Friday's edition of The New York Times newspaper announced the discovery by a team of scientists from Princeton University that Dynamic Random Access Memory (DRAM) chips could be made to retain their data for an extended period of time after being powered down if the chips are cooled. In the experiments, the RAM chips were cooled using an inexpensive can of compressed air, and scientists were still able to extract information from the chips, including the complex encryption keys used to decode files.

By cooling the chips, the data is literally frozen in place. Then it was just a matter of reading the strings of zeros and ones that make up the information stored on the chip. From the billions of bits of data, the scientists were able to identify and extract their private encryption keys. This new discovery has industry experts clamoring over this wide loophole in computer security. However, when you think about it, this issue is only related to IT security in the sense that a computer chip is involved. In fact, this is primarily a physical security issue. If the would-be thief cannot access the physical computer chip, there is no threat.

(more...)

Computer viruses have always been surrounded by mystery. With the vast number of viruses circulating the online world these days, people are always wondering where they come from or what they are. Viruses have the potential of causing a considerable amount of damage to your computer if your system becomes infected.

The viruses themselves are written for one main reason--to reproduce. It does so by typically spreading from one computer to another. They are generally designed to cause damage by deleting data and performing malicious acts such as changing or inserting data on your computer.
The threat of computer viruses is constantly growing, which makes it ever more important that when you choose an anti-virus program for your computer, you choose the right one. There are many anti-virus programs available with some more popular than others but popularity is not essentially what should be factored in when choosing an anti-virus program for your computer. Knowing the importance of anti-virus software, there are several things that should be considered when choosing one for your computer: (more...)

The current threat

The sheer number of desktops, laptops, and servers running Windows makes them an easy and readily available target for malware writers and spammers. Assessment of an organization’s requirements for protection against viruses, spyware, Trojans, and worms has therefore tended to concentrate on the Windows environment. Meanwhile, the network security risk arising from unprotected non-Windows computers has sometimes been downplayed or overlooked altogether.

The need to protect the gateway from malicious code – whatever the operating system – is pretty well accepted. However, acceptance is not clear-cut over endpoint protection, as most malware continues to target Windows platforms, with only a tiny proportion being created specifically for Mac and Linux platforms. (more...)

Being a QSAC (Qualified Security Assessor Company), our clients frequently ask if they can achieve their continuing PCI penetration testing requirements in-house. This depends on a few variables.

An organisation's requirement for administering a yearly external and internal penetration test that also includes application testing is covered by PCI DSS requirement 11.3. This is different than the PCI DSS 11.2 requirement that deals with an organisation's requirement for running internal and external vulnerability scans quarterly, which must be run internally or by an ASV (Approved Scanning Vendor) respectively. Each of these activities must also be performed either when changes take place in the applications, which includes upgrades, network, and infrastructure of the organisation, or at the mandated intervals. (more...)

Storage networks are predominantly used by organisations to centrally manage their data, reduce hardware costs (cost of server hardware, software, installation and maintenance) and downtime (when adding extra storage), effectively manage storage resources, and overcome computing power and storage scalability issues that the ‘independent storage for each system’ approach is affected with. These networks are regularly used to store critical information the compromise of which could affect the organisation’s competitive edge, cash-flow, profitability, legal and regulatory compliance, and corporate image.

Storage Area Networks (SANs) and Network Attached Storage (NAS) are the two types of storage networks used primarily. The two storage networks differ in various aspects; however, both these technologies were built with functionality in mind and not security, and are riddled with vulnerabilities that adversely affect the confidentiality, availability and integrity of the information stored within these networks. Serious vulnerabilities exist within these technologies that could allow unauthorised, (and in various cases) unauthenticated access to stored information. The support for IP based connections, iSCSI in SANs, and IP connections in NAS increase the accessibility but also enlarges the attack surface. (more...)

The newest AntiVirus 2010 release from Norton is faster, smarter and stronger than ever. One of the biggest complaints about the previous version of Symantec software was that it weighed down user’s computers and caused other programs to run slowly. Norton has taken their Antivirus software to a new level with their 2010 release. With a much smaller footprint on user’s systems, Norton AntiVirus 2010 software is fast, efficient and is still your best bet when it comes to defending your computer against viruses.

AntiVirus 2010 software from Symantec uses the brand new Norton Insight Network for faster, fewer and shorter scans. The Norton Insight Network uses online intelligence in real time to discover and scan only the files that are at risk on your computer. Not only does the Norton AntiVirus detect new threats to your computer, but it explains where they came from and how they negatively impact your computer. Norton Anti Virus software is your best bet for proactive computer protection. (more...)