Endpoint Protector 2009 for Mac Introduces File Tracing for Portable Devices
If you’re a Mac fan and also into device control, endpoint security or data loss prevention, you know there aren’t many solutions covering this specific area for Mac / Apple operating systems. One of the only solutions with a client dedicated to Mac is Endpoint Protector 2009, developed by CoSoSys. The Endpoint Protector 2009 Mac device control application has just been released in a new version, now including File Tracing for portable devices and offline temporary passwords.
The newly introduced features are designed to increase protection for business confidential data and to offer road warriors a way to stay active and productive when a permanent Internet connection is unavailable. Moreover, the carried data is kept safe from the common threats posted by improper usage of portable storage devices that often leads to severe security breaches. When enabled, the File Tracing feature logs all data and file related activity and stores it for later auditing. Each time an employee edits, deletes or renames a certain file originating from or subsequently copied to a portable device, his actions are recorded, along with his user credentials and the device specifications. Read more
Stuxnet and cyber warfare – the future is now
Back in 2008, assuming that the human factor would eventually fail at some point and people would make the mistake of plugging an unsecured memory stick into a military laptop, several memory sticks were scattered in a US military base in the Middle East that was providing support for the Iraq war. All these memory sticks were deliberately infected with a computer worm.
It resulted in the self-propagation of a computer worm into the computer system of Centcom – the central command of the US military. The eradication process took 14 months. Apparently this attack, acknowledged by the Pentagon only in august 2010, was very similar to a Stuxnet worm attack which was used in attempts against Iraq’s nuclear facilities and Iran’s nuclear programme. Read more
The employee: an essential cog in the security machine
Last week, a worm called “Here you have” has started spreading. Among the first targeted companies was Intel. The damages were minor, in part because of the companies traditional defenses, but mainly because of well trained employees. Malcom Harkins, chief information security officer at Intel states that the employees started calling IT as soon as they saw the worm.
“The employee base saw it, they reacted really quickly, and helped us contain it by alerting us to it and then telling others not to click on it,” Harkins says.
Due to the fact that mobile devices nowadays allow more and more people to work from virtualy anywhere, companies need to start treating their employees as security partners. Read more
The Pentagon finally confirms the most significant breach of US military computers ever
The Pentagon has finally confirmed a security breach that happened back in 2008 and which one of their top officials has described as “the most significant breach of U.S. military computers ever.” The breach was caused when a foreign intelligence agent used a flash drive to infect US military computers, including those used by the Central Command to oversee combat zones in Iraq and Afghanistan.
The device in question was a cigarette-lighter-sized flash drive which was plugged into an American military laptop from a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense, quoted by the New York Times
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Mr. Lynn wrote. Read more
CoSoSys offers enterprise level security via iPad and iPhone apps
Keeping your company or home computer network safe from day to day threats that could lead to data theft, data loss, identity theft or malware infections has never been easier. My Endpoint Protector, software as a service device control and data security solution developed by CoSoSys, is now offering an app version available for iPads, iPhones and iPod touch devices through the iTunes store.
With a few touches, you can use the app’s centralized console to authorize new devices, monitor file transfers and access to sensitive data and block portable devices, making sure all common threats are kept at bay. In a world where the unsecured use of portable storageand lifestyle devices – smartphones, notebooks, USB sticks, digital cameras or extern HDDs – can lead to tremendous data breaches and severe losses for both companies and individuals, having a smart and effective app at your fingertips preventing it all is extremely important. Read more
Sensitive BP info revealed in hacking contest
If you think BP have their hands full with the oil spill and the whole environmental mess they’ve caused in the Gulf of Mexico, think again. It seems they lack all kinds of security – not only can’t they drill for oil in a safe environment, their data security is also poor.
The Defcon hacker contest organized in Las Vegas is a hacking competition that has its contestants trick employees of large companies into spilling out potentially sensitive information. The purpose is – and targeted companies should thank the organizers for that matter – to show how gullible people can be and how this becomes a major security vulnerability. Read more
Obama Administration Issues Progress Report On Cybersecurity
US President Obama and cybersecurity czar Howard Schmidt have both issued statements on cybersecurity presenting very optimistic progress reports and supporting increased activity in the private sector.
Some of the points discussed in the progress reports included the recent organizational changes and new cybersecurity initiatives of the Obama administration presented as evidence that the White House is making advances on the cybersecurity front.
“President Obama appointed a Cybersecurity Coordinator to provide White House leadership on cybersecurity issues,” the progress report says. “The Cybersecurity Coordinator leads a new Cybersecurity Directorate within the National Security Staff (NSS), works closely with the economic team, and has created a close partnership with the Office of Management and Budget (OMB) and the Office of Science and Technology Policy.”
As stated before while speding a year to decide who will be the czar everyone expected, cybersecurity is considered a “key management priority” by the white house.
“Enhancing cybersecurity is a central component of the Administration’s Performance Management Agenda,” the progress report says. “The Federal Chief Performance Officer has targeted key performance strategies for improving government operations, which include moving to real time monitoring and integrating cybersecurity into system design, rather than bolting it on as an afterthought.”
I am thrilled to see things are movig along just fine and the White House is also focusing on ecouraging cybersecurity projects in the private sector as well. Let’s hope they keep it up and others start following their lead.
For more details of the two statements, visit DarkReading.
Cyber attacks: Warfare without a Smoking Gun
Experts, who recently convened at a Conference organized by the Trans-Atlantic Alliance’s IT Defense Unit in Estonia, warn about the seriousness of cybercrime and cyber espionage at a global level. They encourage both NATO governments and the general public to “wake up”, as cyber war is far easier than a conventional attack.
“It would take two years, cost less than 50 million dollars a year and involve fewer than 600 hackers to prepare a cyber attack that could paralyze the United States,” – a disturbing assessment by Charlie Miller, security expert who launches test assaults on IT systems. Read more
Senior execs love undermining security
When it comes to high-level executives, the rules of the game often change. They are used to ask for exceptions to be made for them, backdoors to be opened and a whole different set of rules to be applied. This is what turns them in one of the biggest threats to corporate security.
According to Jayson Street, CIO and managing partner of Stratagem 1 Solutions, senior executives often circumvent security rules and policies to suit their needs and whims at the expense of security. The negative effect is that the special treatment leads to enabling cybercriminals to easily gain access to corporate networks by impersonating as management personnel. That is why, because of their systems privilege and access rights, they become ideal targets for all those wanting to hack into corporate networks. Read more
Cybersecurity certifications to be recommended by the White House
While their cybersecurity czar plans have been delayed for so long we were all a bit tired for waiting, the White House approach to fighting cyber threats seems to have found a new focus these days: recommending training, exams and detailed certification requirements for cybersecurity professionals employed or contracted by the federal government. And this is going through the careful review of a commission whose main purpose is to advise the Obama administration on cybersecurity policy.
The Commission on Cybersecurity for the 44th Presidency, which in December 2008 issued its Securing Cyberspace for the 44th Presidency report to Congress, is currently working on a sequel to that report, due sometime in late June or early July. The commission, made up of a who’s who of experts and policy-makers, is debating strategies for building and developing a skilled cybersecurity workforce for the U.S., as well as issues surrounding an international cybersecurity strategy and online authentication.
