Software Industry Announcements and News
Widespread Data Breaches Uncovered by FTC Probe
[ No Comments ] Posted on 02.22.10 under Government News, Security & Privacy
FTC Warns of Improper Release of Sensitive Consumer Data on P2P File-Sharing Networks
The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them.
Peer-to-peer technology can be used in many ways, such as to play games, make online telephone calls, and, through P2P file-sharing software, share music, video, and documents. But when P2P file-sharing software is not configured properly, files not intended for sharing may be accessible to anyone on the P2P network.
“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers–the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz. “Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”
As the nation’s consumer protection agency, the FTC enforces laws that require companies in various industries to take reasonable and appropriate security measures to protect sensitive personal information, including the Gramm-Leach-Bliley Act and Section 5 of the FTC Act. Failure to prevent such information from being shared to a P2P network may violate such laws. Information about the FTC’s privacy and data security enforcement actions can be found at www.ftc.gov/privacy/privacyinitiatives/ promises_enf.html.
The notices went to both private and public entities, including schools and local governments, and the entities contacted ranged in size from businesses with as few as eight employees to publicly held corporations employing tens of thousands. In the notification letters, the FTC urged the entities to review their security practices and, if appropriate, the practices of contractors and vendors, to ensure that they are reasonable, appropriate, and in compliance with the law. The letters state, “It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers.”
The FTC also recommended that the entities identify affected customers and employees and consider whether to notify them that their information is available on P2P networks. Many states and federal regulatory agencies have laws or guidelines about businesses’ notification responsibilities in these circumstances.
Samples of the notification letters can be found at: http://www.ftc.gov/os/2010/02/100222sampleletter-a.pdf, http://www.ftc.gov/os/2010/02/100222sampleletter-b.pdf, http://www.ftc.gov/os/2010/02/100222sampleletter-c.pdf. The fact that a company received a letter does not mean that the company necessarily violated any law enforced by the Commission. Letters went to companies under FTC jurisdiction, as well as entities such as banks and public agencies over which the agency does not have jurisdiction.
The FTC appreciates the assistance of the Department of Health and Human Services, the Securities and Exchange Commission, the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the Office of Comptroller of the Currency.
The new business education brochure – titled Peer-to-Peer File Sharing: A Guide for Business – is designed to assist businesses and others as they consider whether to allow file-sharing technologies on their networks, and explain how to safeguard sensitive information on their systems, and other security recommendations. This information is available at www.ftc.gov/bcp/edu/pubs/business/idtheft/bus46.shtm. Tips for consumers about computer security and P2P can be found at www.onguardonline.gov/topics/p2p-security.aspx.
The Federal Trade Commission works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, click http://www.ftccomplaintassistant.gov
or call 1-877-382-4357. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://www.ftc.gov/bcp/consumer.shtm.
McAfee, Inc. Report Reveals Cyber Coldwar
[ Comments Off ] Posted on 01.29.10 under Security & Privacy
McAfee Report Authored by CSIS Finds that 40 Percent of Critical Infrastructure Organizations Expect Major Attacks in Next 12 Months
Recent High Profile Cyberattacks Revealed by Google Underscore Risk to Critical Infrastructure
DAVOS, Switzerland–WORLD ECONOMIC FORUM ANNUAL MEETING – McAfee, Inc. (NYSE:MFE) today revealed the staggering cost and impact of cyberattacks on critical infrastructure such as electrical grids, oil and gas production, telecommunications and transportation networks. A survey of 600 IT security executives from critical infrastructure enterprises worldwide showed that more than half (54%) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. The average estimated cost of downtime associated with a major incident is $6.3 million per day.
The report “In the Crossfire: Critical Infrastructure in the Age of Cyberwar”, commissioned by McAfee and authored by the Center for Strategic and International Studies (CSIS), also found that the risk of cyberattack is rising. Despite a growing body of legislation and regulation, more than a third of IT executives (37%) said the vulnerability of their sector had increased over the past 12 months and two-fifths expect a major security incident in their sector within the next year. Only 20% think their sector is safe from serious cyberattack over the next five years.
Many of the world’s critical infrastructures were built for reliability and availability, not for security. Traditionally, these organizations have had little to no cyber protection, and have relied on guards, gates and guns. Today however, computer networks are interconnected with corporate IT networks and other infrastructure networks, which are accessible from anywhere in the world.
“In today’s economic climate, it is imperative that organizations prepare for the instability that cyber attacks on critical infrastructure can cause,” said Dave DeWalt, president and chief executive officer of McAfee. “From public transportation, to energy to telecommunications, these are the systems we depend on every day. An attack on any of these industries could cause widespread economic disruptions, environmental disasters, loss of property and even loss of life.”
“The recently identified Operation Aurora was the largest and most sophisticated cyberattack targeted at specific corporations, but it could have just as easily targeted the world’s critical infrastructure,” continued DeWalt. “The attack announced by Google and identified by McAfee was the most sophisticated threat seen in years making it a watershed moment in cybersecurity because of the targeted and coordinated nature of the attack.”
Other key report findings:
* Low confidence in preparedness: More than a third of those surveyed believe their sector is unprepared to deal with major attacks or stealthy infiltrations by high-level adversaries. Saudi Arabia, India and Mexico emerge as the least confident.
* Recession-driven cuts raising the risk: Two thirds of IT executives surveyed claimed that the current economic climate has caused cutbacks in the security resources available; one in four said resources had been reduced by 15% or more. Cuts are particularly evident in the energy and oil/gas sector.
* Government involvement in cyberattacks: 60% of those surveyed believe representatives of foreign governments have been involved in past infrastructure infiltrations. In terms of countries that posed the biggest threat to critical infrastructure security, the United States (36%) and China (33%) topped the list.
* Laws ineffective in protecting against potential attacks: More than half (55%) believe that the laws in their country are inadequate in deterring potential cyberattacks with those based in Russia, Mexico and Brazil the most sceptical; 45% don’t believe that the authorities are capable of preventing or deterring attacks.
* Insurance firms bearing brunt of cyberattack costs: More than half of those surveyed expected insurance to pick up the cost of a cyberattack while nearly one in five said it would fall on rate-payers or customers. Just over a quarter expected a government bail-out.
“Governance issues are at the center of any discussion of security for critical infrastructure,” said Stewart Baker distinguished visiting fellow at CSIS and Lawyer at Steptoe and Johnson. “The relationships between the governments and private sector organisations involved are complex but it is essential that each have faith in the others ability. The security industry will always strive to stay one step ahead, but in the absence of any technological silver bullet, regulation has a role to play in defending critical infrastructures around the world.”
The McAfee ‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar’ report is available for download at www.mcafee.com.
To learn more about the research findings and opinions, please visit the McAfee Security Insights blog at siblog.mcafee.com.
About the report:
McAfee commissioned Vanson Bourne, a specialist research-based technology marketing consultancy, to survey more than 600 people responsible for IT or security in critical infrastructure enterprises across seven sectors in 14 countries across the globe (US, UK, Japan, China, Germany, France, Italy, Russia, Spain, Brazil, Mexico, Australia and Saudi Arabia).
The Centre for Strategic and International Studies (CSIS) then analyzed the quantitative results, conducted additional qualitative research and authored the report.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. McAfee is committed to relentlessly tackling the world’s toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com
About CSIS
The Center for Strategic and International Studies (CSIS) is a bipartisan, non-profit organization founded in 1962 and headquartered in Washington, D.C. It seeks to advance global security and prosperity by providing strategic insights and policy solutions to decision makers.
NOTE: McAfee is a registered trademark of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.
Anti Tracks 7 Guarantees: What Is Private Remains Private
[ Comments Off ] Posted on 01.19.10 under ASP Member Companies, Security & Privacy
January 19, 2010: Giant Matrix, a software development company specializing in security solutions and system utilities, announces the release of Anti Tracks 7, a new version of its award-winning program, which now combines secure tracks erasing, data security, internet security and disk cleanup. This four-in-one solution guarantees data security, peak system performance and protection of user’s privacy both online and offline.
Anti Tracks was originally developed to protect user’s privacy by securely erasing applications tracks, browsers and Windows history and shredding unwanted files. Today Anti Tracks 7 offers its users more value added features, which are to help them protect their privacy, online identity, and valuable data and keep their system performance at its peak!
“During the last year we listened attentively to our users’ needs and have carefully built Anti Tracks 7 with its new value added features in order to help our users protect their privacy against the dramatically increased online threats,” – says Metwally, Giant Matrix CEO.
Anti Tracks 7 can protect users’ important files and folders in two secure ways: either by locking them with the help of reliable encryption algorithms or hiding them steganographically – inside images and audio files. Both features can be easily accessed through Anti Tracks GUI or Windows Explorer right-click menu!
In addition to this, Anti Tracks 7 protects users’ online identity through IP Hider feature, which disguises the real IP address, thus providing anonymity. The fake IP hides all the information that could be tracked and employed criminally.
To top it all, Anti Tracks 7 is able to boost system performance by cutting down the number of startup programs as well as by erasing junk files and unnecessary duplicate files impairing the performance and wasting valuable disk space.
Anti Tracks 7 Features at a Glance:
- Secure erasing of browsers, Windows and third-party applications tracks;
- Secure locking of files and folders;
- Secure hiding of files and folders in pictures and audio files;
- Stealth browsing using IP Hider;
- Secure file shredder;
- Junk and obsolete files cleaner;
- Duplicate files cleaner;
- Disk wiping;
- Full cookies management;
- Scheduler to automate tracks erasing process;
- User-focused interface, detailed documentation;
- And much more!
Pricing and Availability
Anti Tracks is compatible with Windows 95/ 98/ Me/ NT 4/ 2000/ XP/ 2003/ Vista/ 7 and costs 34.95 USD. Further information on the product, as well as its 15-day fully functional evaluation version, is available from http://www.giantmatrix.com/products/anti-tracks/.
Switch and Save 50%
If you are discontented with any competing software, you can upgrade to Anti Tracks at 50% off the regular price. For more information, please visit our special offer page at
http://www.giantmatrix.com/products/competitive-upgrade/.
About Giant Matrix
Founded in 2004, Giant Matrix a leading software company, specializing in system utilities and security software solutions for home and corporate users. The major products of Giant Matrix are Anti Tracks, Registry Washer, Memory Washer, iSurfer Shield and Giant Disk Cleaner. For more information please visit the company website at http://www.giantmatrix.com.
McAfee Offers Guidance and Protection as China-Linked Google Cyberattack Continues to Unfold
[ Comments Off ] Posted on 01.17.10 under Security & Privacy
McAfee Guidance Helps Organizations Determine If They Were Compromised, McAfee Products Shield Against Future Attacks Exploiting Internet Explorer Vulnerability
SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee, Inc. (NYSE:MFE) today released guidance to help organizations determine if they were targeted in the same sophisticated cyberattack that hit a growing list of companies, including Google. The high profile cyberattack, linked to China by Google, targeted valuable intellectual property.
“This is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations,” said McAfee Worldwide Chief Technology Officer George Kurtz. “It is a watershed moment in cybersecurity because of the targeted and coordinated nature of the attack. As a result, the world has changed; organizations globally will have to change their threat models to account for this new class of highly sophisticated attack that goes after high value intellectual property.”
As part of the fallout of the attack, Windows users currently face a real and present danger due to the public disclosure of a serious vulnerability in Internet Explorer. McAfee was the first to discover and announce that an Internet Explorer vulnerability was a key vector in the attack on Google and others. Unfortunately, the risk has been compounded because the attack code that exploits this Internet Explorer vulnerability has now been posted in the public domain, increasing the possibility of widespread attacks. McAfee technologies provide protection against current threats related to the attack on Google and others.
How to know if your organization was compromised
Over 30 organizations have reportedly been targeted by the same attack that hit Google and the list of victims continues to grow. McAfee calls the cyberheist “Operation Aurora” and today provided detailed guidance to help organizations determine if they were impacted by the attack, which occurred over the December holidays and into early January.
McAfee’s guidance involves two steps:
1) If you are a McAfee customer, verify that you are using the latest threat definition files and perform a full scan on all machines within your enterprise.
2) Inspect network traffic history for communication with external systems associated with the attack.
3) Examine computers for specific files or file attributes related to the attack.
Detailed guidance is available on the McAfee Web site at http://www.mcafee.com/operationaurora
How to protect against the Internet Explorer vulnerability
McAfee products protect against attacks that may use the now publicly available exploit to attempt to attack Internet Explorer users and the malware used in the attack on Google and others:
1. McAfee consumer and enterprise PC security products provide protection against the malicious computer programs used to target Google and others through the threat definition files released on January 11 and through the McAfee real-time, cloud-based Global Threat Intelligence. Current customers should ensure the latest definition files are installed and that cloud detection is enabled. McAfee consumer security products are available online.
2. McAfee® Network Security Platform detects attacks that use the Internet Explorer zero-day exploit through the threat definition files released on January 15. Users of the McAfee Network Security Platform should ensure the latest definition files are installed.
3. McAfee Web Gateway and McAfee Firewall Enterprise provide powerful Web security technology to filter malicious traffic on the network. Users of either of these McAfee products should ensure that outbound Web security capabilities are enabled and malware scanning within the firewall is based on the latest signatures and associated rules.
Use Advanced McAfee Technology To Detect Future Attacks
The attack on Google and others marks a new, high-risk era in the world of cybercrime where these advanced persistent threats are no longer targeted at just governments, but are also targeted at organizations in many different sectors. McAfee is making available free trials of its advanced protection technologies to help companies shield themselves against sophisticated attacks such as the recent attack on Google and others.
Organizations can evaluate the following McAfee technologies at no cost:
* McAfee Network Threat Response, a network security appliance that automatically analyzes threats attempting to spread on a network. McAfee Network Threat Response would have allowed victims to detect the attack that hit Google and others.
* McAfee Application Control, a whitelisting application that prevents zero-day attacks past and future and ensures only trusted applications run on servers and PCs. It reduces risks from unauthorized software, boosts endpoint control, extends the viability of fixed-function systems without impacting performance, and lowers operating costs.
Also, McAfee Foundstone® has consultants who are available for forensic investigations. Complete the “911 Contact Form” on the Foundstone Web site for help.
McAfee will continue to provide updates on the attack that hit Google and other cyberattacks on its Web site and blog.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. McAfee is committed to relentlessly tackling the world’s toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com
Kanguru Defender Elite Safe from Security Flaw Discovered in Other Encrypted Flash Drives
[ Comments Off ] Posted on 01.06.10 under Security & Privacy
MILLIS, Mass.–(BUSINESS WIRE)–Kanguru Solutions has announced its Kanguru Defender Elite encrypted flash drives are safe from the security flaw recently exposed in several high profile secure flash drives.
“Our Kanguru Defender Elite uses hardware based encryption chips to determine if a login password is legitimate or not, safeguarding users from potential attacks of this nature.”
Encrypted flash drives manufactured by Sandisk (and private labeled by Kingston, Verbatim and a variety of other OEM partners) have been found to contain a security flaw leaving their devices vulnerable to data breaches. These devices front end software (where you type the password) do device authentication and provide a “thumbs-up” to allow access to the secure area of the drive. The software can then be hacked to always give a “thumbs-up” to the chip as if a successful password has been entered, leaving potentially sensitive data visible and unencrypted.
“A design flaw of this type seriously compromises the security of any data residing on these devices,” said Nate Cote, vice president of product management at Kanguru. “Our Kanguru Defender Elite uses hardware based encryption chips to determine if a login password is legitimate or not, safeguarding users from potential attacks of this nature.”
Don Brown, CEO of Kanguru Solutions added, “this development validates Kanguru’s decision to use our own resources in the design of our secure flash drives. Many companies are utilizing the Sandisk software and will be affected by this issue.”
The Kanguru Defender Elite uses military grade 256-bit hardware encryption and on-chip password matching, safeguarding it from hacking attempts. In addition, Kanguru offers remote management and USB device control for its secure flash drives, providing a level of security and control unmatched in the industry.
A division of Interactive Media Corporation, Kanguru Solutions manufactures high quality, secure and portable computer storage and peripherals that have provided consumers with secure back-up solutions for more than a decade. Interactive Media Corp. was established in Massachusetts in 1992. For more information on Kanguru Solutions, visit their website at www.kanguru.com.
McAfee Labs Predicts Facebook, Twitter Will Be Platforms of Choice for Emerging Threats
[ Comments Off ] Posted on 12.30.09 under Security & Privacy
McAfee Also Foresees HTML 5 Will Attract Attackers, Increased Trojan Sophistication And That 2010 Will Be a Good Year for Law Enforcement’s Fight Against Cybercrime
SANTA CLARA, Calif.–McAfee Inc. (NYSE:MFE) today unveiled its 2010 Threat Predictions report. McAfee Labs believes cybercriminals will target social networking sites and third-party applications, use more complex Trojans and botnets to build and execute attacks, and take advantage of HTML 5 to create emerging threats. McAfee Labs also predicts 2010 will be a good year for law enforcement’s fight against cybercrime.
“We’re now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cybercriminals, but we’re confident that 2010 will be a successful year for the cybersecurity community.”
“Over the past decade, we’ve seen a tremendous improvement in the ability to successfully monitor, uncover, and stop cybercrime,” said Jeff Green, senior vice president of McAfee Labs. “We’re now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cybercriminals, but we’re confident that 2010 will be a successful year for the cybersecurity community.”
McAfee Labs Threat Predictions for 2010:
Social Networks Will Be Platform of Choice for Emerging Threats
Facebook, Twitter, and third-party applications on these sites are rapidly changing the criminal toolkit, giving cybercriminals new technologies to work with and hot spots of activity that can be exploited. Users will become more vulnerable to attacks that blindly distribute rogue apps across their networks, and cybercriminals will take advantage of friends trusting friends to get users to click on links they might otherwise treat cautiously. The use of abbreviated URLs on sites like Twitter make it even easier for cybercriminals to mask and direct users to malicious Web sites. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2010.
Web Evolution Will Give Cybercriminals New Opportunities to Write Malware
The release of Google Chrome OS and the technological advancements of HTML 5 will continue to shift user activity from desktop to online applications, creating yet another opportunity for malware writers to prey on users. HTML 5’s anticipated cross-platform support also provides an additional motivation for attackers, enabling them to reach users of many mainstream browsers.
Banking Trojans, Email Attachments Delivering Malware Will Rise in Volume, Sophistication
McAfee Labs warns that banking Trojans, having demonstrated new tactics in 2009, will become even more sophisticated in 2010 and easily get around current protections used by banks. New techniques include a Trojan’s ability to silently interrupt a legitimate transaction to make an unauthorized withdrawal and simultaneously check the user’s transaction limits to stay below them and avoid alerting the bank. Email attachments, a longstanding delivery method for malware, will continue to rise in volume and increasingly target corporations, journalists, and individual users.
Cybercriminals Continue to Target Adobe Reader, Flash
In 2009, McAfee Labs saw an increase in attacks targeting client software. Due to the growing popularity of Adobe applications, McAfee Labs expects that cybercriminals will continue to target Adobe products, primarily Acrobat Reader and Flash, two of the most widely deployed applications in the world. McAfee Labs expects Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010.
Botnet Infrastructure Shifts from Centralized Model to Peer-to-Peer Control
Botnets, the versatile infrastructure that launches nearly every type of cyberattack from spamming to identity theft, will continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. Following a number of successful botnet takedowns, including the McColo ISP, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them. In 2010, McAfee Labs expects to see a significant adoption of peer-to-peer control, a distributed and resilient botnet infrastructure, rather than the centralized hosting model that we see today. For cybercriminals, the benefits will finally outweigh the costs of the peer-to-peer model, due to the security community’s increasingly aggressive attempts to shut down and deny access to botnets.
Cybercrime: A Good Year for Law Enforcement
Next year marks a decade in the fight that international law enforcement agencies have undertaken against cybercrime. McAfee Labs has seen significant progress in the universal effort to identify, track, and combat cybercrime by governments worldwide. McAfee believes that in 2010 we’ll see many more successes in the pursuit of cybercriminals.
For a full copy of the 2010 McAfee Labs Threat Predictions, please visit: http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. McAfee is committed to relentlessly tackling the world’s toughest security challenges. The company delivers proactive and proven solutions and services that help secure systems and networks around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com.