The beta version of a free service has become available to help website owners keep their properties safer. QualysGuard Malware Detection is designed to scan sites for malware infections and other threats, regardless of sites’ size or the site owners’ physical location. Qualys Introduces Malware Scanner For Sites This service is supposed to do everything shy of solve a problem. The process starts with it conducting daily scans. Then, it’ll alert sites’ owners to any issues it uncovers. Finally, it should point out vulnerable snippets of code, making the removal of malware easier. All without delivering false positives. Philippe Courtot, the chairman and CEO of Qualys, explained his company’s motivation for introducing this service by stating, “We created QualysGuard Malware Detection as a way to fight against cybercrime and to make the Web a safer place for everyone.” He then continued, “This is a comprehensive free solution that arms businesses of all sizes to monitor malware threats on their web sites and take steps to remediate vulnerabilities.” Hopefully QualysGuard Malware Detection will live up to its billing. A free way of keeping sites and their visitors safe certainly sounds good, and is bound to become quite popular if it works well.

See the original post:
Qualys Introduces Malware Scanner For Sites

New data from M86 Security corroborates the widely held idea that anti-virus scanners and URL filters won’t save careless Web users. Indeed, the security company estimates that more than half of all threats can evade these two means of detection, leaving people at risk from lots of nasty stuff. M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective M86 Security’s new report, “Closing the Vulnerability Window in Today’s Web Environment,” indicates that anti-virus scanning correctly identifies just 39 percent of Web threats, which isn’t exactly impressive. But the practice of URL filtering fares even worse, detecting just 3 percent of threats. Assuming these figures are accurate, something obviously needs to be done, and it seems that adding a third layer of security may be the trick. Bradley Anstis, the vice president technical strategy at M86 Security, explained in a statement, “To counter the specific cases that we analyzed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice.” This practice achieved a 100 percent success rate in M86 Security’s testing. Although people should of course exhibit caution online no matter how well-protected their computers seem to be.

See more here: 
M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective

Online identity theft might become less of a problem in the future thanks to the efforts of Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton. Today, these organizations announced the formation of the Open Identity Exchange (OIX). OIX is a nonprofit entity meant to make exchanging online identity credentials a more secure process. It’s gotten off to a good start, too, having already been approved as a trust framework provider by the U.S. government. This means that OIX solutions should at some point allow American citizens to access all sorts of vital information on the Web. Drummond Reed, Acting Executive Director of OIX, explained in a statement, “As we roll out progressively stronger levels of certification, this will empower U.S. citizens to access and manage their tax records, Social Security records, veteran’s benefits, and many other government services online.” Also, “OIX is currently working on development of trust frameworks for public media, telecommunications, library services . . . and professional associations.” You may not have to wait long to see these possibilities brought to (figurative) life. In addition to being backed by so many important partners, OIX has received grants from the OpenID Foundation and Information Card Foundation, meaning it’s probably in good financial shape.

Here is the original post:
Open Identity Exchange Launches

Google and the other companies that were affected by Operation Aurora had some commendable security measures in place, according to a new report from McAfee; you might consider them the virtual equivalents of steel doors with reinforced hinges. However, it turned out that the companies might have left their internal safe doors unlocked. McAfee: Intellectual Property Poorly Guarded In Aurora Attacks George Kurtz, McAfee’s CTO, explained late yesterday on the McAfee Security Insights Blog that he discovered some problems with respect to the companies’ source code configuration management systems (SCMs). Enough problems to call them “inherently insecure,” in fact, as he found that attackers were able to “siphon out source code or, worse, modify and add code.” Kurtz then continued, “SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company.” And as you might suppose, leaving one’s intellectual property exposed isn’t the best way to run a business. In response, McAfee is taking a closer look at how SCMs should be secured, and Perforce, which is a popular management system, has been scrutinized in what’s supposed to be the first in a series of white papers. These lessons should benefit a wide range of individuals and companies, considering that many organizations have probably modeled their security systems after what Google, Adobe, Rackspace, and other corporations hit by Operation Aurora have in place. Hopefully an Operation Aurora 2 will become impossible as a result. Or at the least, perhaps some less organized and skilled hackers will be repelled. Meanwhile, efforts to identify the people behind Operation Aurora haven’t progressed much since the last time we discussed them. A security company called Damballa did issue a statement earlier this week alleging that the hackers used a “garden variety botnet” and were “more amateur than average,” but Google has disputed this claim.

Read more from the original source: 
McAfee: Intellectual Property Poorly Guarded In Aurora Attacks

Although the three men believed to be behind the Mariposa botnet were recently identified and arrested by Spanish authorities, it looks like they may avoid serving any jail time for their online trespasses. Spain’s cybercrime laws are quite weak at the moment. Jail Sentences Not Certain For Mariposa Botnet Authors According to Brian Krebs , Captain Cesar Lorenzana, who works for the Spanish Civil Guard, explained that prison sentences typically aren’t associated with deeds committed from behind a keyboard. Plus, some things simply aren’t against the law. “In Spain, it is not a crime to own and operate a botnet or distribute malware,” he said. “So even if we manage to prove they are using a botnet, we will need to prove they also were stealing identities and other things, and that is where our lines of investigation are focusing right now.” Furthermore, Krebs wrote, “[T]he men are all free on their own recognizance. . . . [T]hey are free to hoover up as much stolen data as they please, as the Mariposa working group has not yet been able to shutter the Web sites that served as the repository for personal and financial data stolen from people whose systems were ensnared by the bot.” The good news is that Spain is trying to modernize its laws, so even if the Mariposa’s authors get off this time, they (and/or other cybercriminals) shouldn’t be in the clear forever.

See original here: 
Jail Sentences Not Certain For Mariposa Botnet Authors

Online payment processing firm CyberSource has released it 11th annual Online Fraud Report, which highlights shifts in global online sales and fraud management. Ecommerce Merchants See Drop In Fraud Rates This year’s survey of ecommerce merchants found that among U.S./Canadian merchants accepting international orders, 21 percent of their online orders came from abroad, up 17 percent from the year before and 8 percent in 2005. The steady growth is supported by progress in meeting the increased fraud challenge of international orders, with a 50 percent lower fraud rate and 30 percent lower or rejection rates. “We see this as a meaningful trend in eCommerce - real evidence of increasing globalization,” said Doug Schwegman, CyberSource’s Director, Customer and Market Intelligence. “We think the trend was driven in part by merchants’ needs to find new sources of revenue in a challenged economy, but also by merchants’ growing ability to manage fraud on international orders.” U.S./Canadian merchants say they saw fraud rates (accepted orders that turned out to be fraudulent) on international business drop 50% in 2009-from an average of 4% in 2008 to 2% in 2009 (this compares to 1.2% on orders with domestic origins). International orders that were rejected due to suspicion of fraud dropped 30% in 2009, from 10.9% to 7.7%. “These global numbers may be higher than their domestic equivalents, but clearly, more merchants now feel they have the controls in place to better control the risk,” said Schwegman. The report found 20 percent of U.S. and Canadian merchants that take orders from abroad stopped accepting orders from at least one country due to high fraud levels in 2009. Among that group, half cited Nigeria and 45 percent cited Ghana. Other countries high on the list included Indonesia and Malaysia (30% each), Iran, Pakistan, Romania and Russia (23% each), and China and Vietnam (20% each). The survey also highlighted areas of fraud in North America. Thirty-three percent of merchants said New York represented the highest risk of any U.S. or Canadian city when accepting domestic orders. Among Canadian cities, 4 percent of merchants said Montreal and Toronto each represented the highest risk of online fraud.

See the original post: 
Ecommerce Merchants See Drop In Fraud Rates