense and only available with the Websense Web Security Gateway—if the shortened URL leads the user to a Web 2.0 Web site with dynamic content, the Websense secure Web gateway in real-time classifies the content on that page and will either allow the user to go to the site if its deemed safe and appropriate or prevent the user from visiting the page. Websense Web Security Gateway is the only secure Web gateway that can scan Web 2.0 properties in real time for content across more than 90 categories.

"For years, Websense Web Security solutions have protected customers from URLs that attempt to redirect users to malicious Web sites," said Sr. Director of Technical Marketing Bill Gardner, Websense. "Many of today's Web 2.0 sites used for business purposes are 'mashups' of different applications. Additionally, Web 2.0 sites allow third party applications and user-generated content that can change from minute-to-minute. With Websense Web Security Gateway, customers are protected from the latest threats, such as malicious shortened URLs."

With Websense Web Security solutions, including the latest Websense Web Security and Web Filter version 7, customers are protected from shortened URLs. When a user clicks on a shortened URL, Websense technology knows if the destination Web site is serving up spam, malicious or in violation of the organization's Web use policies and protects the organization from those threats.

Back to Top