Information Security cannot be achieved with just a device or program, but must be embraced as a foundation for building your organization. These days, it’s not only giant multi-national conglomerates that are experiencing security issues with hackers, viruses or breaches. Increasingly, it’s small and medium sized organizations that are being compromised, extorted, and/or breached. Why? It’s a simple matter of following the path of least resistance. Larger organizations are finally being forced to take notice of information security issues due to increased regulatory rules and oversight. As these larger organizations lock down their internet connections, web sites, and remote access, they become harder and less attractive targets. Statistically, there are a lot more smaller and medium sized organizations, and historically they have been considered low profile targets because their...

Ever wonder where that spam comes from? It could be coming from you… Many computers that become compromised with malicious software (also called malware: viruses, worms, spyware, etc.) are not being infected in a way that most people would think. Their hard drives remain intact, they aren’t plagued with popup ads, and their email contacts remain pristine. Instead, their computers become “zombies”: unwitting accomplices to high crimes and misdemeanors. This malware installs a “bot” program (short for robot), allowing the computer to be remotely controlled across the internet. A group of computers controlled by a single person or group is known as a “botnet”, and the controller is call a “botnet herder” or “bot herder”. These networks can become enormous. The largest at the moment is called “Srizbi” and boasts over 315,000 bots with which it can send out and astounding...

Invasion of Privacy? Google Inc. is apparently being sued over their semi-new “Street View” feature of Google maps (click here for source article on Forbes.com). For those of you that aren’t up to the second with Google’s features, they are having people drive all over the place with digital cameras on their cars. The photo’s are then upload with the location info to Google maps, allowing you to see a picture of the address you’re looking up. Although not of the highest quality, these pictures can be rotated and zoomed as well as the camera being able to move up and down the street. Apparently, a couple that lives outside of Pittsburg PA is suing Google as the taking of the pictures “…violated their privacy, devalued their property and caused them mental suffering.” They claim that the pictures taken of their home could only have been taken from their long driveway which is marked...

Two of the most often overlooked aspects of network security are those of reliability and availability... Do you know how much usable bandwidth you have to the internet? Bandwidth is the amount of data you can upload or download through your internet connection. USABLE bandwidth is the amount of data you can upload or download right now: with all of your email, web browsing, downloads and other communications traffic running across it. We've recently encountered a couple of situations where the usable bandwidth was so small that email was not coming in and users couldn't open web pages. The culprit? Internet Hogs! Specifically, streaming music and video web sites. Think of bandwidth as a pipe with water flowing through it: the larger the pipe, the more water can fit through. However, even the largest pipe can be useless to you if the water coming through it is being used by...

  IFRAME attack There is a major attack underway that has compromised a slew of well known U.S. websites including (but not limited to) USAToday.com, ABCNews.com, News.com, Target.com, Walmart.com, Bloomingdales.com, WebShots.com, Sears.com, Forbes.com, Circuitcity.com, Epinions.com, JCPenney.com, and those for the University of Vermont and Boise State University. The iFrame code on these and other sites has been modified to install a number of malicious programs under the guise of codecs (audio/video program files)  and security software. This originally appeared to be initiated only when the compromised site searched using the sites internal search features, but is now being reported to be redirecting to malware download pages when the site comes up in a search engine. I recommend that network administrators block the 4 IP addresses that the malicious code is downloaded from...