The Almanac: IT Security

Mitch Betts   Today’s Top Stories   or  Other Security Stories  

Lower the Cost and Complexity of a Mobile Workforce through Automation Managing Mobility: Improve Data Security, Compliance and Manageability Managing Secure File Transfer to Save Time, Money and IT Resources Share our Strength Top 10 Things to Know about Data Protection Top 10 Actions a CIO Can Take to Prepare for a Hurricane 8 Questions To Ask About Your Intrusion-Security Solution 8 Questions To Ask About Your Intrusion-Security Solution Computerworld Technology Briefings IT Service Management Sign up to receive Security Resource Alerts

July 14, 2003 (Computerworld) -- Spyware Bots: They're Everywhere

Some of them are innocuous, just tracking Web site visits. But "spyware bots"—software modules deposited onto a PC without the user's knowledge—are the truest form of Trojan horses, says Jim Hurley, an analyst at Aberdeen Group Inc.

Some of these bots are treacherous, he says, capable of hijacking the browser, capturing keystrokes, sniffing passwords, collecting confidential data, piggybacking on telecommunications services and allowing outsiders to take control of the PC.

Spyware makes its way into the bowels of the PC when new software packages are installed or upgraded. In addition, e-mail and Web portals contain self-installing spyware agents, Hurley explains.

Few people know that their PC is riddled with spyware bots, which communicate the information they collect to Web sites. Neither antivirus software nor firewalls can stop them.

Sanitizing hard drives is rarely done.

Resold Hard Drives Yield Private Data

MIT researchers have confirmed that many resold and discarded computers—even those with "erased" hard disks—harbor confidential data such as credit card numbers and medical records that can be readily recovered.

Scavenging through the data left on 158 secondhand disk drives, the researchers found more than 5,000 credit card numbers, as well as detailed personal and corporate records. One disk apparently came from an automated teller machine in Illinois and had a year's worth of financial transactions.

Many of the disk drives had been reformatted, or the My Documents folder had been deleted, but that didn't make the data unreadable. In all, only 12 drives were properly sanitized, the researchers reported in the journal IEEE Security and Privacy.

Patent Watch

• A method for detecting security vulnerabilities in a Web application. Most scanners look for vulnerabilities at the network level, but this one probes for security weaknesses at the application level. —U.S. Patent No. 6,584,569, issued June 24. Inventors: Eran Reshef, Yuval El-Hanany, Gil Raanan and Tom Tsarfati, for Sanctum Ltd. in Herzelia, Israel.

• A "digital persona" for providing access to personal information. An information server stores a person's identifying information and privacy preferences. If another computer requests the personal data, the digital persona server compares the request with the privacy preferences and either approves the release of the data or denies the request if the conditions are unacceptable. —U.S. Patent No. 6,581,059, issued June 17. Inventors: Robert Carl Barrett and Paul Philip Maglio, for IBM.

Unisys Suite DetectsCriminal Patterns

Unisys Corp. recently unveiled the Active Risk Monitoring System (ARMS), software that may help banks spot patterns of seemingly unrelated events that add up to potential fraud, identity theft or money laundering.

Actimize Ltd. in New York provides the underlying analytics technology, which monitors transactions in real time, identifies patterns of suspicious behavior and flags transactions according to predefined criteria.

For example, suppose a criminal uses 30 stolen ATM cards in succession to withdraw $500 each time. None of those transactions taken alone would raise a flag, but ARMS can detect a change in the rate of transactions during a certain time period or spot the increased number of cards that have never been used at that ATM before, Unisys says.

—Paul Roberts, IDG News Service

Security spending can't continue to consume ever-increasing portions of the IT budget. No enterprise can afford to spend more on insurance than on new product development. By 2005, security groups that can't demonstrate security effectiveness metrics will experience flat to declining IT security funding."

—John Pescatore, analyst, Gartner Inc.

Managing Wireless Risks Financial institutions around the world have taken the following steps: 49% have instituted security policies for wireless usage. 41% have scanned their networks to identify rogue wireless networks. 29% have issued guidelines to employees for safer use of Wi-Fi. Base: Survey of corporate security and IT managers at 80 financial services companies worldwide Source: 2003 Global Security Survey by Deloitte Touche Tohmatsu, New York, June 2003

Financial Security The state of IT security at 80 financial institutions around the world: Security is about 6% to 8% of the IT budget in developed countries. 63% currently have or plan to establish in the next two years the position of chief security officer or chief information security officer. 40% have a chief privacy officer, and another 6% intend to appoint one within the next two years. 39% acknowledged that their systems had been compromised in some way within the past year. 24% have cyber risk insurance, and another 5% intend to acquire such coverage. SECURITY TECHNOLOGIES USED Antivirus 96% Virtual private networks 86% Intrusion-detection systems 85% Content filtering/monitoring 77% Public-key infrastructure 45% Smart cards 43% Biometrics 19% Base: Survey of corporate security and IT managers at 80 financial services companies worldwide Source: 2003 Global Security Survey by Deloitte Touche Tohmatsu, New York, June 2003

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Which IT projects are right for the cloud? PC market crash averted, says Gartner Intel: Don't look for one device to do it all More top stories...

iPhone worm steals online bank codes, builds botnet Wipro, other Indian outsourcers expand in the U.S. Top 5 Chrome OS myths debunked

See your link here

Editors' Picks Computerworld's Salary Survey 2009 See results from our survey of more than 5,000 IT pros, and use our Smart Salary Tool to compare your pay with IT workers in similar jobs across the U.S. How to re-energize your weary workforce After weathering layoffs or pay cuts, your IT staffers may need some help getting motivated. Try these strategies for employee renewal. Top 10 free Windows tools for IT pros No Windows geek or PC support pro should be without these must-have utilities -- and they're all free. See more hot topics Get the latest news, features, opinions and more on key technology issues. hot topics Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system. Apple Microsoft Google iPhone Mac A to Z » See more hot topics special report topics View the top-rated IT workplaces. General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list. More Special Reports 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top Green-IT 2009 Top Green-IT 2008 The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones The SAS Zone Software Resource Center Mobile Security Disaster Recovery & Cost Savings Strategic Content Management Business Analytics Zone

• Which IT projects are right for the cloud?
• iPhone worm steals online bank codes, builds botnet
• PC market crash averted, says Gartner
• More top stories