___________________________________________________________
Computerworld's Security Newsletter
May 4, 2007
___________________________________________________________
In This Issue
-----------------
1. Editor's Note - By David Ramel - There is no wireless security threat
2. Top Story - Trojan horse impersonates Windows activation to snatch credit
card numbers
3. Spammers use fresh technique to evade filters
4. Microsoft pencils in seven bug fixes for next week
5. Privacy groups renew push against Real ID bill
6. Florida to dump touch-screen e-voting systems
Manage Your Newsletter Subscription:
http://www.computerworld.com/action/member.do?command=newsletterLogin
********************** Advertisement ***********************
Title: Client Side Attacks: Your Weakest Security Link
Download this webcast and learn what you can do to proactively identify, expose
and protect your organization from human vulnerabilities within your
organization.
http://cwflyris.computerworld.com/t/1516096/114916/62205/0/
************************************************************
1. Editor's Note - By David Ramel - There is no wireless security threat
I've maintained for a while that
(http://cwflyris.computerworld.com/t/1516096/114916/62206/2/) *there is no big
wireless security problem.* I mean, no one is likely to camp out in your
parking lot and sniff packets to find a login and password and then romp around
in your network in hopes of finding something valuable. That's so 5 years ago.
And why should they, when they can just waltz in to your office and pick up a
laptop. Look at the news - it's all about data breaches, lost laptops, careless
users.
(http://cwflyris.computerworld.com/t/1516096/114916/62207/2/) *War driving is
done.*
What network admin in this day and age is going to set up a wireless network
without turning on WPA and changing some defaults, which stops 99% of hackers
in their tracks?
But take another look at the news. What's the big story on every IT site? "How
to secure your wireless network" in dozens of permutations, regurgitated again
and again. Hey, we do it too. And the thing is, the stories usually do pretty
well, click-wise.
We should get off the wireless wagon and focus on physical security, policies
to govern information dissemination -- who is allowed to access and where they
are allowed to take it. And encryption of data. And locating lost laptops and
wiping their data clean if they can't be recovered. And fighting Trojans and
bots and the Web site exploit of the week and all the other more imminent
threats.
Of course, everyone disagrees with me. They ridicule and chide and scold, but
no one ever seems to come up with the exact techniques a wireless hacker could
use to do some damage. And how many wireless hacks have you heard of lately?
So I'm planning a sound-off article with a co-worker, who is going to argue
against me, taking the side that the wireless threat is indeed as dire as we
make it out to be.
What do you think? Drop me a line.
-- David Ramel
Editor, Computerworld's Security Channel
http://www.computerworld.com/taxonomy/000/000/000/taxonomy_000000017_index.jsp
mailto:[EMAIL PROTECTED]
********************** Other Resources *********************
End users can now be compromised by simply opening a malicious Word, Excel or
PowerPoint document sent via email, or browsing malicious web sites that
exploit vulnerable client-side code. This resource from Computerworld and Core
Security will show you how to proactively identify, expose and protect your
organization from these threats.
http://cwflyris.computerworld.com/t/1516096/114916/61121/0/
Turn Information into Higher Business Performance.
http://cwflyris.computerworld.com/t/1516096/114916/58697/0/
Endpoint Security Virtual Conference: This free Computerworld conference will
focus on strategies for protecting data at the edge of your network. Register
now.
http://cwflyris.computerworld.com/t/1516096/114916/59416/0/
Foundation Repair: The New SSL; A New Model for SSL Certificates and Browser
Trust. Get this white paper now!
http://cwflyris.computerworld.com/t/1516096/114916/61122/0/
************************************************************
2. Top Story: Trojan horse impersonates Windows activation to snatch credit
card numbers
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018645
A Trojan horse making the rounds online poses as a Windows activation program
to dupe XP users into entering credit card information to reanimate their
computers.
3. Spammers use fresh technique to evade filters
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018597
Taking advantage of an inability common to most anti-spam systems, spammers and
malware purveyors are sneaking into e-mail inboxes via encrypted or
password-protected file attachments.
4. Microsoft pencils in seven bug fixes for next week
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018590
Microsoft plans to release seven bug fixes next Tuesday, with expectations
centered around a security update for a DNS server zero-day flaw found in all
editions of the company's server line.
********************** Advertisement ***********************
Survey Says: Small Organizations thinking Big about Disaster and Data
Companies of 10 employees or 10,000 employees face the same challenge day in
and day out: Protect business-critical data. But with smaller companies,
allocating resources to this chore can be taxing. Tune into this on demand
webcast, Survey Says: Small Organizations Thinking Big about Disaster and Data,
to see what some 250 of your small-business peers are doing to ensure 'business
as usual'.
http://cwflyris.computerworld.com/t/1516096/114916/47577/0/
************************************************************
5. Privacy groups renew push against Real ID bill
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018599
Privacy advocates are hoping to muster opposition to the controversial Real ID
bill, which seeks to create a national standard for issuing state drivers'
licenses and other forms of state-issued IDs.
6. Florida to dump touch-screen e-voting systems
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018595
The Florida Legislature today voted to replace nearly all of the state's
touch-screen voting systems with optical scan devices.
********************** Advertisement ***********************
Webcast: Secure Enterprise Search
Computerworld and Oracle invite you to a new on demand webcast on Secure
Enterprise Search. IT must balance how to enable people to find the information
they need to do their work, and at the same time protect the information they
should not access.
See how Oracle Secure Enterprise Search enables organizations to deliver
secure, low-cost, and easy-to-deploy search solutions that eliminate
information overload, and are as easy to use as popular Internet search
engines.
http://cwflyris.computerworld.com/t/1516096/114916/56432/0/
************************************************************
Manage Your Newsletter Subscription
--------------------------------------
You are subscribed to Computerworld's Security Newsletter, whose internal
list name is: computerworld_security.
The e-mail address you are subscribed with is:
archive@mail-archive.com
To unsubscribe, change your preferences or change your e-mail address,
please visit our Web-based subscription center:
http://www.computerworld.com/action/member.do?command=newsletterLogin
If the above URL is not clickable, please copy and paste it to your
Web browser's address field.
Tell a Colleague or Friend About Security Newsletter
-----------------------------------------------------------
Do you know someone who might like this newsletter? Please send a
recommendation, and pass them this convenient subscription link:
http://www.computerworld.com/action/newsletter.do?command=registerNewsletter&newsletterId=1025
Feedback
---------------
To submit feedback about this newsletter, send a message to:
mailto:[EMAIL PROTECTED]
Privacy Policy
-----------------------
Please reivew our privacy policy:
http://www.computerworld.com/action/pages.do?command=viewPage&pagePath=/about_policies
Advertising
-------------------
For information on advertising, contact Sean Weglage:
mailto:[EMAIL PROTECTED]
Try the Other Computerworld Newsletters
------------------------------------------
Did you know Computerworld has more than 45 other e-mail newsletters
that may be of use to you? Please visit the following Web page to
find out more:
http://www.computerworld.com/action/member.do?command=registerNewsletters
Computerworld Inc.
http://www.computerworld.com/
One Speen Street
Framingham MA 01701
Copyright (C) 2007 Computerworld Inc.
