MY PROFILE | PRIVACY 
Vol. 16, #23 - June 13, 2011 - Issue #832

Company Suffers $588,000 Cyberheist ? Judge: "Too Bad"

  1. Editor's Corner    
    • Company Suffers $588,000 Cyberheist ? Judge: "Too Bad"
    • What are Your Peers Doing Regarding CRM?
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars & Seminars
    • VIPREcast: The Dangers of Social Media at Work - 6/21 
    • Malware Unmasked Webinar, July 20
    • BriForum 2011: Register today - 7/19-21
    • Free Desktop Virtualization Seminar
  4. Tech Briefing
    • CSO Magazine: 'Phishing Still Rules, Because We're Still Gullible'
    • 5 Questions To Ask About Tablet Security
    • The Top Hidden Features in Windows 8 
  5. Windows Server News
    • Windows Intune Brings PC Management Into the Cloud
    • Server Consolidation Strategy Pitfalls: Over-Consolidation
    • Does VDI Eliminate The Need For Antivirus Software?
    • Office 365 Launches in June, Ballmer Says
  6. Third Party News
    • CounterSpy and Sunbelt Personal Firewall End Of Life
    • Book Review: Mike Meyers's CompTIA Security + Certification
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Get The Fast And Easy Antivirus Protection You Deserve

myPassword ? Securing your business, one password at a time

With network security breaches in the news every week, maintaining solid authentication and password policies for your organization is more important than ever. Today?s mobile business environment requires a solid plan for securing access to key company systems. Enforcing password policy compliance and assuring that password complexity and history requirements are met every time an account password is modified is critical to preventing a potentially devastating security breach. Namescape?s myPassword can help you devise your protection strategy. Evaluate today.

 

Editor's Corner

Company Suffers $588,000 Cyberheist ? Judge: "Too Bad"

Cyber security experts are expressing serious concern over a decision on a cyberheist lawsuit case by a Judge from Maine last week. If his ruling is adopted by other U.S. district courts it will make things more difficult for other cybercrime victim businesses to dispute the effectiveness of security measures employed by banks and increase the burden on companies already struggling within a failing economy.

Sanford, Maine based Patco Construction Co. filed suit in York County Superior Court against Ocean Bank in May 2009. The case has slowly moved through the system, but there is news. The original lawsuit alleges that Ocean Bank did not do enough to prevent cyber criminals from transferring approximately $588,000 to dozens of co-conspirators throughout the United States over an eight-day period. 

Note that businesses do not have the same legal protections against online banking fraud that consumers enjoy. Consumers generally have 60 days from receiving a bank statement to dispute any fraudulent charges, and in nearly all cases those charges will be reversed. But both for-profit and non-profit organizations that experience fraud with their online banking accounts usually lose any money from unauthorized transactions that aren't reported to the bank within 24 hours, and even then there is no guarantee that all or any of the fraudulent transfers will be reversed or halted.

According to the Patco?s filed complaint, the fraudulent transfers began when cyber thieves who had hijacked the company's online banking credentials initiated a series of transfers totaling $56,594 to several individuals that had no prior businesses with Patco. The company alleges that this pattern of fraud continued each day of the following business week, during which time the thieves made additional batches of fraudulent transfers totaling $532,257. For more details on this cyberheist: http://www.wservernews.com/go/1307693719531

The question becomes "how did the bad guys gain access to this company?s online accounts"? And one can quickly conclude that it was through some unsuspecting employee getting phished and opening up the network foran infection, likely with the ZeuS malware.

This case clearly shows you need state-of-the art endpoint protection, that gets updated with high frequency, and has a very high percentage score of proactive protection. VIPRE comes to mind for sure.

Also an obvious conclusion is that if you want to protect your network from external cybercriminals, have another look at Defense-in-Depth. Here is a page that will get you the concept in a nutshell: http://www.wservernews.com/go/1307693852468

What Are Your Peers Doing Regarding CRM?

GFI Software and ITIC are conducting a on CRM deployments. The aim of this survey is to see if CRM usage is catching on among SMBs and SMEs if not, why not. What are the benefits? What are the impediments? Is it a boon for your sales and marketing initiatives? Is it worth the money or too expensive, too hard to use, not enough of a business case to adopt it? Tell us what you think.

As always, we know that you?re busy and we want to be respectful of your time. This survey should take only a few minutes to complete. All responses are kept confidential. The survey is for informational purposes only. No one will call or Email you with any sales pitches.

Once again, GFI and ITIC are giving away a free iPad and a free iPod to the survey respondents who provides the most insightful response to the final essay question. So be sure to leave your Email address along with your comment within the Essay question response. Once the survey is finalized, we'll publish the Executive Summary and survey highlights in the WServerNews newsletter. To further show our appreciation, anyone who completes the survey can get a complimentary copy of the Report once it's published by Emailing me at: [email protected] Here?s the survey link: http://www.wservernews.com/go/1307697079453 

Quote of the Week

"The manner of giving is worth more than the gift." - Pierre Corneille, born 1606.

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here: http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Simplify your life with mPowerTools - 100+ Reports - tackle AD chores in bulk - a search & replace tool - you'll never script again AND NO third party databases! http://www.wservernews.com/go/1307697270343

Subscribe to the latest hot e-zine: CyberheistNews: 'Arming you with the facts'. Gets you ammo twice a month to defend your network against cybercrime: http://www.wservernews.com/go/1307697291937 

Frustrated with gullible end-users causing malware infections? Find out who the culprits are in 10 minutes. Do the Free Phishing Security Test on your users!: http://www.wservernews.com/go/1307697305156

Webinars & Seminars

VIPREcast: The Dangers of Social Media at Work - 6/21

If you're like other organizations, the use of social media at your company is rampant - with employees visiting sites for legitimate business purposes or simply for fun. With new Facebook, Twitter, and LinkedIn scams popping up daily, how do you strike a balance between enabling use while keeping users safe?

In this VIPREcast, gain insight into the risks posed by Facebook, Twitter, LinkedIn, blogging platforms, and other social media outlets, such as:

  • Lure campaigns: From clickjacking to survey scams, what your users may be seeing online.
  • Alternative attacks: Recent scams on services such as Tumblr that rapidly expose the network and negatively impact acceptable use policy content.
  • Business-centric exploits: Malware techniques that capitalize on IT missteps and how to prevent them.

Join us for an important VIPREcast that will look at recent exploits we've seen, the most common techniques being used, and best practices for successful social media policies:

11:00am ET / 10:00am CT / 8:00am PT / 15:00 GMT

Date: Tue, Jun 21, 2011
Location: This is an Internet based event.
Register/More Info: http://www.wservernews.com/go/1307697790218

Malware Unmasked Webinar, July 20

Targeted attacks are moving away from purpose-built platforms (Zeus, SpyEye, Bugat) to general tools (Sunspot) that can be tailored to target specific industries or organizations. Learn how to detect these threats and why they could be a significant concern to your organization. Sign up for the July 20 webinar at:

BriForum 2011: Register today  - 7/19-21

The most advanced, technical, hands-on desktop virtualization event is returning to Chicago this July 19-21. Independent industry experts, led by Brian Madden, share the latest tips and strategies around desktop virtualization, VDI, application virtualization, and Remote Desktop Services. In addition, technical staff from the top solution providers in the space will be in attendance so you can ask all your questions and try out these technologies. Don?t miss out on this unique opportunity to interact with hundreds of your peers from across the globe as well to share best practices and lessons learned.

Register today and save! http://www.wservernews.com/go/1307697861250

Free Desktop Virtualization Seminar

Coming to Atlanta, Detroit, and St Louis this June, and 12 other cities throughout the remainder of the year, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.

Register today! http://www.wservernews.com/go/1307697899765

Tech Briefing

CSO Magazine: 'Phishing Still Rules, Because We're Still Gullible'

Chief Security Officer Magazine reports on KnowBe4's recent phishing research. "Despite more than a decade of warnings, users still readily fall for phishing attacks. For years, phishing attacks were viewed largely as a consumer security problem. Attackers would target users with an email that tempted them into a fraudulent 411 [check] scam, or to share their account numbers and sign on credentials with a bogus Web site. Not anymore.

"It's become clear, going to back to the so-called 2009 Operation Aurora attacks that phishing attacks work. Regarding those attacks, a Forrester Research analyst quoted an aerospace company employee who was familiar with the exploit-laced Adobe PDF files that came attached to the spear-phished emails. "This kind of stuff is driving the defense contractors nuts. They should know better, yet they are still affected," the source said at the time. Spear-phishing attacks -- those that use information about someone to target them directly as part of an attack -- are all the more successful. The viability of phishing attacks were revealed more recently with the successful attack against RSA Security and then the related attack on defense contractor Lockheed-Martin." More: http://www.wservernews.com/go/1307698005109

5 Questions To Ask About Tablet Security

Some companies are adopting them and many employees are dying to use them. But are tablets too risky for the enterprise? Security experts ponder some of the larger questions about tablets and other mobile devices companies are facing.

A poll conducted late in 2010 by ChangeWave Research found the number of organizations giving employees tablets for work would double in the coming twelve months. The research found 14 percent of businesses polled expected to buy tablets for employees in the first quarter of 2011, up from 7 percent of companies who supplied staff with tablets in the last quarter of 2010.

But while most organizations are not rushing to adopt tablets in their IT department, many end-user employees are in a hurry to start using them--on their own--with or without company support. That has security managers scratching their heads as to whether tablets change their risk profile. The answer will differ from company to company, but here are five questions to ask as you consider your tablet policy. Another good article at CSO Online! http://www.wservernews.com/go/1307698138125

The Top Hidden Features In Windows 8

Network World's Sandro Villinger wrote: "Ballmer finally confirmed what tech pundits knew all along: the next generation of Windows will be out in 2012. In the meantime, Microsoft is half-way done with Windows 8--it's in the Milestone 3 stage right now--and is prepping up the first beta for this September's "Windows Developer Conference" in Anaheim, California.

"But you don't have to wait until then to get a look at some of Windows 8's best new features. I've closely examined a pre-beta leak and dug up some great features and improvements you can look forward to. While these pre-beta builds have been covered left and right, I've chosen to focus on the lesser-known, but noteworthy improvements. Here is the slide show". Check out #4, booting in less than 20 seconds sounds good: http://www.wservernews.com/go/1307698236750 

Windows Server News

Windows Intune Brings PC Management Into the Cloud

Paul Thurrott recently wrote: The fact that Microsoft is in the midst of a dramatic retooling of its product offerings should come as no surprise: "The company is moving rapidly to establish itself as a dominant provider of cloud services in addition to its more traditionally delivered client and server solutions. Today, the company offers both hosted services - cloud-based versions of its most popular server products, such as Exchange Server and SharePoint Server - and entirely new cloud-hosted platforms, such as Windows Azure and SQL Azure, among other offerings.

Microsoft has long championed a unique opportunity for customers that its competitors simply can't match. In addition to the sheer volume of its disparate offerings, Microsoft also offers customers a range of choices that span both traditional, on-premises offerings and hosted cloud services, but also a hybrid deployment model in which both on-premises and hosted offerings can be mixed and matched within a corporate environment. Companies such as Amazon and Google, whose product offerings exist almost solely in the cloud, simply have no answer to this need. Read more about the impact of this from the system admin viewpoint at: http://www.wservernews.com/go/1307698383609

Server Consolidation Strategy Pitfalls: Over-Consolidation

Server consolidation increases the use of available computing resources and allows more virtual machines (VMs) to operate simultaneously on a physical host system. But there are practical limitations to a server consolidation strategy?even with today?s most powerful and virtualization friendly servers. Discover what these strategy pitfalls are in this featured article: http://www.wservernews.com/go/1307698471687

Does VDI Eliminate The Need For Antivirus Software?

With the security benefits of VDI and antivirus software enhancements for virtual desktops, VDI offers significant security benefits compared to traditional PCs. Discover the advantages this technology can bring to your organization in this expert tip: http://www.wservernews.com/go/1307698681781

Office 365 Launches in June, Ballmer Says

It was all over the news this week, but PCWorld has the best write-up. "Microsoft spokespeople have been coy about when the Office 365 cloud service will launch, saying only that it will come out later in 2011. But CEO Steve Ballmer has revealed that it will launch in June. Speaking in Delhi, India, to an industry group last week, Ballmer said, "We're pushing hard in the productivity space. We'll launch our Office 365 cloud service, which gives you Lync and Exchange and SharePoint and Office and more as a subscribable service that comes from the cloud. That launches in the month of June."

Ballmer's remarks are available in a transcript on the Microsoft website. Ballmer also recently announced that Windows 8 will be released in 2012--only to see his own employees backpedal from his statement. More: http://www.wservernews.com/go/1307698790218

Third Party News

CounterSpy and Sunbelt Personal Firewall End Of Life

As you may know, GFI discontinued Sunbelt Personal Firewall and CounterSpy last week. The official pages are up here:

CounterSpy: http://www.wservernews.com/go/1307698885500

SPF: http://www.wservernews.com/go/1307698899218

However, we do take care of our customers. Every customer on a current maintenance plan for CounterSpy will receive a free upgrade to VIPRE. And every customer on a current maintenance plan for SPF will receive a free upgrade to VIPRE Premium.

These were great products but their technologies are now incorporated into VIPRE and VIPRE Premium and it makes no more sense to sell them stand alone.

BOOK REVIEW: Mike Meyers's CompTIA Security + Certification

I'm holding in my hot little hands a new McGraw Hill security paperback. They have revised the whole book for Security exam SY0-301 and this new edition provides a condensed and concise review of CompTIA's well-known security credential. The books is a quick review, cram-style test prep that gives you 100% coverage of all exam objectives for the new exam. You are able to self-study and drill the exam with the added Learnkey CD. http://www.wservernews.com/go/1307698982093

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

WServerNews - Product of the Week

myPassword ? Securing your business, one password at a time

With network security breaches in the news every week, maintaining solid authentication and password policies for your organization is more important than ever. Today?s mobile business environment requires a solid plan for securing access to key company systems. Enforcing password policy compliance and assuring that password complexity and history requirements are met every time an account password is modified is critical to preventing a potentially devastating security breach. Namescape?s myPassword can help you devise your protection strategy. Evaluate today.