Small and medium businesses are constantly at risk of being targeted by cybercriminals, simply because they are smaller than large corporations. The bigger a company is, the more money they have to invest in higher-tech security systems and larger, more involved IT departments. For smaller companies, it is easy to focus on trying to expand business and let security sit on the back-burner. This is where the partnership between Dell and Trend Micro comes in. They have come up with an easy way for small and medium sized businesses to manage their security needs without breaking the bank. Dell Collaborates with Trend Micro Trend Micro’s Business Security Services include several desirable features to make the security portion of running a business much easier. First and foremost, is a set of web-based tools which make administration extremely easy. There is no need for a dedicated in-office server (or any company owned server at all), and the administration panel can be accessed from anywhere with an internet connection. There is also a remarkably low system performance impact, thanks to the fact that once a scan is complete, the results are processed in the “Smart Protection Network” run by Trend Micro. For companies with little or no IT staff on hand, the system comes pre-configured security parameters and runs automatically, so there is less worry about having something set up improperly. Both desktops and laptops are secured with this software, even if they are used outside the office. Anytime the computer is connected to the internet, it is being actively protected. This has the biggest impact on users who travel with their work, as many do. This is a big step forward for one of the top PC suppliers in the world. The fact that this software can come pre-installed on systems shipped to its commercial clients means that they can offer security and piece of mind to a large group of people.

Here is the original: 
Dell Collaborates with Trend Micro

These days, with threats of computer hackers stealing data to insurance companies “accidentally” publishing hundreds of thousands of peoples most sensitive information on the internet, data security is a very prevalent issue. A CBS news investigation recently turned up a new source of potential data leakage, the standard office copy machine. The “New” Paper Trail Unknown by the majority of Americans, almost every single copier built since 2002 has an internal hard drive which stores a digital copy of each document copied, scanned, or printed using the machine. This can be a useful feature for storing fax cover sheets and other commonly used documents. The problem comes when personal information is copied for office use. For example, doctors making copies of medical records, insurance companies making copies of claims information, or employers making copies of drivers licenses. Each time a copy is made, that information is stored in a way that is easily retrievable by anyone with access to the machine. There are numerous rental services which rent out copiers to businesses with no set policies on dealing with this kind of security. Some offer to scrub the hard drive when it is returned, but they can charge up to $500 for the service. There are also refurbished copiers for sale containing data from any previous owners. At least in these cases, the owner has physical access to the machine to be able to take steps on their own, such as purchasing an encryption service for the internal hard drive, or their own data deletion tools. What is more worrisome are the copy and print shops where there are no guarantees on document security. Anything copied there is stored on their machines, where it is unlikely that any measures are taken to wipe the drives on a regular basis, if ever. If your office handles private information, or anything else that doesn’t need to be shared with others, steps should be taken to make sure that the information stored inside your copier is safe. There are usually services available from the manufacturers to have the data removed from the device after each job is completed, or at least encrypted, although this can significantly add to the cost of the machine.

More here:
The "New" Paper Trail

Can anyone with the right resources hijack your connection? If so then what good is SSL? The SSL Security Model Is Falling Apart At The Seams It was only less than a year ago when Dan Kaminsky and Moxie Marlinspike wired.com showed just how easy it is to trick a Certificate Authority (CA) and a web browser into faking an SSL certificate by simply dropping a null character into the name to be registered. Simply placing a null character after the name of the site to fake as a sub-domain of the site before the real domain name would accomplish this. An example would be amazon.com.evildude.com. Even worse is the fact that ANYONE could just register what is called a wildcard domain, ex. *.evildude.com, and masquerade as any site on the Internet they pleased. After that CA’s cleaned up their act by stopping the issuance of such certificates but previously issued certs would continue to work until new versions of web browsers were released that would check for such flaws. Today we should all be safe from such attacks using modern web browsers, Firefox 3.5+ is not vulnerable to this type of attack, but the researchers example should make it quite clear that such a gaping hole in SSL security could happen again. As if I could not rain down on the SSL parade any more, recently, a paper was released by Christopher Soghoian paranoia.dubfire.net detailing how governments, law enforcement, and potentially malicious entities can easily hijack SSL connections through coercion or even policy. As many governments have been given their own CA’s so that they may control their own encryption needs they can just issue themselves a certificate for a real site and pretend to be that site. Then if a device existed to load that certificate onto that could be located between the victim to be spied on and the real site, then there’s nothing stopping them from eavesdropping. Such a device does exist. In fact, the only currently known commercial entity that produces them, called Packet Forensics, attempted to deny their existence for some time. For this to be true, it must mean two things. One, that through some means, coercion, theft, or otherwise, CA’s are allowing such certificates to be collected and used on these devices. And two, that there must be a market for these type of devices. There may be other companies producing these devices as well that are just unknown to the general public. So, there you have it, if you were paranoid about government spying before, then this should help push you over the edge. I’m not just talking about governments though, corporations, employers, family, ANYONE who can get their hands on such a device, or build one for that matter, and can buy, coerce, or steal the certificates needed to spy on their targets can do just that! On the other hand, I can hear the sound of new private eye shops opening up, based on this technology. Go-Go-Gadget SSL Circumvention! “I still lock my doors even though I know how to pick the lock” - Matt Blaze, http://crypto.com/ -quoted from http://www.wired.com/threatlevel/2010/03/packet-forensics/

More: 
The SSL security model is falling apart at the seams

German citizens who use wireless Internet connections will need to secure them from now on or face a penalty. The Federal Court of Justice (which is effectively Germany’s Supreme Court) has decided that people who fail to secure their connections should face fines of up to around $125. German Court Mandates Wi-Fi Lockdown The good news for folks who prefer the free-and-open route is that they won’t be held responsible for absolutely everything someone uses their connection to accomplish; the Germany court didn’t try to punish a network’s owner for copyright violations because another individual illegally shared music, for example. But according to the BBC , the court did decide, “Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation.” Password protection is recommended (at a minimum) as a result. This decision could inhibit the spread of viruses and malware, if fewer people are trading files all day long. It could also cut down on cybercrime (and not just of the file-sharing variety). Still, the German ruling hasn’t exactly been welcomed on a global basis, so don’t look for too many other countries to adapt this approach to keeping things secure.

See the rest here:
German Court Mandates Wi-Fi Lockdown

The majority of web browsers have unique signatures that create identifiable “fingerprints” that could be used to track Internet users as they surf, according to new research from the Electronic Frontier Foundation (EFF). Majority Of Browsers Leave Fingerprints Online The findings were the result of an experiment EFF conducted with volunteers who visited the EFF’s Panopticlick website. The website anonymously logged the configuration and version information from each participant’s operating system, browser, and browser plug-ins — information that websites routinely access each time you visit — and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser “fingerprints.” Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable. “We took measures to keep participants in our experiment anonymous, but most sites don’t do that,” said EFF Senior Staff Technologist Peter Eckersley. “In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are.” EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information a browser shares with the websites users visit. But overall, it is difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves. “Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability,” said Eckersely. “We hope that browser developers will work to reduce these privacy risks in future versions of their code.”

Read the rest here:
Majority Of Browsers Leave Fingerprints Online

Cyber attacks in 2009 saw continued growth in both volume and sophistication, according to Symantec’s new “Internet Security Threat Report,” released today. Cyber Attacks Continuing To Grow “Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” said Stephen Trilling, senior vice president, Security Technology and Response, Symantec . “The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.” Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software. In 2009 there was dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a significant increase from the 11 percent reported in 2008. The report found that malicious activity is now originating in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. The findings indicate that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted. In 2009, spam made up 88 percent of all email observed by Symantec, with a high of 90.4 percent in May and a low of 73.7 percent in February. Among the 107 billion spam messages distributed globally per day on average, 85 percent were from botnets.

Read more: 
Cyber Attacks Continuing To Grow