As the scope of security threats on the Internet have increased, security professionals at Google have an increased responsibility to adjusting to this new state of security on the Internet.  Google is constantly working to gain the upper-hand to threats online and to understand how these threats affect their customers and the Internet community. Google has helped to define the way people do business online.  But in this ever-changing environment that does not mean that Google is immune to the complexities that an online world can bring.

One way Google is doing this is by monitoring how its users are using Google Apps.  Google Apps are Google’s online applications and include word processing, spreadsheet and presentation applications. The applications host all of the users’ data online and enable users to share documents with virtually anyone, inside or outside their organizations. But because the applications exist online, they are subject to any number of known and unknown application-level attacks and Web threats, making security a thornier problem than usual.

Google doesn’t want to be the company that tells people what to do and what not to do.  Their business is built on quality of results.  Google encourages IT security professionals to look at the ways in which they secure their own companies and see how they can introduce a more open experience while still emphasizing security.  Read more about this at: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1315867,00.html

Understanding where your business is in the security lifecycle allows Digital Reach to prepare a solution to ensure your network is secure. Early intervention allows you to be proactive in addressing network computer systems security.  Learn more.

Internet attackers looking for ways to compromise a growing number of computers have brought back SQL Injection.  Researchers are noticing a growing number of websites that have been compromised by a mass SQL Injection that take advantage of weak website apps and then use those sites as a launch pad to infect their website visitors with malware.  The concern is that there are a number of sites on the web that are vulnerable to an attack of this nature.  The attackers can access easily and quickly find new targets to attack.

The Asprox Trojan is an example of this SQL Injection.  Researchers have observed it being distributed by a spam botnet.  This trojan is related to a password-stealing trojan known as Danmec. The infected PC will download a binary that searches Google for websites that contain specific search terms and launch a SQL Injection attack on those sites.

Read more here: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1314697,00.html

Protect your companies computers with Digital Reach Managed Services. 

The Abobe Flash Player has a zero day defect that is currently being targeted by attackers across the world who have set up over 200,000 webpages for exploitation of the defect.  The vulnerability could be exploited to cause a denial of service ( DOS ) situation.  It is reported that Adobe Flash Player 9.0.115.0 and 9.0.124.0 are at risk.  The defect occurs when the flash player tries to process a harmful swf file.  Symantec and McAfee are reporting that different exploits are crafted to exploit the different versions of Adobe Flash and that the exploits exist for both IE and Firefox.  Users should visit www.adobe.com to download the latest version of the Adobe Flash Player to protect themselves from this attack.

Digital Reach, Inc. delivers IT solutions designed to help your business perform more efficiently and with more productivity.  Learn more about Digital Reach.

Source: Citrix - Enterprise Management Associates

This EMA white paper provides a prescriptive and practical guide for IT decision-makers who are interested in learning more about desktop virtualization, how and whether it applies to their organization, and what they need to do next to take advantage of the extraordinary benefits this technology can provide. This paper provides a non-technical introduction, and explains the major benefits to business and IT, including: greater productivity; better, faster, cheaper management and support; improved security and compliance; balance of control and usability; high availability; improved performance; extreme workforce mobility; and maximized resource utilization.

Three Key Phases to Implementing Desktop Virtualization
by EMA

Disaster planning has traditionally involved protecting the data center and its assets, attending to the data, the software, and the necessary hardware. In times of disaster however, even when disaster plans function flawlessly, the prospects for business continuity are often grim. Why? Because when it comes to business, the people involved are still the most important element. Now, new technologies and services are available to en­sure that after a disaster the people involved in the day-to-day planning and running of a business have the same level of access to data, services, and all other necessary corporate resources as they had before one. In addition, even during the most exacting times companies will be able to reach out to their employees and provide them with needed services to get them through the hard times.

Is your network protected?  Digital Reach can review your current disaster plan or implement a new one.  Contact Digital Reach, Inc. to learn more.

Workforce Continuity During Times of Disaster
by EMA

InternetNews.com, Sean Michael Kerner - This positive article on the aftermath of the XenSource acquisition noted the many ways in which Citrix is working to advance the Xen open-source project. Simon Crosby, Citrix chief technology officer, stated, “We’re absolutely committed to the Xen project and there are no plans to change that.” Crosby also indicated the open-source development methodology has been internalized at Citrix. InternetNews.com also noted the integration of Xen branding into the Citrix corporate brand, including the renaming of Citrix Presentation Server as Citrix XenApp.

Search doesn’t have to be complicated. You can deliver search solutions to your organization quickly and easily with Microsoft Search Server 2008. Below is a snap-shot view of Microsoft Search Server 2008:

Quickly find the information you need, using a familiar Search Center interface.

Pinpoint the most relevant information you need with recommended best bets, authoritative sources, term definitions, hit highlighting, and query correction.

Retrieve concise and clear search results, using duplicate collapsing, which allows you to quickly review a wide variety of relevant information.

Stay on top of new information relevant to your work by subscribing to update notifications of your search results using e-mail and RSS alerts.

Build upon a familiar user interface and application platform that lets you customize both your search experience and the actions you can take on your search results.

Index common information sources using out-of-the-box indexing connectors for file shares, Web sites, SharePoint sites, Exchange public folders, and Lotus Notes databases.

Use federated search connectors to quickly and easily connect to applications and services, using the Open Search standard.

Scale your deployment to meet your needs with no pre-set document limits, and using advanced indexing features like continuous propagation.

Take advantage of a strong Partner ecosystem to implement and further extend your search solution.

Review common administrative tasks, statuses, and settings in a single view, using a unified administrative dashboard.

Manage content sources, search scopes, authoritative sources, key words, best bets and other configurable relevancy settings through a powerful, easy-to-use management console.

Set crawl rules and schedules that govern how and when your information is indexed.

Maintain high availability and load balancing using a variety of topologies. Configure multiple Web, query, and clustered database servers.

Monitor search performance and improve search relevance with query and results reporting.

Help ensure that only the right people can find information, using query and index-time security trimming.

If you want to know more about Digital Reach’s Managed Services offerings or what Digital Reach can do for your business, click here to schedule a consultation or call us at 214.623.5200.

Core Security Technologies today announced that it has been chosen by the Data Protection Summit as a Best of Show awards winner for 2008 in the category of Most Innovative Data Protection Technology for CORE IMPACT, the most comprehensive product for performing enterprise security assurance testing.

The second annual Best of Show awards is the premier opportunity for industry recognition of innovative technology and how it is being used in the marketplace. Winning companies were judged by a panel of industry experts who evaluated each nomination according to the following criteria:

Distinctiveness of the application, technology or product
Central use of data protection as a solution
Technical and business significance

“The Data Protection Summit Innovation Award for Technology recognizes a company whose products and services have raised the bar for data protection,” said Jay Kramer, vice president of worldwide marketing, iStor Networks, and chairperson of the Data Protection Summit Awards Committee. “The Data Protection Summit is proud to recognize CORE IMPACT from Core Security Technologies as a solution that encompasses data protection innovation and makes a real difference in the marketplace today.”

Core Security Technologies, based in Boston, Mass., is the leading provider of enterprise security assurance testing software. Its product, CORE IMPACT, gives organizations visibility into critical information security weaknesses across network systems, end-user systems and web applications. By pinpointing exploitable vulnerabilities, IMPACT enables customers to regularly evaluate the effectiveness of their defensive infrastructure and end-user security policies. The product generates clear, actionable test reports that detail proven vulnerabilities, possible fixes and other information valuable to improving an organization’s overall security posture.

“Companies are losing the battle when it comes to protecting critical data assets, since they are often unable to view their information security from the perspective of attackers,” said Fred Pinkett, vice president of product management at Core Security Technologies. “Many businesses are now addressing this problem by using penetration testing products such as CORE IMPACT to evaluate their ability to detect, prevent and respond to security threats. We are pleased to receive this honor from the Data Protection Summit, and we are glad it recognizes our innovation as a step forward in enterprise information security.”

The Best of Show winners were honored during a special ceremony at the Data Protection Summit on Wednesday,
March 12.

Contact Digital Reach to discuss your CORE IMPACT implementation.

 Security experts are warning computer users to beware of malware attacks timed to coincide with April Fool’s Day, noting that the keepers of the Storm Trojan have already launched such attacks.

Source: SearchSecurity.com | Information Security Magazine

Researchers at Helsinki-based F-Secure Corp. said in the company blog that a new wave of April Fool’s Day-related Storm mails were spammed out late Monday with a link that points to an IP address. Subject lines carry such messages as “All Fools’ Day,” Doh! April Fool” and “Surprise! The joke’s on you.”

There appears to be no text in the messages, only the URL that, if clicked, downloads executable files with such names as “foolsday.exe” and “kickme.exe.” The files carry the Storm Trojan.

“Virus coverage is poor with the samples we’ve captured, but we’re working with the antivirus vendors to improve that,” Stephen Hall, a handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said in a message on the SANS ISC blog.

In a follow-up message on the ISC site, handler Joel Esler reminded people to be aware of this and other April Fool’s tricks.

Controllers of the Storm botnet have a history of using holidays such as Valentine’s Day and news events such as a wave of storms that swept across Europe several months ago to dupe people into opening infected emails.

Meanwhile, victims falling pray to the Pushdo Trojan aren’t finding any love. Sunnyvale, Calif.-based network security vendor, Fortinet has been tracking the Pushdo, which continues to spread as a result of a successful eCard spam campaign. The eCard touts nude photographs, random female names and a fake link to relationship sites.

If the victim opens an attachment in the email, “Pushdo.EV cycles through various IP’s in an attempt to establish an HTTP session where it will download a rootkit component,” Fortinet said in its March threat report. The Pushdo botnet is growing larger and gaining in activity, according to Fortinet security research engineer Derek Manky.

This month a serious data breach occured at the Hannaford Bros. supermarket chain which exposed 4+ million credit and debit card numbers to ID theft.  The company explained via a release on their website that the company had detected an intrusion of its computer network that resulted in the theft of customer credit and debit card numbers.

The incident, which occured around Feb. 27th, is very similar to the security breach at Framingham TJX Companies that affected 94 million credit card holders.

The Hannaford breach happened despite investments made to bolster security in the last couple years. As part of its PCI DSS compliance measures, for example, the company worked with its checkout counter computer software vendor to enhance encryption and eliminate some of the credit card data that had been stored. The fact that a breach occurred anyway illustrated the need for companies to create an advance response plan.

Are your systems protected from outside attackers?