"Businesses are struggling to protect themselves as these outside threats become more resistant to signature-based security tools," said Christine Liebert, senior analyst, Security Services. "It's becoming clear that many of these emerging threats cannot be defended against in-house, creating a shift in security posture toward being more proactive."

The security services threat intelligence market is made up of advanced security event monitoring and management technologies that incorporate a variety of threat-related information sources to develop predictive security. However, emerging Web applications and other difficult-to-detect attacks are changing the security protection landscape and, subsequently, enterprise security posture.

Signature-based tools including antivirus products, firewalls, and intrusion prevention software are only effective against 30 to 50 percent of current security threats, IDC says. Attacks are becoming shorter, lasting less than a couple of hours or only a few minutes, and can be highly targeted to a specific URL, person, company, or IT asset. This trend further complicates detection, mitigation, and remediation. Over the past five years, attackers have enlarged their scope to include commercial small and medium businesses (SMBs) offering high-value targets such as financial information, intellectual property, and other proprietary data.

Many organizations, despite having implemented some of the more standard countermeasures such as firewalls, antivirus, IDs, still do not have visibility across their environment to understand what is happening at any given time, IDC says. To ensure that enterprise network, application, data, and endpoints can remain secure, anti-malware products and services are evolving to deal with these threats and reducing reliance on general signatures by instead adopting other forms of detection. From 2010 to 2011, security services threat intelligence products and services grew 65 percent in North America as enterprises looked to proactively monitor and mitigate malicious network traffic.

Security threats are evolving and organizations struggle to keep pace. Advanced security event monitoring and management technologies grew 65 percent in North America on a year by year base from 2010 to 2011. Common signature based security tools are only effective against 30 to 50 percent of current threats. Photo: www.imagine-your-world.com

“Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” Symantec says. “Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks.”

PcAnywhere allows remote users to connect to a host, using an Internet or LAN connection and an access password. The program runs on multiple platforms, including Microsoft Windows, Linux, Mac OS X, and Pocket PC.

“Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product,” Symantec says. PcAnywhere is also bundled in three Symantec products, Altiris Client Management Suite and Altiris IT Management Suite versions 7.0 or later, and Altiris Deployment Solution with Remote v7.1. In addition, customers with earlier versions of Altiris suites may have opted to leverage pcAnywhere. The increased risk is isolated to the pcAnywhere components only. There are no known impacts to the rest of the components in the Altiris products or the pcAnywhere Solution component that provides integration between pcAnywhere and the Symantec Management Console. Customers should validate the remote control tools currently in use.”

Pc Anywhere users could be exposed to “man in the middle” attacks, meaning that data exchanged between a remote user and the host could be intercepted. If the malicious user gains access to passwords used to log on to the host, he could gain access to corporate networks. Users are also at risk of remote code injection. Symantec has released a White Paper (available here) to provide remediation steps to maintain the protection of their devices and information until security patches are released.

Symantec warns users about possible exploits in its remote access program pcAnywhere and recommends disabling the remote access software suite until patches are released to resolve the issue. Photo: EL

“The capacity to identify one another is vitally important,” said project leader Dr. Sarah Stevenage, Head of Psychology at the University of Southampton. “It underpins social dialogue, commercial transactions, individual entitlements to goods and services, and issues of legal and criminal responsibility. In today’s society, each of these activities can take place both within the real world and the cyber world, making the concept of identity and the process of identification, more challenging than ever before.”

Recent findings from Britons National Fraud Authority estimate that the risks of identity fraud, and its knock-on effects, cost the UK more than £2.7 billion ($4.15 billion) a year. “With the problems associated with identity-fraud becoming ever more of a financial burden to individuals and to society as a whole, we believe that the benefits from this research will be substantial,” Stevenage said. “With better tools for human identification, we will be more able to successfully protect our personal privacy and data security, whilst improving our ability to identify the true suspect in crimes against society.”

The assumption underlying the Super-Identity project is that whilst there may be many dimensions to an individual’s identity - some more reliable than others - all should ultimately reference back to a single core identity or a 'Super-Identity'. By collating information about real-world and online identities, (such as measures of the face, walk, voice, or online browsing behavior), the project seeks to find out how to recognize this core identity more effectively.

The first stage of the project is to define the set of identity measures across a diverse demographic of the population. Once this framework is in place, extensive testing will be conducted to determine the accuracy and reliability of automated and human identification from each measure, and from the combination of measures, in order to provide an identity decision in which you can have confidence. In light of the potential impact upon our fundamental human rights, social, legal and ethical concerns cannot be ignored. As such these aspects shall also be examined, with particular attention paid to privacy and data protection issues.

The £1.85 million ($2.84 million) project is funded by Britain’s Engineering and Physical Sciences Research Council (EPSRC) under the Global Uncertainties Program. It is supported by the United States Department of Homeland Security's Science and Technology Directorate, under its Visualization and Data Analytics Program. The research team includes experts from automated biometrics, psychology, forensic anthropology, human-computer interaction, mathematical modeling, complex data visualization and IT law.

A three year study at the University of Southampton focuses on real and cyber identities. Photo: www.imagine-your-world.com

After submitting a request to claim a site, Facebook responded with the following email message: “Sorry! We can't confirm your place just yet. We didn't receive an official business document with your request. To claim your place, please reply to this email with one of the following documents in an attachment. We'll review it and do our best to help.

• A utility bill for your place of business
• Your local business license (issued by your city, county, state, etc.)
• A tax file for your business
• Certificate of Formation (for a partnership)
• Articles of Incorporation (for a corporation)”.

Since its launch in February 2004, Facebook was confronted with a long list of privacy related issues. In August 2007, PHP code used to dynamically generate home and user pages was displayed while accessing some accounts, raising concerns about data security. From November 2007 to September 2009, Facebook’s advertising system used a feature called Beacon to send data collected from external websites to the social networking site. After a class action lawsuit, the code was changed to require user approval for before any data gathered could be published.

Several governments are now recommending or requesting that employees refrain from using Facebook at work. In May 2007, federal public servants, MPPs, and cabinet ministers in Canada did see a warning message "The Internet website that you have requested has been deemed unacceptable for use for government business purposes" after trying to access Facebook. A number of local governments in Germany, the UK, and Finland imposed restrictions on the use of social networking sites due to privacy concerns. Thilo Weichert, data protection commissioner for the German state of Schleswig-Holstein, requested in 2011 that state institutions shut down fan pages on Facebook and remove the "Like" button from their websites.

"Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years," Weichert said. "Facebook builds a broad individual and for members even a personalized profile." To avoid being profiled, he urged Internet users to "keep their fingers from clicking on social plug-ins." He recommended that users "not set up a Facebook account."

In 2011, law students from Austria filed complaints with the Irish Data Protection Commissioner on how Facebook stores its users' information. One of the complaints relates to the fact that Facebook collects and stores email addresses from non-Facebook users when they are invited to connect by users of the social network. Ireland handles issues related to the social networking outside the U.S. and Canada since Facebook maintains an office in Dublin. The filings are now part of an audit by Irish authorities on how Facebook collects and stores information on millions of users in the European Union.

The Electronic Privacy Information Center (EPIC), a public interest research group based in Washington, D.C., says that Facebook changed user privacy settings again with the recent transition to the Timeline profile. Users that did choose not to disclose new friends on their wall will now find that any new connection is displayed on their Timeline. In a letter (available here) send to the Federal Trade Commission (FTC), EPIC asks whether changes Facebook has made are consistent with the terms of a settlement reached between Facebook and the FTC.

The social networking site doesn’t make it easy to say “Good Buy.” Simply closing a user account does not automatically delete the data associated with the profile, including ‘likes’, friends, comments, and images. If users really feel the need to “unfriend” Facebook, they can use this link. After logging in, they can proceed by clicking on the “Delete My Account” button. Facebook will ask to confirm the action by re-typing the password and a capture. After clicking yes, the network confirms the action by stating “Permanently Delete Account - Your account has been deactivated from the site and will be permanently deleted within 14 days. If you log into your account within the next 14 days, you will have the option to cancel your request.”

To verify that users and business entities are authentic, Facebook is now asking for articles of incorporation, business tax filings, business licenses, or copies of utility bills. Photo: www.imagine-your-world.com

"This has the potential to shift the arms race regarding censorship to be in favor of free and open communication," said J. Alex Halderman, assistant professor of computer science and engineering at U-M and one of Telex's developers. "The Internet has the ability to catalyze change by empowering people through information and communication services. Repressive governments have responded by aggressively filtering it. If we can find ways to keep those channels open, we can give more people the ability to take part in free speech and access to information."

Today's typical anticensorship schemes get users around site blocks by routing them through an outside server called a proxy. But the censor can monitor the content of traffic on the whole network, and eventually finds and blocks the proxy, too.

"It creates a kind of cat and mouse game," said Halderman, who was at the blackboard explaining this to his computer and network security class when it hit him that there might be a different approach, a bigger way to think about the problem.

Halderman envisions that user could download Telex software from an intermittently available website or borrow a copy from a friend. Internet Service Providers (ISPs) outside the censoring nation deploy equipment called Telex stations. When a user wants to visit a blacklisted site, he or she would establish a secure connection to an HTTPS website, which could be any password-protected site that isn't blocked. This is a decoy connection. The Telex software marks the connection as a Telex request by inserting a secret-coded tag into the page headers. The tag utilizes a cryptographic technique called "public-key steganography."

"Steganography is hiding the fact that you're sending a message at all," Halderman said. "We're able to hide it in the cryptographic protocol so that you can't even tell that the message is there."

The user's request passes through routers at various ISPs, some of which would be Telex stations. These stations would hold a private key that lets them recognize tagged connections from Telex clients. The stations would divert the connections so that the user could get to any site on the Internet. Under this system, large segments of the Internet would need to be involved through participating ISPs.

"It would likely require support from nations that are friendly to the cause of a free and open Internet," Halderman said. "The problem with any one company doing this, for example, is they become a target. It's a collective action problem. You want to do it on a wide scale that makes connecting to the Internet almost an all or nothing proposition for the repressive state."

The researchers are at the proof-of-concept stage. They've developed software for researchers to experiment with. They've put up one Telex station on a mock ISP in their lab. They've been using it for their daily web browsing for the past four months and have tested it with a client in Beijing who was able to stream YouTube videos even though the site is blocked there.

Turning the whole web into a proxy server could make it virtually impossible for government to block individual sites or services such as YouTube, for example. Today's typical anticensorship schemes are more like a game of chess, allowing users to create a uncensored route through an outside proxy until the censor catches up. Photo: www.imagine-your-world.com