Archive

Archive for May, 2008

McAfee, Inc. Endpoint Encryption Deployed by NHS for Widespread Data Protection

May 29th, 2008

National Health Service Connecting for Health (NHS CFH) has selected solutions from McAfee to provide encryption and port control, to protect confidential data on NHS computers and devices. As part of the NHS contract, McAfee Data Protection will provide 700,000 licenses for device encryption, port control, secure content encryption and mobile encryption to NHS organizations and related bodies across England. 

McAfee Data Protection’s world-class enterprise solution will encrypt confidential staff and patient data, helping to safeguard the NHS from data breaches and protect those whose data resides on NHS systems. Data will be protected on all devices such as PCs, laptops, PDAs and smartphones, content on hard drives and removable media; and computer ports to prevent unauthorized use of portable media connected to USB, serial and parallel ports.

The technology integrates with existing software deployment tools and can be deployed centrally across the network to all endpoints. The installation process is quick and effective. The technology is completely transparent to the end-user and does not impact productivity or require any specialized training.  It also mitigates human error, thereby reducing data security threats. Its central reporting function aids compliance and the graphical presentation of information assists ICT teams in their management reporting.

“McAfee Data Protection technology closely matched our extensive requirements and at a price that represents exceptional value for the taxpayer,” said Mark Ferrar, director of infrastructure, technology office, NHS Connecting for Health. “Protecting patient data and NHS operational data against data security threats is essential. The McAfee product is an enterprise class solution that integrates with existing software deployment tools, can be deployed in both standalone and organization-wide scenarios and meets the required stringent security standards.”

“The desire for a national agreement for encryption software followed guidance to NHS organizations issued by NHS Chief Executive David Nicholson,” said Jan Van Vliet, vice president of sales, McAfee Data Protection Business Unit, EMEA.  “As part of the agreement, we are also working closely with our partner, Trustmarque Solutions, to set up a nationwide structure to offer training and implementation for IT managers within the applicable NHS bodies across England.”

News , ,

Symantec Announces New Versions of Veritas Storage

May 27th, 2008

Symantec Corp. (Nasdaq: SYMC) today announced Veritas Storage Foundation and Veritas Cluster Server 5.1 for Windows, the industry leading heterogeneous storage management and high availability solution providing data and application availability for Windows environments. A key component of the Symantec Solutions for Windows portfolio scheduled to be available in June 2008, Veritas Storage Foundation 5.1 High Availability for Windows introduces support for Windows Server 2008 and delivers significant improvements to operational effectiveness and ease of use including enhanced availability and disaster recovery, centralized storage visibility and SmartMove for efficient array migrations.“Customers today face overwhelming demands in managing disparate islands of storage and meeting strict service level agreements for high availability,” said Aaron Aubrecht, senior director of product management, Symantec. “Veritas Storage Foundation for Windows and Veritas Cluster Server provide organizations with a common set of easy-to-use tools that work across virtually every server and storage platform to provide online volume management, storage and application availability, application integrated quick recovery and storage area network path management. Enabling IT organizations to use a single software solution to manage their storage infrastructure and recover applications in the event of a local failure or disaster can significantly reduce both capital and operational costs, while simultaneously ensuring confidence that existing service level agreements are met.”

Expanded Operating System, Application and Storage Support

Veritas Storage Foundation for Windows and Veritas Cluster Server are extending support for Windows Server 2008 and Windows Server 2008 Server Core environments, with support for Standard, Enterprise, and Datacenter versions across x86, x64, and IA64 platforms. Additionally, this release provides expanded support for Windows Vista, Microsoft Exchange 2007 Service Pack 1, Microsoft SharePoint Portal Server 2007, Symantec Enterprise Vault 2007 and Blackberry Enterprise Server.

Veritas Storage Foundation for Windows Dynamic Multi-pathing continues to enhance support for leading storage platforms– enabling customers to have a single multi-pathing solution without compromising a heterogeneous tiered storage infrastructure. In addition to the 40+ array families already supported –support for Pillar, 3PAR, and newer IBM and HDS arrays has been added.

Enhanced Availability and Recoverability

Veritas Storage Foundation for Windows offers a guided, step-by-step, wizard to ensure Microsoft Exchange and other applications can be quickly recovered from a point-in-time volume copy. IT organizations can now simplify the storage management complexity of recovering consistent Exchange data to an alternate location with this new capability– automated snapshot recovery to Exchange Recovery Storage Groups. Moreover, for organizations requiring a multi-site disaster recovery infrastructure for Exchange or other applications, Veritas Cluster Server has added support for EMC Symmetrix Remote Data Facility (SRDF)/STAR.

Improved Operations, Management, and Performance

Providing visibility across multiple hosts from a single, secure, web-based console can significantly reduce operational costs and risks to application downtime. Veritas Storage Foundation Manager will support Veritas Storage Foundation for Windows and up to 3,000 hosts enabling organizations to gain insight into storage objects including volumes, storage subsystems, and storage area network paths. Complementing the storage infrastructure visibility, Veritas Cluster Server Management Console has been enhanced to dynamically discover physical and virtual (e.g., VMware) clusters across Unix, Linux and Windows in a single global operation, and dramatically simplify operations. For example, clustered applications can be easily identified by geographical site or business unit, thereby making it easier to manage, act and report on the logical groups of Veritas Cluster Server deployments.

Configuration Checker mitigates risk to application downtime by providing a simple and powerful way for organizations to proactively and easily identify configuration-related installation errors, departures from best practices, and incompatible hardware and/or software. SmartMove is a new feature in Veritas Storage Foundation 5.1 for Windows that greatly enhances the efficiency of data-intensive operations by analyzing the data and ensuring that only the necessary blocks of data are moved. This significantly enhances the efficiency of data movement operations, such as creating or synchronizing mirrors or snapshots.

News , , ,

Symantec to Speak at Upcoming Investor Conferences

May 27th, 2008

Symantec Corp. (Nasdaq: SYMC) today announced its executives will be speaking at the following investor conferences in the June 2008 quarter:

  • Merrill Lynch Technology Conference on May 6 at 11:15 a.m. ET in New York City
  • JPMorgan Technology Conference on May 19 at 8 a.m. ET in Boston

A live webcast and replay of the presentation will be available.  Interested parties can view the webcast and the replay over the Internet through Symantec’s Investor Relations Web site at www.symantec.com/invest.  Please go to the Web site at least 15 minutes early to register, download and install any necessary software.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

News , , ,

Symantec Online Fraud Protection Helps Businesses Combat Online Fraud, Protect Brand Equity

May 27th, 2008

Symantec Corp. (Nasdaq: SYMC) today announced the availability of Symantec Online Fraud Protection, a comprehensive program that includes Symantec services, education and ongoing monitoring and management capabilities designed to protect businesses that conduct large volumes of financial transactions and their customers from losses due to online fraud. This offering helps businesses shield their customers from a variety of online threats, including phishing and pharming. By helping their customers safely conduct transactions online, businesses can boost customer loyalty, minimize financial loss and legal exposure, and reduce risks to their corporate brand.Corporate brand erosion as a result of online fraud is a significant problem facing all organizations that conduct business online. Symantec’s most recent Internet Security Threat Report, Volume XIII released in April 2008 indicates that threats from online fraud continue to plague both enterprise organizations and consumers. In the last six months of 2007, Symantec observed more than 85,000 phishing hosts – computers that can host one or more phishing Web sites – an increase of 167 percent from the first half of 2007.

“Fraud attacks are becoming more sophisticated and are increasingly targeting businesses and customers with devastating effects,” said Rob Enderle, president and principal analyst, Enderle Group. “Organizations generally lack an effective comprehensive approach to mitigating online fraud. In addition, the damage that results from fraud now goes beyond just financial damage to impacting the global brand. This combination should make reducing the related risks a primary business objective.”

Leveraging Symantec’s broad footprint and position as a leader in security, Symantec Online Fraud Protection is a flexible program that combines a variety of offerings based on customer need. This offering is also backed by Symantec’s Global Intelligence Network which provides the most comprehensive view of Internet attack activity based on security intelligence data gathered from around the world. Symantec’s Global Intelligence Network includes 11 security response centers that analyze data from more than 2 million email accounts, 120 million systems and more than 40,000 devices in more than 200 countries. Symantec Online Fraud Protection includes:

  • Phishing Monitoring: Watches for new phishing attacks and other attacks on the client’s brand.
  • Transaction Monitoring: Reviews transactions on back-end systems and blocks fraudulent activities.
  • Online Fraud Incident Response and Countermeasures: Provides rapid response to attacks in order to minimize losses and protect brand reputation, including working with ISPs to curtail the activities of fraudsters.
  • Malware Intelligence and Analysis: Provides monitoring of malware targeting a specific brand and analysis of new malware behavior.
  • Consumer Education and Protection: Helps organizations educate and protect their end-user customers from online threats and minimize the risk of fraud.
  • Expert Resident: The offering also includes an expert resident from Symantec, with access to a variety of security intelligence data sources, who works with in-house staff to provide security expertise and serve as the primary point of contact leading all online fraud protection efforts.

“Symantec’s recent Internet Security Threat Report shows that 80 percent of brands targeted by phishing attacks were in the financial sector,” said Ted Donat, director of product management, Symantec Consulting Services. “As online fraud continues to increase, Symantec is arming its customers with tools to protect against the brand erosion that can result from an attack. With Symantec’s superior malware intelligence and analysis, monitoring and incident response services, customers can quickly respond to online fraud attacks, leverage expert command and control during incidents, and shift their approach to online fraud from reactive to proactive.”

Symantec Online Fraud Protection provides a unique combination of products, services and education, leveraging Symantec’s unparalleled scope and breadth of expertise in the security market. Symantec Global Services is a leader in providing expertise and resources for securing and managing the world’s information. With more than 4,000 professionals worldwide, Symantec Global Services has worked with 99 percent of the Fortune 1,000.

News , , ,

The State of Missouri Selects Symantec Enterprise Vault for Email Archiving and Discovery

May 27th, 2008

Symantec Corp. (Nasdaq: SYMC) today announced that the State of Missouri has selected Symantec Enterprise Vault as its email archiving platform, ensuring the security and retention of electronic communications in accordance with Governor Matt Blunt’s directive to archive government emails. Enterprise Vault enables the state to comply with legal discovery requirements and information access policies such as open-records requests. The state also plans to leverage Enterprise Vault to improve email storage capabilities while streamlining and simplifying email system management.“The protection and retention of email is critical to ensuring transparency and accountability in our state government, and it is one of the most important IT initiatives we are implementing,” said Dan Ross, State chief information officer, Missouri Information Technology Services Division. “Enterprise Vault is the leading email archiving and data protection solution. We are confident that Symantec software and services will enable us to meet our aggressive plans to roll out a highly secure and reliable email retention system.”

The State of Missouri’s Information Technology Services Division (ITSD) supports nearly six million citizens and approximately 60,000 government employees. The ITSD is chartered with implementing an email archiving system for 14 of the state’s 16 executive branch agencies and supporting an IT infrastructure that handles more than 1.5 million emails each day.

“The high volume of emails being processed through the State of Missouri’s IT infrastructure magnifies the scope and importance of implementing a reliable and scalable archiving solution,” said Jim Russell, vice president, Public Sector, Symantec. “Enterprise Vault will enable the state to archive and retrieve all email content and public records in order to fulfill Governor Blunt’s email retention directive.”

The State of Missouri’s licensing agreement for Enterprise Vault further expands the level of standardization on Symantec solutions. The state already uses Symantec AntiVirus to secure the desktop environment for the executive branch agencies as well as Symantec Mail Security, Gateway Security, Ghost Solution Suite, pcAnywhere, and Backup Exec to secure and manage various components of the state’s IT infrastructure.

About the State of Missouri’s Information Technology Services Division

The ITSD for the State of Missouri is the central point for coordinating the data processing policies for the executive branch. The division promotes economy and efficiency in the use of data processing and telecommunications for transaction of state business.

Services provided by the division include the operation of a centralized computer facility used by state agencies and elected officials; a data processing education center for state employees; systems development services; operation of the state telephone switchboard and associated state telecommunications network; desktop support and web development.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com .

News , , ,

Clearing your Cache

May 27th, 2008
This is how you can clear your cache memory for the following browsers:
  
Internet Explorer 6

  • Click “Tools
  • Select “Internet Options
  • Click “General
  • Select “Temporary Internet Files” and click “Delete Files
  • Click “OK
  • Click “OK” again to close the Internet Options window
   
Netscape Navigator 7+

  • Click “Edit
  • Select “Preferences
  • Click “Advanced
  • Select “Cache
  • Click on “Clear Cache
  • Click “OK

After each time log in to your personal financial or any private login system, one can make safe himself by erasing the cache. This is especially for public computer users.

Tips and Tutorials

Measures for phishing attacks

May 22nd, 2008

 Do not ever reply to any e-mail that asks you for any personal or financial information no matter how official it looks. Banks, credit card companies, brokers, the government and any other legitimate entity will never ask you to click on a link and supply any kind of personal or financial information. If they include a telephone number for you to call, don’t! If you feel that the message is legitimate then look up the actual web site address, or telephone number, from a statement or invoice and use it. Even if the link in the email looks real, it isn’t. It’s easy to make a link look like it goes to one web site but really have it go to another.

Never give any sensitive personal information out to anyone who calls you and asks for it. Simply ask for their name, telephone number and extension and tell them you’ll call them back. Then, check that telephone number against a number that you find on a statement or receipt. If it doesn’t match, call the number that you found and tell someone what’s going on. If it’s a real message they’ll figure it all out for you. If it’s a fraud, they’ll tell you. If all of this advice comes too late for you because you already fell for the phishing trick hook, line and sinker, then you have to take immediate action for damage control. Immediately contact the actual company, bank or other agency, explain what happened and then let them close your account and issue you a new one. You should also contact the authorities and file a report. this will protect you later if creditors come after you for bills that the thieves ran up in your name. If you live in the U.S. you can learn more about phishing by visiting the Federal Trade Commission Web site at www.ftc.gov or calling toll-free 877-382-4357. Canadian residents should visit the RECOL (Reporting Economic Crime Online) web site at www.recol.ca. U.K. residents can go to www.met.police.uk/fraudalert/identity_theft.htm for more information. Computer security is a serious and ongoing issues which requires your constant vigilance. Don’t let your guard down or you could end up being a victim.

Phishing , ,

AVG closing the window risk

May 14th, 2008

AVG Technologies recently acquired Exploit Prevention Labs and hasincorporated their LinkScanner technology into the AVG product linebeginning with Version 8.9Leveraging LinkScanner technologies, AVG gathers information about newand emerging threats — and the sources of those threats:• The Exploit Intelligence Network (EIN) is a global network of huntingpots, automated probes, search bots and human researchers thatperform continuous reconnaissance across the Internet to find new exploits and the websites that are luring unsuspecting users, as wellas those delivering both new and known exploits (including phishingwebsites).• The Community Intelligence Network (CIN) is a network of AVG userswho allow information about any attempted exploitation of theircomputers to be channelled back to AVG Research.The information gathered by this “neighbourhood watch on the web” isautomatically correlated and immediately fed back to AVG users in the formof updates, enabling AVG to protect against new threats within minutes oftheir discovery. Furthermore, as AVG blocks users from accidentally visitingwebsites that are known or suspected delivery agents for malware, it is notlimited to blocking only known threats — by blocking the sources ofmalware, it can also block unknown and undiscovered threats. The entireprocess — from exploit discovery to update release — is completelyautomated and transparent to ensure that AVG is able to protect its userswithin the shortest period of time.While this may all sound simple, the underlying technology is actuallyextremely complex. AVG Search-Shield and Surf-Shield componentsanalyse all the traffic passing through port 80 — the port through whichcomputers connect to the Web. The real benefit of this approach is that

exploits are blocked before they even reach the computer.

AVG’s real-time scanning has a distinct advantage over static, databasebasedblocking methods, such as that used by McAfee SiteAdvisor.SiteAdvisor alerts its users to the fact that a website is bad by checkingagainst a database of known bad websites. To find bad websites, McAfeesearch bots crawl the Web looking for websites that are delivering orhosting malicious content — and any that are found are added to itsdatabase. But malware authors know that this happens and so attempt to10hide from the search bots by configuring their websites to only drop theirmalicious payloads on certain visitors or at certain times of the day. As aresult, a website can infect a large number of machines before SiteAdvisorcan detect — and warn its users about – the hostile content the website isintermittently serving up. AVG, on the other hand, inspects all content inreal-time — as it being delivered — and so is completely immune to suchsubterfuge. Database-based blocking methods can also harm businesses.In a number of cases, legitimate websites that have been hacked havecontinued to be blocked by both SiteAdvisor and Google long after theproblem was remedied — and for a business that relies on the Web for itscustom, that approach could spell disaster.Threats are evolving more rapidly than ever before. Each and every day,thousands of new and varied exploits emerge and are pushed out by anever-changing number of websites. By constantly searching the Web fornew exploits and new sources of exploits, AVG is able to provide up-to-theminuteprotection against the very latest threats, as soon as they arediscovered — sometimes even before they are discovered. 

Windows security , , , ,

patches cannot be immediately delivered

May 14th, 2008

 Once a user has patched their computer against a particular vulnerability,the computer is then immune to malware that seeks to exploit thatvulnerability. The problem is that patches cannot be immediately delivered:vendors must analyse a vulnerability and develop and extensively test apatch that remedies it — and then push the patch out to users. This is not aspeedy process. The delay between the discovery of a vulnerability and therelease of a patch can often run to more than 50 days22 — and this createsa risk window during which any user running the vulnerable application canbe exploited.The challenge facing security companies is how to close that risk window— and it is a challenge that is far from easy.Anti-virus and anti-spyware vendors face a similar problem to that outlinedabove — they need to analyse hostile code in order to be able to develop,test and distribute a fix. While they are usually able to do this considerablyfaster than application and operating system vendors can release a patchfor a vulnerability, there is nonetheless some delay and, accordingly, still awindow of risk.The heuristic detection (“behaviour analysis”) capabilities built in to manyanti-virus and anti-spyware programs provides some degree of protectionagainst emerging threats, but it is far from complete. Independent testing23has shown heuristic detection methods to be far less effective than thetraditional signature-based detection methods. Technological advancesmay well result in heuristic detection eventually becoming much moreeffective, but at this point in time it is simply too inaccurate to providereliable protection.To be able to provide complete protection against emerging and rapidlyevolving malware, a product needs to be able to close the risk window byblocking exploits and the sources of exploits as soon as they appear. Andthat is exactly what AVG does.

Vulnerabilities , , ,

The Web becomes an attack vector

May 14th, 2008

As the majority of computer users are now reasonably well protected against emailthreats, malware authors have turned their attention to the Web — and found it to be the ideal attack vector. The vulnerabilities discovered in Web browsers leave computers wide open toexploitation. Additionally, vulnerabilities in browserplug-ins such as AdobeFlash Player and AppleQuickTime open more doors through which private and confidentialinformation can be compromised. Such is the extent of the problem that theSANS Technology Institute listed malicious websites that seek to exploitvulnerabilities at number one on its “Top Ten Cyber Security Menaces for2008” list12.The emergence of Web 2.0 — thename given to the collection oftechnologies that enables peopleto interact with the informationheld on the Web — has alsoresulted in new opportunities forexploitation; opportunities that thecreators of worms such asYamanner13 and Samy14 havealready seized. Similarly,technologies such as RSS andATOM present yet anotherchannel that could potentially beexploited15.“Parts of the UK’s Critical National Infrastructure(CNI)1 are being targeted by an ongoing series ofemail-borne electronic attacks. While the majorityof the observed attacks have been against centralGovernment, other UK organisations, companiesand individuals are also at risk. The emails usesocial engineering to appear credible, with subjectlines often referring to news articles that would beof interest to the recipient. In fact they are‘spoofed’, making them appear to originate fromtrusted contacts, news agencies or Governmentdepartments.”National Infrastructure Security Co-ordinationCentre“Web site attacks on browsers areincreasingly targeting components, such asFlash and QuickTime, that are notautomatically patched when the browser ispatched. At the same time, web site attackshave migrated from simple ones based onone or two exploits posted on a web site tomore sophisticated attacks based on scriptsthat cycle through multiple exploits to evenmore sophisticated attacks that increasinglyutilise packaged modules that caneffectively disguise their payloads.”SANS Technology Institute7To get malware onto users’computers, a wide range oftechniques may bedeployed. Emails or links onwebsites are used to lurepeople to sites which havebeen configured to exploit avulnerability to silentlydownload and installmalware (“drive-bydownloads”16). Web searchresults can be poisoned tolead users to booby-trappedwebsites17. Vulnerable webservers can becompromised using tools such as MPack18 enabling the legitimate websitesthat they host to be hijacked and used as delivery agents for malware19.Malware can also be served via banner ads on legitimate websites.In 2006, up to one million MySpace users were infected by banners adswhich silently installed malware by exploiting a vulnerability in the WindowsGraphics Rendering Engine20. The malware was relatively harmless andsimply caused the computers to display pop-up ads, but it could just aseasily have been a password-stealing Trojan that fed bank accountinformation back to those responsible for the hack.Compounding the problems, Web attacks have also become increasinglysophisticated and attempt to exploit multiple vulnerabilities simultaneouslywhile using complex obfuscation techniques to conceal the payload fromanti-virus and anti-spyware scanners.People who visit a hacked or malicious website may find that their computeris co-opted into a botnet and used like a drug-smuggling “mule” to trafficspam, that their bank account details and other personal information havebeen stolen by a keystroke logger21 or that their computer is suddenlydisplaying unwanted popup advertisements.“Parts of the UK’s Critical National Infrastructure(CNI)1 are being targeted by an ongoing seriesof email-borne electronic attacks. While themajority of the observed attacks have beenagainst central Government, other UKorganisations, companies and individuals arealso at risk. The emails use social engineering toappear credible, with subject lines often referringto news articles that would be of interest to therecipient. In fact they are ‘spoofed’, making themappear to originate from trusted contacts, newsagencies or Government departments.”National Infrastructure Security Co-ordinationCentre

Computer security Research , , , ,

COMPUTER CRIME IN HUNGARY

May 14th, 2008

A characteristic feature of the information society is the penetration of modern informationtechnology in almost all areas of life, making possible the more effective administration,office work, commerce, communication. However the new society does not only hold outadvantages, its disadvantages are emerging too. Like on any field of life where economicinterests come into conflict or it is possible to obtain economic advantages with crime, thereappeared such criminal actions in this field too, which use the new technology. The criminalactions connected with computers do not come upon all countries equally. They cause muchtrouble mainly in those countries, where the technology is developed, and the new means,tools became integral parts of the life of society.In parallel to the development of the technological conditions of the information society thequestion of the computer crime touches more and more people in the last years in Hungarytoo: in the second half of the last decade we had to live together with the computer viruses,and the e-mail viruses began to spread. Soon such popular sites as Yahoo, Amazon or – inHungary – Elender got into the middle of the attack of the crackers. The moral and materialdamage caused to the service providers is significant. Not only, the service providers mayloose however, but the users too as by joining the net we become potential victims. Therefore,we are in sore need to find a solution of suppressing computer crime.To be able to take up fight against it we must know what we must mean by computer crimereally, and how big is the damage it causes. In this paper, we look over the crime connectedwith computers, drafting its recent law-regulation frameworks, which at the same timedetermines their statistical classification too. Then based on the Ministry of Interior weexamine the position of the Hungarian computer crime in the mirror of statistics.2. DefinitionsAlthough the first criminal actions connected with computers happened before the end of thefifties, (e.g. embezzlement in USA in 1959, committed with help of punched cards) due tomany-coloured nature of the actions, the jurists undertook to a comprehensive definition onlyat the beginning of the seventies. Mühlen gave the first: computer crime is any criminal actionthe tool or object of which is computer. Between 1983-85 OECD examined the Europeansituation, and summarised the experiments. In the second half of the eighteen.s the EuropeanCouncil prepared a list of the actions to be penalised especially.In Hungary the lawmakers became engaged in the computer crime more seriously in the firsthalf of eighties. .Computer may be the tool and the target of the crime. as Peter Poltestablished 1983.Most recently Imre Kunos determined it as follows: .Computer crime is the complex of thosecriminal actions which are directed against information technological tools, system elementsor use information technological tools, systems as tools of crime..Before turning to the examination of the crimes, we characterise the worldwide developmentwe are witnesses in the field of the target and tool of computer crime i.e. the informationtechnologytools.23. The development of the information-technology toolsBasic conditions to the spread of the information society and at the same time itscharacterisation is the rapid growth of the number of the computers among them thoseswitched to the Internet. In 1998, the number of PC-s was estimated to 335 million. In 1999,this number grew up with 15% to 387 million. Even bigger is the growth of number ofInternet hosts: In 1998 this number was 43 and in 1999 71 million computers were switchedto Internet i.e. the growth was 65%.Internet indicators, 1999Internet Estimated PCsHosts Hosts per10’000 inhab.Users(‘000s)Users per10,000 inhab.Total(‘000s)Per 100inhab.Africa 184.726 2.1 2.655 34.6 5.877 0.9Americas 56.005.129 684.6 131.126 1.602.8 169.977 21.3USA 53.175.956 1.925.1 110.000 3.982.4 141.000 51.1Asia 4.212.751 11.8 49.234 140.9 86.562 2.5Japan 2.636.541 208.4 18.300 1.446.6 36.300 28.7Europe 10.054.738 125.9 70.255 880.0 144.460 14.6Austria 262.632 321.2 850 1.039.5 2.100 25.7Czech Republic 122.253 119.1 700 682.1 1.100 10.7France 1.233.071 209.4 5.660 961.2 13.000 22.1Poland 171.217 44.2 2.100 542.1 2.400 6.2Hungary 119’642 117.2 600 587.7 750 7.4Germany 1.635.067 199.0 15.900 1.934.8 24.400 29.7Óceania 1.368.016 455.1 6.736 2.244.7 10.195 42.7World 71’825’360 120.1 260’095 439.8 387’071 6.8Source: ITUThe number of Internet users in Europe reached 70 million in 1999. That is 27% of the wholenumber of Internet users. In Hungary the growth is a bit behind the world average: in 1998,there were 660 thousands and in 1999, 750 thousands of computers, that means 14% growth.The situation is worth concerning the Internet hosts: their number increased from 95.931 to119.642, i.e. by 25%.The market of information and telecommunication technology plays increasingly importantrole in the economy too. Its turnover grows yearly with about 150 billion Euro, and in 2000, itmay be expected to reach 1.700 billion Euro. From this market, Europe shares 32%, USA 355and Japan 10%.3Internet hosts and incomes of telecommunication marketSource: ITUThe penetration of the Internet usage created the basis to the development of European ecommercetoo, which had the turnover of two billions of Euro in 1999. In 1999, 16 millionEuropeans joined to Internet, and spent there 40 billions Euro. The income from the ecommercewill reach by 2004 6.3% of the total commerce.s. i.e. 1.6 billion of USD. Theincome from the on-line advertisement which is now 309 millions Euro by 2004 may reach8.6 billion Euro.According to market forecasts in 2004 there will be 219 millions mobile Internet users (WAPusers) in Europe and m-commerce (mobile e-commerce) will have by 2003 23.6 billions Euro.It appears from the listed data, that wider and wider strata of society get into connection withthe computer networks. .depend., .are on they mercy.. One of the most critical issues of ourdays is to create the conditions the reliable use of these tools.4. Statistical observation of computer crimeIt is not easy to observe criminal actions, as the perpetrator does everything for keepinghidden his illegal behaviour and himself. There are some special phenomena in addition to theusual distorting formal factors, making even more difficult to observe criminal actionsconnected with computer.? Clearing up and following crime connected with computers is made difficult by the factthat technology gives possibility the perpetrator to hide: the action may be committedusing the passwords and identifiers of other people. The electronic networks goingthrough state borders make possible the computer crime so that the perpetrator breaks theHungarian laws staying in other country. Moreover, some of them are non-punishableyoungsters.? For the maintenance of good reputation, the injured parties (e.g. banks) try to cover up theactions.? The novelty of the crime makes more difficult to take into consideration statistically it.Some of them got into the Criminal Code in this decade, as new statements of facts. Nounified juridical practice was shaped concerning the new criminal actions. Therefore, it isnot surprising, that there is a big latency in the field of computer crime.Proportion of Internet hosts Share from the turnover of the telecommunication marketJapan4%Europe14%Other8%USA74%Japan10%

More at ITU

Computer security analyses , ,

Issues surrounding banking IT security

May 14th, 2008

There are to many internal bank auditors that think that with a class or two can understand the issues surrounding banking IT security, business continuity, or networking infrustructure. It is the reason that OTS frowns on self audits for the IT infrastructure and frequently demands external audits. It is far easier for a technology professional to apply the regulatory standards to the bank’s IT infrastructure and determine the threats and risk exposures associated with the technology, then for the banking professional to accumulate the years of technical knowledge to rise to the level of CISO. In these days of identity theft – I would want the best technician protecting my assets. That being said, the lesson of “humility” is one that many IT professionals need to learn in order to really know any type of business and effective communication with one’s peers and corporate executives is a must have “talent”. We are all expert in our specific job tasks, no matter how large or small, so the ability to treat each other with respect and dignity will make or break your ability to be effective within the organization.

Business security , , ,