According to an article in USA Today, a new Ponemon Institute poll of 591 technology managers shows that 83% indicated their organization has been a recent target of advanced threats while 81% felt that senior execs lacked awareness of the seriousness of advanced threats. Our experience confirms the validity of these statistics. The cybercrime problem is only going to get worse as more and more small and medium size businesses fall victim to online bank fraud.
The biggest challenge we see is helping the men and women who have to dedicate resources (people or money) understand (1) why they need to improve the security of their information systems, (2) the basic steps involved in improving systems security, and (3) the ancillary competitive benefits they can get from improved information systems security management.
It’s to meet this challenge that we in the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) have embarked on an aggressive Community Outreach Program. Our objective is nothing less than to raise information security awareness throughout the Los Angeles community. This is the most important thing we can do to help our community protect itself from the scourge of cybercrime. Having successfully concluded our 2nd Annual Information Security Summit we know the time is right to bring the community together around this problem and we are dedicated to doing so.
KrebsOnSecurity.com reports “Adobe Systems Inc. is urging users to update installations of Adobe Reader and Acrobat to fix a critical flaw that attackers have been exploiting to break into vulnerable systems. … The update brings Adobe Acrobat and Reader to version 9.3.3 (another update for the older 8.2 line of both products brings the latest version to v. 8.2.3). Patches are available for Windows, Mac, Linux and Solaris versions of these programs. Adobe’s advisory for this update is here, and the Reader update is available from this link — or by opening the program and clicking “Help” and “Check for Updates.” If you download the update from the Adobe Reader homepage, you’ll end up with a bunch of other stuff you probably don’t want.”
Users discouraged by the ongoing discovery of critical vulnerabilities in Acrobat Reader may want to consider switching to other free PDF readers may be less of a target for malicious hackers. Examples of other free PDF readers include Foxit Reader, Nitro PDF Reader, and Sumatra.
darkReading reports that “the White House has outlined a national strategy for trusted digital identities that could ultimately eliminate the username-and-password model and lay the groundwork for a nationwide federated identity infrastructure. …Howard Schmidt, cybersecurity coordinator and special assistant to the president, unveiled the administration’s strategy for what he called an identity “ecosystem” for users and organizations to conduct online transactions securely and privately such that identities of all parties are trusted.
“For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers — both public and private — to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.),” Schmidt blogged late last week.”
From Computing Now’s Website: Gary McGraw talks with Richard A. Clarke. Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. Gary and Richard discuss what needs to change in order for the United States to focus more attention on defense against cyber war (as opposed to offense). They also discuss the importance of software security in preventing cyber crime and cyber war, network scanning as a part of Dick’s “Defensive Triad,” and balancing cybersecurity against individual liberty.
Thanks to John Cosgrove for this story.
KrebsOnSecurity reports “Mozilla has shipped a new version of Firefox that corrects a number of vulnerabilities in the browser. … Firefox version 3.6.4 addresses seven security holes ranging from lesser bugs to critical flaws. Mozilla says this latest version of Firefox also does a better job of handling plugin crashes, so that if a plugin causes problems when the user browses a site, Firefox will simply let the plugin crash instead of tying up the entire browser process. Firefox should auto-update (usually on your next restart of the browser), but you can force an update check by clicking “Help,” and then “Check for Updates” (when I did this, I noticed that in its place was the “Apply Downloaded Update Now,” option, indicating that Firefox had already fetched this upgrade.)”
According to Krebs, “Mozilla also shipped, 3.5.10, an update that fixes at least nine security vulnerabilities in its 3.5.x line of Firefox. The software maker will only continue to support this version of Firefox for another couple of months, so if you’re on the 3.5.x line, you might consider upgrading soon.”
Krebs reports that a new version of Opera is also available that fixes at least five security flaws in the software. Opera’s update brings the browser to version 10.54. Opera is urging users to upgrade to the latest version, available here.