ANX Corporate Blog

Identity theft is a sore subject to those it has happened to. For most of us, we either fear it; or we think it will not happen to us. This is an all too true recount of a local business owner who discovered that her company website had been hacked. A day by day timeline based on a blog authored by Linda W. Fitzgerald is included here, told as the events materialized.

Days One & Two: I used to think that the phrase "cold sweat" was just an expression. But I was wrong, as I discovered yesterday when I sat at my desk, reading an email that a media buyer had forwarded to me. It was supposedly from someone who wanted to purchase advertising on her company's website.

The cold sweat started when I read the signature at the bottom:

Anna Miller
Purchasing Agent
Fitzgerald...

Read more

ANX sent four delegates (including our CEO) to the RSA conference this year with learning in mind;  learning more about what our competition is up to, learning more about potential business partners, and learning more about emerging trends in security.  Here are some of my takeaways from the conference:

Attendance

According to Tom Heiser (of RSA) attendance was up 20% this year.  After a disappointing 2009 this is refreshing news and hopefully the sign of a recovering economy.

Themes

Cloud Security:  The Cloud Security Alliance put on a sold out show to kick off the conference on Monday.  Unfortunately I did not arrive in San Francisco until Monday afternoon but I heard they had to turn many away due to overcrowding.  Security is considered by many to be a major...

Read more

Targeted attacks are one of the hot topics at RSA this week.  A targeted threat is a class of malware destined for one specific organization or industry.  The primary objective is to capture sensitive user information.  The January attack on Google gmail, termed Operation Aurora, is the most recent highly visible targeted attack.

During the show, I caught up with Richi Jennings who is an independent technology and security consultant and we discussed targeted attacks.  Check out the highlights from our conversation in the video blog below:

You can read Richi's blog at http://richi.co.uk/blog/

The broadly reported disclosure today that nearly 2,500 companies have been victimized by carefully planned botnet attacks should come as no surprise if you're following this type of threat (http://bit.ly/dj7U2v).  The ZeuS spyware is widely available to hackers and can escape detection by many standard antivirus programs.

What is surprising is the number of companies that haven't adopted a more comprehensive and multi-layered approach to information security.  Too many companies believe that desktop antivirus programs alone are sufficient to protect against the growing scope of threats.  They aren't.  The same can be said about basic firewall protection.  Companies need to ensure that all incoming and outgoing traffic to the Internet is inspected for suspicious patterns...

Read more

Maybe not as much a security threat as a privacy threat, but a recent article posted by Business Insider outlines a serious Privacy Flaw in their new application.

When you sign up to use Google Buzz, you are automatically set up with followers and people to follow, according to a spokesperson from Google. In all actuality, this is a great usability feature - until you get to the accessbility to your personal information. The people you follow, and the people that follow you are made publicly available to anyone who may happen to view your profile. This means that anyone could easily see the people you chat with and email most!

This claim was countered by Google, asking Business Insider to phrase this differently:

"In other words, after you create your profile in...

Read more