Web Threats Weekly

Technology Solutions And Manual Checks To Beat The Hackers

As we point out in our latest Mythbusters Tip (see below), it doesn't matter whether you process payments on your website or not; cyber criminals are a threat to everyone's online presence.

Still, e-commerce sites are frequent targets of cyber criminals, so we selected online auction network Kaqoo CEO Alan Skelton to provide this week's advice for avoiding web threats. Skelton suggests a combination of technology solutions and manual checking to ensure privacy and security compliance.

"Because we are an e-commerce network, we are constantly hit by cyber criminals wanting to scam buyers," Skelton says, so Kagoo has come up with an innovative solution: checking IP addresses of anyone who tries to register on the site. "New Scotland Yard, London, NW1 is a typical address which raises flags; New Scotland Yard being the old location for the Metropolitan Police!"

As well, they ensure their servers are patched regularly. They keep up-to-date with hacker exploits that might affect any code they use. Only a combination of efforts will keep the hackers out.

"We treat data as an asset that must be protected and use lots of tools (encryption, passwords, physical security, etc.) to protect your personal information against unauthorized access and disclosure," Skelton says.

There is no magic bullet for protection. As always, better security comes through a combination of measures.

If you would like to know more about how to protect your website and computer network, contact PCIS

Help Beat The Hackers In 2009. Here's How You Can Help

* Let us know about how your organization is helping keep your website visitors safe and your online safety tips could be featured in the next Web Threats Weekly!

* PCIS is producing webinars in 2009 to help organizations better understand how to identify and prevent web vulnerabilities. If there's a topic you'd like us to address in our webinars, please let us know and we can put it into our webinar series.

* Call us if your organization needs help understanding how to close off vulnerabilities to SQL injection and other hacker threats.

Beat the hackers in 2009. Contact PCIS.

How To Overcome Management Myths To Improve IT Security

PCIS will be presenting at the 10th Annual Privacy and Security Conference in Victoria next week on the topic of "States of Denial: Overcoming Management Myths To Improve IT Security". Security stakeholders from across North America will share lessons about how to improve our online security. The theme for this year's conferences is "Life in a Digital Fishbowl - A Struggle for Survival or a Sea of Opportunity?"

"One of the challenges organizations face is that IT people, when devising security for an organization, don't account for business requirements and then create a solution which is secure but not workable. Then the business people devise work-arounds that are not secure to do their business" says PCIS President Vaclav Vincalek.

"When organizations waste money in the wrong place, the business is still insecure. When your IT people understand the needs of the business, you get better processes, and better security."

January 28, 2009

Web Threats Weekly is distributed by:

* Pacific Coast Information Systems Ltd.

* Boonbox, a division of PCIS

* Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Technology Solutions And Manual Checks To Beat The Hackers

* Help Beat The Hackers In 2009. Here's How You Can Help

* How To Overcome Management Myths To Improve IT Security

* Hacker Bait

* Mythbusters Tip #10

* Spam-Alot

Web Threats Weekly helps organizations protect themselves and their customers from known online threats.

Resources Links

* Online Protection: How To Secure Your Business and Build Consumer Trust (Vancouver Board of Trade)

* Five Web Security Tips for Business (Computer Dealer
News)

* PCIS / Boonbox IT Security Resources Page

* Subscribe/Unsubscribe Instructions below

Hacker Bait

The latest Hacker Bait list contains many famous websites, including business, government, media and online community sites that have been found to have vulnerabilities that hackers and cyber criminals could exploit.

Keep in mind that this is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days.

These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

walmart.com

bestbuy.com

www.cia.gov

www.nsa.gov

infogov.co.uk

astrogravs.nasa.gov

jpl.nasa.gov

smallstep.gov

zoo.gr

google.com/trends

wired.com

metafilter.com

london.ebuddy.com

lego.com

greenpeace.org

ec.kingston.com

sanfernando.gov.ar

usasearch.gov

yahoo.rogers.com

yeepay.com

Mythbusters Tip #10

“We don't have any e-commerce component in our web applications, so the hackers won't target us.”

Organizations often make the mistake of believing that if they have no e-commerce on their website, that hackers won't bother hacking their sites. This is particularly common amongst non-profit organizations. Government agencies are usually better informed about security threats and compliance regulations, but not necessarily.

But hackers are using tools that don't really discriminate between types of websites when they attack thousands of sites simultaneously. Cyber criminals will attempt to exploit it to hack into your web visitors systems.If you own an online presence, you're a target.

Spam-Alot

Spammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Spam-Alot Websites Exploited Since Jan. 22, 2009

sundesignstudio.com

synopsis.com

adrespatent.com

mynyoffice.com

jdavidmorris.com

newsbusters.org

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Web Threats Weekly, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Web Threats Weekly, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558