Symantec Launches Online Fraud Protection

Symantec Corp. today announced the availability of Symantec Online Fraud Protection, a comprehensive program that includes Symantec services, education and ongoing monitoring and management capabilities designed to protect businesses that conduct large volumes of financial transactions and their customers from losses due to online fraud.

This offering helps businesses shield their customers from a variety of online threats, including phishing and pharming. By helping their customers safely conduct transactions online, businesses can boost customer loyalty, minimize financial loss and legal exposure, and reduce risks to their corporate brand.

Corporate brand erosion as a result of online fraud is a significant problem facing all organizations that conduct business online. Symantec’s most recent Internet Security Threat Report, Volume XIII released in April 2008 indicates that threats from online fraud continue to plague both enterprise organizations and consumers. In the last six months of 2007, Symantec observed more than 85,000 phishing hosts – computers that can host one or more phishing Web sites – an increase of 167 percent from the first half of 2007.

“Fraud attacks are becoming more sophisticated and are increasingly targeting businesses and customers with devastating effects,” said Rob Enderle, president and principal analyst, Enderle Group. “Organizations generally lack an effective comprehensive approach to mitigating online fraud. In addition, the damage that results from fraud now goes beyond just financial damage to impacting the global brand. This combination should make reducing the related risks a primary business objective.” Leveraging Symantec’s broad footprint and position as a leader in security, Symantec Online Fraud Protection is a flexible program that combines a variety of offerings based on customer need. This offering is also backed by Symantec’s Global Intelligence Network which provides the most comprehensive view of Internet attack activity based on security intelligence data gathered from around the world. Symantec’s Global Intelligence Network includes 11 security response centers that analyze data from more than 2 million email accounts, 120 million systems and more than 40,000 devices in more than 200 countries. Symantec Online Fraud Protection includes:

Read the rest of this story…

Posted in Internet, Privacy, Security, Software | 1 Comment

Cisco alums readying firewall killer

Five former Cisco engineers have co-founded a start-up called Rohati Systems whose products take dead aim at traditional perimeter firewalls.

A traditional firewall and its access control lists “is not capable of doing its job today from an access-control perspective,” says CEO and President Shane Buckley. “Nowadays, your IP address just doesn’t represent who you are.”

Rohati will mark its debut this week with a network-based entitlement control device designed to limit access to applications, such as Microsoft’s SharePoint collaboration suite, based on the user’s authentication.

Called the Transaction Networking System (TNS), the appliance is intended to reside close to the data assets it protects, usually in the data center. It checks whether users should be permitted to access application data stored there based on user credentials that might include Kerberos, VPN SSL or Microsoft authentication protocol NTML.

TNS functions at the application layer to establish Layer 7 access-control lists to limit who has what access to data, Buckley says. Use of the TNS begins by putting the device in monitor mode to let it watch the users accessing the data, capturing all the transactions, such as opening and closing files.

“This way, the appliance is learning all the transactions in the network,” Buckley says. This enables the appliance to build a policy that managers can refine, such as permitting or denying, or allowing reading, writing or deletion.
Now in beta and expected to ship in July, the appliance makes use of the OASIS standard called the eXtensible Access Control Markup Language (XACML) for the data-management policy.

“The appliance has a set of policies on who can have access to what based on directory attributes,” Buckley says, adding that one advantage is that no changes to existing applications or new client software is required. TNS competes most directly with entitlement software from CA, Oracle, IBM Tivoli Software and Securent, which was acquired by Cisco last November for $100 million.

Read the rest of the story…

Posted in Hardware, Internet, Privacy, Security, Software | No Comments

Researchers find new ways of snooping

Researchers have developed techniques for stealing computer data from a computer using some unlikely hacking tools: cameras and telescopes.

In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyse a video of hands typing on a keyboard in order to guess what was being written.

Computer security research tends to focus on the software and hardware inside the PC, but this kind of “side-channel” research, which dates back at least 45 years, looks at the physical environment. Side-channel work in the US was kicked off in 1962 when the US National Security Agency discovered strange surveillance equipment in the concrete ceiling of a US Department of State communications room in Japan and began studying how radiation emitted by communication components could be intercepted.

Much of this work has been top secret, such as the NSA’s Tempest programme. But side-channel hacking has been in the public eye too.

In fact, if you’ve seen the movie “Sneakers,” then the University of California’s work will have a familiar ring. That’s because a minor plot point in this 1992 Robert Redford film about a group of security geeks was the inspiration for their work.

In the movie, Redford’s character, Marty Bishop, tries to steal a password by watching video of his victim, mathematician Gunter Janek, as he enters his password into a computer. “Oh, this is good,” Redford says, “He’s going to type in his password and we’re going to get a clear shot”

Redford’s character never does get his password, but the UC researchers’ Clear Shot tool may give others a fighting chance, according to Marco Cova, a graduate student at the school.

Clear Shot can analyse video of hand movements on a computer keyboard and transcribe them into text. It’s far from perfect – Cova says the software is accurate about 40 percent of the time – but it’s good enough for someone to get the gist of what was being typed.

Read the rest of the story…

Posted in Hardware, Privacy, Security | No Comments

PayPal Single-Use or Multiple-Use Secure Card

For those of you that do not know, Paypal allows their registered users to generate temporary MasterCard credit card numbers on the fly to be used on websites that do not allow secure payment methods such as PayPal or Google Checkout.

When you log into your PayPal account, you should see a Tools box on the left and a link to the PayPal Plug-In.  Click this link.  (no actual “install” required)

Read the rest of this story…

Posted in Internet, Privacy, Security | 3 Comments

Firefox 3 Release Candidate 1 Released

If you are already running a BETA version of Firefox 3 just go to Help > Check for Updates.

Or you can download it and try it here:
http://en-us.www.mozilla.com/en-US/firefox/all-rc.html

Posted in Internet | No Comments