John Dasher, McAfee's senior director for Data Protection, has thought a lot about what's needed to keep your organization's private data from being outed by WikiLeaks or another "terrorist organization". In a recent blog post he offered a run-down of just what you can do.
"While technology can't put a genie back into a bottle, it can provide an organization the tools needed to deal with this type of problem going forward," said Dasher. He noted that Data Loss Prevention (DLP) technology like McAfee Data Loss Prevention 9 can alert an organization to blatant threats like an unusual flood of file-copying by an employee planning to defect. It can also enforce physical policies like limiting use of thumb drives and other removal devices.
Dasher observed that organizations need to offer legally-required transparency for some communications and data, a need that plays off against the requirement to protect trade secrets. Too, technology can't necessarily identify what information should be protected. Simple formatted data like credit card or social security numbers can be flagged protected easily; intellectual property cannot.
"Proper internal controls must accompany technology deployment," said Dasher. "Our most successful customers are those who invest the time and energy to involve their … business leaders who are best able to identify what information is sensitive".
Will WikiLeaks survive the loss of Amazon's support for its servers? Will it bring down a major financial institutition? Dasher doesn't think so, but if it does the victim organization will be one that hadn't implemented a thorough strategy for data protection.
Source[http://www.pcmag.com/article2/0,2817,2373720,00.asp]
Saturday, December 4, 2010
2010's biggest security SNAFUs
That old phrase SNAFU ("Situation Normal, All F---ked Up!") certainly describes our choices for 2010's top 10 security screw-ups.
Also read:
Not surprisingly some of the biggest names in technology – Google, , McAfee, AT&T – are prominent on the list, either because they're obvious hacker targets or because whenever they make a security mistake, it's big news. Without further ado, the list:
Aurora attacks on Google. In what's come to be called the "Aurora attacks," Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over the , Google, which had been adhering to Chinese dictates regarding search-engine , says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.
China ISP takes Internet for a ride. A small Chinese ISP called IDC China Telecommunication briefly by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event was noted in the "2010 U.S.-China Economic and Security Review" commission report presented this November to Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15% of the Internet's traffic through Chinese servers, affecting U.S. government and military Web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom , calling the April traffic re-direction an accident.
McAfee's oopsie. McAfee goofs up by issuing a faulty anti-virus update — the now-infamous McAfee DAT file 5958 — which wreaked havoc on PCs of countless by causing malfunctions like the Microsoft 'Blue Screen of Death' and creating the effect of a denial-of-service. With CEO and President Dave DeWalt , McAfee worked to rush out various fixes for the SNAFU it had caused by mistake, but some felt it all could have been done better.
Showtime for Cisco. Not the biggest data breach to be sure, but embarrassing for a networking company that wants the world to consider it a leader in security, having the sales to show for it -- and that's Cisco. Someone for the Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group with dealings with the company. Though Cisco prefers to keep mum on some details, it appears a vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event site. Cisco said the breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, title, company addresses and e-mail addresses. Cisco apologized by e-mail to both attendees and those who were invited but didn't attend.
Google sniffing. Google apologizes for wirelessly sniffing and collecting data from individuals on unencrypted Wi-Fi networks during its around the world to collect information for its map service. Amid outrage from privacy advocates and regulatory authorities in Europe and the U.S., Google says it was all done "," vowing to destroy the data it collected, as explained in a from Google's senior vice president of research and engineering, Alan Eustace. In a related case, Google acknowledged trespassing when it photographed a Pittsburgh-area house for its StreetView service and wound up paying a single dollar in damages to a .
An iPad surprise. A group calling itself "Goatse Security" exploits a security flaw in an AT&T Web application to expose the records. The FBI arrests one of the Goatse iPad hackers on felony drug charges after a .
Unhealthy security. Massachusetts-based South Shore Hospital announces it's lost about 800,000 files related to 15 years worth of health and financial information on patient, business associates and staff, but after initially saying it would contact those affected individually, changes its mind and chooses not to reach out to notify the individuals affected by the data breach. The and says that has to be done.
Spy drama. Anna Chapman, who was rounded up by the FBI with about a dozen other Russian spies in the United States and returned to Moscow in a spy swap, poses provocatively in black lingerie in a Moscow magazine, and for a Russian bank, despite the glaring gaps in her technical knowledge that helped the FBI nab her. Not only did the FBI during surveillance routinely sniff her wireless network, but Chapman also turned her laptop over to a U.S. undercover agent for repairs. Nevertheless, Russian bank FondServisbank hired Chapman upon her return to her country "to bring innovation to its information technologies."
Stuck with Stuxnet. First noticed in June, though it likely existed way before that, the Stuxnet worm surfaces as a highly-sophisticated piece of malware aimed at industrial Supervisory Control and Data Acquisition () systems, primarily targeting Iranian nuclear facilities — possibly as a cyberwar weapon intended to stop suspected Iranian attempts to . In October, Iran confirmed the worm had in the country, and in November Iranian President Mahmoud Ahmadinejad went further saying that enemies of Iran had "succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," adding, "They did a bad thing."
Return of WikiLeaks. A massive theft of U.S. State Department cables — more than 250,000 messages of various diplomatic correspondence related to relations with foreign nations and the shared confidences of world leaders — is published on WikiLeaks. Secretary of State Hilary Rodham Clinton calls it "an attack," and rushes to apologize for the data breach to her counterparts around the world. Among the nuggets found in the quarter million State Department messages is telling the State Department that the the cyber-intrusion into Google. China says it doesn't know what they're talking about. , the Web site posting the leaked State Department cables.
Source[http://www.oswmag.com/article/2010s-biggest-security-snafus]
Also read:
Not surprisingly some of the biggest names in technology – Google, , McAfee, AT&T – are prominent on the list, either because they're obvious hacker targets or because whenever they make a security mistake, it's big news. Without further ado, the list:
Aurora attacks on Google. In what's come to be called the "Aurora attacks," Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over the , Google, which had been adhering to Chinese dictates regarding search-engine , says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.
China ISP takes Internet for a ride. A small Chinese ISP called IDC China Telecommunication briefly by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event was noted in the "2010 U.S.-China Economic and Security Review" commission report presented this November to Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15% of the Internet's traffic through Chinese servers, affecting U.S. government and military Web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom , calling the April traffic re-direction an accident.
McAfee's oopsie. McAfee goofs up by issuing a faulty anti-virus update — the now-infamous McAfee DAT file 5958 — which wreaked havoc on PCs of countless by causing malfunctions like the Microsoft 'Blue Screen of Death' and creating the effect of a denial-of-service. With CEO and President Dave DeWalt , McAfee worked to rush out various fixes for the SNAFU it had caused by mistake, but some felt it all could have been done better.
Showtime for Cisco. Not the biggest data breach to be sure, but embarrassing for a networking company that wants the world to consider it a leader in security, having the sales to show for it -- and that's Cisco. Someone for the Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group with dealings with the company. Though Cisco prefers to keep mum on some details, it appears a vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event site. Cisco said the breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, title, company addresses and e-mail addresses. Cisco apologized by e-mail to both attendees and those who were invited but didn't attend.
Google sniffing. Google apologizes for wirelessly sniffing and collecting data from individuals on unencrypted Wi-Fi networks during its around the world to collect information for its map service. Amid outrage from privacy advocates and regulatory authorities in Europe and the U.S., Google says it was all done "," vowing to destroy the data it collected, as explained in a from Google's senior vice president of research and engineering, Alan Eustace. In a related case, Google acknowledged trespassing when it photographed a Pittsburgh-area house for its StreetView service and wound up paying a single dollar in damages to a .
An iPad surprise. A group calling itself "Goatse Security" exploits a security flaw in an AT&T Web application to expose the records. The FBI arrests one of the Goatse iPad hackers on felony drug charges after a .
Unhealthy security. Massachusetts-based South Shore Hospital announces it's lost about 800,000 files related to 15 years worth of health and financial information on patient, business associates and staff, but after initially saying it would contact those affected individually, changes its mind and chooses not to reach out to notify the individuals affected by the data breach. The and says that has to be done.
Spy drama. Anna Chapman, who was rounded up by the FBI with about a dozen other Russian spies in the United States and returned to Moscow in a spy swap, poses provocatively in black lingerie in a Moscow magazine, and for a Russian bank, despite the glaring gaps in her technical knowledge that helped the FBI nab her. Not only did the FBI during surveillance routinely sniff her wireless network, but Chapman also turned her laptop over to a U.S. undercover agent for repairs. Nevertheless, Russian bank FondServisbank hired Chapman upon her return to her country "to bring innovation to its information technologies."
Stuck with Stuxnet. First noticed in June, though it likely existed way before that, the Stuxnet worm surfaces as a highly-sophisticated piece of malware aimed at industrial Supervisory Control and Data Acquisition () systems, primarily targeting Iranian nuclear facilities — possibly as a cyberwar weapon intended to stop suspected Iranian attempts to . In October, Iran confirmed the worm had in the country, and in November Iranian President Mahmoud Ahmadinejad went further saying that enemies of Iran had "succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," adding, "They did a bad thing."
Return of WikiLeaks. A massive theft of U.S. State Department cables — more than 250,000 messages of various diplomatic correspondence related to relations with foreign nations and the shared confidences of world leaders — is published on WikiLeaks. Secretary of State Hilary Rodham Clinton calls it "an attack," and rushes to apologize for the data breach to her counterparts around the world. Among the nuggets found in the quarter million State Department messages is telling the State Department that the the cyber-intrusion into Google. China says it doesn't know what they're talking about. , the Web site posting the leaked State Department cables.
Source[http://www.oswmag.com/article/2010s-biggest-security-snafus]
McAfee Total Protection 5.0 adds new file encryption tool
Most security suites quite reasonably concentrate on protecting you from online threats: viruses, spyware, hackers, spam and so on.
None of this will help you if your PC or laptop is stolen, though, so it’s good to see McAfee’s latest beta, their all-in-one security suite, Total Protection 5.0, will take account of this by bundling the company’s Anti-Theft File Protection.
The feature isn’t quite as exciting as it sounds. If your laptop is stolen then it won’t “phone home” to report its location, or provide webcam shots of the thief.
Anti-Theft does provide worthwhile and easy-to-use encryption, though, securing your most important documents in 256-bit AES-encrypted “vaults”. They show up as additional drives in Explorer, so it’s simple to save files there, but only someone who knows the password will be able to access them later.
Elsewhere, Total Protection now provides access to a new CleanBoot tool, and a virus removal service, which should help you clean up even the most stubborn of malware.
The Parental Controls module is now better at restricting the amount of time your kids can spend online.
There are the usual incremental improvements across the package: faster installation time, improved on-demand scanning performance, better protection against keyloggers, and more.
And of course there are all the other features you’d expect in any security suite: antivirus and antispyware, a spam filter, phishing protection, PC cleanup tools, and more.
This is the first beta of Total Protection 5.0, so will contain all kinds of bugs, and you install it very much at your own risk. If you’d like to take a look, though, it’s available now, and you can sign up for your copy at the manufacturer's site.
Source[http://www.softwarecrew.co.uk/2010/12/mcafee-total-protection-5-0-adds-new-file-encryption-tool/]
None of this will help you if your PC or laptop is stolen, though, so it’s good to see McAfee’s latest beta, their all-in-one security suite, Total Protection 5.0, will take account of this by bundling the company’s Anti-Theft File Protection.
The feature isn’t quite as exciting as it sounds. If your laptop is stolen then it won’t “phone home” to report its location, or provide webcam shots of the thief.
Anti-Theft does provide worthwhile and easy-to-use encryption, though, securing your most important documents in 256-bit AES-encrypted “vaults”. They show up as additional drives in Explorer, so it’s simple to save files there, but only someone who knows the password will be able to access them later.
Elsewhere, Total Protection now provides access to a new CleanBoot tool, and a virus removal service, which should help you clean up even the most stubborn of malware.
The Parental Controls module is now better at restricting the amount of time your kids can spend online.
There are the usual incremental improvements across the package: faster installation time, improved on-demand scanning performance, better protection against keyloggers, and more.
And of course there are all the other features you’d expect in any security suite: antivirus and antispyware, a spam filter, phishing protection, PC cleanup tools, and more.
This is the first beta of Total Protection 5.0, so will contain all kinds of bugs, and you install it very much at your own risk. If you’d like to take a look, though, it’s available now, and you can sign up for your copy at the manufacturer's site.
Source[http://www.softwarecrew.co.uk/2010/12/mcafee-total-protection-5-0-adds-new-file-encryption-tool/]
A History Of McAfee
McAfee Coupon aims to provide consumers with the best collection of McAfee Coupons on the internet. New coupons added daily!
McAfee, Inc. is a computer security company headquartered in Santa Clara, California. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion (£5 billion).
The company was founded in 1987 as McAfee Associates, named for its founder John McAfee. McAfee was incorporated in the state of Delaware in 1992. Network Associates was formed in 1997 as a merger of McAfee Associates and Network General. In 2004, a major restructuring occurred. In the spring, the company sold its Magic Solutions business to Remedy, a subsidiary of BMC Software. In the summer of 2004, the company sold the Sniffer Technologies business to a venture capital backed firm named 'Network General' - the same name as the original owner of Sniffer Technologies. Also, the company changed its name back to McAfee to reflect its focus on security-related technologies.
Among other companies bought and sold by McAfee (formerly known as Network Associates) is Trusted Information Systems, which developed the Firewall Toolkit, which was the free software foundation for the commercial Gauntlet Firewall, which was later sold by McAfee to Secure Computing Corporation. Network Associates, as a result of brief ownership of TIS Labs/NAI Labs/Network Associates Laboratories/McAfee Research, was highly influential in the world of Open Source software, as that organization produced portions of the Linux, FreeBSD, and Darwin operating systems, and developed portions of the BIND name server software and SNMP version 3.
Leading up to the TIS Labs acquisition, McAfee had acquired Calgary, Alberta Canada-based FSA Corporation, which helped the company diversify its security offerings away from just client-based antivirus software by bringing on board its own network and desktop encryption technologies. The FSA team also oversaw the creation of a number of other technologies that were leading edge at the time, including firewall, file encryption, and public key infrastructure product lines. While those product lines had their own individual successes including PowerBroker (written by Dean Huxley and Dan Freedman and now sold by BeyondTrust), the growth of antivirus ware always outpaced the growth of the other security product lines. It is fair to say that the company remains best known for its antivirus and antispam product lines.
On June 9, 1998 Network Associates agreed to acquire Dr Solomon's Group P.L.C, the leading European manufacturer of antivirus software, for $642 million in stock.
On April 2, 2003, McAfee acquired IntruVert Networks for $100 million. According to Network World, "IntruVert's technology focus is on intrusion-prevention, which entails not just detecting attacks, but blocking them. The IntruVert product line can be used as a passive intrusion-detection system, just watching and reporting, or it can be used in the intrusion-prevention mode of blocking a perceived attack."
For More McAfee Coupons, check out McAfee Coupon.net
McAfee, Inc. is a computer security company headquartered in Santa Clara, California. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion (£5 billion).
The company was founded in 1987 as McAfee Associates, named for its founder John McAfee. McAfee was incorporated in the state of Delaware in 1992. Network Associates was formed in 1997 as a merger of McAfee Associates and Network General. In 2004, a major restructuring occurred. In the spring, the company sold its Magic Solutions business to Remedy, a subsidiary of BMC Software. In the summer of 2004, the company sold the Sniffer Technologies business to a venture capital backed firm named 'Network General' - the same name as the original owner of Sniffer Technologies. Also, the company changed its name back to McAfee to reflect its focus on security-related technologies.
Among other companies bought and sold by McAfee (formerly known as Network Associates) is Trusted Information Systems, which developed the Firewall Toolkit, which was the free software foundation for the commercial Gauntlet Firewall, which was later sold by McAfee to Secure Computing Corporation. Network Associates, as a result of brief ownership of TIS Labs/NAI Labs/Network Associates Laboratories/McAfee Research, was highly influential in the world of Open Source software, as that organization produced portions of the Linux, FreeBSD, and Darwin operating systems, and developed portions of the BIND name server software and SNMP version 3.
Leading up to the TIS Labs acquisition, McAfee had acquired Calgary, Alberta Canada-based FSA Corporation, which helped the company diversify its security offerings away from just client-based antivirus software by bringing on board its own network and desktop encryption technologies. The FSA team also oversaw the creation of a number of other technologies that were leading edge at the time, including firewall, file encryption, and public key infrastructure product lines. While those product lines had their own individual successes including PowerBroker (written by Dean Huxley and Dan Freedman and now sold by BeyondTrust), the growth of antivirus ware always outpaced the growth of the other security product lines. It is fair to say that the company remains best known for its antivirus and antispam product lines.
On June 9, 1998 Network Associates agreed to acquire Dr Solomon's Group P.L.C, the leading European manufacturer of antivirus software, for $642 million in stock.
On April 2, 2003, McAfee acquired IntruVert Networks for $100 million. According to Network World, "IntruVert's technology focus is on intrusion-prevention, which entails not just detecting attacks, but blocking them. The IntruVert product line can be used as a passive intrusion-detection system, just watching and reporting, or it can be used in the intrusion-prevention mode of blocking a perceived attack."
For More McAfee Coupons, check out McAfee Coupon.net
Subscribe to:
Posts (Atom)