Aanval v6 is now available!

Aanval v6 (Grendel) was released Thursday, 12/03/10.  This new version represents more than 9 months of development and is a significant milestone in the 7 year history of the Aanval snort & syslog correlation console.

Aanval v6 is a major iteration, greatly improving information security efficiency and security event management. A  lengthy list of additional enhancements and features are further planned for v6 as Tactical FLEX continues to aggressively roll out new builds following the company's methodology strategy of "release early, release often."

The interface for Aanval v6 was completely re-written with Adobe Flex 4, scrapping the entire previous Flex 3 interface. The backend remains MySQL / PHP, however dozens of updates and optimizations were made to improve performance and stability.

Aanval v6 is a large project, comprised of several hundred thousand lines of code. A major portion of time for this release was spent working on the interface (Flex 4). If you follow Loyal on Twitter, you have witnessed his frustrations with the latest releases of Flash Builder. 

The most notable features of Aanval v6 are the new multi-tasking interface, the GeoLocation displays and the re-introduced event correlation system.

• GeoLocation with integrated Google Maps is now available in both real-time and search displays to provide a global, visual reference of event attack sources.
• The event correlation system has been re-introduced with an updated interface to group and rank events that may be related to one another.

A list of Aanval v6′s new features and enhancements:

• All new live GeoLocation (Google Maps)
• All new event displays
• All new event correlation
• All new event browser
• All new live event monitor
• All new frequent X displays
• All new report management
• All new action management
• All new signature management
• All new datastore management
• All new policy management
• All new snort management
• All new syslog filter management
• All new installation and update system
• All new multi-tasking interface
• All new inter-display interaction
• All new look and feel (GUI)
• And much… much, more

You can view a selection of screenshots on the Aanval Web site and download Aanval to give it a test drive. 

Aanval Snort & Syslog Intrusion Detection and Correlation Console

Aanval is the industry’s leading web-based gui for snort and syslog intrusion detection and correlation. Government security and defense organizations from more than a half dozen countries, educational institutions from around the world, global financial organizations as well as space exploration and military weapons manufacturers rely upon Aanval as a part of their security infrastructure.

For more information on Aanval v6, including upgrade details, new license purchasing, etc contact me and visit  www.aanval.com

Enjoy.

The 10 Most Dangerous Places For Your SSN

As we know the Internet can be a scary place filled with all kinds of dangers. Be careful out there in Cyberspace.

Article from DarkReading 

By Kelly Jackson Higgins

College students' SSNs most at risk, followed by banking/financial customers'

Oct 19, 2010 | 12:04 PM

Getting your credit card number stolen is one thing, but when your Social Security number (SSN) is lifted, identity theft really hits home. And as it turns out, some places are more risky than others for storing your SSNs.  Identity theft expert Robert Siciliano, commissioned by McAfee, analyzed reported data breaches during the past year-and-a-half to determine the most dangerous places to give out your SSN: The No. 1 location is universities and colleges, which experienced 108 data breaches involving SSNs between January 2009 and October of this month. Banking and financial institutions were close behind, with 96 such breaches.

Siciliano's pulled his data from breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse, and the Open Security Foundation during that period.

More than 30 percent of all identity theft victims have had their SSN exposed, according to Javelin Research.
The rest of the top 10:

• Hospitals, with 71 breaches
• State governments, with 57 breaches
• Local governments, with 44 breaches
• Federal Governments, with 33 breaches
• Medical businesses (products and services for the medical field), with 27 breaches
• Nonprofits, with 23 breaches
• Technology companies, with 22 breaches
• Medical insurance and medical offices/clinics, with 21 breaches

The only requirements for showing your SSN, according to the Social Security Administration, are when you provide it to your employer when you first start a new job and to your financial institution for tax reporting, according to McAfee. The SSA recommends keeping your SSN card or any documentation with it in a safe place, and not to carry them around.A federal law requires that SSNs be used for professional licenses, driver's licenses, occupational licenses, recreational licenses, and marriage licenses, as well as by creditors and the Department of Motor Vehicles. And with any cash transaction more than $10,000, an SSN is required, as well as for military business.Siciliano cites ways to guard your SSN, including refusing to provide it, checking your credit report every few months, investing in an ID protection service, trashing mail securely, opting out of junkmail and preapproved credit card offers, and locking down your PC.

Aavnal Version 6 - Update

The highly anticipated general release of Aanval Version 6 is drawing near! The Tactical FLEX developers said today that version 6 will be completed in the next couple of weeks (by October 21st) As soon as it is ready, Aanval users and prospects will receive an e-mail announcing the general availability of Aanval Version 6. A press release will also be distributed.


In the past few months Aanval customers were encouraged to submit their suggestions and requests for version 6.  We value our customers and invite you to submit any ideas or feature requests to support.group@aanval.com. 


If you wish to receive the press release announcing Aanval Version 6, send an e-mail to kbitz@aanval.com with "Press Release Distribution Request" in the Subject line.  


Aanval is the industry's leading web-based gui for snort and syslog intrusion detection and correlation. Over 5,500 organizations in 95 countries rely upon Aanval as a part of their security infrastructure. For more information about Aanval go to www.aanval.com. 

Can Cybersecurity be a Catalyst for Economic Growth?

Eric Chabrow, Executive Editor, GovInfoSecurity.com in his article on October 6, 2010 argues that indeed it CAN. He points to the "Lessons from Sputnik: Producing Benefits Beyond Safeguarding IT."

Below is the introduction to his article which you will find at http://www.govinfosecurity.com/articles.php?art_id=2982&rf=2010-10-07-eg

Fear is a great motivator. Fear helped the United States overtake the Soviet Union in the space race after the launch of Sputnik in the late 1950s. Americans feared our Cold War adversaries would conquer space, so the United States invested heavily, not only in technology, but in educating our young citizens in math and science to challenge the Soviets.

"We were really pretty far behind and we were kind of surprised that the Soviet Union was so far ahead in science and technology," Patrick Gorman, former associate director of the Office of the Director of National Intelligence, said in an interview with GovInfoSecurity.com (transcript below).

The return on that investment, just over a decade later, resulted in the United States landing men on the moon. And, the investments produced additional benefits such as the creation of the IT industry and other technological advancements unrelated to space.

Check out this article and the interview, then go share it with some bright youngsters who will be inspired to become our next generation of Information Security Officers. 

Colleges Face Greater Challenges in Stopping Data Breaches

By Dian Schaffhauser

10/04/10

Colleges and universities face greater challenges in stopping data breaches than other kinds of organizations and are on track to experience the same number of data breaches in 2010 as they did in 2009, according to a company that sells security applications for protecting databases. According to a report from Application Security's research arm, for the first seven months of this year 32 breaches have been reported, compared to a total of 57 in 2009. Three quarters of those breaches involve unauthorized access to databases maintained on institutional servers.

AppSec's Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research) said the proliferation of data breaches in higher ed can be attributed to several factors.

Although campus database breaches face the same exploitation techniques as companies, such as SQL injections on public-facing Web sites and unencrypted data on lost laptops, there are several risks unique to higher ed. (View this list and the complete article of this report at http://bit.ly/bQmqlY.

Also, because of the number of students, staff, faculty, and parents in campus business, institutions maintain numerous databases with names, addresses, financial information, credit card numbers, Social Security numbers, and healthcare records.

On top of that, reported AppSec, students and faculty members "frequently log in and out of personal and public computers, accounts are left open, computers are left logged on, and data can be easily lost amid the day-to-day shuffle."  

Read the complete report at http://info.appsecinc.com/Higher-Ed-Research-Paper.html

National Cyber Security Awareness Month

National Cyber Security Alliance Marks Beginning of National Cyber Security Awareness Month

7th Annual National Effort Educates Digital Citizenry

WASHINGTON,  Oct. 1 /PRNewswire-USNewswire/ -- The National Cyber Security Alliance (NCSA), a public-private partnership focused on educating a digital citizenry to stay safe and secure online, reminds all Americans that today marks the beginning of the 7th Annual National Cyber Security Awareness Month.  National Cyber Security Awareness Month is a coordinated effort of the NCSA, the U.S. Department of Homeland Security, and The Multi-State Information Sharing and Analysis Center (MSISAC) and a myriad of companies, educational institutions, nonprofit organizations and individuals throughout the nation focused on improving online safety and security awareness and education for U.S. citizens and businesses.

From a personal, business and governmental perspective, our nation's reliance on the Internet continues to grow.  The NCSA is focused on helping American citizens, businesses and students understand how to protect themselves, their families, customers and communities with universal safe and secure online behaviors.  

"Our nation's online health is critical to our economic prosperity and national security," said Michael Kaiser, executive director of the NCSA.  "The highest levels of government and industry have recognized the role that cybersecurity and cyber safety play in our nation's ability to stay competitive and innovative. National Cyber Security Awareness Month provides a cyber education foundation that all Americans can use throughout the year."

The NCSA urges all Americans to employ a handful of simple online safety behaviors:

• Employ comprehensive security suites that include anti-virus, firewall, anti-Spyware and anti-Spam software.  Most importantly, set your security software to automatically update.
• Back up your files and data on a regular basis to mitigate any losses in the event of a security failure.
• Only use secure wireless connections that require passwords or other forms of security.

"In this digital age, we are all connected, and each of us plays an important role in securing cyber space," said William Pelgrin, MS-ISAC chair and president and CEO of the Center for Internet Security.  "We are pleased to once again join our partners in co-sponsoring National Cyber Security Awareness Month to help raise awareness across government, businesses, educators and citizens about cyber safety. Working together, we can improve our nation's cyber security preparedness."

Anyone - families, employers, consumers, teachers, and students - interested in online safety is encouraged to access the National Cyber Security Awareness Month Web portal. The Web site hosts an abundance of online safety resources and information including tip sheets, ideas for how to get involved, events, and additional awareness resources to help organizations and individuals participate in National Cyber Security Awareness Month.

The portal offers printable materials for schools, businesses, government agencies, law enforcement and consumers as well as electronic materials for organizations to incorporate on their own websites. All NCSA materials are free to the public and there is no cost for endorsements or event listings.  Of the many resources on the site you will find:

• Tip Sheets: For online gaming, mobile devices, social networking and general Internet safety tips for parents and kids.
• Customizable Posters: A National Cyber Security Awareness Month poster that can be customized with a company or association logo or a message to help promote local activities.
• Endorsement Forms: Organizations, companies, and government agencies are encouraged to endorse National Cyber Security Awareness Month, which is made easy through an online endorsement form. Endorsers can be featured with their logo and web link on NCSA's website.
• Event Calendar: The NCSA keeps a calendar of events taking place during October that focus on cybersecurity awareness and education. Organizations are welcome to submit events through NCSA's online form to be included on the October calendar.

"We have offered a wide variety of opportunities to learn more about cybersecurity and cybersafety," said Shannon Kellogg, senior director of public policy at EMC and chairman of the NCSA Board of Directors.  "All of us need to make a personal investment to continually learn how to keep ourselves and our nation's online defenses safe and secure."

About The National Cyber Security Alliance

The National Cyber Security Alliance is a nonprofit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA works to create a culture of cyber security and safety through education and awareness activities. Visit www.staysafeonline.org for more information.  NCSA board members include: ADP, AT&T, EMC Corporation, Cisco Systems, General Dynamics Advanced Information Systems, Google, Lockheed Martin Information Systems & Global Services, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Verizon and Visa.

About National Cyber Security Awareness Month

National Cyber Security Awareness month now in its seventh year is a coordinated effort of the National Cyber Security Alliance, The Department of Homeland Security (DHS), and The Multi-State Information Sharing and Analysis Center (MSISAC).                     SOURCE National Cyber Security Alliance

How Stuxnet Worm Works

Stuxnet looks for industrial control systems and then changes the code in them to allow the attackers to take control of these systems without the operators knowing. In other words, this threat is designed to allow hackers to manipulate real-world equipment, which makes it very dangerous.

It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems.

The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.

"We've definitely never seen anything like this before," said Liam O’Murchu, Researcher, Symantec Security Response. "The fact that it can control the way physical machines work is quite disturbing."

W32.Stuxnet Dossier
Download the White Paper
Read the Symantec Security Response Blog

Also, for an interesting definition and description of the Stuxnet Worm go to Wikipedia http://en.wikipedia.org/wiki/Stuxnet

A Google search on the Stuxnet Worm produced many news stories around the Globe. 

As a result of the Stuxnet Worm the safest approach online is to "Trust No One, Monitor Everyone?" - DarkReading http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=227501127&cid=RSSfeed

'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say.

Network Monitoring Can Provide Key Clues To Security Problems

Done properly, traffic analysis and log review can help administrators identify threats they might not recognize otherwise

Sep 27, 2010 | 05:03 PM

By John Sawyer, Contributing Writer @ DarkReading



Excerpted from "What's Going On? Monitor Networks to Thwart Intrusions," a new report posted this week on Dark Reading's Security Monitoring Tech Center.]

An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm

Stuxnet Worm Claimed To Be Devastating In Iran                                               |
The Web site debka.com reported 


"Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. DEBKAfile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus."


None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression DEBKAfile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

Sounds like they need help in Iran.

UN 'to appoint space ambassador to greet alien visitors'

Last week I flippantly stated that it looked like the UN should soon consider creating an "Intergalactic Intelegence and Security Service (IISS)." Read that post from Sept. 15 below about the Ex-military men who said unknown intruders have monitored and even tampered with American nuclear missiles. Six former U.S. Air Force officers and one former enlisted man will break their silence about these events at the National Press Club and urge the government to publicly confirm their reality.

I had no idea that the UN was reading my blog or was aware of aliens monitoring our nuclear missile sites. 

Check out the article below: "UN 'to appoint space ambassador to greet alien visitors' "

By Heidi Blake
Published: 11:30AM BST 26 Sep 2010

A space ambassador could be appointed by the United Nations to act as the first point of contact for aliens trying to communicate with Earth.

Mazlan Othman, a Malaysian astrophysicist, is set to be tasked with co-ordinating humanity’s response if and when extraterrestrials make contact.

Aliens who landed on earth and asked: “Take me to your leader” would be directed to Mrs Othman.

She will set out the details of her proposed new role at a Royal Society conference in Buckinghamshire next week.  The 58-year-old is expected to tell delegates that the proposal has been prompted by the recent discovery of hundreds of planets orbiting other starts, which is thought to make the discovery of extraterrestrial life more probable than ever before.

Mrs Othman is currently head of the UN’s little known Office for Outer Space Affairs (Unoosa).

In a recent talk to fellow scientists, she said: “The continued search for extraterrestrial communication, by several entities, sustains the hope that some day human kind will received signals from extraterrestrials.

“When we do, we should have in place a coordinated response that takes into account all the sensitivities related to the subject. The UN is a ready-made mechanism for such coordination.”

Professor Richard Crowther, an expert in space law at the UK space agency who leads delegations to the UN, said: “Othman is absolutely the nearest thing we have to a ‘take me to your leader’ person”.

The plan to make Unoosa the co-ordinating body for dealing with alien encounters will be debated by UN scientific advisory committees and should eventually reach the body’s general assembly.

Opinion is divided about how future extraterrestrial visitors should be greeted. Under the Outer Space Treaty on 1967, which Unoosa oversees, UN members agreed to protect Earth against contamination by alien species by “sterilising” them.

Mrs Othman is understood to support a more tolerant approach.

But Professor Stephen Hawking has warned that alien interlopers should be treated with caution.

He said: “I imagine they might exist in massive ships, having used up all the resources from their home planet. The outcome for us would be much as when Christopher Columbus first landed in America, which didn’t turn out very well for the Native Americans.”

U.S. Nuclear Weapons Have Been Compromised by Unidentified Aerial Objects

Looks like the UN may soon create an Intergalactic Intelegence and Securinty Service (IISS):

PR Newswire                          WASHINGTON, Sept. 15

Quoted directly from the Reuters article:Ex-military men say unknown intruders have monitored and even tampered with American nuclear missiles.

Group to call on U.S. Government to reveal the facts.

WASHINGTON, Sept. 15 /PRNewswire-USNewswire/ -- Witness testimony from more than 120 former or retired military personnel points to an ongoing and alarming intervention by unidentified aerial objects at nuclear weapons sites, as recently as 2003. In some cases, several nuclear missiles simultaneously and inexplicably malfunctioned while a disc-shaped object silently hovered nearby. Six former U.S. Air Force officers and one former enlisted man will break their silence about these events at the National Press Club and urge the government to publicly confirm their reality.

For the complete announcement visit the Reuters site at
http://www.reuters.com/article/idUS166901+15-Sep-2010+PRN20100915?pageNumber=1

Bipartisan bill would ramp up anti-piracy enforcement online

By Gautham Nagesh - 09/20/10 02:00 PM ET -  OntheHill Web site

A bipartisan bill unveiled Monday would make it easier for the Justice Department to shut down websites that traffic pirated music, movies and counterfeit goods.

Members of the Senate Judiciary Committee including chairman Patrick Leahy (D-Vt.) and Orrin Hatch (R-Utah) introduced the Combating Online Infringement and Counterfeits Act, which would create an expedited process for DoJ to shut down websites providing pirated materials. 

“Each year, online piracy and the sale of counterfeit goods costs American businesses billions of dollars, and result in hundreds of thousands of lost jobs,” Leahy said in a statement. “Protecting intellectual property is not uniquely a Democratic or Republican priority — it is a bipartisan priority.”

“This much-needed bill will help law enforcement keep pace in shutting down websites that illegally sell copyrighted goods," Kohl said. "By cracking down on online piracy of television shows and movies, we hope this bill will encourage copyright owners to develop innovative and competitive new choices for consumers to watch video over the Internet."

Specifically the bill would authorize Justice to file an in rem civil action against domain names used to traffic infringing material. In order to obtain a preliminary court order against the owner of the domain or website, Justice would have to show the site's "substantial and repeated role in online piracy and counterfeiting."

http://thehill.com/blogs/hillicon-valley/technology/119771-bipartisan-bill-would-ramp-up-anti-piracy-enforcement-online

Stephen Northcutt Offers Advice to Security Pros: Learn Chinese

From the Bank Info Security News Web Site - "Bank Information Security Articles"

Interview on September 14, 2010 - by Upasana Gupta, Contributing Editor

Stephen Northcutt, CEO of SANS Technology Institute, has a piece of advice for up and coming security professionals. "Learn Chinese; you are going to need it." Further, Northcutt advises, "Learn and live by the security axiom: protection is ideal, but detection is a must."

In an exclusive interview on careers in information security, Northcutt shares insights on:

• On how he started his career;
• Opportunities and gaps he sees in our professional training system;
• Advice to today's security practitioners

SANS Technology Institute is a postgraduate level IT Security College, and Northcutt, its CEO, is an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security.

Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization.

Check out the entire interview at the BankInfoSecurity site

Aanval Version 6 Under Development, Soon to be Released

Loyal Moses, Founder of Tactical FLEX, stated in an interview earlier this week that development of Aanval v6 is progressing quite nicely.  He said the Dev Team plans to have the code done and testing completed in the next couple of weeks. 


Aanval Version 6 is Enterprise:  Once the dev team began designing v6, they decided to totally re-write the front end of the Aanval console. They wanted Aanval v6 to not just be a major release, but to give it an "Enterprise look and feel."  


Many suggestions and ideas from Aanval customers will be included in v6. 


Will post more as I peal back the hood and get the details on Aanval v6.  This code is simply gonna be awesome!  Screen shots will follow.

FCC's White Space Plan Not Exactly WiFi on Steroids ?

Wayne Rash of eWeek Weighs in on the FCC's Plan to approve ......

"The announcement that the Federal Communications Commission was prepared to approve unlicensed digital operations in slices of the frequency spectrum occupied by television guard bands is being greeted eagerly by many, including Google and Microsoft." 

"Ultimately it will probably be a good idea, but it's by no means clear that it will be the panacea to a national broadband solution that some hope it will be.  In fact, there's every possibility that the whole "White Space" excitement is badly overhyped and in the long run will likely lead to more disappointment than broadband growth."

I guess I am one of the ones in remote and rural areas of the USA hoping this results in new options.

For the whole of Rash's comments and insight go to eWeek at http://www.eweek.com/c/a/IT-Infrastructure/FCC-White-Space-Plan-Isnt-Exactly-WiFi-on-Steroids-253860/?kc=EWKNLGOV09152010STR1

Homeland Security Department to Test Iris Scan Technology

The Department of Homeland Security plans to test futuristic iris scan technology that stores digital images of people's eyes in a database. This is considered a quicker alternative to fingerprints. "The department will run a two-week test in October of commercially sold iris scanners at a Border Patrol station in McAllen, Texas, where they will be used on illegal immigrants," said Arun Vemury, program manager at the department's Science and Technology branch.  "The test will help us determine how viable this is for potential (department) use in the future," Vemury said.

Links:   http://www.usatoday.com/tech/news/surveillance/2010-09-13-1Airis13_ST_N.htm

'Super FAST Wi-Fi' = FCC To Open Up Vacant TV Airwaves For Broadband

'Super FAST Wi-Fi' may be available if the FCC works out the final details of proposed new radio spectrum rules. This will open up the so-called 'white spaces' of vacant airwaves between broadcast TV channels for wireless broadband connections. If the FCC approves plan, we will see Wi-Fi with a much longer range and a stronger signal. 


Concerns have been expressed about possible interference with TV signals and wireless microphones. The FCC is scheduled to vote next week on rules which should resolve these issues.

Discuss this story at:  http://mobile.slashdot.org/comments.pl?sid=10/09/13/1417208

Links:   http://skunkpost.com/news.sp?newsId=3171

Google Apps Director of Security Eran Feigenbaum

Catch a brief interview, "Q and A style," with Google Apps Director of Security Eran Feigenbaum by V3.co.uk - formerly vnunet.com at http://www.v3.co.uk/v3/analysis/2246616/q-google-apps-director-security

Addresses several topics including what he sees as the major challenges facing information security bosses today.


Good short read.

2010 Data Breach Investigations Report

This is A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service. 

(Below is a Quote from this report:)

Executive Summary

In some ways, data breaches have a lot in common with fingerprints. Each is unique and we learn a great deal by analyzing the various patterns, lines, and contours that comprise each one. The main value of fingerprints, however, lies in their ability to identify a particular individual in particular circumstances. In this sense, studying them in bulk offers little additional benefit. On the other hand, the analysis of breaches in aggregate can be of great benefit; the more we study, the more prepared we are to stop them.

Read this report for a look at "Cybercrime Year in Review, 2009" and many other topics.

Security Topics in the News

Information Security issues are making the news this year.  From passwords to hacking and sneaking attacks and other threats, If you are online you've got to be aware to be safe.
 "How to Stop 11 Hidden Security Threats"   PC World
Antivirus software and a firewall alone can't guarantee your safety. Here's how to foil the latest crop of sneaky attacks and nefarious attempts to steal your data.


Are You Worried About ID Theft? Join the Club PC World

Nearly two-thirds of Americans are concerned that information about their bank accounts, credit cards and identity may be stolen from their computers,.............
 .

iTunes Scam: How to Protect Yourself - PC World
In recent weeks, more and more iTunes users have been reporting fraudulent activity on their Apple accounts, reporting hundreds or even thousands of dollars worth of bogus purchases........ The problem, it seems, actually lies with iTunes users.  Go figure!  Be careful with those iTunes Scams.


Snoop Dogg Joins the War on Cybercrime - From the "you have got to be kidding department" of Security Week News - In a somewhat untraditional partnership, Snoop Dogg and Symantec’s Norton want you to show off your lyrical skills on the subject of cybercrime and enter the "Hack is Wack" cybercrime rap contest. The contest, which runs through Sept. 30, 2010, asks participants to create and upload a two-minute rap video at www.HackIsWack.com. 

Creating Secure Passwords You Can Remember -  PC World - Good Solid Advice

Six years ago at the 2004 RSA Security Conference, Microsoft Chairman Bill Gates declared the password dead. He told his audience that the password can't meet the challenge of keeping sensitive information protected, saying "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."  Offers advice on how to create a secure password that you can actually remember in "12345" easy steps.  Good read. 

This Aanval InfoSec Blog sponsored by Tactical FLEX, makers of Aanval the industry's leading web-based gui for snort and syslog intrusion detection and correlation. www.aanval.com Download Aanval for free test drive today.