New report shows five IPS products pass rigorous testing
The United Kingdom-based NSS Group is offering a an abbreviated report detailing real-world performances of five IPS vendors tested for performance, reliability, security effectiveness and usability.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Top Layer's IPS 5500 and SecureSoft Absolute IPS NP5G were highlighted for their ability to minimize latency in exceptionally high-traffic situations. V-Secure V-100 v7.0, Fortinet Fortigate-800 and BroadWeb Netkeeper-NK 3256T v3.6.0 also scored well when put through numerous tests. "One of the things that impressed us in this round of tests was the obvious effort that had been put in by all the vendors to reduce noise and spurious alerts," the authors wrote. "It was good to note that vendors are paying much more attention to quality of signatures rather than just the quantity, or breadth of coverage." The company reports 10 IPS vendors already have signed on for the next round of testing.
Teen first to be arrested for sending junk mail via instant messaging
An 18-year-old teenager is believed to be the first person arrested for sending "spim" -- spam instant messages. Anthony Greco was arrested at a Los Angeles airport last week for allegedly sending 1.5 million messages advertising pornography and mortgages to members using the instant-messaging feature of the MySpace.com networking service. Silicon.com reports Greco thought he was meeting with MySpace.com's president to set up a marketing deal after he threatened to expose how he arranged the spamming to MySpace.com members. Some experts predict spim to be the next big thing in online annoyances and, given its immediacy, could become an even bigger headache than e-mailed spam.
Bank of America moves to two-factor authentication for online banking
Bank of America, which earlier this month was sued by a customer claiming he lost $90,000 after downloading a Trojan, will now use VeriSign's Unified Authentication encryption software to make it harder for cybercriminals to steal accounts. In a news release, the company explained its strategy: "VeriSign Unified Authentication is a complete range of two-factor authentication methods that will integrate with Bank of America's existing technology environment, without costly additions of disparate hardware and software infrastructure." A big selling point was flexibility in choosing a second form of ID, such as a password, token or smart card, based on open standards, the company said. On Feb. 7, a Miami man filed a lawsuit against the banking giant, claiming it had not alerted him to malicious code that had infected his computer. He later discovered $90,000 from his account had been sent to a Latvian bank. After the theft was discovered, Bank of America sent a letter to online banking customers announcing new features designed to reduce online fraud and theft and recommended they install antivirus software.
(ISC)2 CEO Jim Duffy announces his retirement
James E. Duffy, who's been at the helm of the International Information Systems Security Certification Consortium for the last five years, is stepping down. The non-profit organization, which administers the popular CISSP credential for security professionals, announced Duffy's retirement in a press release last Thursday. "It has been a pleasure to have been a part of (ISC)2 and watch the company evolve, but it's time for me to channel my efforts into being a more available husband, father and grandfather," Duffy said in a statement. (ISC)2 officials praised Duffy's global efforts and said Stephen Doukas, the current COO, would become acting CEO until a replacement was hired. Doukas previously served as CFO for Largo, Fla.-based Architectural Concepts Inc.