i-net blog

I see that TJX have taken a $12 million charge costs to “investigate and contain the intrusion, enhance computer security and systems, and communicate with customers, as well as technical, legal, and other fees.”

According to some reports this is actually no where the total cost which is estimated at some $25 million once provisions have been made for all the lawsuits that are coming round the corner from various banks a individuals.

Now the initial breach seems to have been tracked back to an insecure wifi setup at one of there stores in Minnesota. Investigators told The Wall Street Journal they believe the thieves aimed a telescope-shaped antenna at the store and used a laptop to snatch data transmitted between hand-held price-checking devices, cash registers and the store’s computers. The exploit eventually led them into the central database of Framingham-based TJX, where they would repeatedly rob the system of sensitive customer data.

Seeing as the company has been so lax in its approach to securing customer data and adhering to some pretty basic security principles etc. they deserve everything that comes there way. This is not just a case of making a simple mistake, but gross miscompetence.

Wow, so much has been in the press the last couple of days about this theft of some 45.7million peoples credit card details from a database held by an US based company called TJX.

Now 45.7million is a hell of a lot of credit cards, but i have to ask what the press has been doing for the last 3 months. TJX actually announced this on the 17th of January and it has taken this long for the national press to think about pressing the “We’re all doomed!” button.

http://www.boston.com/business/globe/articles/2007/01/18/tjx_credit_data_stolen_wide_impact_feared/

For those of us in Europe TJX is better known as TKMax and is used by lots of people. So should we be concerned? Absolutely!

Apart from the inept press, it does raise some really serious issues about large corperations and the controls that are placed on their management of data and information Security.

• First of all they shouldn’t have been storing most of this data. I believe that both Visa and Mastercard say that this type of data should only be stored long enough to carry the transaction. Now there was data stolen going back to December 2002… A pretty long transaction. What the hell where they doing with this data?
• So there was a security breach.. It does happen, but for this to have been going on right under there noses for 16 months and for no one to notice until recently is just plain bad in every sense of the word. Not only did TJX have a whole in their security somewhere, but they seem to have had no audit trail of who was accessing this information and why…Controls, controls, controls…

Does this come under Messrs Sarbense and Oxley? Could we have a CEO going under the guillotine becuase of the ineptitude of his IT and Finance people. I doubt it….

So TJX have some serious problems to sort out, but who is supposed to monitoring these companies and making sure this type of thing cannot happen?

The only good news to report from this sorry mess is that the US authorities have arrested 6 people after they spent some $8m with another 4 people on Florida’s most wanted….

http://www.siliconrepublic.com/news/news.nv?storyid=single8054

On the 22nd March TrendMicro announced that i-net Technology had been awarded the “Top SMB Customer Focused Partner Regional Award” for Ireland in 2006. Collecting the awared for i-net at the TrendMicro Partner Worry Free Day in Dublin was Alan Howard.

On the 28th of February i-net announced the launch of its range of VoIP Solutions at a seminar in Shannon.

The seminar was attended by local business from Shannon and Ennis who were interested in finding out more about Voice over IP and the range of solutions that i-net are offering nationally. As well as informing the attendees how VoIP works and the potential benefits that VoIP can bring to a business, solutions from i-net’s main VoIP partners were also presented.

Robert Wiles of Avaya demonstrated Avaya’s range of IP phone systems including the new to market, innovative one-x Quick Edition phones which can be setup and operational within 5 minutes of opening the box. Also presented was Quintum which can IP enable a traditional telephone system and i-voip, i-net’s virtual telephone system and voice over internet service.

I was reading an article about the rise of image based spam. Now i have seen various statistics from different anti-spam companies saying that the amount of spam emails compared to the total number of emails is anywhere between 66% and 90% of the total. I had seen 91% quoted as well. I supposed looking at the amount of email sitting in my junk and spam folders i would think the lower 66% more likely, although it is still a hell of a lot of spam. It does make me think what do these companies class as spam, but that is for another post.

What really intrigued me in the article was the fact that image base spam now comprises 25% of the total spam problem, up from 5% a year ago and that the average size of a spam mail has risen from 9KB to 13KB.

Now i can hear lots of people saying “so what!”. Well if 60% of your inbound email is spam and you don’t manage your spam correctly, then this is a lot of resources (bandwidth, storage and productivity) waisted on junk email. The fact that image spam is on the rise means that even more of the bandwidth and storage resources will be waisted.

So why are these evil spammers turning to image based based spam? The answer is easy, to keep one step ahead of the anti-spam companies. Traditional anti-spam methods just searched text so HTML or image based spam would by pass the anti-spam filters. So the anti-spam brigade added OCR and other image scanning services to allow them to catch image based spam.

Naturally enough the spammers have adapted and now have added background patterns etc. to fool OCR and other image based anti-spam services. It is of course the ever changing nature of information security that the good guys are almost always playing catch up.

So what can you do. I have seen it suggested that you should setup your mail servers to only accept mail from your white list, i.e. only accept mail from certain mail domains. Of course for the majority of companies this wouldn’t be acceptable so what can you do.

Well for goodness sake, don’t do nothing. Make sure you have a good anti-spam service whether it is hosted externally or part of your infrastructure. Don’t just depend on a free or cheap service that only looks for text based key words or denies emails from domains on a spam database.

Now i’m off to take advantage of that offer i recieved in my email this morning, an extra couple of inches…….

Well it’s almost that time of the month again, when everyone with an MS server or desktop needs to pay attention to the latest security email from Micrsoft and start testing the patches when they are issued. I  see that this time the advanced notification has 12 security updates with the obligatory “some may be critical”. It always bugs me that they say there will x number and some may be critical. Why not just issue the patches and be damned with advanced notification. Nowdays you are almost guaranteed that some will be critical. Of course you could always bypass the testing and just download and install automatically like most home & SME users will.

And lets wait for the avalanche of “is Linux\Apple more sucure” headlines. Anybody that subscribes to the Cert and UNIRAS (or what ever it is called now) alerts will know that the various -ux implementations and Apple all have their fair share of vulnerabilities, it’s just that no one out there really cares enough to put too much effort into taking advantage of them.

Avaya one-X Quick Edition is an innovative peer-to-peer phone system for locations with 20 users or less. It is simple to set-up and use, and is ideal for small businesses and small branch offices requiring an intelligent communications solution that is easy to support and maintain.
 
Avaya’s one-X Quick Edition is a plug-and-play solution with system intelligence based in each Quick Edition IP phone. No advanced installation skills are required and the need for a separate server or processor unit is eliminated. All that’s required is a standard 10/100Mbps switched Local Area Network (LAN). Avaya’s one-X Quick Edition is a professional phone system tailored to the needs of small businesses supporting the most commonly used telephony applications including voicemail, conferencing and auto-attendant.

Avaya’s one-X Quick Edition phones support connection to SIP trunks. This gives small businesses the potential to reduce their telephony costs by connecting to an Avaya-validated SIP service provider.  Enterprise branch offices can connect via SIP trunks to a central site with an Avaya SIP Enablement Services (SES) environment. In either case, traditional analogue trunk connections can also be made using the optional Quick Edition G11 4-port PSTN (Public Switched Telephone Network) Gateway.
 
Installation and set-up is simple. Avaya’s one-X Quick Edition phones are plugged directly into the LAN and once powered, automatically “discover” each other and prompt for network and user name. Once entered, the phones are fully operational in a matter of minutes. As an office grows, new employees can be added to the system by simply adding a new phone to the network. When deployed in small offices with 20 phones or less, one-X Quick Edition does not require any QoS (Quality of Service) configuration or formal network assessment.
 
The distributed nature of peer-to-peer technology provides business continuity advantages by eliminating a single point of telephony failure.  Avaya one-X Quick Edition phones also automatically back-up one another’s voice mail.
 
If business needs change or functionality requirements outgrow the capabilities of the system, Avaya’s one-X Quick Edition offers businesses the flexibility to migrate to more advanced solutions such as Avaya IP Office or Avaya Communication Manager. This enables businesses to reuse the Avaya 4600 series IP handsets with these other systems
 
“Small businesses today demand the same benefits from technology as their larger competitors but also demand simplicity and a low cost of sale” said Paul Louden, Country Manager, SME Business, UK & Ireland “With the availability of Avaya’s one-X Quick Edition, our Distributors and BusinessPartners will be able to provide their SME customers with a highly efficient, flexible IP telephony solution, with a product migration strategy that can be developed at their own pace without risking their investment.”

Trend Micro announced the latest version of its Worry-Free Security Solutions.  The newest version, CSM 3.5, builds upon the success of previous versions by extending all-in-one integrated protection against malicious, emerging web-threats such as spyware through a powerful new anti-spyware engine; by improving anti-spam effectiveness; and by maintaining ease of implementation and use.

The latest edition of Trend Micro™ Worry-Free Security for SMB have been designed to meet the security challenges faced by small organisations and channel partners, by providing a dedicated security product with single-step installation and deployment, plus proactive defences against traditional and emerging malware.

i-net will be hosting a Seminar on IT Security and related Threats on the morning of July 3rd in Limerick.

i-net with our partners Juniper, Trend Micro and RITS, will provide examples of proven solutions in action and illustrate the real benefits achieved. Hacking into your IT systems is no longer a game – it is big business with organised crime playing for massive stakes. 

Raise your Game
This seminar will provide you with the tools and technologies you need to raise your game and bring your information systems up to the task. You’ll also find out how Consulting Services can work with you to review, support and enhance your existing security measures and controls. 

What will be covered

Trend Micro -Targeted Web threats

• What you need to know and how to solve the problem
• Web threats aren’t new – what’s changed?
• Why don’t traditional methods protect against Web threats?
• What is Trend Micro’s solution to Web threats? 

Juniper - Secured Assured Networks: - Smart Management Today

Will outline how Juniper Networks can help you future proof your business security and network systems with cost effective, easily managed and fully integrated solutions. Juniper will also highlight how their partnerships with Symantec, SurfControl, Websense and Trend Micro all allow for a truly integrated approach to security, all under the umbrella of single management and remote administration.

RITS - Data Leakage

What are the different ways that information is leaking, or being leeched, from your organisation. Risk areas include wireless networks, USB memory sticks, un-managed email, web based email systems, remote access services etc.Specific focus on wireless network issues and recent survey results from Rits recent wardrive.

This seminar will include live, interactive demonstrations.  Note that this seminar starts at 10.00am and is followed by Lunch.

As places are limited for this event, early registration is advised.  

To register please  go to http://www.i-net.ie/contact.php, contact me on 065 6895061, or email events@i-net.ie.
 
Agenda
10.00      Registration and Tea/Coffee
10.30      i-net introduction - Mark Riederer
10.45      Secured Assured Networks: - Smart Management Today - Fergal Murray Juniper Networks
11.15      Break
11.30      Stay Ahead of the Criminal Element - Ken Nelson TrendMicro
12.00      Data Leakage - Conor Flynn RITS
12.30      Q&A Close followed by Lunch
Where
Kilmurry Lodge Hotel,
Castletroy,
Dublin Rd.,
Limerick,
Ireland.
Tel:  00353 (0)61 331133

When
Tuesday 3rd July 2007 @ 10.00am

Paxil

Purchase Levaquin
Lasuna
Purchase Miacalcin
Flexeril

Purchase Lisinopril Cheap Plan Styplon Order Leukeran Order Inderal Buy Prograf Order Phentermine Purchase Zyprexa Male Sexual Purchase Calan Buy Brahmi Buy Nolvadex Cheap Mexitil Cheap Casodex Buy Endep Buy Zyban Hydrocodone Deltasone Cordarone Himcospaz Dostinex Buy Eurax Buy Allegra Purchase Menosan Buy Cystone Order Diabecon Cyklokapron Purchase Zetia Order Gasex Order Loxitane Zyban Cheap Ultram Buy Zestril Order Acomplia Purchase Superman Buy Sumycin Buy Meridia Bupropion Purchase Cardura Order Levitra Purchase Zebeta Cheap Paxil Buy Differin Buy Prednisone Purchase Carisoprodol Order Lortab Buy Evecare Purchase Lincocin Order Cephalexin Purchase Atarax Pamelor Order Sarafem Purchase Plan Brite Lynoral Cheap Sumycin Purchase Xeloda Rimonabant Order Zebeta Virility Gum Cheap Sinequan Cheap Norco Ultram Buy Lisinopril Buying Phentermine Exelon Buy Prinivil Zetia Purchase Didrex Buy Zerit Buy Paxil Buy Mycelex-G Buy Lynoral Order Liv.52 Order Synalar Buy Lortab Lopid Aldactone Leukeran Purchase Famvir Purchase Micardis Buy Proventil Cheap Shoot Order Topamax Purchase Zimulti Ansaid Order Zestril Aricept Buy Hydrochloride Order Ophthacare Buy Flexeril Purchase Levitra Purchase Cytotec Buy Biaxin Purchase Naprosyn Order Danazol Urispas Purchase Liv.52 Buy Hyzaar Cheap Exelon Cheap Cymbalta Buy Serophene Purchase Vantin Purchase Xenacore Buy Sinequan Fioricet Nolvadex Buy Shoot Order Imdur