Posts Tagged ‘Symantec’
Symantec tool calculates your data’s value to thieves
It’s no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.
Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.
I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.
I use security software (and do my financial transactions mostly on a Mac at home), am fairly cautious while Web surfing, and didn’t put a high dollar figure on the value of my digital information. My security risk turned out to be 37 percent, or medium, and the black market worth of my online assets was calculated to be $11.29. Those figures didn’t change when I modified the gender, age, and estimated value of the data.
A recent Microsoft Research report concludes that stolen data offered for sale in underground IRC channels is difficult to monetize because of all the–get this–con artists there.
Regardless of whether the underground revenue figures are overblown, the data is being harvested, sometimes in huge batches, during data breaches at large payment processors, and there is a market for it.
It’s discomfiting to think a criminal could pay as little as $11 to get access to my sensitive personal data for identity fraud purposes, while I could end up spending lots of energy and time–years even–reporting the crime, trying to fix my credit rating, and getting my life back to normal.
Symantec isn’t trying to scare consumers with the Norton Online Risk Calculator, but to raise awareness of the risks, said Marian Merritt, Internet safety advocate at Symantec.
“We still find consumers who think using just antivirus is sufficient,” she said.
Merritt recommends that people use security suites that offer antivirus, firewall, and intrusion detection and prevention software, as well as keep their operating system and browsers updated.
Source :
http://news.cnet.com/8301-27080_3-10258549-245.html?part=rss&subj=news&tag=2547-1_3-0-20
New alliance aims to unite malware fight
A new alliance has been created to formalize information sharing on security protection and develop industry standards.
The Industry Connections Security Group (ICSG) is parked under the IEEE Standards Association and includes mostly security heavyweights and antivirus players. The founding members are AVG Technologies, McAfee, Microsoft, Sophos, Symantec, and Trend Micro.
Announcing the group in a blog post on Monday, Mark Harris, vice president of SophosLabs, said security researchers have had a tradition of sharing virus samples but that the sharing arrangements “are still based on individual relationships rather than formal agreements.”
The formation of the group makes for a “more organized” security industry, he added, in the current landscape where attacks are increasingly structured and malware samples grow at “astonishing rates.”
The ICSG currently has a malware working group, but intends to add other working groups over time.
According to a July 20 presentation document (PDF), the group aims to improve the efficiency of the collection and processing of the millions of malware file samples handled by security vendors each month by focusing on an XML-based metadata sharing standard. The standard is expected to undergo ratification by the end of this month.
Graham Titterington, principal analyst at Ovum, said the announcement of the group was both interesting and confusing. The rationale for the new alliance was the need for a more comprehensive approach to countering malware writers, he said, but the focus of the group appears to be limited.
The group addresses “all aspects of malware and its membership includes most of the main antimalware vendors–Kaspersky being the most notable absentee–and so the ICSG represents progress on countering the so-called ‘blended threats,'” he told ZDNet Asia in an e-mail. “However, it does not seem to be taking the battle to the criminals or probing the criminals’ business networks. The focus is on setting up the infrastructure and protocols to allow rapid information sharing on threats and making the day-to-day operation of the members more efficient.
Titterington added: “I would have expected a body affiliated with the IEEE to be putting more emphasis on the development of improved methods for disrupting criminal activity and on new ways of protecting users.”
Vivian Yeo of ZDNet Asia reported from London.
Source :