ANX Corporate Blog
Posts filed under Security Threats
Showing 16 through 20 of 23 total posts
Feb 18th 2010, 10:23am
Botnet invasion at 2,500 companies underscores need for comprehensive managed security approach
The broadly reported disclosure today that nearly 2,500 companies have been victimized by carefully planned botnet attacks should come as no surprise if you're following this type of threat (http://bit.ly/dj7U2v). The ZeuS spyware is widely available to hackers and can escape detection by many standard antivirus programs.
What is surprising is the number of companies that haven't adopted a more comprehensive and multi-layered approach to information security. Too many companies believe that desktop antivirus programs alone are sufficient to protect against the growing scope of threats. They aren't. The same can be said about basic firewall protection. Companies need to ensure that all incoming and outgoing traffic to the Internet is inspected...
Read more
What is surprising is the number of companies that haven't adopted a more comprehensive and multi-layered approach to information security. Too many companies believe that desktop antivirus programs alone are sufficient to protect against the growing scope of threats. They aren't. The same can be said about basic firewall protection. Companies need to ensure that all incoming and outgoing traffic to the Internet is inspected...
Read more
Feb 11th 2010, 9:21am
Privacy Warning! Google Buzz Flaw
Maybe not as much a security threat as a privacy threat, but a recent article posted by Business Insider outlines a serious Privacy Flaw in their new application.
When you sign up to use Google Buzz, you are automatically set up with followers and people to follow, according to a spokesperson from Google. In all actuality, this is a great usability feature - until you get to the accessbility to your personal information. The people you follow, and the people that follow you are made publicly available to anyone who may happen to view your profile. This means that anyone could easily see the people you chat with and email most!
This claim was countered by Google, asking Business Insider to phrase this differently:
"In other words, after you create your profile in...
Read more
When you sign up to use Google Buzz, you are automatically set up with followers and people to follow, according to a spokesperson from Google. In all actuality, this is a great usability feature - until you get to the accessbility to your personal information. The people you follow, and the people that follow you are made publicly available to anyone who may happen to view your profile. This means that anyone could easily see the people you chat with and email most!
This claim was countered by Google, asking Business Insider to phrase this differently:
"In other words, after you create your profile in...
Read more
Nov 23rd 2009, 4:15pm
ANX PositivePRO Customers Protected from Recently Discovered SSL Vulnerability
ANX PositivePro Customers Protected from Recently Discovered SSL Vulnerability
SSL authentication gap allows a man-in-the-middle attack, affecting the majority of SSL-protected servers
SOUTHFIELD, Mich. (Nov. 24, 2009) - ANXeBusiness Corp., a leading provider of networking and security managed services, today announced that customers of the company’s cloud-based remote access product, ANX PositivePRO, are protected from the recent Secure Sockets Layer (SSL) vulnerability discovered by researchers at PhoneFactor, a leading global provider of two-factor security services. ANX PositivePRO is a hosted, managed VPN solution that quickly allows remote access without the need to buy, install, or configure an appliance within an organization.
According to PhoneFactor,...
Read more
SSL authentication gap allows a man-in-the-middle attack, affecting the majority of SSL-protected servers
SOUTHFIELD, Mich. (Nov. 24, 2009) - ANXeBusiness Corp., a leading provider of networking and security managed services, today announced that customers of the company’s cloud-based remote access product, ANX PositivePRO, are protected from the recent Secure Sockets Layer (SSL) vulnerability discovered by researchers at PhoneFactor, a leading global provider of two-factor security services. ANX PositivePRO is a hosted, managed VPN solution that quickly allows remote access without the need to buy, install, or configure an appliance within an organization.
According to PhoneFactor,...
Read more
Nov 21st 2009, 12:10pm
National Data Breach Notification Laws Getting Closer
Political momentum is building for a nationalized approach to data breach notification. I think it's just a question of "when" this will become the law of the land.
Here's a quick summary of the laws under consideration:
The U.S. Senate Judiciary Committee recently approved two bills that would require organizations with data breaches to report them to potential victims.
The first bill is called the Data Breach Notification Act and is sponsored by Senator Dianne Feinstein of California. It would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information "has been, or is reasonably believed to have been, accessed, or acquired." Feinstein's bill would also require agencies...
Read more
Here's a quick summary of the laws under consideration:
The U.S. Senate Judiciary Committee recently approved two bills that would require organizations with data breaches to report them to potential victims.
The first bill is called the Data Breach Notification Act and is sponsored by Senator Dianne Feinstein of California. It would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information "has been, or is reasonably believed to have been, accessed, or acquired." Feinstein's bill would also require agencies...
Read more
Nov 18th 2009, 1:03pm
SSL/TTS Vulnerability Response (CVE-2009-3555)
There's been much coverage and discussion of recently disclosed SSL vulnerabilities. ANXeBusiness is jumping into the discussion with the help of a special guest blogger, Steve Dispensa. Marsh Ray, who is on Steve's development team, is credited with discovering this vulnerability.
Steve is currently the CTO of PhoneFactor and is one of the founding partners and original developers of our cloud-based remote access product, PositivePRO. The idea behind PositivePRO was that remote access provided by the internal IT staff was expensive and cumbersome to maintain. Steve and his crew were determined to develop a Software-as-a-Service alternative that was simpler and more effective than traditional appliance-based approaches. One of the key objectives...
Read more
Steve is currently the CTO of PhoneFactor and is one of the founding partners and original developers of our cloud-based remote access product, PositivePRO. The idea behind PositivePRO was that remote access provided by the internal IT staff was expensive and cumbersome to maintain. Steve and his crew were determined to develop a Software-as-a-Service alternative that was simpler and more effective than traditional appliance-based approaches. One of the key objectives...
Read more