The Perimeter ViewPoint

Thank you all for reading our blog!  We have moved our blog over to a new platform which allows us to serve our blog readers much more efficiently and effectively.  

The you can follow our blog at: http://security.perimeterusa.com

Note - we will no longer be posting to this blog, so if you have subscribed to our RSS feed here, you'll need to re-subscribe at our new blog.  Thank you again for

In a previous post I discussed how social networking sites can be used to commit identity theft.  Koobface is a new worm that makes this easier for criminals and compromises your system allowing remote command and control.  It effectively makes your system a zombie within a botnet. 

http://tech.yahoo.com/news/nf/20090305/tc_nf/65095

As I mentioned before, care should be taken on what kind of

After a recent webinar on top threats, someone send me the following email

Kevin,   I was just online with your threat vulneability webnair and found it very interesting.  You gave some good information and in a great way.  But I did have one question that came to mind after the presentation if I could ask it.  What is your feeling on how secure GoToMyPC and LogMeIn and the such is for people

In a previous post, I wrote about why hackers use old vulnerabilities to compromise networks. 

http://www.perimeterusa.com/index.php?option=com_myblog&show=Why-hackers-use-old-vulnerabilities-to-exploit-systems.html&Itemid=373

Now there is a data breach study out by Cybertrust that illustrates this point even more.  In their 2008 Data Breach study of 500 incidents, they say that more than 70 of

If you don't know how to bypass a web content filtering (WCF) system, as the next teenager that you see.  WCF systems are used to block or filter where employees go on the Internet.  WCF programs are a great way for employers to increase productivity, reduce liability, save bandwidth, and best of all keep malware off systems...when it is used.  There have always been ways that sophisticated end

There is a very interesting blog post at http://www.atthebreach.com/blog/data-breach-class-action-lawsuit/.  It talks about something I have discussed before.  If you have a data security breach, the circumstances don't seem to matter much.  The liklihood of getting sued is high.  The average cost of a data security breach is already 6.6 million and I don't think that includes the cost of

University of Florida Gainsville has had 3 data security breaches in the last 3 months.  Two out of the three had to do with insider error.  The third was an intrusion.  The first one exposed nearly 100,000 records online.  The second was was a configuration error which exposed 100 records.  The third was an intrusion that compromised 330,000 records.

 This shows how you cant look at security with

In a recent announcement from Websense, the American Society of Sydney Austrailia's website was found to be compromised and the malware attempted to exploit an Adobe Acrobat Reader vulnerability CVE-2007-5659.  So why would hackers use a vulnerability discovered in 2007?  Simple answer...it works!

So many people rely on Microsoft's free patching service that they forget that it only patches

I wrote a blog post August of 2008 http://www.perimeterusa.com//index.php?option=com_myblog&show=P2P-Software-is-the-ultimate-Trojan.html&Itemid=373 that discussing the risks of P2P software. 

Dartmouth University just released a study that goes into this problem in much more depth.  They focus on heathcare organizations but this is true of any type of company.  The reason that healthcare is

A very well coorindated attack using compromised RBS WorldPay breach data to create cloned cards were used to commit massive fraud.  100 cards were used at 130 ATMs in 49 cities to extract 9 million dollars in less than 1 hour. 

This is believed that the criminals used information extracted during the RBS WorldPay Breach that occured in 2008.  Financial institutions have to be very careful about