What’s the Biggest Security Threat to Your PC?

By: Lee Rickwood

April 5, 2010

The Internet has never been more popular — nor been as dangerous — as it is today.

As e-publishing, e-health and e-government opportunities grow; as media consumption, social networking and business connectivity options mature; network intrusions, distributed malware and threats to personal privacy increase as well.

it360-logo-sm2Or, as the producers at this week’s IT360° Conference and Trade Show in Toronto put it, “FUD – fear, uncertainty and doubt – is in the IT marketplace.”

Of course, having to face a tightening economy, shrinking budgets and limited time to evaluate or incorporate new technologies can create its own fear factor.

So, the IT360° Canadian Conference agenda includes information sessions and an equipment exposition where institutional IT managers and small business PC users alike can address their hopes and fears in a well attended and highly interactive arena.

The show regularly attracts many IT industry participants, including chief executives, senior technologists, data centre managers, Internet and Web specialists, software developers, system integrators and manufacturers, as well as small business operators, corporate managers and government representatives.

Key topics at this year’s event are security, data centres, unified communications and VoIP.

“The Internet has never been more dangerous then today. E-crime continues to rise,” said Bruce Cole, IT360° Show Director. “That’s one reason we’re excited to have Gary Warner, a leading expert in Anti-Phishing and Web attacks, as our Keynote Speaker. He will be presenting the most recent findings about universal online threats, and he will share the best practices and policies for businesses to increase their safely and security online.”

Warner, Director of Research in Computer Forensics at the University of Alabama, often works with agencies such as the U.S. Department of Homeland Security and the FBI on matters on cyber-crime and network security. Warner also consults for private sector organizations, including the APWG (Anti-Phishing Working Group), whose members include Wal-Mart, ING, Kaspersky Lab, eBay, Yahoo!, VISA, and Microsoft.

In his keynote address, Universal Threat Awareness, he will discuss national and regional e-crime trends and individual case studies about resolving specific cases.

The event’s opening keynote address is scheduled for April 7 at 9:30 am.

A recipient of the Microsoft MVP Award in the Enterprise Security category, Warner notes that, “In recent years, it was sufficient to build a strong firewall around one’s organization and protect the perimeters. Today’s business doesn’t happen within our perimeters, it happens online, from laptops and blackberries, on Twitter and Facebook.”

While there are several robust and recommended tools for enhancing online – and, increasingly, mobile — security, Warner’s work and expertise reveals that “the biggest security risk at a computer has nothing to do with technology and everything to do with the human at the keyboard.”

He goes on to say that, well, basically we will click on anything! It’s not just Viagra ads, false banking statements or courier shipments, hyperbolic promises of more hair or true love!

One recent spam message making the rounds with an inviting and infected link doesn’t promise anything – Webster points out that the top subject messages on infected spam have been:

Subject: FW:
Subject: Fw:
Subject: Re:FW:
Subject: Re:

So, yes, security is a key consideration at the IT360° Conference – but not the only one, Cole points out.

The trade show floor is populated with well-leading IT companies like Dell, RIM and Microsoft, but also up and coming players like Terago, Atria and Riverbed.

Taking place concurrently are other IT industry events and conferences, including one on Cloud Computing and on one the Asterisk Open Telephony movement.
 
Asterisk, by the way, is a popular open source telephony solution that enables users to use VoIP and other related technologies in cost effective ways within their organization.

Under development since 1999, Asterisk is free, open source software that can be used to turn a desktop computer into a powerful voice communications server.

In one conference session, the power of Asterisk will be described as a key part of the political process and successful electoral campaigns, when used as a tool for canvassing and distribution of campaign voice messages.

Asterisk is released as open source under the GNU General Public License (GPL), and it is available for download free of charge. The code for Asterisk, originally written by Digium’s Mark Spencer, has been built up with contributions from open source software engineers around the world.

As well, the second Canadian CloudCamp will be held during IT360°, part of the Cloud Computing conference track, building on its goal of introducing and advancing cloud computing in the IT industry.

No longer a matter of “if” but “when, show organizers describe, cloud computing to some people is nevertheless a murky new development. Specific sessions in the Cloud conference track are designed to help ease the uncertainty.
 
The fourth annual IT360° Conference & Exposition will be held April 7, 2010 at the Metro Toronto Convention Centre.

For more information, visit www.it360.ca


2 comments

  1. coopejx@yahoo.com' John Cooper says:

    Improving general security:
    One thing I noticed with a smart (but not computer-savy) user was his lack of awareness of what his ‘Security Tool’ was capable of doing. He said it just showed up one day and began spitting out messages such as “Your computer is infected with 40 viruses”, and it sent a constant barrage of messages to his console telling him to pay up. I asked him “Had it run any scans ?”. He said that he had not seen any. Right there I saw a big red flag.
    A legitimate antivirus program on my own PC (Vipre, which I consider one of the best) needed to run for more than 3 hours before it could produce any messages like that (and I only have a 40 Gb drive), so I knew right off that there was something seriously wrong with his PC. It turned out that it was a fake security tool that needed extensive work to remove from his PC.

  2. leerickwood@rogers.com' lee says:

    Help!!!!

    I’m walking out of the IT 360 keynote presentation, thinking about … sliced luncheon meat.

    Not that I hadn’t eaten. And not that the presentation wasn’t informative and engrossing.

    It was that and more so.

    Gary Warner’s talk on Universal Threats was excellent.

    The guy sure knows what he’s talking about, and he sure knows who he’s talking to.

    His presentation was illustrated, for example, with the most up to date – how’s April 6 – information, and it was highly contextualized with real Canadian content – having been slipped in in the day or so before his talk.

    (He showed very clearly how we, in Canada, are being carefully and strategically targeted by international hackers and phishers, who are creating very believable but fake websites that seek to get our personal banking information. Showing screen grabs of incredibly accurate looking TD Canada e-mails, for example, with embedded links to fake sites, he showed how easy it is to spoof a PC user into surrendering all sorts of valuable log-in data and account information.)

    He also mentioned that, although PC and Windows users are most targeted , Linux-based or Mac computers are just as vulnerable. It’s just that it is a number’s game out there – hackers can attack some 94 per cent of the market, or they can attack the other six. Easy call, misleading situation.

    And while Gary underscored the fact the most dangerous threat out there is us – and our proclivity to click on random unknown or otherwise misleading links or attachments. He clearly showed that the ‘bad guys’ out there are very much working to exploit that very human weakness (among other more technical ones).

    So we may be our own worst enemy, but there are plenty of other enemies, too.

    They are exploiting home computers, government servers, corporate networks and more. They share their nefarious tools and resources like some sort of open source community. They sell their ill-gotten gains – stolen passwords, user profiles, mother’s maiden names, whatever – to the highest bidder, often in lots of a thousand or more.

    And it seems they’re way ahead of many of those trying to catch or defeat them. Gary showed hacker correspondence (much of it is on accessible chat forums) that was clearly discussing known holes and protective work-arounds in a popular OS, weeks before an official patch came out to address it.

    The number of infected networks, servers and computers just keeps on growing.

    Hence, my thoughts about luncheon meat.

    Several months ago, when we here in Canada were facing a slew of infected sliced meats, well, they were taken off the market. Infected or not, any bologna even remotely connected to a possible infection source was pulled. Fittingly and quickly and openly.

    The factory where the meat was processed (and apparently infected) was closed for weeks, and every little corner of the plant was scrubbed and disinfected before any new bologna was sliced.

    But what do we do with infected programs, or computers, or server networks?

    Mostly, we keep using them. (Worse perhaps, we generally keep quiet about it – for fear of personal or corporate embarrassment.)

    But if we can pull sliced meat when infected, shouldn’t we do something similar with our computer programs and operating systems? Pull them off the market if they are contaminated!

    Ha ha – I know. Don’t hold your breath.

    “We have reasonable alternatives to sliced bologna,” Gary said to me afterwards. “What’s your substitute for a PDF file? And no matter what, you‘re not gonna pull Google!”

    So then he got me thinking about ‘too big to fail’.

    Help!

    L

Leave a Reply

Your email address will not be published. Required fields are marked *