Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Ken Gonzalez | 05 Sep 2007 07:00:00 GMT | 0 comments

As I mentioned in my last blog entry, the version that most today know as ITIL® (often referred to as ITIL v2), is defined within the two Office of Government Commerce (OGC, U.K.) publications – Service Delivery (the “Red book”) and Service Support (the “Blue book”). In these publications, the 10 core ITIL processes and Service Desk functions are described in (more or less) self-contained blocks. In this world, things were relatively simple. I’ll start off our examination of ITIL v3 from the (more familiar) process-centric perspective.

As of now, there is no official count of authoritative list from OGC of which processes should be considered as the ITIL v3 core. Unfortunately, this pushes that responsibility on to the readers’ shoulders and I assure you that this is not an easy task...

Kelly Conley | 05 Sep 2007 07:00:00 GMT | 0 comments

The September State of Spam Report is out and includes several interesting highlights and trends seen inAugust. Some highlights in this report include an update on the stateof PDF spam, different variations that have been observed in e-cardspam tactics, including fake YouTube sites, as well as insight intosome new and novel tactics that were observed by Symantec during August.

Where did PDF spam go? Highlighted in a previous postas an emerging trend, PDF and other attachment spam reached a high inearly August but closed out the month with record lows. First seen inJune of 2007 with PDF files, attachment spam grew to encompass PDF, XLSand RAR files. By Early August, this spam type was seen in 20 percentof all...

Jeremy Ward | 04 Sep 2007 07:00:00 GMT | 0 comments

Is the public sector bothered about IT risk? Although it’s a hot topic, as we saw at RSA in February, surely the public sector is more worried about saving money and meeting government targets? Well, yes – but one of the best ways of doing this is to ensure your IT systems operate efficiently and can deliver the services the public want, when they want them, not just when your offices are open. Shared services save money too – but mean sharing the security pain as well as the productivity gain. All this means more IT risk.

Symantec recently released the latest in-depth study taken from its IT Risk Management Report. This is a mini-report on findings from the public sector. The report looks at how IT professionals in the public sector view sources of IT risk and the effectiveness of the controls used to manage it. The report is based on feedback from 77 IT professionals in...

Peter Coogan | 31 Aug 2007 07:00:00 GMT | 0 comments

The recent release of the eagerly anticipated Bioshock game lead togamers getting another kind of shock. Bioshock is a hybrid first-personshooter/RPG from Irrational Games. A rumor had circulated that theBioshock game comes loaded with a rootkit. After investigation Symanteccan confirm that this is not true.

The rumor seems to have started after Microsoft’s RootkitRevealerfound a “SecuROM” registry setting that it found suspicious after theBioshock game had been installed. SecuROM just so happens to be ownedby Sony who after all had started the whole rootkit outrage with theirmusic CDs.

The secuROM installation creates a folder and a registry key with anull character which prevents users from accessing/deleting the keyfrom the registry. This is to assist with disc authentication andpiracy. It is however not a rootkit.

Ben Nahorney | 31 Aug 2007 07:00:00 GMT | 0 comments

About a year ago we wrote about misleading applications and the business models behind them.Misleading applications, also commonly known as “rogue antispyware”applications, claim to detect and remove threats from your computer.What they actually do instead is report threats on clean computers andrequest payment for removal of these non-existent threats. Today, theirnumbers are on the rise, making up a larger portion of the securityrisks in the threat landscape. For example, we have discovered morethan 40 new misleading applications since June 2007.

So how have they risen to such prominence? Misleading applicationsplay upon a user’s concern that malicious threats may reside on his orher computer. “Your computer may be at risk!” is the overriding themewhen a user encounters one of these risks. The irony is that themisleading application itself...

Ollie Whitehouse | 30 Aug 2007 07:00:00 GMT | 0 comments

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think...

Brian Hernacki | 30 Aug 2007 07:00:00 GMT | 0 comments

So far in this series, I've posted a blog that talked about municipal Wi-Fi security in general and a second blog that talked specifically about Wi-Fi network identification. In this post, I want to cover muni Wi-Fi network authentication. There are essentially two parts involved with Wi-Fi authentication. The first part is how you authenticate to the network and the second is how the network authenticates to you.

Most people are familiar with the first part. Many Wi-Fi networks will dump your browser to a login page where they ask for a username and password, or even a credit card number to use to bill you. Some of the more secure networks will ask you to provide authentication information more directly. I have seen muni...

Ollie Whitehouse | 29 Aug 2007 07:00:00 GMT | 0 comments

Yes this could be a 500 page book, but I’m going to try to present the future of security in fewer than 1,200 words.

Up to now in this anniversary series, my fellow Symantecites have been discussing what has happened over the past 25 years around security and how Symantec and the industry have grown to meet these challenges in a number of areas, from malicious code and vulnerabilities through to modern day threats such as phishing. We’ve come from a world of floppy disks and modems into a world so connected and converged that few of us could have imagined how it would have become so in such a short time. The rate at which technology has evolved and been adopted has, at times, left security analysts scrabbling to catch up – which, in turn, has created significant risks.

First a little history: I’m one of the many people who came to work for Symantec via acquisition. I used worked for @stake in Europe for a number of years before the acquisition as a...

Zulfikar Ramzan | 28 Aug 2007 07:00:00 GMT | 0 comments

Michael Dolan, a phisher who targeted AOL over the course of fiveyears recently pleaded guilty to two criminal counts that the's office brought against him. The first count was a conspiracyto commit fraud and the second count was aggravated identity theft.

Dolan's "career" spanned from 2002 to 2006 and mostly involvedgetting victims to install a Trojan program that would prevent themfrom logging into their AOL account without providing additionalsensitive information like credit card and Social Security numbers.When caught, he had private and financial information for 96individuals.

On the one hand, I think this is a great victory for the Departmentof Justice. I believe that legal actions are one of the importantchannels we need to consider when addressing the problem of phishing.After all, phishing is ultimately a financial crime, and to the extentthat we can make it more risky and less profitable, we cansubstantially reduce instances of phishing.

Ollie Whitehouse | 27 Aug 2007 07:00:00 GMT | 0 comments

Recently I bought a NAS (Network Attached Storage) solution for hometo manage backups for the ever increasing number of storage devices weall seem to be accumulating. I did as most people would and selected aconsumer solution from a well-known brand. The brand name on the box,as is not unusual in this day and age, was not the actual developer ofthe underlying reference design. Instead the system was developed by athird-party, including the controller and remote management software,which was subsequently modified to support some proprietary LEDs andgave the company license to slap their logo on it by the name on thebox.

Anyway, this solution was built using GPL software components(Linux, Lighttpd and Perl among others); the vendor and original OEMabided by this license and released all the code on their site(including configurations). I did some digging around and was somewhatdismayed to discover that this product had a number of significantsecurity issues. These...