IT Security - Tips, Trends, News

NetClarity Named Finalist in Info Security Products Guide Global 2011 Awards

2011-01-25T11:50:00.000-05:00

Groundbreaking Network Access Control (NAC) Product to be unveiled during RSA Conference 2011

Bedford, MA (PRWEB) January 25, 2011

NetClarity, Inc. announced today that Info Security Products Guide, world's leading publication on security-related products and technologies has named NetClarity, Inc. a finalist for the 2011 Global Product Excellence in the New Products Category for their upcoming NAC product that will be announced during the RSA Conference 2011. These prestigious global awards recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of technologies....

Read the full release here:

http://www.prweb.com/releases/2011/01/prweb4995354.htm

NetClarity CTO Reveals Top 10 Cybercrime and Cyberwar Predictions for 2011

2011-01-03T09:57:00.002-05:00

NetClarity, Inc., the leading provider of Network Access Control technology in the marketplace in partnership with Hakin9 Magazine, today announced the Top Ten Cybercrime and Cyberwar Predictions for 2011:

1. Retail and E-tail Outlet Attacks will Outpace Attacks Targeting Banks and Financial Institutions while Hospitals become the Most Exploitable of All Vertical Markets.
2. Cloud Computing and Virtual Machines (VM) will be specifically targeted by cybercriminals and cyberterrorists resulting in VM malware and Cloud ‘downtime’ and Cloud ‘data theft’.
3. New and Innovative Attacks will be launched against Critical Infrastructure by Rogue and Competitive Nations.
4. We’ll enter the Early Stage of Growing Cell Phone and PDA Attacks through Trusted Application Downloads.
5. New and Sophisticated Voice over Internet Protocol (VoIP) Attacks will be developed and launched.
6. Exponential Growth of More Intelligent Zero-day Malware both for Cybercrime and Cyberwar
7. New Sophisticated UTM Firewall and IPS Exploits will be launched.
8. More Creative Social Engineering for Cyber Crime Profits will take place.
9. Increases in Microsoft Windows Application Layer Vulnerabilities will lead towards their rapid exploitation.
10. Growing Privacy Right Violations by Governments and their Contractors in the name of Cyber Defense will take place.

“Based on my research, 2011 is going to be both an explosive year both in cybercrime and cyberwar. It’s going to get very ugly. Network Security professionals will be in great demand and have their jobs cut out for them next year,” said Gary S. Miliefsky, Founder & CTO, NetClarity, Inc.

“We’re pleased to have Mr. Miliefsky available exclusively to Hakin9 Magazine writing insightful articles including Securing the Cloud, Securing VoIP, Is Anti-virus Dead for our magazine,” said Karolina Lesinska, “In today’s well timed article; he has made some dramatic and profound predictions for 2011. Network Security professionals, IT Directors and CIOs should take heed and proactively harden their networks before this wave of new predicted attacks.”

For the complete report on his predictions, visit Hakin9 Magazine and download the latest edition in PDF format at http://www.hakin9.org/

About NetClarity, Inc.
NetClarity is the leading provider of Network Access Control technology in the marketplace. We have been developing patented intrusion defense technology using industry standard protocols, since 2003. This EasyNAC technology is portable and scalable and can be embedded and deployed in any form factor of hardware, typically running hardened Linux - such as a Wireless Router, Cable Modem, Firewall, Managed Switch and VPN hardware. We license this technology for turnkey NAC enablement in well-established industry partners solutions, worldwide. NetClarity has also deployed this EasyNAC technology in a scalable suite of industry standard rack-mountable hardware appliances, known as “NACwalls”, which are sold through channel partners and OEMs worldwide. For more information, visit us at http://www.netclarity.net/

About Hakin9 Magazine
Hakin9 is a free, online, monthly publication on IT Security for IT Security professionals, by IT Security professionals. The authors of hakin9 articles are experienced IT security experts who have worked in Information Technology Security business for years. The magazine is published in English and is available in the Internet as a free download. Hakin9 is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications. The Hakin9 team runs hakin9 portal where the information on the latest editions, IT security news and products is provided at http://www.hakin9.org/

NetClarity, NACwall, 2G NAC, EasyNAC and the NetClarity logo are trademarks of NetClarity, Inc. CVE is a registered trademark of MITRE Corporation. All other marks are trademarks of their respective companies.

# # #

We have completed a NAC Comparison Guide which is now located here:

2008-08-08T12:28:00.003-04:00

http://www.netclarity.net/NAC-Comparison-Guide-August-2008.pdf

NetClarity To Present at Venture Summit East

2008-03-13T14:38:00.003-04:00

Like its sister event in Silicon Valley, Venture Summit East is a two-day gathering that highlights the significant economic, political and technology trends impacting the global growth investor. Venture Summit East features the most influential institutional investors, venture capitalists, corporate buyers, investment bankers and research analysts in the Eastern US in keynote presentations and panel debates. Venture Summit East will also host 14 “Best of Breed CEO Showcases” handpicked from the AlwaysOn annual top 100 private company list, and 36 other qualified six-minute CEO pitches from companies seeking later-stage capital or potential acquirers.

The goal of Venture Summit East is to match growth-company buyers and sellers and identify the most promising innovation-driven, growth investment opportunities. At the Venture Summit, our editors will also honor the “AO Top DealMakers” and the annual “AO Industry Analyst All-Star Team.”

Who Attends Venture Summit East
Five hundred institutional investors, venture capitalists, investment bankers, research analysts and corporate buyers will attend Venture Summit East. The most influential members of the financial and
technology media and blogging community will also be on hand to moderate debates and cover the action. Executives attend Venture Summit East to identify and debate emerging investment opportunities in venture and private equity funds and private growth companies, and to build high-level relationships with technology and greentech CEOs and corporate buyers.

http://alwayson.goingon.com/ecom/productview/23537

Speaking Engagement In Canada at their Premeir InfoSec summit, SecTor.ca

2007-11-11T08:13:00.001-05:00

NetClarity's Founder and CTO to Discuss Critical Security Issues at SecTor, Canada's Premier Information Security (INFOSEC) Summit

Gary Miliefsky to educate network security professionals on how to more proactively protect their networks at the SecTor summit in Toronto, Canada
Bedford, MA and Toronto, Canada (PRWEB) November 11, 2007 -- NetClarity, Inc., an award winning Vulnerability Management and Network Access Control company, today announced that Founder & CTO, Gary S. Miliefsky, is a featured speaker at SecTor, Canada's premier IT security education conference, which is being held on November 20-21, 2007 at the Metro Toronto Convention Centre, Toronto, Ontario, Canada.

http://www.prweb.com/releases/2007/11/prweb568344.htm

2007 GFIRST National Conference

2007-06-22T14:32:00.000-04:00

I will be speaking at GFIRST....

NetClarity's CTO Reveals Critical Flaws and Proactive Countermeasures for Securing Voice over IP (VoIP)
Gary Miliefsky to Train U.S. Government IT Professionals at the 2007 GFIRST National Conference

Bedford, MA (PRWEB) June 25, 2007 -- NetClarity, a leading provider of award winning vulnerability management, intrusion prevention and clientless NAC appliances, today announced that CTO Gary Miliefsky is a featured speaker at the 2007 GFIRST National Conference at http://www.us-cert.gov/GFIRST

At this session, U.S. Government IT professionals will gain insight into securely deploying Voice over IP (VoIP):

Date: Tuesday, June 26, 2007Time: 10:30 a.m.-11:15 a.m. Title: Securing VoIP

"I'll show you why VoIP is the new attack vector for malicious exploiters, hackers, cybercriminals and cyberterrorists and then I'll explain what you can do to defend yourself. Default deployments of VoIP systems are easily hacked, remotely controlled, eavesdropped and taken offline through denial of service. I'll provide best practice instructions including recommendations from NIST that will help you harden your VoIP systems and keep the dial-tone alive and secure." said Gary Miliefsky, Founder & CTO of NetClarity.

NetClarity will also begin offering the new and improved AuditMyVoIP service to U.S. Government CIOs at no charge during 2007. Normally this service is only available to VoIP equipment manufacturers but during 2007, NetClarity will not charge U.S. Government agencies for testing of VoIP Equipment. The VoIP security audits will be done confidentially and the test results will be delivered to the CIOs securely and confidentially. To find out more about this service, please visit http://www.auditmyvoip.com/

About NetClarity, Inc.NetClarity is a leading provider of vulnerability management, intrusion prevention and network admission control (NAC) products that provide preemptive, proactive network protection. The company's Auditor line of appliances has received widespread recognition, including two Best Buy Awards, 5 Star ratings, and Best of 2006 from SC Magazine and according to CRN is one of the Who's Who in NAC. Auditor enables customers to clearly see and better protect their network assets, identifying with pinpoint accuracy the root causes of data leakage, regulatory compliance gaps and network downtime using MITRE's CVE® standard. Based in Bedford, Massachusetts, NetClarity is privately held. For more information, visit http://www.netclarity.net/

NetClarity, Auditor and the NetClarity logo are trademarks of NetClarity, Inc. CVE is a registered trademark of MITRE Corporation. GFIRST is a trademark of US-CERT, part of the U.S. Department of Homeland Security. All other trademarks are the property of their respective owners.

And now come to SECURANOIA 2007 - The Race For Security...

2007-05-31T13:08:00.000-04:00

NAISG contributes back to the community by organizing charitable events. To learn more visit http://www.naisg.org/events

In 2004, we had an online auction and raised $4,500 for the Boston Children's Hospital Trust and the Caitlin Raymond International Registry.

In 2005, we held a ten-week, CISSP training program and raised more than $11,000 for the Premananda Orphanage Center.

WHEN: Thursday, June 21, 6:45 - 10:30 PM
WHERE: F1 Boston, Braintree, MA.

This is located immediately off Rt. 93 and is easily accessible from Boston, Route 128/95 and Metrowest. Directions are here >>

PRESENTATION DETAILS:

Mike Rothman, the well-known author of The Pragmatic CSO and The Daily Incite, will present "An Evening with the Pragmatic CSO." This will not be about technology; it will be about being an effective security executive, manager and administrator. Regardless of whether you are the CSO or an administrator, you need to communicate what you are going to do within the context of your business, and track your effectiveness. The methodology also addresses getting budget approval, interfacing with auditors, and just figuring out what it’s going to take to be a premier security practitioner. Mike will also be available to sign copies of the Pragmatic CSO after the session.

COST: There are four registration packages.

NOTE: All net proceeds from this event will be donated to the Caitlin Raymond International Registry (CRIR).

Package A ($60/person) - This includes entrance to the presentation, time for networking, automatic entry into door prize drawings, a combined one-hour racecar safety briefing with time on the race course (a $25 value) and a fully licensed but not-for-resale copy of either Microsoft Vista Ultimate or Microsoft Office Professional 2007 (a $250 and $325 value, respectively). This package is limited to the first seventy registrants due to the availability of the software. We have limited copies of each to distribute and will do our best to make certain that you receive the product that you request.

Package B ($40/person) - This includes entrance to the presentation, time for networking, automatic entry into door prize drawings and a combined one-hour racecar safety briefing with time on the race course (a $25 value).

Package C (Free) - This includes entrance to the presentation and time for networking.

Package D ($Other) - You will not be attending the event, but you would like to provide a contribution to NAISG and the Caitlin Raymond International Registry.
RESERVATIONS:

Please complete this form to register for this event. No group registrations, please. Each attendee must complete the form.
FOOD:

Light refreshments and beverages will be provided. There is a full-service restaurant and lounge at F1 Boston for those wanting a full meal. Details are here >>
CHARITY:

All net proceeds from this event will be donated directly to the Caitlin Raymond International Registry (CRIR), a bone marrow donor registry based in Worcester, MA. A representative from CRIR will be on-site with a donor recruitment booth and will ask for volunteers for donor marrow matching tests (a simple cheek swab).

NetClarity, Inc. Receives Award as One of the Three Most Innovative Network Security Companies at the RSA® Conference 2007

2007-02-09T10:24:00.000-05:00

The only next generation vulnerability management and intrusion prevention company to be so honored winning prestigious award at the world's leading information security conference and exposition.

Bedford, MA; San Francisco, CA (PRWeb) February 9, 2007 -- NetClarity, Inc., a leading provider of proactive vulnerability management and intrusion prevention network security products and services, today announced that on the heels of Best of 2006, Best Buy and Five Stars products awards by SC Magazine it has been awarded third place as one of the most innovative network security companies in the world, at the RSA® Conference 2007 today.

Judged by a panel of experts includes Asheem Chandna of Greylock Partners, Herbert H. Thompson of Security Innovation, Ted Schlein of Kleiner Perkins Caufield & Byers, Renee Guttmann-Stark of Time Inc., and Michael Barrett of PayPal, NetClarity beat out seven of the top competitors. First place went to an innovative mobile security hardware vendor from Israel, second place went to a database compliance company and third went to innovative vulnerability management and intrusion prevention company, NetClarity, Inc."

The RSA Conference Innovation Station Showdown is a great competition that allows emerging companies, such as NetClarity, to showcase innovative technology," said Sandra Toms LaPedis, area vice president and general manager of RSA Conferences. "This company has been recognized by the judging panel for presenting a solid business model."

"This is an extreme honor to be named one of the Top Three Innovators and be placed in the INFOSEC spotlight by RSA, the most respected and trusted brand in the industry," said Gary S. Miliefsky, Founder & CTO, NetClarity, Inc.

"We are pleased to see NetClarity, a CVE compatible vendor, selected by RSA as one of the top three network security Innovators in the world," said Robert A. Martin, compatibility lead, MITRE Corporation.

According to USCERT, 95% of network downtime and information technology (IT) compliance issues are a direct result of an exploit against a Common Vulnerability and Exposure (CVE).

About NetClarity, Inc.NetClarity is a leading provider of vulnerability management, intrusion prevention and network admission control (NAC) products that provide preemptive, proactive network protection. The company's Auditor line of appliances has received widespread recognition, including two Best Buy Awards, 5 Star ratings, and Best of 2006 from SC Magazine and according to CRN is one of the Who's Who in NAC. Auditor enables customers to clearly see and better protect their network assets, identifying with pinpoint accuracy the root causes of data leakage, regulatory compliance gaps and network downtime using MITRE's CVE® standard. Based in Bedford, Massachusetts, NetClarity is privately held. For more information, visit http://www.netclarity.net/

For more information, please visit: http://www.rsaconference.com/2007/US/content/additional/innovation/

RSA and the RSA Conference logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. NetClarity, Auditor, Protection for Windows and the NetClarity logo are trademarks of NetClarity, Inc. CVE is a registered trademark of MITRE Corporation. All other marks are trademarks of their respective companies.

###

I will be speaking next week at the CSI tradeshow...

2006-11-03T08:36:00.000-05:00

I will be speaking next week at the CSI tradeshow. I'll do my best to educate network security professionals on how to preemptively and proactively protect their VoIP Networks at Computer Security Institute's Annual Conference. I will present the session entitled "VoIP Security" in the Critical Issues track. Network security and IT professionals will gain insight into how Voice over IP (VoIP) systems are the new target of hackers, exploiters, malware and cyber criminals. In this session, they will learn how to proactively defend these systems and protect their networks.

Session Title: Securing VoIP
Date/Time: Tuesday (November 7, 2006) 3:15pm — 4:15pm
Track: Critical Issues
Presentation Format: 60-minute Session

"VoIP networks are not very secure by default and, as a result, are susceptible to poor call quality, denial of service, breaches of privacy, integrity and availability," said Gary Miliefsky, Founder & CTO of NetClarity. "Securing VoIP is quickly becoming a serious concern for IT professionals. They need to take preemptive, proactive measures to harden weak network assets, in particular, their new VoIP gateways.

I will make freely available, three new White Papers during the conference: Securing VoIP, Laws of Exploits and Heuristic Security Testing Methods at:

http://www.netclarity.net/html/exploits.html

Blue Box VoIP Security Interview

2006-10-08T18:03:00.000-04:00

Blue Box SE #10: Interview with Gary Miliefsky, Founder and CTO of Netclarity
Synopsis:Interview with Gary Miliefsky, Founder and CTO of Netclarity around how his products provide VoIP security and his views on VoIP security in general.
Welcome to Blue Box: The VoIP Security Podcast special edition #10, a 22-minute podcast from Dan York and Jonathan Zar containing an interview with Gary Miliefsky, Founder and CTO of Netclarity.

This PODCast can be found here: http://www.blueboxpodcast.com/2006/09/blue_box_se_10_.html

Have you Checked out Technorati?

2006-09-12T17:56:00.000-04:00

netclarity

Hack in the box: Can Faraday cages tame Wi-Fi?

2006-08-27T15:31:00.000-04:00

Say you wanted to protect your Wi-Fi network from surrounding buildings. The most obvious way to do this would be to secure the devices on your network using the wireless security protocol of choice. A very effective, but more extreme, way to do this would be to secure the building itself by making it act as a Faraday cage, shielding the radio frequency waves used by Wi-Fi. Making a large building into a Faraday cage involves encasing the building in a thin layer of conductive material or metal mesh. In physics, a Faraday cage or Faraday shield - named for the British physicist Michael Fara... more...

Provided by NetClarity
Originally Posted on 8/27/2006 3:31:43 PMContent source: http://www.feed24.com/go?item_id=27834696

Homeland Security Information Network

2006-08-27T15:29:00.000-04:00

With over twenty different resource links to choose from, you will be able to get all the information you need on Homeland Security Information Network. You'll find Homeland Security Information Network with over 20 resource links on Homeland Security Information Network. more...

Provided by NetClarity
Originally Posted on 8/27/2006 3:29:32 PMContent source: http://www.feed24.com/go?item_id=27825498

Traveling the World

2006-08-17T19:17:00.000-04:00

Folks, I've been busy on travels to secure government and banking networks worldwide. It's kept me out of pocket since May. Whew! I'm back.

I recently authored some articles for SearchCIO.com - please check them out and let me know what you think.

I'll be writing more soon so stay tuned...

One Week Left to Win a free Security Book

2006-05-30T23:04:00.000-04:00

There is only one week remaining to win a copy of one of two essential security books. Please read on for more details. more...

Provided by NetClarity
Originally Posted on 5/30/2006 11:04:57 PMContent source: http://www.WindowSecurity.com/news/Site-Survey-2006-One-Week.html

Fidelity Laptop Stolen with over 196,000 Records

2006-03-29T20:39:00.000-05:00

RE: http://www.netclarity.net/html/necn_coverage.html to see the NECN story...

I'm finding more and more cases like this... Check out these numbers:
More than 52 million records have been lost or stolen since the ChoicePoint
fraud:
Company Date Disclosed Breach Records Lost
CardSystems June 16, 2005 Hacked 40,000,000
CitiFinancial June 6, 2005 Lost Tape 3,900,000
LaSalle Bank Dec 16, 2005 Lost Tape 2,000,000
DSW/Retail March 8, 2005 Hacked 1,400,000
Bank of America Feb 25, 2005 Lost Tape 1,200,000
Wachovia Bank April 28, 2005 Inside Hack 676,000
Time Warner May 2, 2005 Lost Tape 600,000
Georgia DMV April, 2005 Inside Hack 465,000
Lexis-Nexis March 10, 2005 Passwords stolen 312,000
U of Southern CA July 19, 2005 Hacked 270,000
Marriot International Dec 28, 2005 Lost Tape 206,000
Ameritrade April 20, 2005 Lost Tape 200,000
San Jose Med. Group April 8, 2005 Stolen Computer 185,000
Source: Privacy Rights Clearinghouse.

Also, check this out: www.cybercrime.gov and look at the cases...

Keep your laptop close and your data private!

All the best,
Gary

P.S. I found "Lojackforlaptops.com" and "ztrace.com" having some cool tools for this...
Gary S. Miliefsky, CISSP
Founder & CTO
NetClarity - Preemptive, proactive protection. (TM) www.netclarity.net
SKYPE: netclarity
International Line: 781-276-4555
USA Toll Free: 877-677-3328

NetClarity Offers Free Vulnerability Auditing of VoIP Equipment; Audit My VoIP Program

2006-02-05T14:13:00.000-05:00

The www.auditmyvoip.com site is now operational. Read on...

NetClarity Offers Free Vulnerability Auditing of VoIP Equipment; Audit My VoIP Program to Help VoIP Equipment Manufacturers Take a Preemptive, Proactive Approach to VoIP Security
BEDFORD, Mass.--(BUSINESS WIRE)--Jan. 25, 2006--NetClarity, a leading provider of network vulnerability products and services, today announced a free vulnerability testing program for VoIP equipment providers. The Audit My VoIP program includes scans all types of equipment, from Session Initiation Protocol (SIP) Gateways to IP-enabled telephones, for Common Vulnerability and Exposures (CVE(R)), the systemic cause of over 90 percent of all network security breaches. NetClarity will provide the VoIP audit results with a high level of integrity and confidentially.

NetClarity highly recommends that large VoIP equipment providers take advantage of this program by sending their products to be tested and approved in accordance with MITRE standards. Hardening their products before they are shipped will help enterprise customers rest assured that they are deploying more secure and stable VoIP equipment.

"Enterprise VoIP equipment is particularly susceptible to being maliciously exploited, which can lead to down-time and lost revenue," says Gary Miliefsky, founder and chief technology officer of NetClarity. "I encourage all VoIP equipment providers to have their products audited for CVEs. Our free program is the first step to enabling end-user organizations to preemptively, proactively protect their critical voice networks against the kind of exposures that could leave them susceptible to poor call quality, denial of service, breaches of privacy, integrity and availability."

VoIP equipment providers who are concerned about whether their products are safe from threats or attacks are encouraged to get in touch with NetClarity today. For more information about the Audit My VoIP Program, either call (877) 677-3328, e-mail auditmyvoip@netclarity.net or visit http://www.netclarity.net/.

Back to VoIP - Some Excellent Resources

2005-12-28T13:06:00.000-05:00

I found these resources for VoIP at www.voip-info.org - it's a really excellent resource.

Debugging and troubleshooting VOIP problems. (SIP, MGCP, H.323, Skinny etc.) One of the primary techniques is to view what is actually getting sent and received by VOIP devices. There are several ways to do this:
Monitor Ethernet Traffic
Debugging displays from a VOIP program It helps to understand whats supposed to be happening. Studying the relevant RFCs and other protocol documents and tutorials is helpful.
Ethernet Monitoring Tools
Ethereal (Available for Linux, Windows, Apple, BSD, etc.)
Support for decoding many VOIP protocols is included (including IAX)
tcpdump (standard utility in most Linux distributions)
WinDump - tcpdump for Windows
ngrep (Available for Linux, Windows, Apple, BSD, etc.)
Dumps only the ASCII portion of packets, excellent for ASCII based protocols
Packetyzer: User-friendly packet sniffer for Windows, supports SIP
List of Monitoring and sniffing software
Rate which provides real time packet-per-second and data transfer rates
many other tools available for this function, add your favorite to this list!
Built-in Debug Tools
xten The x-lite and x-pro SIP soft phones have a buit-in display and decoding of received and sent SIP packets (Hit F9 to activate)
Asterisk Use the sip debug command
linphone Outputs useful diagnostics to the console as it uses the oSIP library
Traffic generators
Candela Technologies LANForge FIRE VOIP/RTP/PESQ call generator
Empirix Signaling and Media load and feature testing
GL Communications
PacketGen - generates SIP calls with or without RTP traffic
PacketScan - monitor, collect, and analyze QoS statistics on VOIP traffic
Integrated Research Prognosis will simulate, record and analyze VOIP traffic in real time.
Iperf creates network traffic and measures performance
Can be used to test a network to see how it might perform with increased VOIP traffic
Ixia VOIP traffic generators and Network assessment tools
Sipp SIP Performance Test Tool - Performance tester for SIP
Touchstone 100% software-based VoIP and video verification tools.
WinSIP - SIP signaling and Audio/Video media generator
Win323 - H.323 signaling and Audio/Video media generator
Monitoring and Test Tools
ACQUA: VoIP Speech Quality Analysis System
Agilent Technologies DNA MX and TNA software
Brix Networks real-time VoIP performance management and service assurance solutions
ClearSight Networks ClearSite Analyzer
Consultronics
Empirix monitoring and analysis
Fluke Networks OptiView VoIP, ProtocolExpert Plus and Link Analyzer
Inet GeoProbe IP
Hammer Call Analyzer
Malden
Minacom QOS monitoring and testing
NetTest monitoring of QOS and network performance
NetIQ monitoring of QOS and network performance
Packet Data Systems Clarinet Protocol Test System
Simulation and analysis of SIP, SIP-T & H.323. QOS measurement, recording, replay etc.
Psytechnics monitoring of QOS
Qovia monitoring of QOS
Rochelle Analog QOS products - can be used with an ATA
Sage Instruments VOIP test equipment and systems
Telchemy monitoring of QOS
Their technology appears in numerous other products list
Touchstone WinEyeQ
100% software-based
monitors/analyzes/records/replays SIP and H.323 traffic, audio/video media and QOS.
Viola Networks NetAlly RealTime and VoIP Assessment
WildPackets EtherPeek VX - monitor QOS, packet loss, voice quality, etc.
See Also:
Call Quality Metrics
Network World Review of 7 VOIP Analysis Tools
Network Impairment Simulators
Apposite Technologies Linktropy 4500 hardware appliance to emulate WAN bandwidth, delay, and loss up to 155 Mbps.
Candela Technologies LANForge ICE Network Emulator
UDP Packet Reflector and Forwarder open source tool that can drop packets, duplicate packets, and add jitter on a per port basis.
IPWave simulates many types of network impairments
NIST Net allows a single Linux PC set up as a router to emulate a wide variety of network conditions
Simena Network Emulator hardware appliance can simulate just about any possible network condition including latency, bandwidth, congestion, packet loss, etc. Test where your VoIP will break!
Decoding VOIP audio streams There are several approaches to converting an RTP stream of packets into a playable audio. See: Converting RTP to audio
SIP Debug
Callflow - creates a diagram of SIP flows
Sipsak Command line utility for testing SIP devices and Programs
SIP Scenario - creates a diagram of SIP flow
siptest a command line test tool for sending and receiving SIP messages
sipviewer a visual SIP message trace tool
SIPFlow Standard - Java tool for displaying SIP traffic captured in real-time, or imported from Ethereal or tcpdump
Distributed SIPFlow - Distributed application for capturing and displaying SIP callflows.
Protocol Debug
Protocol Verification and Testing
Other Sites
http://www.voiptroubleshooter.com/ Entire site focused on VOIP troubleshooting
http://www.broadbandreports.com/tools Diagnostic, testing, and monitoring tools
http://www.testyourvoip.com/ Test your connection performance to one of serveral locations.
See also
Asterisk debugging

All the best,
Gary

NetClarity Files Patent Application for Proactive Network Security Using RSS

2005-12-21T11:20:00.000-05:00

Method Leverages XML-based Vulnerability Tests, Alerts and News Feeds to Dynamically Reconfigure Countermeasures to Block Threats in Real Time

BEDFORD, Mass.--(BUSINESS WIRE)--Dec. 21, 2005--NetClarity, a leading provider of network vulnerability products and services, has filed a patent application with the United States Patent and Trademark Office (USPTO) for preemptive, proactive protection of networks using non-traditional and untapped RSS and XML sources, such as the Open Vulnerability Assessment Language (OVAL), an international standard managed by MITRE and funded by the U.S. Department of Homeland Security. The patent application, titled "Proactive Network Security using Really Simple Syndication (RSS) Feeds," includes unique methodologies to better protect networks, quarantine untrusted network equipment and malicious insiders, and bolster the security of trusted but weak network assets against attack and downtime.

More can be found here at http://www.netclarity.net/

I just wrote a White Paper on Visa (PCI) and MasterCard (SDP) Compliance

2005-12-18T15:02:00.000-05:00

Self-assessment for Payment Card Industry (PCI) Standard - December 2005

To view the White Paper, please visit http://www.netclarity.net/ or click the link below:

Visa, MasterCard and other payment card companies have collaborated.... Click here for the full Whitepaper. Download as a PDF....

Feel free to comment. Thanks - Gary

I will be speaking on VoIP Security at HSNI2006 and ITExpo - Two Upcoming Tradeshows in January 2006

2005-12-07T19:42:00.000-05:00

Links and Excerpts - Hope to see you there :-)

http://www.tmcnet.com/voip/conference/voip-06/fl-06-conferences.aspx?t=S#S-01

Back To School With VoIP Security(S-01)Friday - 01/27/06, 8:30-9:15am
This panel discussion featuring the Associate Director, Enterprise Communication Systems at the University of Cincinnati, will address what is required for a robust, secure IP telephony network. The panel will be able to discuss and answer the following: • What are the steps in having a secure, IP telephony network? • What does an enterprise need to be aware of before rolling out a converged network? • How can an enterprise protect itself against the growing number of vulnerabilities that may attack the VoIP infrastructure? The University of Cincinnati recently installed a secure, converged network that in one month blocked more than 1.5 million assaults. Come hear this compelling tale of a real life deployment and what the University went through to achieve secure scalable VoIP.

http://www.hsni2006.com/Agenda.htm
Securing Your Voice over IP"

NetClarity VoIP Security Patent Filing Today

2005-12-05T10:17:00.000-05:00

NetClarity Files Patent Application for Proactive Network Security for Voice over IP (VoIP) Networks

NetClarity CTO to Discuss VoIP Security at the Homeland Security for Networked Industries 2006 Conference & Expo

BEDFORD, Mass.--(BUSINESS WIRE)--Dec. 5, 2005--NetClarity, a leading provider of vulnerability and intrusion management appliances, announced today that is has filed a patent application with the United States Patent and Trademark Office (USPTO) for preemptive, proactive protection of VoIP networks. The patent application, titled "Proactive Network Security for Voice over Internet Protocol (VoIP) Networks," includes unique methodologies to harden VoIP networks against attacks, quarantine untrusted VoIP equipment being used for eavesdropping or by malicious insiders and bolster the security of trusted but weak VoIP equipment against attack and downtime....read on at http://www.netclarity.net/

NetClarity Releases v4.1 of FREE Endpoint Defender for Windows XP

2005-11-25T11:02:00.000-05:00

ENDPOINT DEFENDER v4.1 - FREEWARE EDITION

Endpoint Defender as a standalone application will help you improve the security of your Windows XP computer:
1. Better management of personal firewalls during audits
2. Better management of high risk Windows services
3. Built-in anti-virus (powered by the open source - clamav)
4. Patch management integration with Windows SUS server and www.windowsupdate.com

You can find it at http://demo.netclarity.net/

Let me know what you think.

Warmest regards,
Gary S. Miliefsky
Chief Technology Officer
NetClarity - Preemptive, Proactive Protection.
http://www.netclarity.net/

National Vulnerability Database is Up...Powered by Mitre's CVE(R).

2005-11-07T19:27:00.000-05:00

NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on and synchronized with the CVE vulnerability naming standard.

Check it out here: http://nvd.nist.gov/

You can look for vulnerabilities on just about anything. The output is fantastic.

Here's a small project:

1) Go to www.netcraft.com
2) Type in YOUR website (ie www.mydomain.com)
3) See what type of web server your host is running... (for example: IIS 5.0)
4) Go back to the National Vulnerability Database
5) Type in IIS 5.0 and see what kind of vulnerabilities show up.
6) Email your ISP and say "have you fixed this yet?" with a copy of the NVD query results...get it?

Good luck and happy hunting and hardening of your network!

Best regards,
Gary S. Miliefsky
Chief Technology Officer
NetClarity - Preemptive, Proactive Protection
http://www.netclarity.net

CVE Discovered in SKYPE VoiP SoftPhone

2005-10-31T06:55:00.000-05:00

SKYPE-SB/2005-002: Buffer overflow in Skype-specific URI and VCARD import handling
Bulletin title: Buffer overflow in Skype-specific URI andVCARD import handling
Bulletin ID: SKYPE-SB/2005-002
Bulletin status: FINAL
Date of announcement: 2005-10-25 13:00:00 +0000
Date of last revision: 2005-10-27 15:05:15 +0000
Products affected: Skype for Windows
Vulnerability type: Buffer overflow
CVE references: CVE-2005-3265 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3265
Risk assessment: HIGH
CVSS base score: 10.0 (AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Cross-references: http://qc.borland.com/wc/qcmain.aspx?d=4744 SKYPE-SB/2004-001 (formerly SSA-2004-01)
Table of contents:
Problem description and brief discussion
Impact and affected software
Solution or work-around
Special instructions and notes
Software download location
Authenticity verification
Common Vulnerability Scoring System (CVSS) assessment
Credits and additional information
Bulletin release history
Notices
1. Problem description and brief discussion
Description
A security bug in the Skype for Windows user client has beenidentified and fixed.
Skype can be made to execute arbitrary code through a bufferoverflow when Skype is called upon to handle malformed URLs thatare in Skype-specific URI types callto:// and skype://.
In addition, Skype can be made to execute arbitrary code duringimportation of a VCARD that is in a specific non-standard format.
Discussion
This bug is a subsidiary effect of documented Borland Delphibug 4744 (http://qc.borland.com/wc/qcmain.aspx?d=4744).
Skype has replaced instances of the offending routine with onethat performs proper bounds-checking.
Note that this bug is similar to the issue previously reported inSKYPE-SB/2004-001 (formerly numbered as SSA-2004-01), but was notcaused by a reintroduction of the previously fixed source code.
This is tracked by Mitre CVE ID CVE-2005-3265.
2. Impact and affected software
Impact
A user could cause arbitrary code to be executed if a specially-crafted Skype-specific URL is clicked or if a specially-craftedVCARD is imported.
Affected software
The following Skype clients are vulnerable to this attack:
Skype for Windows:Releases 1.1.*.0 through 1.4.*.83
3. Solution or work-around
An official fix to the issue covered by this Security Bulletin hasbeen released. To implement this fix, update to one of thefollowing releases of Skype. (Downloading instructions are shownin Section 4 of this Bulletin.)
Skype for Windows:Release 1.4.*.84 or later
As a work-around prior to updating the Skype software, this bug maybe avoided by not selecting Skype-specific URIs and not importingVCARD records.
4. Special instructions and notes
None.
5. Software download location
The preferred method for installing security updates is to downloadthe software directly from Skype's website, from the website ofSkype's authorized partners, or from a reliable mirror site. Skypemay also be safely downloaded from other locations, but in thiscase it is particularly important that you verify the authenticityof the download.
We recommend that once you download any Skype software that youverify its integrity by the methods listed in Section 6 of thisBulletin.
You may install Skype by running the Skype installer using theinstallation commands displayed under the appropriate operatingsystem listed at http://www.skype.com/download/.
x86 platform, Microsoft Windows 2000 or Microsoft Windows XP:http://www.skype.com/products/skype/windows/
x86 platform, Linux:http://www.skype.com/products/skype/linux/
PPC platform, Mac OS X v10.3 (Panther) or later:http://www.skype.com/products/skype/macosx/
Pocket PC platform, Microsoft Windows Mobile 2003:http://www.skype.com/products/skype/pocketpc/
6. Authenticity verification
- Bulletin authenticity verification:
Skype security bulletins are published on Skype's web site andvia mailing lists. The authenticity and integrity of a Skypesecurity bulletins may be determined by inspecting the crypto-graphic signature that is attached to each bulletin. All Skypesecurity bulletins are published with a valid digital signatureproduced by PGP.
- Software authenticity verification:
Both the Skype installer program and the Skype program that isinstalled by the installer are digitally signed.
For Skype software built for Microsoft Windows operatingenvironments, the digital certificate used by Skype to signsoftware packages is signed by "VeriSign Class 3 Code Signing 2004CA".
For Skype software built for Linux platforms, all packages aresigned by PGP key ID 0xD66B746E, the public component of which maybe downloaded from http://www.skype.com/products/skype/linux/.
- For general information about Skype security, please visit theSkype Security Resource Center at http://www.skype.com/security/.
7. Common Vulnerability Assessment System (CVSS) assessment
Skype has rated the issue covered by this Security Bulletin underthe CVSS scheme as follows:
Base metrics:
Access Vector (AV) ........... RemoteAccess Complexity (AC) ....... LowAuthentication (Au) .....,.... Not RequiredConfidentiality Impact (C) ... CompleteIntegrity Impact (I) ......... CompleteAvailability Impact (A) ...... CompleteImpact Bias (B) .............. Normal
Computed CVSS base score: 10.0
Temporal metrics as of 2005-10-25
Exploitability (E) ........... FunctionalRemediation Level (RL) ....... Official FixReport Confidence (RC) ....... Confirmed
Computed CVSS temporal score: 8.3
Skype participates in the CVSS by rating each identifiable securityvulnerability against the CVSS base metrics. In addition, Skypemay rate each vulnerability against temporal metrics from time totime. As suggested by the name, temporal metrics for a particularvulnerability may change from time to time.
More information about the CVSS may be obtained from the CVSS hostwebsite at http://www.first.org/cvss/.
8. Credits and additional information
This bug was referred to SKY-CERT by an external referrer, Mark Litchfield of Next Generation Security Software (NGSS), who did the research concerning VCARD importation. Based on this, Mark Rowe of Pentest Limited identified the same bug as it related to long URL handling. We would like to thank and credit these individuals for having referred this issue to Skype.
9. Bulletin release history
2005-10-25 Initial bulletin release
2005-10-27 Updated to correct credit information
10. Notices
Copyright 2005 Skype Technologies, S.A. All rights reserved.
This Skype Security Bulletin may be reproduced and distributed,provided that the Bulletin is not modified in any way and isattributed to Skype Technologies, S.A. and provided that repro-duction and distribution is performed for non-commercial purposes.
This Skype Security Bulletin is provided to you on an "AS IS" basisand may contain information provided by third parties. Skype makesno guarantees or warranties as to the information contained herein.ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUTLIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED.

I'm doing some research on VoIP Security - Thought you would like this one for the good old fashioned PSTN...

2005-10-26T13:17:00.000-04:00

Most people think that the standard weapon used by most private investigators is a gun. The fact is, the most powerful weapon a private investigator uses is the telephone. Knowing all you can about them when practicing your profession is important. It's the telephone, not a gun that is the most important piece of equipment a private investigator uses. The telephone brings you both business both new and old and is the one major communications medium you obtain information with. Product knowledge on it's use as it relates to your profession is of extreme importance. This article gives you some general but little known tips about private investigators use of their major weapon, the telephone. Some of them employ little techniques that are quite useful well others require special equipment. In the case of those that require special equipment, I'll lead you right to the web page for review.

Follow this link for more...http://www.pimall.com/nais/n.20telcotips.html

Homeland Security inches toward makeover

2005-10-17T23:50:00.000-04:00

A congressional spending bill, scheduled for the president's signature Tuesday, backs an earlier reorganization plan to further empower cybersecurity.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:50:14 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/homeland_securi_1.html

Cisco extends NAC security to switches

2005-10-17T23:35:00.000-04:00

Cisco is adding new security software to all its products including Ethernet switches and wireless gear.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:35:13 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/cisco_extends_n.html

As threats evolve, defenses must adapt

2005-10-17T23:34:00.000-04:00

Also: Cutting the cord on local service?
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:34:12 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/as_threats_evol_1.html

Windows patch backfires on the security-minded

2005-10-17T23:28:00.000-04:00

People who tweaked their OS settings are getting hit hardest by a flawed Microsoft update meant to fix a serious flaw.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:28:11 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/windows_patch_b_1.html

Photo: LeapFrog's Fly pen

2005-10-17T23:15:00.000-04:00

The "pentop computer" is a talking, computerized pen that can translate words into other languages.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:15:10 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/photo_leapfrogs.html

17 Oct W32/Leebad-A

2005-10-17T23:14:00.000-04:00

more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 11:14:09 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/17_oct_w32leeba_1.html

Samy opens new front in worm war

2005-10-17T22:59:00.000-04:00

Security experts fear would-be attackers will copy the worm, which exploits an unaddressed scripting flaw.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:59:08 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/samy_opens_new_1.html

17 Oct W32/Mytob-FA

2005-10-17T22:58:00.000-04:00

more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:58:07 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/17_oct_w32mytob.html

17 Oct Troj/Bancban-AN

2005-10-17T22:56:00.000-04:00

more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:56:06 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/17_oct_trojbanc.html

Samy worm opens new front in malware war

2005-10-17T22:48:00.000-04:00

Security experts fear malware writers will copy a new worm that exploits an unaddressed scripting vulnerability.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:48:05 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/samy_worm_opens.html

As threats evolve, defenses must adapt

2005-10-17T22:34:00.000-04:00

Also: Cutting the cord on local service?
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:34:04 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/as_threats_evol_2.html

Photos: Aliens in London

2005-10-17T22:28:00.000-04:00

In-depth exhibit examining the possibility of life on other worlds opens at the Science Museum in London.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:28:03 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/photos_aliens_i.html

Nintendo DS Trojan Author

2005-10-17T22:13:00.000-04:00

You have to wonder about the intellect and morals of some people. Some guy who calls himself DarkFader decided to copycat the first Sony PSP Trojan and create one of his own targeting the Nintendo DS handheld. The DSBrick Trojan... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 10:13:02 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/nintendo_ds_tro.html

European information security specialists 'justifying existence'

2005-10-17T21:58:00.000-04:00

IT Security professionals think they are becoming more influential according to the latest study from Infosec

more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:58:01 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/european_inform_1.html

Photos: Sony venture expands Walkman phone line

2005-10-17T21:45:00.000-04:00

The W900 from Sony Ericsson takes calls and pictures, and makes music. It's geared for new 3G services.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:45:00 PMContent source: http://www.antivirus-solutions.com/archives/2005/10/photos_sony_ven.html

Changing Passwords for Key User Accounts

2005-10-17T21:34:00.000-04:00

I must warn all readers that this article is direct and aimed to make you feel a bit uncomfortable. The goal is to expose a few vulnerabilities in your network, so that they can be fixed. However, my experience and research has proven that most companies fall into the same bucket when it comes to these vulnerabilities. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:34:59 PMContent source: http://www.WindowSecurity.com/articles/Changing-Passwords-Key-User-Accounts.html

First Look at Windows Vista: Secure at Last?

2005-10-17T21:19:00.000-04:00

In the early days of Windows operating systems, security was not at the forefront of computer users' priorities as it is today especially for home computer users. Now that the vast majority of systems are connected to the Internet, wireless networks have popped up everywhere, and we're much more vulnerable to viruses and attacks, security is a necessity. With the release of each new version, Microsoft has focused more and more on protecting the system from inadvertent and deliberate security breaches, and the culmination of those efforts is Windows Vista (formerly known as Longhorn), the next generation of their client operating system that's expected to be released sometime in 2006. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:19:59 PMContent source: http://www.WindowSecurity.com/articles/First-Look-Windows-Vista-Secure-Last.html

Standardization and the security appliance

2005-10-17T21:18:00.000-04:00

There is a dizzying array of appliances out there today, which will address almost every security concern. Problem is that the vendors are all touting that they can accomplish this performance benchmark or task for you. There would be little point in a vendor making outright falsifications about their wares, but it would surely be nice to have them ascertained to a certain degree by an independent source. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:18:57 PMContent source: http://www.WindowSecurity.com/articles/Standardization-security-appliance.html

Review of Security Planning Guides from Microsoft

2005-10-17T21:12:00.000-04:00

This article reviews the recommendations of several recently released security planning guides from Microsoft that deal with securing administrator accounts and implementing smart card authentication in enterprise environments. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:12:55 PMContent source: http://www.WindowSecurity.com/articles/Review-Security-Planning-Guides-Microsoft.html

Managed E-Mail Security Services: Is it the right solution for your network?

2005-10-17T21:08:00.000-04:00

Email communications are essential to getting the job done in today's business world, but many companies are overwhelmed by spam, the security risks of e-mail borne viruses and worms and liability implications of e-mail containing pornography or other undesirable content. It's getting harder and harder for network administrators to keep it all under control. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 9:08:53 PMContent source: http://www.WindowSecurity.com/articles/Managed-E-Mail-Security-Services-right-solution-network.html

Packet analysis tools and methodology (Part 4)

2005-10-17T20:58:00.000-04:00

In the last part of this article series we will take a look at the alarms generated by myself. This binary log will include several attacks, and some general surfing. We now need to take a look, and separate the chaff from the wheat. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 8:58:52 PMContent source: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part4.html

Windows Vista and Principle of Least Privilege

2005-10-17T20:45:00.000-04:00

It is not surprising that Microsoft is getting on the bandwagon for implementing the Principle of Least Privilege for their next operating system named Windows Vista. This article will investigate some of the current issues with least privilege and investigate the reality of what Microsoft is proposing with Windows Vista. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 8:45:51 PMContent source: http://www.WindowSecurity.com/articles/Windows-Vista-Principle-Least-Privilege.html

Packet analysis tools and methodology (Part 3)

2005-10-17T20:41:00.000-04:00

It has arguably gotten easier to exploit computers now due to the abundance of attack tools out there today. One of the most powerful ones is the Metasploit Framework. We will take a look at it in this article. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 10/17/2005 8:41:45 PMContent source: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part3.html

2005-10-09T18:07:00.000-04:00

PROACTIVELY PROTECT YOUR NETWORK-BASED ASSETS

Organizations of all sizes invest billions of dollars each year on network security technologies. Yet they still continue to fall prey to denial of service attacks, fast moving viruses and blended threats, hackers and worms.

A single enterprise can spend millions per year on IDS, firewalls and anti-virus software, while the real network security culprits – common vulnerabilities and exposures (CVEs) – go largely undetected and uncorrected. CVEs are the systemic cause of over 90% of all network security breaches.

While it’s true that managing vulnerabilities is an arduous task and organizations have limited resources, the risks and costs to the enterprise are far greater if these weaknesses are not addressed.

Today’s networks are at risk. Not just because hackers are out there, but also because in a mobile world, any device can pick up a virus or Trojan or have a vulnerability that opens just enough of a window to your network that a hacker can exploit it to gain access. Just one CVE® in your network and you may be in trouble. CVE is the Standard by which all information security professionals will be judged and the litmus test against regulatory compliance including GLBA, HIPAA, 21 CFR FDA 11, E-Sign and SO-404 as relates to information assets.

DO YOU SPEAK CVE?
The most important information security question you need to answer is “Do You Speak CVE?” If you do not, then no matter how much you spend on INFOSEC countermeasures, you’ll never fully understand why you are experiencing downtime and successful hacker attacks. Not to mention the regulatory compliance risk you face.

Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. Using a common name makes it easier to share data across separate databases and tools that until now were not easily integrated. This makes CVE the key to information sharing. If a report from one of your security tools incorporates CVE names, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.

CVE – An Industry Standard funded by the Department of Homeland Security – Operated by MITRE.

CVE is:
· One name for one vulnerability or exposure
· One standardized description for each vulnerability or exposure
· A dictionary rather than a database
· How disparate databases and tools can "speak" the same language
· The way to interoperability and better security coverage
· A basis for evaluation among tools and databases
· Accessible for review or download from the Internet
· Industry-endorsed via the CVE Editorial Board

Some CVEs are currently Candidates (CANs) – keep an eye out on both CVEs and CANidate CVEs.

Example CANdidate CVE:
CAN-2003-0352 (under review)
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message.

What exploited this CVE? Blaster, Msblast, LovSAN and the Nachi and Welchia worms causing massive downtime and financial losses.

Shore up your network - Got VM?

2005-09-26T11:22:00.000-04:00

The security of all networks, wired and wireless, can be improved by employing the four pillars of network security–firewall, antivirus, intrusion-detection systems (IDS) and intrusion-prevention systems (IPS). One type of IPS is a security appliance that helps find common vulnerabilities and exposures (CVEs). This appliance is often referred to as a “vulnerability-assessment appliance” or “network-security appliance,” rather than an IPS. Sometimes it is called "Vulnerability Management (VM)."

This type of appliance helps find vulnerabilities that open the doors and windows of your network to unauthorized users. Once those vulnerabilities are removed, malicious intruders have been locked out and attacks that exploit those vulnerabilities are prevented.
Security appliances encase the security software inside a box with an already-hardened operating system. They typically sit inside the firewall and are dedicated to “scanning” (or “auditing”) the network for vulnerabilities. The best equipment operates in the background without interfering with network performance, and does not care which operating systems the network has.

The appliance should have a schedule of when to scan or audit the network and adhere to that schedule without regular manual input. It should produce reports about vulnerabilities on systems and provide instructions or code for remediation of those vulnerabilities.
The appliance should both monitor existing network assets, whether they are wired or wireless, and dynamically detect new equipment as soon as it is connected. Once the appliance detects a new system or device, it should scan or audit that system as soon as possible for CVEs that a hacker could exploit. It should also send an alert to the IT manager responsible for the network.
If the new device has any vulnerabilities, the security appliance should then be able to integrate with the firewall to block traffic to and from the new equipment (effectively quarantining it) until it has been deemed a “friendly” associate system and meets security policy guidelines. Ideally, the scan or audit of a new system should take place in a timely fashion, before the equipment has had a chance to allow a malicious intruder onto the network. Many security appliances develop reports on existing vulnerabilities; the best also offer information on ways to quickly remediate those vulnerabilities.

The security appliance should also detect when an existing asset goes down or becomes non-communicative. That functionality gives the IT manager complete control over network security, even knowledge of when a system might have been removed from the network, possibly in violation of security policy.

Complete IT security means being able to integrate information about the asset with security details. Who uses the machine? Where is it located? What is its operating system? What other software is installed on it? When was the last time it was audited? Does it have vulnerabilities?
What if the machine is removed from the network? The IT manager needs to know where that machine is at all times and the status of not only its vulnerabilities, but every aspect of the system that relates to security. For this reason, a security appliance that tracks assets also enhances network security.

A QuickStart Guide to Proactive Network Security

2005-09-20T10:06:00.000-04:00

A guide to proactive network security By Gary S. Miliefsky

Commentary--Behind our daily barrage of hacker attacks, announcements of new viruses and worms, and frequent risk of downtime is an opportunity. This is your opportunity to step away from the noise, for a moment, and take steps to build a more proactive network security model for your organization.

Countermeasures like firewalls or anti-anything (antivirus, anti-spam, anti-spyware, etc.) are all reactive security tools. They are necessary countermeasures and a part of a comprehensive security system, but you must also take action, be proactive, to ensure the highest level of network security. Daily vigilance is key. But it's nearly impossible to watch your network all the time.

Before you pursue proactive network security, you need to understand the commonly used four pillars of network security. These pillars are firewalls, VPNs, antivirus software, and intrusion detection systems (IDS). Firewalls inspect packets and attempt to block bad packets, but they cannot recognize an attack or may block legitimate access. VPNs create secure tunnels between insecure computers, but they don't protect network assets. Antivirus has its role and, vital as it is, it cannot close the vulnerabilities that would prevent an attack. Finally, intrusion detection systems (IDS) are purely reactive, dealing with an attack after it has occurred.

While these four pillars of network security are critical to your organization, the fact is, a single enterprise can spend thousands on firewalls, VPNs, antivirus and IDS systems, while the real network security culprits, "Common Vulnerabilities and Exposures" (CVEs), go largely undetected. CVEs are essentially holes in applications that can be attacked by hackers and cyber terrorists to steal information or bring down networks. CVEs are a real problem and according to the 2004 E-Crime Survey are the systemic cause of over 90 percent of all network security breaches.

Proactive network security is the act of managing the four pillars of network security so that you get the most performance from them while at the same time augmenting your system with a vulnerability management system. A more effective firewall is going to block the right traffic. A more effective antivirus program is going to have less work to do, because viruses will have fewer opportunities to attack your systems. The IDS will become a backup system, rarely forced to sound an alarm that someone has actually gotten past your secure threshold. But preventing the attack with a vulnerability management system to eliminate CVEs is the most important component.

Why? According to the same survey 95 percent of all security breaches result from known vulnerabilities and misconfigurations. In reality, it just plain makes more sense to lock the doors and keep intruders out than to solve the problems after intruders have already broken in. You wouldn’t leave your house unlocked, so why leave your network unlocked?
Achieving proactive network securitySo as an organization how can you protect your network? There are many simple steps you can take to proactively secure your network. First you should develop a security policy and force folks to adhere to it. To do this, you should lock down all mobile devices and turn on wireless encryption to utilize inherent security technology. Patching your wireless router is critical and you should work with your firewall to ensure it is secure. Then move onto common vulnerabilities ensuring you know which vulnerabilities exist on your network and closing them immediately so that hackers can’t access your business critical information or take down your network preventing you from doing business. Detail of these steps is below:

Develop a security policy
Good network security always starts with a living security policy. Even if it is one page, it should be an outline of security practices that every executive in the organization agrees to live by. Basic rules should include guidelines for everything from user access and passwords to business continuity planning and disaster recovery planning (BCP and DRP). For example, you should have policies in place for backing up financials and confidential customer records as well as mirroring systems to be better prepared, proactively, in the event of a disaster. In some cases, your BCP and DRP may even require a 'cold’ or 'warm’ site where you can quickly relocate your staff to continue operations after a disaster or terrorist attack. Implementing a corporate security policy is the first step in achieving proactive network security.

Reduce violations of security policy
Violations of good security policy that commonly occur in wired systems as well as on laptops and wireless devices are a lack of antivirus software, no firewall, peer to peer programs installed (such as Kazaa, Napster, or Gnutella), and instant messaging all capable of creating security holes. You need to install antivirus, turn on the built-in firewall in Windows XP or purchase and install a commercial grade desktop firewall and be sure to remove peer-to-peer programs and instant messaging software.

Lock down mobile devices
One of the greatest threats to security is laptops and other mobile devices that need and deserve legitimate access to your network, but often pose a threat to that network because of the very characteristic that gives them value--¬their mobility, which allows them to plug in to other networks and be exposed to threats. Wireless devices fall into the same category as laptops.

According to Forrester Research, there will be 35 million remote users by 2005 and 15 billion devices on the Internet by 2010. You don’t have to be a mathematician to see that the numbers indicate multitudes of possible interconnection paths will exist, increasing the magnitude of a potential attack. And every system is potentially susceptible to access by unauthorized individuals.

You need to lock down your network by having a policy and systems in place that quickly determine that mobile devices have plugged in, then audit those devices for violations of the security policy and known vulnerabilities as soon as possible.

Turn on wireless encryptionOn wireless systems, Wireless Encryption (WEP) should be turned on and set at the highest level. Administrative username and passwords need to be changed immediately and frequently. However, even this may not be enough to stop hackers and cyber hijackers from breaking into your physical LAN through the wireless router. The reason is that there are specific CVEs in most wireless routers that have not yet been fixed. Good hackers can download free tools to take advantage of these weak spots and break through your security.
Patch your wireless router, use its firewallAnother strong recommendation would be to get the latest patch or firmware upgrade for your wireless router and, if you can buy one that comes with a built-in firewall, learn how to use it and properly configure it. You can also limit the number of users allowed in through your wireless router at any one time. If you have only a few employees, why leave it set at the default (which might be unlimited)? Set it to as low a number as possible so that only your staff should have access.

Work with your firewallAlthough firewalls are not going to implement proactive security for you, they can certainly be employed in the best ways possible to do their part. You should have intelligent firewall rules that help close traffic to potentially vulnerable ports. For instance, Port 1045 was (and still is) used by the SASSER worm, so you should be sure to have a firewall rule that closes traffic to that port on all systems. It also needs to be a dynamic rule that closes traffic to that port on laptops and wireless devices when they plug in.

Download/Install commercial grade security toolsThere are many free tools available for download that can help you secure your network. They range from policy templates to antivirus scanning and anti-spyware. Microsoft also offers vulnerability management updates. All of these tools can be an effective augmentation to your existing security measures and should be utilized to their fullest extent.

Disable potentially exploitable objectsA "Browser Helper Object" is utilized by browser developers to do things like monitor page navigation and monitor and control file downloading. These BHOs are often installed on your system without your knowledge and because they pull information from the outside onto your computer, they are a threat to your security. Some companies go out of their way to hide the presence of the spyware BHOs that they install. They go so far as to find ways around the most popular detection tools by changing their product regularly just enough to avoid detection until the next version of the detection software comes out. To see all BHOs you have installed on your machine right now, you can install BHODemon from Definitive Solutions.

The ADODB stream object is the engine that allows BHOs to work with Internet Explorer. You should disable the ADODB stream object to stop BHOs from being able to write files, run programs, and take virtually any action on your host. To disable the engine, visit http://support.microsoft.com/default.aspx?kbid=870669

Keep up with the latest threatsAccording to the Computer Security Institute (CSI), the results of the 2002 CSI/FBI Computer Crime and Security Survey indicate that "the threat from computer crime and other information security breaches continues unabated and the financial toll is mounting." You need to keep up with the latest threats to networks to keep your business safe. They are posted in many places on the web, starting with www.us-cert.gov and www.sans.org.

Close known vulnerabilitiesKnown weaknesses in systems are called Common Vulnerabilities and Exposures (CVEs), compiled and documented by the MITRE organization. These vulnerabilities should be eliminated from every system on your network by applying patches or taking other actions, as required. Technology is available to automatically detect and eliminate CVEs. More information is detailed at the cve.mitre.org web site.

In summary, proactive network security for your business starts with good security policies. Next, you need to make sure you take action and implement these policies. Finally, as your business and network are dynamic in nature and ever changing, you need to be one step ahead of the hackers, worms, malicious insiders and cyber terrorists that are lurking around every corner of cyberspace. To do this, you must proactively enforce and update your policies, then make sure you have the proper countermeasures installed and running to thwart their every attempt.

You will never be 100 percent secure, but you will be standing on solid ground.

You can pay for online child porn with ... VISA, ...?

2005-09-14T12:20:00.000-04:00

IF IT&#8217;S not illegal, then it&#8217;s OK. That is the secular, moral relativist approach to life &#8212; which I am attacking in a television... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 12:20:22 PMContent source: http://www.crime-research.org/news/09.14.2005/1490/

False child porn charges lead to a lawsuit

2005-09-14T12:14:00.000-04:00

Brian and Sarah Doom were shocked when police showed up at their Wichita home accusing them of child pornography.

The Dooms had never been in... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 12:14:21 PMContent source: http://www.crime-research.org/news/09.14.2005/1491/

Users beware: pirates nearby

2005-09-14T12:01:00.000-04:00

Naga Jayadev loves the freedom of connecting from a Westport coffeehouse to his corporate office in McLean, Va., using only his laptop computer and a... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 12:01:19 PMContent source: http://www.crime-research.org/news/09.13.2005/1489/

McAfee will protect against worms, spyware, spam

2005-09-14T11:47:00.000-04:00

PR -- McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management,
today announced that it has extended its Deployment Assistance... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:47:18 AMContent source: http://www.crime-research.org/news/09.13.2005/1488/

A critical flaw in Microsoft Windows

2005-09-14T11:34:00.000-04:00

Software giant Microsoft has given advance warning that it is planning to release a patch for a critical flaw in Windows.

Vole is not saying what... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:34:17 AMContent source: http://www.crime-research.org/news/09.12.2005/1487/

A flaw in Firefox

2005-09-14T11:32:00.000-04:00

Firefox is susceptible to a buffer overflow attack that is deemed highly critical.

The flaw was discovered by security expert Tom Ferris and... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:32:16 AMContent source: http://www.crime-research.org/news/09.12.2005/1486/

Beware using cards online

2005-09-14T11:17:00.000-04:00

LONDON (Reuters) - Half of adults used plastic to shop online last year, the UK payments association said on Thursday.

A report published by APACS... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:17:12 AMContent source: http://www.crime-research.org/news/09.11.2005/1485/

Child Porn Arrest,

2005-09-14T11:10:00.000-04:00

The Computer Crimes Section detectives arrested a 45-year-old man on Sept. 2 for possession of child pornography. Suffolk police say Robert Allen of... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:10:07 AMContent source: http://www.crime-research.org/news/09.10.2005/1484/

Former student-hacker sentenced

2005-09-14T11:04:00.000-04:00

Christopher Andrew Phillips was sentenced to five years probation and ordered to pay $170,056 restitution for hacking the computer system at the... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/14/2005 11:04:06 AMContent source: http://www.crime-research.org/news/09.09.2005/1483/

Packet analysis tools and methodology (Part 2)

2005-09-13T16:17:00.000-04:00

In part two of this article series we will learn how to build a powerful analysis suite. Tools covered will be Snort, Snortsnarf, widump, and winpcap. You will also need to install a PERL interpreter, which shall be shown. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 4:17:28 PMContent source: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part2.html

Controlling Windows Services and Service Accounts

2005-09-13T16:09:00.000-04:00

When you install any Windows computer it will immediately be running multiple services. These services provide core operating system and tool functionality to the computer. In addition to these core services, you might also be running more services due to installed applications. There are a slew of Microsoft products, as well as other third party products, that install services on your computer. Examples includes Exchange, SQL, SMS, backup programs, and enterprise management applications. Since many attackers can exploit services that are running, you will want to protect the services that must run and disable all services that are not required. We will talk about the management of services to protect your computers. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 4:09:27 PMContent source: http://www.WindowSecurity.com/articles/Controlling-Windows-Services-Service-Accounts.html

How to Use Microsoft's Shared Computer Toolkit

2005-09-13T15:56:00.000-04:00

The Shared Computer Toolkit for Windows was designed to help administrators better manage and secure public computers, such as those in kiosks, libraries, Internet cafes, schools, etc. But the toolkit is useful for any situation in which multiple persons use the same computer, including family computing and small business offices where several employees must use the same machine. This article shows you how to get and use the toolkit, which is in beta testing at the time of this writing. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 3:56:26 PMContent source: http://www.WindowSecurity.com/articles/Microsoft-Shared-Computer-Toolkit.html

Pushing Out Security Settings that are Configured in the Registry

2005-09-13T15:43:00.000-04:00

Each passing day proves that security of the corporate infrastructure and the computers that live in them is extremely important. There are spyware applications, virus checkers, Group Policy extensions, network scanners and more that are installed to check, verify and protect our computers. In the long run, even the most sophisticated protection mechanism can't protect a computer that is not configured properly to protect itself. For these computers you typically need to manually configure Registry settings that will increase the baseline security of that computer. This article will discuss how to most efficiently configure Registry settings to help improve security on all computers on the network. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 3:43:25 PMContent source: http://www.WindowSecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html

Packet analysis tools and methodology (Part 1)

2005-09-13T15:34:00.000-04:00

There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 3:34:24 PMContent source: http://www.WindowSecurity.com/articles/Packet-analysis-tools-methodology-Part1.html

Product-based Security vs. Service-based Security

2005-09-13T15:21:00.000-04:00

Security vendors today can follow either of two different models: they can sell a product (a firewall, an encryption program, etc.) that your company pays for upfront, or they can sell a service that incurs an ongoing fee. In some cases, they can combine the two: an antivirus program or anti-spyware appliance that requires an update service to function properly. The current trend seems to be away from the standalone product model and toward the service model. In this article, we examine the advantages and disadvantages of both. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 3:21:23 PMContent source: http://www.WindowSecurity.com/articles/Product-based-Security-Service-based-Security.html

Ideal-to-Realized Security Assurance In Cryptographic Keys (Part 2)

2005-09-13T15:06:00.000-04:00

In the final installment of this two-part series, we'll cover two closely related collision attacks - the birthday attack and the meet-in-the-middle attack. We'll conclude by emphasizing the importance of simplicity through conservatism, and establishing a "golden rule" for instantiating the lengths of many cryptographic values. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 3:06:22 PMContent source: http://www.WindowSecurity.com/articles/Ideal-to-Realized-Security-Assurance-Cryptographic-Keys-Part2.html

Implementing Principle of Least Privilege

2005-09-13T14:57:00.000-04:00

The Principle of Least Privilege is not a new concept, but the push to implement it on production networks has never been so important. This article will go over some of the most common configurations that you can make to implement these principles and reduce the possibility of an attack from a typical end user. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:57:18 PMContent source: http://www.WindowSecurity.com/articles/Implementing-Principle-Least-Privilege.html

NEW 'OFF THE HOOK' ONLINE

2005-09-13T14:47:00.000-04:00

The Summer 2005 issue of 2600 is now out and should be available at stores everywhere in the near future or immediate present. If you're a subscriber, it should be in your hands at this very moment or really soon. More details are available here. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:47:17 PMContent source: http://www.2600.com/news/view/article/2374

NEW 'OFF THE WALL' ONLINE

2005-09-13T14:39:00.000-04:00

Due to WBAI and Pacifica national coverage of this week's
AFL-CIO
convention, Off the Hook will not be airing this week. We
will return the following Wednesday, August 3rd. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:39:16 PMContent source: http://www.2600.com/news/view/article/2370

SUMMER ISSUE OF 2600 RELEASED

2005-09-13T14:29:00.000-04:00

We're already preparing for the next Hackers On Planet Earth conference which will be taking place next year in New York City. "Hope Number Six" will be happening on July 21, 22, and 23, 2006 at the Hotel Pennsylvania. Keep checking back for many more details in the months ahead. For now though, please help us spread the word! more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:29:15 PMContent source: http://www.2600.com/news/view/article/2291

'OFF THE HOOK' PREEMPTED THIS WEEK

2005-09-13T14:26:00.000-04:00

In a followup to a story we reported
earlier, we've received word that organizers of this summer's What the Hack conference have
successfully completed negotiations with the municipality of Boxtel
and received a permit for the event. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:26:08 PMContent source: http://www.2600.com/news/view/article/2287

DATES FOR NEXT HOPE CONFERENCE ANNOUNCED

2005-09-13T14:25:00.003-04:00

As planning for this summer's Dutch hacker conference What The Hack gets underway, a
bit of opposition has appeared as the municipality in which the
conference will take place has denied the organizers an important
permit. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:25:57 PMContent source: http://www.2600.com/news/view/article/2276

DIFFICULTIES RESOLVED: WHAT THE HACK CONFERENCE RECEIVES PERMIT

2005-09-13T14:25:00.002-04:00

The Spring 2005 issue of 2600 is now out and available at stores everywhere. If you're a subscriber, it should be in your hands very soon if not already. With this year, we add four new pages including a new hacker puzzle section. More details are available here. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:25:50 PMContent source: http://www.2600.com/news/view/article/2265

SPRING ISSUE OF 2600 RELEASED

2005-09-13T14:25:00.001-04:00

"What The Hack" is this year's international hacker get-together taking place in the Netherlands. Planning for the outdoor conference, scheduled for July 28-31, is well underway. The deadline for talk proposals is this coming Sunday, May 1st. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:25:28 PMContent source: http://www.2600.com/news/view/article/2230

"WHAT THE HACK" SUBMISSION DEADLINE APPROACHES

2005-09-13T14:25:00.000-04:00

"What The Hack" is this year's international hacker get-together taking place in the Netherlands. Planning for the outdoor conference, scheduled for July 28-31, is well underway. The deadline for talk proposals is this coming Sunday, May 1st. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:25:05 PMContent source: http://www.2600.com/news/view/article/2220

Sophos Anti-Virus IDE alert: W32/Antiman-A

2005-09-13T14:24:00.000-04:00

Name: W32/Antiman-A
Aliases: Email-Worm.Win32.Antiman.a
Type: Win32 worm
Date: 26 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:24:16 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/sophos_antiviru_315.html

Sophos Anti-Virus IDE alert: W32/Mytob-AJ

2005-09-13T14:23:00.000-04:00

Name: W32/Mytob-AJ
Type: Win32 worm
Date: 26 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received no reports from
users affected by this worm. However, we have issued this
advisory following enquiries to our support department from
customers. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 2:23:50 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/sophos_antiviru_314.html

Microsoft gives details on Windows release

2005-09-13T12:56:00.000-04:00

APR. 25 9:03 A.M. ET Microsoft Corp.'s plan to hardwire computer security into a silicon chip rather than relying on software alone will make its debut in the next release of the Windows PC operating system that will ship late next year.

The technology, to be described by Microsoft Chairman Bill Gates during a speech in Seattle on Monday, will protect the startup of PCs equipped with a security chip and ensure that sensitive files aren't accessible when someone tries to boot the computer using a portable hard drive or floppy disk.

Gates also was expected to showcase other features of the frequently delayed operating system code-named Longhorn, including improved graphics that support see-through windows, better ways to visualize data, more sensible file organization and faster searching. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:56:31 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/microsoft_gives.html

Viruses invade cellphones! 7 ways to be safe

2005-09-13T12:51:00.000-04:00

Mobile phone users, beware! The viruses that attack cell phones are on the loose and may be heading for your phone this very moment.

A recent report from anti-virus and Internet security software firm Trend Micro's TrendLabs indicates that mobile malwares have not only advanced at a surprising rate in the last three months in terms of technology and range of infection, but most users have found them very difficult to remove.

Trend Micro warns mobile phone users to handle these new mobile threats carefully, as they can cause failure in phone files, contact lists, messages, pictures and even basic phone operations.

Although, says Trend Micro, the impact caused by current mobile malware is limited as yet, the emerging threat is quite likely to become a real nightmare for mobile devices users sooner than later.

What is most disturbing is that these malware have adapted more and more sophisticated technology to spread and infect mobile devices.

Crash, programme termination, wireless attack, data theft -- these are terms often associated with computer viruses. But now mobile malwares are growing, and can even infect mobile phones and computers at the same time.

TrendLabs discovered in June 2004 that mobile phones are not immune to attacks by malware programmes. The first mobile phone malware, Symbos_Cabir.A spread only via Bluetooth-enabled devices, but this proof-of-concept worm failed to enter the mainstream. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:51:30 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/viruses_invade.html

Trend Micro customers suffer weekend mayhem

2005-09-13T12:45:00.000-04:00

Update: IT workers are furious after working through the weekend to solve a problem caused by Trend Micro, which denies that a virus was to blame. But will customers get compensation?

Trend Micro apologised on Monday for distributing a faulty software update that caused IT workers around the world to spend the weekend fixing their systems.

The Japan-based antivirus company has promised to compensate customers whose computers running Windows XP SP2 were disabled by the update. The company said the update was only available for ninety minutes and caused "certain performance issues" with CPUs, but IT managers are furious.

"This damn update took down virtually all 1,500 of our Windows XP SP2 PCs and required many hours of work to resolve," said one angry reader in an email sent to ZDNet UK. "The machines were rendered inoperable once this signature hit, and required many of us to work through Friday night. Our entire IT staff had to come in on Saturday to attempt to fix this disaster."

"How in the world could Trend [Micro] release a signature file that disables all Windows XP SP2 machines? Why didn't [they] test this signature before it got released? I cannot believe that Trend Micro has no XP SP2 machines to test on before they release patches, and if they don't they better get some ASAP. If this happens again, I can assure you that we will be finding a new antivirus vendor for our organization," he added. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:45:26 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/trend_micro_cus.html

Sophos Anti-Virus IDE alert: W32/Sdbot-ZC

2005-09-13T12:42:00.000-04:00

Name: W32/Sdbot-ZC
Type: Win32 worm
Date: 25 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:42:24 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/sophos_antiviru_313.html

Pattern File Causes High CPU Usage

2005-09-13T12:41:00.000-04:00

Urgent Notification - Trend Micro Pattern File 2.594.00 Causes High CPU Utilization

On April 22, 2005 at approximately 3:30 pm Pacific (11:30pm GMT) Trend Micro posted
a pattern file (2.594.00) which had the potential to interact with certain computing
configurations and cause computer performance issues for some users of PC-cillin,
OfficeScan (including the OfficeScan component of Client/Server Suite for SMB
and Client/Server/Messaging Suite for SMB), and ServerProtect for NT.

This specific pattern file was only available during an approximately 90-minute time
window. Trend Micro removed the pattern file from our Web sites and Active Update servers at 5:02pm
(1:02am GMT), and immediately took steps to post a new pattern file. Subsequent
pattern files do not cause these issues.

For any customers experiencing instability, Trend Micro has provided a set of
solutions which can be found under the Support section of Trend Micro‚s Web site at:

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCTQTVuHptxihjlHnLuuHQJhuV2VR

Additionally, Trend Micro has extended support hours especially to help those
customers who were affected by this issue. Further information, instructions, and
details can also be found on the Trend Micro Web site at:

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCTQTVuHptxihjlHnLuuHQJhuV2VS more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:41:23 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/pattern_file_ca.html

Sophos Anti-Virus IDE alert: W32/Sdbot-WM

2005-09-13T12:32:00.000-04:00

Name: W32/Sdbot-WM
Aliases: Backdoor.Win32.SdBot.un
Type: Win32 worm
Date: 25 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received a small number of
reports of this worm from the wild.

Note: The IDE issued for W32/Sdbot-WM at 29 March 2005 13:16:33
(GMT) also contained detection for Troj/Zapchas-F, Troj/Small-DV
and Troj/Servu-AR. This IDE has now been updated to enhance
detection of Troj/Zapchas-F. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:32:22 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/sophos_antiviru_312.html

New AVG Anti-Virus 7.0 Update - AVI 266.10.3

2005-09-13T12:29:00.000-04:00

--- AVG Anti-Virus Update ---
(4/25/2005)

** AVG Anti-Virus 7.0 **

--- information about Update ---

Update Summary:

- added new variants of I-Worm/Bagle, I-Worm/Mytob, Worm/Agobot more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:29:18 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/new_avg_antivir_40.html

Sophos Anti-Virus IDE alert: W32/Mytob-AI

2005-09-13T12:24:00.000-04:00

Name: W32/Mytob-AI
Type: Win32 worm
Date: 25 April 2005

A virus identity (IDE) file which provides protection is
available now from the Sophos website, and will be incorporated
into the June 2005 (3.94) release of Sophos Anti-Virus.

Customers using EM Library, PureMessage or any of our Sophos
small business solutions will be automatically protected at
their next scheduled update.

At the time of writing, Sophos has received no reports from
users affected by this worm. However, we have issued this
advisory following enquiries to our support department from
customers. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:24:14 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/sophos_antiviru_311.html

Oxygen3 24h-365d [Execution of remote code through Acrobat Reader - 4/25/05]

2005-09-13T12:19:00.000-04:00

Execution of remote code through Acrobat Reader - Oxygen3 24h-365d, by Panda Software

Madrid, April 25, 2005 - Security Tracker has reported, at http://www.securitytracker.com/alerts/2005/Apr/1013774.html,a vulnerability in the well-known PDF reader, Adobe Acrobat Reader. This vulnerability could allow a remote user to run arbitrary code.

To do this, the remote user would need to create a specially crafted PDF file that, when loaded by Acrobat Reader, will trigger an Invalid-ID-Handle-Error in 'AcroRd32.exe'. Values supplied by the attacker could be written to certain memory locations and potentially executed.

As the problem has been reported recently, Adobe has not yet published an update. For this reason, users are advised to be careful with PDF files downloaded from dubious websites and to update the PDF reader as soon as Adobe releases the update. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:19:13 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/oxygen3_24h365d_177.html

Intoto brings out security software

2005-09-13T12:14:00.000-04:00

HYDERABAD: Intoto, a leading provider of network-centric secure gateway software for networking and communications Original Equipment Manufacturers (OEMs), has announced the availability of multi-service security software platforms for Small to Medium En terprise (SME) gateway application with a market size of $16 billion by 2008.

The new iGateway software integrates Secure Socket Layer-VPN, anti-virus (AV) and anti-spam (AS) functionality, to enhance its existing firewall, intrusion prevention and Web filtering solutions for improved secure access, threat management and productiv ity assurance.

The new multi-service security software platforms allow OEMs to deliver integrated security appliances and converged business gateways, two of the most rapidly growing networking product segments.

Integrated security appliances offer an assortment of security capabilities in a single box including firewall and VPN, intrusion detection and prevention, and anti-virus. Some products may also include content filtering, anti-spam, and anti-spyware.

The software meets the security requirements for applications such as unified threat management appliances, security appliances, security routers, secure WLAN AP and switches, and VoIP IADs. iGateway more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:14:04 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/intoto_brings_o.html

What I Learned In Teaching Computer Security, Privacy, and Politics to a General Audience

2005-09-13T12:07:00.000-04:00

Hard to believe, I am almost finished with teaching a full college course (one semester) --my course at Tufts University entitled "Security, Privacy, and Politics in the Computer Age," offered by the Experimental College. It has certainly been an exhilerating few months, but it has been a very rewarding, memorable, and flattering experience.

So what did I learn from teaching computer security, politics, and privacy to a group of twenty, mainly non-technical, college students? Here are some of my thoughts in a nutshell:

* It is difficult to balance technical and non-technical information. Many students know what spyware and computer viruses are, but the technical workings of them are complicated. If you delve into complexities such as the operating system or the kernel, the students will be lost. I also recall making my cryptography lecture too simplistic, and I saw many students fall asleep.

* Few have knowledge about open source software, and alternatives to popular software packages. It is important to discuss the software life-cycle development process early in the semester because it will provide students insights on where a lot of the problems come from. One of the first comments from students that stuck me was that many have never heard of open source software, nor have they heard of alternatives to popular software packages such as GIMP, GAIM, and yes, even Firefox. As much as the technical community read and speak about OSS, the general public still don't understand it.

* Few have used Unix or Linux. Unix and Linux are sometimes dubbed as the "the most important operating systems you may never use," and I found this quite true. That is why I distributed free copies of Knoppix to students, and used it for my lectures on occasion.
more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 12:07:56 PMContent source: http://www.antivirus-solutions.com/archives/2005/04/what_i_learned.html

Trojan horses take aim at Symbian cell phones

2005-09-13T11:59:00.000-04:00

The recent discovery of a large number of malicious mobile phone programs should raise concerns throughout the wireless industry, according to a virus tracker.

Cell phone antivirus software company SimWorks reported Wednesday that 52 new Trojan horses are hidden inside several different cell phones games and other readily available mobile phone software. While the software appears to be safe to share or use, the Trojans actually contain malicious software that crashes many critical cell phone system components.

The Trojan horses target only cell phones that use Symbian, an advanced, or "smart phone," operating system that competes with similar software from Microsoft to bring PC-like capabilities to phones. To date, no phones have been affected, according to Aaron Davidson, chief executive officer of SimWorks.

Smart phones continue to represent just a tiny percentage of overall cell phones sold. But many analysts and cell phone industry insiders say that as these advanced operating systems become more common over the next decade, cell phone viruses will become more widespread as well.

While the damage is negligible so far, the recent warnings from SimWorks and security specialist F-Secure are raising alarm bells in the wireless industry. The latest report brings the total number of known Symbian Trojan horses to more than 100. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:59:36 AMContent source: http://www.antivirus-solutions.com/archives/2005/04/trojan_horses_t.html

Users beware: pirates nearby

2005-09-13T11:54:00.000-04:00

Naga Jayadev loves the freedom of connecting from a Westport coffeehouse to his corporate office in McLean, Va., using only his laptop computer and a... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:54:35 AMContent source: http://www.crime-research.org/news/09.13.2005/1489/

McAfee will protect against worms, spyware, spam

2005-09-13T11:44:00.000-04:00

PR -- McAfee, Inc., the leader in Intrusion Prevention and Security Risk Management,
today announced that it has extended its Deployment Assistance... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:44:34 AMContent source: http://www.crime-research.org/news/09.13.2005/1488/

A critical flaw in Microsoft Windows

2005-09-13T11:30:00.000-04:00

Software giant Microsoft has given advance warning that it is planning to release a patch for a critical flaw in Windows.

Vole is not saying what... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:30:33 AMContent source: http://www.crime-research.org/news/09.12.2005/1487/

A flaw in Firefox

2005-09-13T11:29:00.000-04:00

Firefox is susceptible to a buffer overflow attack that is deemed highly critical.

The flaw was discovered by security expert Tom Ferris and... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:29:32 AMContent source: http://www.crime-research.org/news/09.12.2005/1486/

Beware using cards online

2005-09-13T11:28:00.000-04:00

LONDON (Reuters) - Half of adults used plastic to shop online last year, the UK payments association said on Thursday.

A report published by APACS... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:28:30 AMContent source: http://www.crime-research.org/news/09.11.2005/1485/

Child Porn Arrest,

2005-09-13T11:20:00.000-04:00

The Computer Crimes Section detectives arrested a 45-year-old man on Sept. 2 for possession of child pornography. Suffolk police say Robert Allen of... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:20:29 AMContent source: http://www.crime-research.org/news/09.10.2005/1484/

Former student-hacker sentenced

2005-09-13T11:16:00.000-04:00

Christopher Andrew Phillips was sentenced to five years probation and ordered to pay $170,056 restitution for hacking the computer system at the... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:16:28 AMContent source: http://www.crime-research.org/news/09.09.2005/1483/

IT criminalysts meet for forum, cybercrime

2005-09-13T11:03:00.000-04:00

Forensic experts and senior police officers from around the world are gathering in Dublin today for a conference on tackling serious crime.

Around... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 11:03:21 AMContent source: http://www.crime-research.org/news/09.09.2005/1482/

Fears over e-banking in UK, research

2005-09-13T10:51:00.000-04:00

A recent study by analyst Forrester Research has unearthed conflicting views about the safety or otherwise of online banking. The survey of 11,300 UK... more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/13/2005 10:51:17 AMContent source: http://www.crime-research.org/news/09.08.2005/1481/