News

• International security team shoots down second Hlux/Kelihos botnet

  A team of security experts cooperating globally say they've disabled a large botnet of about 110,000 remotely controlled infected machines dubbed HLux.B/Kelihos.B by interfering in its peer-to-peer connections in a "poisoning" process to sinkhole them, cutting off the botnet's central control point.

• The ultimate tips box

  Got problems with insider threats? Need help securing your wireless LAN because of employees bringing their own devices on to your network? Know how to protect your Android device?

• Download InfoWorld's Malware Deep Dive report

  If malware were biological, the world would be in the grip of the worst pandemic in history. In 2009, more than 25 million unique malware programs were identified, more than all the malware programs ever created in all previous years. No one need wonder what all that malware is trying to do: It's trying to steal money -- through data theft, bank transfers, stolen passwords, or swiped identities.

• Building an IDPS without big iron

  This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

• Continuous Transaction Monitoring (CTM) protects financial integrity, even when network security inevitably fails

  This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

• Many pcAnywhere systems still sitting ducks

  Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

• Companies shun, hide IPv6 rollouts due to security fears

  Hundreds of Australian companies have trialled or introduced new IPv6 technology internally but are keeping silent out of concern that they’ll be seen to be taking unnecessary risks with the security of their networks, the Australian organiser of World IPv6 Day has revealed.

• IPv6 boosts schools' on-net security

  Cyberbullying may be more of an operational issue in schools than the outside hacking that enterprises face, but opaque IPv4 network configurations are causing security issues for both groups as organisations struggle to enforce administrative policies by reliably matching IP addresses and user identities.

• Feds want uber cybersecurity compliance standard

  Tired of regulators from three or four federal agencies auditing your network security compliance every year? A congressional task force recommends a super-standard that would cut the number of annual audits back to just one.

• Microsoft, Adobe unleash flood of security updates

  Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.

• How to live with malware infections

  How can you be sure your organization doesn't have insidious viruses or other malware lurking within systems and applications, waiting to inflict damage? You can't.

• Rogue Google certificate used by 300,000 Iranian IPs

  Iranian internet users whose security may have been compromised by the forged Google.com digital certificate could number in the hundreds of thousands. An interim report (PDF) commissioned by DigiNotar, the certification authority (CA) at the centre of the hacking incident, also reveals lax security at the Dutch firm.

• Comodo CEO says DigiNotar hack was state-sponsored

  An attack on a Dutch company that issues certificates used to authenticate websites was state-sponsored, according to the chief executive of Comodo, a company that also issues digital certificates and suffered a similar setback in March.

• Due diligence security is the enterprise Achilles heel

  Big business and government need to invest in data forensics and skills if they intend on fending off targeted attacks, according to analyst firm Gartner.

• USB devices: The big hole in network security

  Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?