|
|
The average loss per phishing victim jumped from $257 in 2005 to $1,244 in 2006.
--Gartner Inc., November 2006 |
|
|
|
Security News |
|
Enterprise Security Today
|
Tech News by Enterprise Security Today (http://www.enterprise-security-today.com).
|
|
-
DDoS Attacks and Tools Increase Dramatically
Distributed Denial-of-Service attacks, or DDoS, are increasing in number, have become more effective in a shorter length of time, and frequently have political rather than monetary motivations. Those are some of the takeaways from several recent reports on the practice.
Security company Prolexic is reporting that, during last year's fourth quarter, there were 45 percent more DDoS attacks than the same time in the previous year, and more than double the number in the previous quarter. The company said that, while attacks are lasting a shorter period of time, they generally have a greater packet-per-second volume.
"Machine Gun with Laser"
Prolexic also said that the average attack bandwidth in the last quarter was 148 percent higher than the third quarter, and 136 percent more than a year ago.
Attacks are likely to be shorter, said Prolexic CTO Paul Sop in a statement, but with much more impact in terms of packet-per-second volume. "In the past," he said, "attackers had a rifle," while now "they have a machine gun with a laser." Prolexic also reported an increase in application-layer attacks against e-commerce companies.
Chelmsford, Massachusetts-based network security provider Arbor Networks' annual Worldwide Infrastructure Report, released Tuesday, found that ideologically motivated "hacktivism" is the most frequent motivator for DDoS incidents. This replaces financial reasons, which had included competitive motives or extortion. Sometimes, the company said, DDoS attacks are used for distraction after financial theft has been conducted through the use of a Trojan.
The company also noted that there are a number of attack tools which have been developed in the last few years, making an attack something that people of various technical skills can readily launch. The tools include single user flooding tools, small host booters, shell booters, Remote Access Trojans with flooding capabilities, simple and complex DDoS bots, and even some commercial DDoS services.
"A Sea...
-
HELIOS and callas Team for Automated PDF Preflight
HELIOS Software GmbH, announced it has integrated callas pdfToolbox 5 into its PDF HandShake UB2 server software. The combined solution offers higher performance, simplified PDF preflight inspection, and full compatibility with Adobe Acrobat X. HELIOS is a leading developer of cross-platform file, print, image, proofing, remote collaboration, and PDF server software. callas software develops and markets PDF technology for publishing, print production, document exchange and document archiving.
The central benefit of the integration of callas pdfToolbox with HELIOS PDF HandShake is automation. PDF creation can be combined with preflighting in one simple, automated process.
Utilizing the HELIOS ImageServer UB2 ScriptAssistant, hot folder automated workflows can easily be created to handle and integrate in-house PDF checking. With HELIOS WebShare UB2, web access for the file and print server, PDF delivery, and preflighting is available 24 x 7, facilitating remote collaboration.
Features of the HELIOS PDF HandShake integration of callas pdfToolbox 5 include:
- Preflight inspection checks PDFs for compliance with industry standards such as PDF/X-1, PDF/X-3, PDF/X-4, PDF/A and PDF/VT
- Informative multi-layer PDF and HTML preflight reports for quick assessment of compliance, XML reports for accounting or automation
- Apple Spotlight compatible indexing and searches of PDF text content
- Full text Unicode UTF-8 export from PDF documents
- Better overall performance and compatibility enhancements
- Full compatibility with Adobe Acrobat preflight profiles
Detailed information about HELIOS PDF HandShake UB2 with the integrated callas pdfToolbox 5 can be accessed at the HELIOS web site http://www.helios.de and at the callas software web site http://www.callassoftware.com.
-
Hackers Post Symantec Source Code on Net
An Indian hacker group has made good on its threats to publish stolen Symantec source code. The disclosure comes after ransom negotiations -- which the company said involved law enforcement agencies on a $50,000 sting operation -- stalled.
A hacker that goes by the handle YamaTough, who is associated with an Indian group affiliated with Anonymous that is called the Lords of Dharmaraja, published the source code to Symantec's pcAnywhere. The software allows users to remotely access and control other computers. YamaTough appears to have published the code on Pirate Bay.
"Symantec can confirm that the source code for pcAnywhere has been posted publicly. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess throughout the past few weeks," Symantec said in a statement. "Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since Jan. 23rd to protect pcAnywhere users against known vulnerabilities."
Get Patched Now
That said, Symantec is continuing to urge pcAnywhere customers to ensure that pcAnywhere version 12.5 is installed, apply all relevant patches that have been released and follow general security best practices. And Symantec warned that there may be more fallout before the drama is over. Specifically, the firm expects Anonymous will post the rest of the code it has claimed to have in its possession.
"So far, they have posted code for the 2006 versions of Norton Utilities and pcAnywhere. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security," Symantec said. "As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further...
|
|
|
|
|
|
|
