Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Marc Fossi | 16 Apr 2007 07:00:00 GMT | 0 comments

The taxing time of year

It’s tax time once again – that time of year when those who owe aresweating while those getting refunds are gloating. Many people whoprepare their own returns use one of the many software packages on themarket to help them out. One thing that I’ve noticed is that many ofthe makers of these packages are beginning to offer Web-based tools toprepare and file their returns.

Honestly, the security of these Web applications worries me. In therecently published Symantec Internet Security Threat Report it wasfound that 66 percent of the 2,526 vulnerabilities in the second halfof 2006 affected Web applications. To highlight this fact, someonerecently reported that she was able to access other peoples’ returns through the TurboTax Web site. This is likely the result of a simple input validation flaw in the Web application.

Now, many of you who use the...

Symantec Security Response | 13 Apr 2007 07:00:00 GMT | 0 comments

Facebook is quickly becoming one of themost popular social networking sites for the 20-something crowd. It wasinitially focused on college students, but has since opened up to thewider public. Recent statistics place Facebook among the most popularsocial networking sites on the Internet.

Privacy has become a bigger issue in recent times for socialnetworking sites. People are becoming aware of the danger of placingpersonally identifiable information in plain view on the Internet. Theapproach Facebook has taken towards privacy issues is a granular one.People with profiles on Facebook can join “networks” based on theirschool or workplace. All that is necessary to join a network is anemail account from that organization. Privacy settings can becustomized in many configurations, including maximum visibility, whereanyone can find your limited profile in a search; limited privacy,where only those in one of your networks can see your full profile; anda restrictive setting,...

David McKinney | 02 Apr 2007 07:00:00 GMT | 0 comments

As part of the process of compiling the data for Symantec’s Internet Security Threat Report(ISTR), we discuss which metrics are critical to defining trends in thethreat landscape. We are constantly reassessing the validity of certainmetrics and looking for opportunities to create new metrics. Our datacollection capabilities have improved over the years with newacquisitions, new products, and new product features that allow us totrack different types of data. It is a great benefit that Symantec is acompany that has grown with the threat landscape. It is also a matterof internal policy with the ISTR team to rigorously question and debatethe relevance and validity of what we’re reporting on. I’d like to takethis opportunity to reflect a little bit on the process behind thecreation of one of the new metrics for this report – zero-dayvulnerabilities.

ISTR, Volume XI gave me an interesting research project – find thenumber of zero-day vulnerabilities. This seems...

David McKinney | 28 Mar 2007 07:00:00 GMT | 0 comments

Google hacking is a well-known phenomenon.It consists of using Google’s advanced operators to search forsensitive files or other security issues in content that Google hasindexed. Various techniques and examples have been developed to findsuch things as password files, web-cam management interfaces, etc.Ultimately, Google hacking has revealed data management issues thatcause sensitive information to be exposed to the public. This is stillan ongoing issue for many organizations.

Of course, Google’s advanced operators were initially intended formore benevolent purposes. I like to think of this as another form ofGoogle hacking. Searching Google without fine-tuning your search termsis like drinking from the fire hose. Many people never bother to learnthe advanced search operators that really let you nail down results.Therefore, I thought I would throw together some examples of how I usethe advanced operators every day to query SecurityFocus.

Explanations of the...

Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report,a comprehensive report outlining the major trends in Internet securityover the previous six-month period. One security concern that is ofinterest to many people is the growth of spam and spam-related issues.Symantec monitors the source and volume of spam from around the worldand uses this information to discuss the major trends in thespam-related landscape.

One trend that has been relatively steady is the largest country oforigin for spam messages. In the second half of 2006, around nine outof 20 spam messages were sent from the United States. This highlightsthat although some other countries are gaining notoriety for being spamhavens, the United States is still the number one spam distributor inthe world. In fact, spam from the United States outnumbers spam fromthe second closest country, China, at a rate of seven to one. Soalthough countries like China, Russia, and Brazil are touted as beingthe...

Joseph Blackbird | 23 Mar 2007 07:00:00 GMT | 0 comments

Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.

Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.

Internet Explorer 7...

Dean Turner | 22 Mar 2007 07:00:00 GMT | 0 comments

Predicting the future of Internet threat activity is a bit likepredicting the weather; it is primarily accomplished with theapplication of science and technology, but it also includes the skillof human observation. The "Future Watch" section of the recentlyreleased Internet Security Threat Report, Volume XI, uses allof the resources available to Symantec, some of which include theSymantec™ Global Intelligence Network, the BugTraq™ mailing list, theSymantec Probe Network, as well as malicious code data gathered alongwith spyware and adware reports from over 120 million client, server,and gateway systems that have deployed Symantec’s antivirus products.We also consult with our numerous security experts who, like goodweather forecasters, don't have to wait for the clouds to know a stormis coming.

Between July 1 and December 31, 2006, Symantec blocked over 1.5billion phishing messages, an increase of 19 percent over the firsthalf of 2006. One of the predictions...

Joseph Blackbird | 21 Mar 2007 07:00:00 GMT | 0 comments

As spring quickly approaches, the Internet continues to grow into amore and more complex world driven by commerce. Businesses have longsince moved in and millions of dollars change hands every day online.Along with big business comes organized crime. Perhaps not necessarilythe organized crime immortalized in stories like The Godfather or The Sopranos,but Internet crimes are carried out in an organized way designed toconnect the theft of a single person’s user account credentials to abuyer on the mass market for illegal information. Throughout thisorganization, bots play the leading role.

Bots, once used primarily by their owners to carry out denial ofservice attacks driven by grudges, bragging rights, or politicalmotives, have been firmly incorporated into the toolkit of organizedcrime on the Internet. Bots can do pretty much anything: carry outattacks, host spam relays, carry out DoS attacks, host phishing sites,and log keystrokes on the computer they...

Marc Fossi | 20 Mar 2007 07:00:00 GMT | 0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Dean Turner | 19 Mar 2007 07:00:00 GMT | 0 comments

Twice yearly, Symantec publishes a comprehensive report on theoverall worldwide Internet threat landscape. With a dedicated team ofresearchers, authors, and the support of over 1,800 analysts worldwide,the Symantec Internet Security Threat Report has become oneof the largest publicly available reports of its kind.The reportprovides a window into the world of malicious code, network attacks,vulnerabilities, phishing, and spam. With a threat landscape dominatedby data theft, data leakage, fraud, and coordinated criminal activity,the team behind the report recognized the importance of looking notjust at the types and volume of the attacks, but how, where, and whythey take place. For the first time in this report, we discuss not onlythe root causes behind these types of activities, but where theseactivities take place in the world and what they’re worth in anunderground economy.

We’ve seen a gradual process where blended threats have morphed froma single attack...