STE WILLIAMS

Broomfield, Colo., USA – October 7, 2013 – Webroot, a leader in cloud-based security intelligence solutions, today announced the release of the latest updates to their Webroot SecureAnywhere portfolio for individuals and families. Since their introduction, Webroot SecureAnywhere solutions have garnered critical acclaim for their superior protection and performance. According to a recent survey, the percentage of consumers who would recommend Webroot SecureAnywhere was nearly double that of the next closest competitor.

Webroot’s latest release brings customers even better protection with new detection technology to block emerging malware and phishing attacks more quickly, a completely redesigned interface for easy monitoring and control, and extended platform support to unify protection across PCs, Macs, and Androidtrade and Apple iOS devices. Other enhancements include web content filtering, an expanded management website, advanced user authentication, and integration of the Webroot Backup Sync with the Microsoft Windows Explorer environment.

WATCH THE VIDEO: See what’s new in the latest edition of SecureAnywheretrade with Webroot security expert Joe Jaroch.

Cloud-based Webroot SecureAnywhere threat detection offers connected consumers an alternative to the traditional security solutions that have proven ineffective against today’s malware, and caused significant performance slow-downs on the devices they were meant to protect. Webroot SecureAnywhere installs in seconds and scans most devices in less than two minutes, and its cloud-based threat detection architecture means there are no security updates or patches to download. All users are protected against the latest threats from the moment they are discovered – anywhere in the world.

“The volume of new malware and phishing attacks increased by over 50% last year, and the sophistication of these attacks is increasing as well,” said Mike Malloy, executive vice president of products and strategy at Webroot. “With the newest release of Webroot SecureAnywhere, we have integrated powerful, new protection features that address these emerging threats in real time. Our customer data shows that less than one-half of one percent of SecureAnywhere users have gotten infected since switching to our solution, the best protection in the security industry. Webroot’s cloud-based threat intelligence simply responds more quickly and more effectively than traditional security products to protect all of our users as soon as they are attacked by a new threat.”

Real-Time Defense against Phishing Attacks

Phishing attacks often spoof legitimate sites, and most phishing sites are only active for a few hours, disappearing after they’ve obtained the target’s banking credentials, passwords or other sensitive data. This makes such a major security risk incredibly difficult to track. The latest update to Webroot SecureAnywhere protection introduces real-time anti-phishing technology to quickly analyze a website when it is accessed by a user and automatically block it if it is a phishing site.

Webroot Infraredtrade Provides Advanced Detection of Zero-Day Malware

Webroot has introduced a powerful new threat detection engine called Infrared. Utilizing data from the Webroot Intelligence Networktrade (WIN) cloud security service, Webroot Infrared analyzes unknown files by correlating their behavior, and origin and makes an assessment of the associated risk before the file is allowed to run. The Webroot Infrared engine also customizes protection to the individual device based on a combined analysis of the operating system, applications, and prior threats which have been observed.

Enhanced Protection for Multi-device Users

Webroot research has shown an increase in households with a mix of PCs, Macs, and Android and iOS tablets and smartphones, and all of the updated Webroot SecureAnywhere solutions include multi-platform protection with a single license. In addition, Mac users now have more advanced protection with the addition of System Analyzer and Backup Sync. Further, these multi-platform households now have a consistent user interface for their Windows and Mac security, and can manage both platforms from within the online Webroot SecureAnywhere management environment.

Key features of Webroot SecureAnywhere consumer protection:

Set it and forget it – continuous protection without interruptions or slowdowns

Real-time anti-phishing identifies and blocks fake websites that trick you into entering your personal information

Warns you about infected websites before you visit them

Protects and simplifies managing passwords – you remember just one

Automatically backs up photos and files with up to 25GB of online storage you can access from all your devices

Social network protection including Facebook and Twitter

Advanced protection for tablets and smartphones

Analyzes devices and operating systems to detect system issues

Wipes away all traces of online activity and makes deleted files unrecoverable

Automatically scans Androidtrade apps and downloads for mobile threats

Remotely locks or wipes data from smartphones and tablets and helps locate lost or stolen devices

Lets you manage security on all your devices from anywhere through one simple interface

Purchasing and Availability

Webroot SecureAnywhere Consumer Portfolio: Ranging from Webroot SecureAnywhere AntiVirus, Webroot SecureAnywhere Internet Security Plus, Webroot SecureAnywhere Complete, iOS SecureWeb, and Android Mobile, the new services from Webroot are designed to fit your specific needs. The Webroot SecureAnywhere consumer product family is available now online at http://www.webroot.com and at select retailers. Existing customers will receive this new product version for free. For additional product information, visit http://www.webroot.com/us/en/home/.

About Webroot

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security worldwide with its suite of Webroot SecureAnywhere solutions for consumers and businesses, and security intelligence solutions for enterprises and technology partners focused on cyber-security. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

Article source: http://www.darkreading.com/end-user/webroot-unveils-new-secureanywhere-for-h/240162304

SAN JOSE, Calif. – October 7, 2013 – Vormetric, a leader in enterprise data security for physical, virtual and cloud security, today announced the results from its Insider Threat Report, conducted in conjunction with Enterprise Strategy Group. The study surveyed more than 700 IT security decision-makers. It was created with the goal of providing timely, relevant information about issues surrounding Insider Threats and Privileged Users. With a focus primarily on large enterprise organizations, the study indicates that there are major gaps between existing security processes and the technologies currently in place to address insider threats. For example, only 27% of respondents block privileged user access to data, a proven method of mitigating insider attacks, while 66% of respondents use perimeter focused network intrusion detection and prevention tools to identify and prevent insider threats although it is well understood that these tools weren’t designed for insider threat detection but to protect from external threats.

Click to Tweet: New Research: @Vormetric Insider Threat Report highlights only 27% block privilege user access to data #datasecurity: http://bit.ly/195Ca6T

“The data is clear – IT decision-makers are concerned about insider threats and data breaches, but tend to rely on perimeter and network security focused tools today, rather than securing the data at its source,” said Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group. “What this research highlights is that large organizations need a data-centric security strategy. Insider attacks are increasingly difficult to prevent and detect, and the research findings reveal the need for a change in approach.”

The more forward looking and sophisticated organizations were using technology approaches that are proven protections against malicious insiders, or malware attacks that compromise insider credentials such as APTs, but were in the minority:

Only 40% are monitoring privileged user activities, with just 27% blocking privileged user access.

Nearly half (48 percent) of organizations only review sensitive data access monthly and a startling 76% admit to not being proficient at detecting anomalous data access behavior in real-time.

Yet the results also show that many enterprises still focus protections toward the legacy perimeter approach.

Network traffic monitoring is the most-used tool to identify and prevent data breaches (56 percent)

Laptops and desktops are believed to be the biggest threat (49 percent).

Two thirds (66 percent) use or intend to use Intrusion Detection/Prevention Systems (IDP/IPS) to supplement network traffic monitoring and detect and prevent insider attacks.

However, attitudes and protection plans are changing, with 45% of organizations reporting that Edward Snowden has caused them to be more aware of insider threats and over half (53 percent) are increasing their security budgets to offset the problem in the next year. Many of those investments will go into additional protections for data, with 78% either already using or planning to use data encryption and an additional 70% already using or planning to use data access controls.

“It’s clear that organizations of all kinds are concerned with securing access to sensitive data,” said Alan Kessler, CEO for Vormetric. “While many of the respondents are using more of the right security technologies and tools to help reduce their attack surface, a much larger group is falling short in taking the additional step to protect from insider threats and thwart attacks such as APTs that steal insider credentials.”

The survey results and research report are available from Vormetric and Enterprise Strategy Group. You can find the results here.

About Vormetric

Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, virtual and cloud environments. Data is the new currency and Vormetric helps over 1200 customers, including 17 of the Fortune 25 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable solution suite protects any file, any database and any application — anywhere it resides — with a high performance, market-leading data firewall that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.

Article source: http://www.darkreading.com/vulnerability/73-percent-of-organizations-fail-to-bloc/240162330

SUNNYVALE, Calif., October 7, 2013 – Fortinet (NASDAQ: FTNT) – a global leader in high-performance network security – today announced a new high performance, compact network firewall appliance for enterprise data centers, large service providers, cloud providers and carriers. The new FortiGate-3700D, which includes four 40 GbE (QSFP+) and 28 10GbE (SFP+) ports, is able to achieve up to 160 Gigabits per second (Gbps) firewall throughput. Using Fortinet’s new custom NP6 ASIC, the FortiGate-3700D is able to deliver best-in-class performance, low latency and IPv4 to IPv6 performance parity. Fortinet is the first network security company to deliver 100 Gbps+ firewall throughput and 40 GbE ports in a compact appliance, which redefines the standard for price per gigabit protected, price per port density, power dissipation per gigabit and space per gigabit. This performance improvement lowers both capital and operational costs for customers while providing the highest performance and lowest latency available.

Data Center Customers Feel the Need for Speed

Infonetics recently conducted a high speed firewall survey of large organizations (over 1,000 employees) that have already deployed high-end firewalls, defined as firewalls that currently support greater than 40 Gbps aggregate throughput. The move to faster network technologies is forcing enterprises to look at upgrading every component of their IT infrastructure, and the need to add new high speed interfaces to firewalls (10 GbE, 40 GbE and eventually 100 GbE) tops the list of drivers for investing in new high-end firewalls.

Jeff Wilson of Infonetics commented, “After port speeds, we asked respondents to tell us what maximum stateful inspection throughput they will require their high-end firewalls to support in the next year, and over 80% are looking for platforms with over 100 Gbps of aggregate performance, with the largest group looking for 100 Gbps to 199 Gbps.” He continued, “Having high speed interfaces means nothing unless the device has the throughput to match.”

The full report can be downloaded at: www.fortinet.com/resource_center/solution_briefs/faster-firewalls-for-faster-networks.html

FortiOS Flexibility

The new FortiGate-3700D leverages FortiOS 5, the industry’s most advanced network security operating system. FortiOS is a security-hardened, purpose-built operating system that is the foundation of all FortiGate network security platforms. It can be used across large or small enterprise infrastructures and multiple security application personalities.

FortiOS 5 allows for flexible deployment models within the data center such as core firewall, which provides very high performance firewall with ultra low latency or edge firewall, which can be used to serve internal or external communities with varying trust levels using different firewall personalities, including firewall + VPN, firewall + IPS, NGFW, advanced threat protection and more.

Data Center Network Segmentation

As customers build out new or redesign data centers, they are starting to incorporate network segmentation into the architecture. The segmentation may be based on perimeter architecture, services, function or regulatory requirements and effectively separates networks physically or virtually to better provide security service level agreements. Fortinet offers physical, hybrid or virtual network segmentation via its virtual domain (VDOM) capability.

The FortiASICtrade Advantage

The FortiGate-3700D features the latest FortiASIC NP6 processor, which has been designed in-house by Fortinet’s network ASIC experts.

The Network Processor ASIC delivers huge performance benefits over a traditional CPU plus software approach. This enables FortiGate high performance network security appliances to have a smaller footprint and consume less power but still deliver the highest throughput numbers at a very low price.

IPv6 Ready

IPv6 is picking up momentum globally, and it is very important for firewall devices sitting at the edge of a network to be able to process IPv6 routed traffic just as fast as IPv4. Additionally, customers often require Network Address Translation (NAT46, NAT64, NAT66), which requires additional processing capabilities. The FortiASIC Network Processor allows FortiGate appliances to deliver comparable IPv6 and IPv4 throughput and translation, eliminating the performance bottleneck other security vendors cause.

High Availability

The Data Center requires extremely high availability to maintain Application Service Level Agreements. FortiOS 5 provides multiple forms of high availability (HA) such as Active-Active, Active Passive or Virtual Cluster. Depending on the configuration, failover times are in the sub-second range. Multiple HA deployment modes allow tight integration into different data center architectures.

Cloud Ready Management

To simplify the management and analysis of physical and virtual security infrastructures deployed in large data centers and multi-tenant cloud environments, Fortinet provides single-pane-of-glass management with the FortiManager family of physical and virtual management devices. FortiManager centralized management allows security administrators to configure and manage thousands of physical appliances and virtual machines. Flexible APIs, such as JSON and XML, allow automated configuration and provisioning of devices.

The FortiAnalyzer family of physical and virtual devices provides centralized logging and reporting, which enables administrators to analyze, report and archive security event, network traffic, Web content and messaging data to accurately measure policy compliance.

“For some time our data center customers have been asking us for higher firewall throughput and high speed port connections as they consolidate data centers around a 40 or 100 Gbps switching infrastructure/fabric. We have an aggressive roadmap to deliver on these requests starting with the FortiGate-3700D,” said Michael Xie, founder, CTO and vice president of engineering for Fortinet. “Not only have we delivered the required throughput, but we’ve done it at a CAPEX and OPEX, compact form factor, latency and port density not seen in the industry thus far.”

Availability

The FortiGate-3700D will be available this quarter. For more information on the FortiGate-3700D please visit: http://www.fortinet.com/products/fortigate/3700D.html

To download the Infonetics report referenced above, please visit: www.fortinet.com/resource_center/solution_briefs/faster-firewalls-for-faster-networks.html

About Fortinet (www.fortinet.com)

Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Fortinet’s flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet’s broad product line goes beyond UTM to help secure the extended enterprise – from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Article source: http://www.darkreading.com/perimeter/fortinet-unveils-data-center-firewall-ap/240162334

Tettnang, Germany — October 7, 2013 – Security expert Avira announced today the launch of Avira Mobile Security app for Apple iPhone, iPad and iPod. In addition to scanning for malicious processes that may be corrupting your iOS device, Avira Mobile Security is the only security app to integrate a free 5GB cloud storage account to let users instantly free up space to take more pictures or videos, or to access and share media while on the go.

Avira Mobile Security is available now, for free, in the utilities section of the Apple App Store. It is available for English and German languages and works on any device running iOS 6.0 or higher.

The Avira security app was designed with high quality standards and includes the ability to:

– Scan to detect any malicious or rogue processes running on your iPhone or iPad

– Verify if the OS is up-to-date, and check if anyone has tried to jailbreak the device

– Back-up or share photos and videos with a free 5GB secure cloud storage account

– Make your device ‘scream’ out loud if it gets lost, or let you track its location on a map

“When we asked our customers and engineers to re-envision what ‘security’ means on a mobile device, we found that it’s not only about protecting the device and the data, it’s about being able to protect all your devices with an essential set of security applications. You feel secure because you don’t need to think about security,” said Travis Witteveen, CEO of Avira. “That complete protection and peace of mind is what Avira Mobile Security delivers. At a time when even phones are no longer secure from the bad guys, Avira is a security brand that you can trust to work flawlessly and consistently across all your mobile devices, on your laptop, and in the cloud.”

Links

Install Avira Mobile Security: https://itunes.apple.com/us/app/avira-mobile-security/id692893556?mt=8

Follow Avira’s TechBlog: http://techblog.avira.com/en

Find community, support and tips on Facebook: www.facebook.com/avira

Show us what else you would like Avira to protect through our Vine contest: http://tinyurl.com/lm34dl4

About Avira

More than 100 million consumers and small businesses depend upon Avira’s security expertise and award-winning antivirus software, making the company the number-two market share leader globally. Avira is ranked #1 in technology innovation according to ABI Research; recommended by Consumer Reports for its free antivirus software; cited by OPSWAT as the #1 fastest-growing antivirus vendor in 2012 and the #2 largest vendor worldwide in 2011; and has received a nearly unbroken string of Virus Bulletin VB100 awards for the past decade.

Avira provides IT-security protection to computers, smartphones, servers and networks, delivered as both software and cloud-based services. Visit www.avira.com.

Article source: http://www.darkreading.com/mobile/avira-launches-free-security-app-and-fre/240162335

Catch up with the latest security news in this week’s roundup. Watch the top news in 60 seconds, and then check out the individual links to read in more detail.

Monday 30 September 2013

• Advertising in mobile apps – how much is too much?
• Sextortionist who preyed on Miss Teen USA, Cassidy Wolf, turns himself in
• LA schoolchildren found having too much fun on their hacked iPads
• Microsoft releases latest Law Enforcement Requests Report – no Skype content handed over

Tuesday 1 October 2013

• SophosLabs prepares for great showing at Virus Bulletin 2013
• Operation Tuleta: Ex-Sun reporter first to be charged in computer hacker inquiry
• UK to hire hundreds of hackers for new £500m cyber-battalion
• NSA = National Stalker Agency?
• National Cyber Security Awareness Month – let’s all do our bit to help
• Cybersecurity Awareness Month: 10th anniversary, 10 topical tales
• Do these 3 essential security tasks for your family today

Wednesday 2 October 2013

• Facebook Graph Search can now paw through your posts and status updates
• Yahoo pays first bug bounty – $12.50 in Company Store credit

Thursday 3 October 2013

• Creepy T-shirts designed to baffle Facebook facial-recognition software
• 8 tips for safer online banking
• Zero Access, vulnerability disclosure and the evils of RTF

Friday 4 October 2013

• Cheeky Lavabit *did* hand over crypto keys to US government after all – printed in a 4-point font
• GinMaster, unwanted Android apps and legit apps gone bad
• Bitcoin forum hacked in aftermath of Silk Road takedown
• Is the NSA ripping a $35 billion hole in US business?
• FBI shutters Silk Road, an eBay-like drug bazaar: victory or defeat? [POLL]
• Adobe customer data breached – login and credit card data probably stolen, all passwords reset

Saturday 5 October 2013

• Adobe source code breach – is it a gateway for new malware and exploits?
• Silk Road bust, Adobe breach and Lavabit chutzpah – 60 Sec Security [VIDEO]

Sunday 6 October 2013

• SSCC 118.99 – How do you define a potentially unwanted application (PUA) [PODCAST]
• Microsoft Patch Tuesday – get ready for a bumper Tenth Birthday edition!

Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it.

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/fHF1NTGyXnY/

Tags: Adobe, breach, bust, chet chat, CSAM, dread pirate boberts, drugs, Exploit, IE, NCSAM, Patch Tuesday, plugin, Podcast, Silk Road, sscc, ulbricht, vb2013, Virus Bulletin, vulnerability, WordPress, Zero Day

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/FpxC3VIum1w/

A £1 million ($1.6 million) London home has been redecorated with vomit-saturated furniture and carpets, laughing gas canisters strewn across the ruined carpet, and a skylight broken after somebody fell through it, all courtesy of the 600 gatecrashers who showed up after a party was posted on Facebook with the toggle set to “public”.

What homeowner Catherine Seale said to her 17-year-old son, Christopher, before leaving with her husband for a holiday in the south of France: “Don’t throw a party.”

What Christopher did: Threw a party.

Christopher, in fact, invited 60 guests to a gathering at his parents’ home on Saturday.

Unfortunately, his best friend mentioned the party on Facebook without realizing the post was public, according to the Huffington Post.

His mother found out about it after a friend called to tell her that 600 partygoers were wrecking her home.

Neighbors told the Huffington Post that six police back-up units were required to break up the crowd, which in the space of two hours mushroomed to a crowd of at least 600 and well beyond just teenagers.

One girl was reportedly rushed away in an ambulance, suffering from alcohol poisoning.

One neighbor, Mark Daly, told the Huffington Post that he caught men in their 30s urinating on his front door step and on his car:

He was just standing on my car relieving himself. I caught him and told him to pull it together. As soon as he saw me he stumbled away.

But then five minutes later there was another one urinating close to my letterbox. When I opened the door he got a fright and nearly injured himself trying to jump off the doorstep and run away from me.

Another neighbor, Adam Keyne, told Huffington Post that his BMW’s wing mirror had been smashed, leaving him with a £250 bill, and confirmed that these weren’t just kids on a bender:

The first couple of hundred people were teenagers getting a bit drunk, which shocked me because they were all very posh yet very raucous.

But then I became worried because there were men in their thirties and forties looking to cause real trouble. They were sitting on people’s wall screaming and insulting passers-by.

Another neighbor, Ian Grant, told The Telegraph that one gatecrasher vomited outside his front gate before asking for a postcode so his mother could come get him.

No arrests were made, but Catherine Seale made sure her son apologized to neighbors and told news outlets that Christopher will be donating his free time to charity.

As it is, the public posting of a party on Facebook has left the Seales with a home that’s still a bit sticky, with the smell of vomit lingering days after the bacchanalia.

Still, it could have been worse, Ms. Seale told Huffington Post, beyond the one case of alcohol poisoning and the thousands of pounds worth of damage done to her home:

They could have been killed. Even though it had been cleaned up when I got back from France, everything felt sticky and dirty and it stunk.

There was vomit in the sitting room, cushions were completely ruined, and the sofa stank for days.

There’s nothing new about her admonishment regarding parents’ need to realize that leaving a 17-year-old alone can result in episodes like this:

All parents should be warned that this could happen if you go away and leave your 17-year-old alone.

Facebook is, of course, the twist to this age-old tale. Ms. Seale offered advice on the matter of checking Facebook settings before posting applies to every one of us in Facebook nation, whether we’re posting truly embarrassing updates that could get us fired or parties that a) haven’t been parentally approved and/or b) could wind up in a riot that trashes our parents’ posh homes.

She says:

I think if anyone is going to throw a party, they need to look at their privacy settings on Facebook. It’s absolutely essential that children are made aware of this.

Hallelujah to that, Ms. Seale, and best of luck in getting that stench to come out.

Follow @LisaVaas

Follow @NakedSecurity

Image of party and people dancing courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/yOO9l3J2eVk/

Just a couple of weeks ago I wrote about how Yahoo was recycling old email addresses and IDs and how some people who took over old accounts were receiving messages aimed at the previous owners.

Considering the implications of this I would have thought that it was an isolated policy that no-one else else would be foolish enough to copy.

Microsoft, however, seems to have done just that.

While the company has a long-standing policy of reusing Hotmail accounts it has not extended to its other services before. Now users who have an old Outlook.com or Windows Live ID account will need to be aware that it may get recycled if they do not sign in from time to time.

According to Webwereld (you’ll need to use Google translate or similar), Microsoft is recycling these types of accounts despite not mentioning that it could do so in its service agreements:

The Microsoft branded services require that you sign in to your Microsoft account periodically, at a minimum of every 270 days, to keep the Microsoft branded services portion of the services active, unless provided otherwise in an offer for a paid portion of the services. If you fail to sign in during this period, we may cancel your access to the Microsoft branded services. If the Microsoft branded services are cancelled due to your failure to sign in, your data may be permanently deleted from our servers.

There is not, however, any suggestion within the terms that cancelled email accounts could be recycled.

A recent email from Microsoft to Webereld says something altogether different about lapsed accounts though:

These email accounts are automatically put in the row to be deleted from our servers. Then, after a total of 360 days, the e-mail account name [is made] available again.

Mike Rispoli, a spokesman for London-based non-profit organisation Privacy International, told the Dutch IDG publication that,

When Yahoo announced this, experts warned of serious privacy and security implications. Yahoo downplayed these risks, ignored the critics, and now we see that the concerns have become a reality.

Rispoli also said that Microsoft should clearly communicate their recycling policy in their service terms and that users need to be aware of the situation, adding that,

These companies do this purely from [a] profit perspective to lure more users, but without any respect for privacy and users’ [rights]. This is a serious matter of trust, and [that] trust is violated.

Webwereld say it has received one email from a Hotmail user who claims he received messages for a previous owner of his account who shared the same name. As a result he is now considering submitting a complaint about Microsoft to CBP, the Dutch data protection agency.

Though it looks like the number of Microsoft customers receiving email destined for previous account users is minimal this is still concerning. Many people use accounts like these as backups for password resets, which means sensitive data could, potentially, end up in the wrong hands.

For that reason it would appear that the best solution for Hotmail, Outlook.com and Windows Live users would be to ensure that they sign into their accounts every 270 days in order to retain control over them.

Considering that this recycling of IDs also applies to Yahoo users, those of you using Gmail may be pleased to hear that there are no such concerns there. Google has confirmed that it has never recycled its email addresses.

Indeed, on its support pages, it says:

Deleting your address won’t free up your username. Once you delete your Gmail address, you won’t be able to use that same username ([email protected]) in the future.

What do you think of Microsoft’s policy and the potential risks to your privacy and security?

Follow @Security_FAQs

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/uX7ljLuaVIg/

An awareness month can bring with it many benefits. When you think about some of the wildly successful awareness months, National Breast Cancer Awareness Month comes to mind. Associated efforts include fundraising walks and Delta Airlines repaints some of its planes pink. Events take place throughout the country and a good portion of the world. But there is nothing otherwise special about the month — except that it serves as a rallying cry for people to take action.

Now, as the 10th anniversary of National Cyber Security Awareness Month (NCSAM) begins today, it’s time to take advantage of the benefits that it similarly offers. While it might not be a standard practice to normally devote attention to information security, security awareness practitioners can now contend that extra corporate attention should be placed on your efforts.

It is a good time to let rally extra support from management to put on events, get permission to set up awareness booths, pass out literature, get space on corporate intranet sites, send out extra messages to the staff, etc. NCSAM is a catalyst to get extra attention for your programs, which is another way of saying that you get more awareness for your awareness campaign.

If you have already started planning, try to make the most of it. If you haven’t yet put something together, now is the time to try to get started. If you are short on resources, we put together an NCSAM Support Package that provides a turnkey NCSAM program.

While it is not likely that anyone will be repainting an airplane to support our cause, there is still a lot of support to be had. Take advantage of the momentum. More important, make sure that you keep the momentum going after the month is over.

Ira Winkler is president of Secure Mentem

Article source: http://www.darkreading.com/attacks-breaches/make-the-most-of-national-cyber-security/240162081

It’s Get Ready For Microsoft Patch Tuesday time again already, and this month’s update will be the tenth anniversary of Microsoft’s regular security bulletins.

As you will have read at the start of the month, October 2013 is also the tenth anniversary of Cybersecurity Awareness Month.

I suspect that’s a coincidence, but it’s worth a smile anyway.

Microsoft has had a slightly rough time with updates lately, with some updates not working properly in August, and others working far too well in September, downloading themselves over and over again.

Despite the problems, however, things haven’t been too bad, so headlines like “A Decade of Botched Updates and Broken PCs” (I shan’t link to it; you can find it if you must) are needlessly discouraging.

(That article goes on to contradict itself almost immediately by describing early updates as trouble-free, so it can safely be dismissed as disingenuous, but it is nevertheless representative of real-world sentiment against Redmond and its patches.)

So, please don’t be discouraged this month, because the marquee update, Bulletin One, is almost certainly a formal fix for the Internet Explorer (IE) zero-day vulnerability that made the news half way through September.

That vulnerability, CVE-2013-3893, is being actively exploited in the wild by cybercrooks and Metasploit alike, so it’s pretty much open for anyone to acquire, study, tweak and use.

Existing CVE-2013-3893 exploits don’t work against all versions of IE, but they do work even when DEP (data execution prevention) and ASLR (address space layout randomisation) are in play, so you should assume that a really determined attacker could figure out an unlawful way into all versions of Windows running any version of IE, from IE 6 on XP to IE 11 on 8.1.

→ I say “almost certainly a formal fix” because Microsoft’s Advance Notifications don’t actually detail exactly what is going to be fixed. So we can’t be sure that CVE-2013-3893 is being patched for good, but given the seriousness with which Microsoft handled its appearance in the wild, it’s a good guess.

Interestingly, seven out of the eight bulletins this month deal with RCEs, or Remote Code Execution bugs.

That’s where an outsider can send you something that isn’t suppose to cause a silent download – like a document or a web page – and infect you with malware, without so much as an “Are you sure?” dialog, even if all you do is look at it.

Four of these RCEs are branded Critical, which you can take to mean “if you don’t patch this hole, crooks will probably try to sail through it and may very well succeed.”

The other three are merely Important, perhaps because they “only” affect Office and SharePoint server software.

The eighth Bulletin involves an Information Disclosure hole in Silverlight.

As usual, SophosLabs will be publishing its own risk analysis once Microsoft’s publish-no-earlier-than deadline has passed (usally as soon the patches are publicly available), helping you to estimate the likelihood of each vulnerability being exploited if you choose to delay the patch.

The last things to notice as you plan for Tuesday are:

• Reboot required for the big Internet Explorer fix, so you’ll be rebooting most of your boxes.
• Server Core installs are unaffected, proving the wisdom of using the minimalist flavour of Windows wherever you can.
• Mac users get some Patch Love this time round, with an update for Office for Mac 2011 to close an RCE hole.
• Windows 8.1 gets an update to IE 11, so your pre-release adopters will be patching and rebooting too.

Good luck with your Tenth Anniversary of Tuesday patching!

And if you’d like a quick review of terminology like RCE and Information Disclosure, and how to decide whether a Critical patch is more urgent to you than an Important one, why not listen to our recent Techknow Podcast, Understanding Vulnerabilities?

Listen now:

(18 September 2013, duration 15’08”, size 9.1MB)

Listen later:

Download Sophos Techknow – Understanding Vulnerabilities [MP3]:

Follow @duckblog

Image of birthday balloons courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/vbpnsMCHoMc/