Security Week

Last updated: 31 July 2009

Subscription centre

You are subscribed as <#Email>

Unsubscribe here

Editor's note

Dear reader

In security news this week, Symantec has discovered an Adobe Acrobat PDF file that when opened, drops and executes a malicious binary code onto the user's system.

Also this week, as the world of virtualisation develops, the need to improve security in virtualised environments has become a crucial concern, according to Andre Grove, sales and financial director at Condyn.

In other news, Kaspersky Labs has taken the next step in supporting Microsoft's newest operating system, Windows 7.

Please keep those submissions for SecurityWeek coming, and feel free to e-mail me with any suggestions.

Have a safe and virus-free weekend!

Till next time.

Kirsten Doyle
kirsten@itweb.co.za

Top stories

Networks Unlimited named RSA distributor
The company plans to bring RSA technology to selected security reseller partners throughout sub-Saharan Africa.

Kaspersky supports Windows 7
The security company announces the release candidate for Kaspersky Anti-Virus 6.0 with Windows 7 support.

Risky Business


	By Stefan Tanase, regional researcher, global research and analysis team at Kaspersky Lab

	With great power comes great responsibility – a look at the distribution of short URLs on Twitter As we've recently discussed, short URL services are becoming more and more popular among social networks. And the recent event when such a service got compromised highlighted the sensitivity of the problem. We've decided to see exactly how popular each of these URL shortening services are on Twitter. So we've collected all the URLs from the public timeline and thought it would be nice to share the results with the world. These statistics are based on data collected during a 24 hours timeframe. As you can see, more than half of the URLs posted on Twitter belong to bit.ly, making it the winning service with 53.75%. Tinyurl.com is on the 2nd place, but with a very big gap between it and the 1st place, having just 7.55%. Twitpic.com accounts for 4.70% of all URLs tweeted, but as it is not actually an URL shortening service, but just an image hosting website for Twitter users, we cannot really say it's part of the top . But is.gd definitely is the last component of the top 3 – with just 1.73%. What's really worth noticing is that more than half of the URLs that are being tweeted every day are hosted by a single service – bit.ly. But with great power comes great responsibility and compromise of their service would mean a compromise of more than half of the URLs circulating every day on Twitter. Having security in mind all the time, I would've been happier to see the share of these URL shortening services being spread more even between them, with no such clear winner.

World wide wrap

Clearing the Fog

	Malware targets Harry Potter

	Malware expected to set records

	Phishing soars in July

Handler:
A type of program used in DDoS attacks to control agents distributed throughout a network. Also refers to an incident handler, which refers to a person who performs incident response work

brought to you by Symantec

Ghost in the Machine


	By Brett Myroff, CEO of regional Sophos distributor, Sophos SA

	Microsoft has announced that on Tuesday it will release two out-of-band security patches designed to fix vulnerabilities in Internet Explorer and Microsoft Visual Studio. Microsoft normally bundles its security updates into a monthly package, known as "Patch Tuesday" because it coincides with the second Tuesday of the month. It is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle, which means that Microsoft considers the situation particularly important to patch as soon as possible. IT staff responsible for protecting the computer systems at businesses around the world will need to be ready to roll out the patch, or potentially leave their organisations exposed to the threat of hackers installing malicious code without user intervention

More news

	Communications ministers get talking Resources, funding and expertise to execute ICT projects are still the biggest African challenges, says the communications department.
	Access management a growing concern Security is a worry as the mobile workforce needs access to critical systems and resources, says Hennie Moolman, MD of AfricaSD.
	Chartis ranks SAS The company maintains its leader position in Chartis Research's Credit Risk Management Systems 2009 report.
	JD Edwards gets protection Oracle Database Vault enables JD Edwards EnterpriseOne customers to restrict access to application data.
	SMS is not to blame The popular communications medium may be tarnished by recent incidents.
	Security-as-a-service extends to enterprise McAfee unveils the Total Protection Service update, broadening its SaaS offerings to enterprise customers.
	Concilium intros Agilent test instruments The company brings Agilent's hybrid solutions for signal testing in IT equipment to SA.
	iPhone gets RSA SecurID Software Token The solution enables iPhones to be used as RSA SecurID authenticators. [Local rep: SecureData Security]
	SA Calcium Carbide improves safety The manufacturer tightens safety standards on-site with the IntelliPermit computerised permit-to-work system, implemented by ApplyIT.
	ScanMail gets an upgrade Trend Micro ScanMail 5.0 offers e-mail server security for Lotus Domino users. [Local rep: SecureData Security]
	Microfinance bank deploys Clickatell FirstGlobal Microfinance Bank of Nigeria is delivering text banking services to mobile customers.

Quote of the week


	Vulnerability to exploit

	This vulnerability is not one we have seen in the wild before and affects Adobe Flash. The authors have taken a bug and turned it into an exploit
	- Gordon Love, regional director for Africa at Symantec

Reuters news

	Call for file-sharing regulations Lawmakers believe it may be time for government to regulate companies that provide online file-sharing services.
	Mac flaw provides data access A Mac security expert uncovers a technique that hackers could use to control Apple computers and steal scrambled data.
	Skype is 'encroaching foreign entity' Russia lobbies against Internet phone services, believed to be a threat to national security.

CareerWeb jobs

		Senior Systems Specialist: SMS
		Senior Systems Specialist: Messaging
		Linux Specialist
		Senior C#.NET Developer (full SDLC, new projects, no travel)
		Oracle DBA
		SQL Database Administrator
		Technical IT Auditor
		Administrative Specialist;

Advertisements

Events and training

BlackHat USA 2009

Date: 25 July to 30 July
Venue: Caesars Palace, Las Vegas, Nevada, USA
www.blackhat.com

DEFCON 17

Date: 31 July to 02 August
Venue: Riviera Hotel & Casino, Las Vegas, Nevada, USA
www.defcon.org

Computer Forensics Show

Date: 3 to 5 August
Venue: San Jose Convention Center, San Jose, California, USA
www.computerforensicshow.com

18th USENIX Security Symposium

Date: 10 to 14 August
Venue: Montreal, Canada
www.usenix.org/events/sec09/

Securitybyte & OWASP AppSec Asia Conference 2009

Date: 17 to 20 November
Venue: New Delhi, India
www.securitybyte.org

Brought to you by:

Quick facts by McAfee

McAfee Avert Labs has discovered a new zero-day Adobe vulnerability that takes advantage of a new "Rich Media" feature to add interactive Flash (swf) content to PDF files.
These can cause Adobe Reader to execute arbitrary code when viewed and when successful, shellcode in the exploit is executed by the application, which redirects the victim to other malicious IP addresses.
This malware acts as a backdoor to allow remote access to the infected computer.
The "Rich Media" annotation is new to Acrobat 9.x and will not be readable by older versions, so PDF viewers with Adobe Acrobat or Reader 8 and older and will not be vulnerable to this attack.
Even though anti-malware vendors continue to add detection for new zero-day threats, the best prevention is to refrain from opening attachments from untrustworthy sources.

Other ICT Events

Software-as-a-Service
What: This conference will address the challenges and opportunities of implementing SaaS, including the potential of the pay-as-you-go model; the customisation and integration challenges; and how to measure the success of SaaS.
Date: 4 August
Where: Gallagher Estate, Midrand
www.itweb.co.za/events/saas/2009/

Green IT
The Green IT Summit 2009 has been designed to provide IT users with practical insights into developing an IT strategy that will transform their IT and data centre operations to become more cost-effective, energy-efficient and eco-friendly.
Date: 18 August
Where: The Forum, Bryanston
www.itweb.co.za/events/greenit/2009/

BPM Summit & Awards
What: This event will explain how to create a single partnership of people, processes and technology to drive the successful implementation of BPM in an organisation. The summit will also see the launch of the BPM Excellence Awards, which celebrate the achievements that lead the way in BPM implementation in SA.
Date: 25 to 27 August
Where: Montecasino, Fourways
www.itweb.co.za/events/bpm2009/

Chief sub editor: Glenda van Zyl
glenda@itweb.co.za

Editor-in-chief: Ranka Jovanovic
rankaj@itweb.co.za

Section editor: Kirsten Doyle
kirsten@itweb.co.za

To subscribe to other ITWeb newsletters, please visit our subscription centre