Sunday, December 10, 2006
Antiphishing efforts try to keep pace
Antiphishing efforts try to keep pace
It's a daunting process just staying in place
Cara Garretson Today’s Top Stories or Other Cybercrime/Hacking Stories
Securing Credit Card Data: Are Your Customers at Risk Because of Spyware?
Don't Make Me Come Over There-Tapping Into The Power of Symantec pcAnywhere's Improved Connectivity
Symantec Backup Exec System Recovery-Restore Systems Anytime, from Anywhere to Virtually Any Device
How Secure is VoIP?
An Executive's Guide to Vulnerability Management
Data Protection Strategy Kit
Intrusion Protection
Intrusion Protection
Voice-over-IP will dominate the enterprise in the next few years - are you ready?
October 11, 2006 (Network World) -- While many experts say phishers will continue to stay one step ahead of even advanced preventive measures, some security companies are developing new ways to keep the public informed about fraudulent Web sites and cut down on scams.
These initiatives are designed to fight phishing by providing helpful data to ISPs, e-mail security firms and antimalware vendors whose products are designed to protect their customers from cybercrime, as well as the financial institutions and online retailers whose Web sites are mimicked by fraudulent ones.
Meanwhile, the fight against phishing also is playing out on the desktop, as tools to keep Web users from visiting fraudulent sites become more prominent. For example, the next version of Internet Explorer will include the Phishing Filter, designed to warn users if they visit a fraudulent Web site, according to Microsoft officials. The next version of the Firefox browser is expected to have a similar feature.
Yet by the time these upgrades are widely adopted, phishers will have found ways around the blocking mechanisms, one analyst says.
"Phishing attacks as we know them will go away, but I'm sure [phishers] will come up with something else," says Avivah Litan, a vice president at Gartner.
"I think it's spy vs. spy," echoes Todd Bransford,vice president of marketing with antiphishing vendor Cyveillance. "We see more variants of phishing as the bad guys get more creative and come up with new ways to circumvent security . . . they're just different enough so that they're not recognized by the security efforts."
Among the new initiatives designed to fight phishing is an offering from Cyveillance, whose service is used by financial institutions, online retailers and other companies to protect their brand on the Web. Last week the company announced it will make its data regarding phishing sites available for reuse by other vendors.
The OEM Content Program is designed for ISPs and security companies that need to block users from phishing sites, Bransford says. This phishing data from Cyveillance is used by AOL and Microsoft with their ISP offerings.
The company's crawlers and agents constantly scour the Web for misuse of its clients' brands, and often discover fraudulent sites. With the new offering, Cyveillance will make this information available to companies that interact directly with users to help protect them from these sites, Bransford says. The information provided via this service is backed by a no-false-positives service-level agreement.
Cyveillance competitor MarkMonitor late last month announced a private-label desktop application that it will sell to financial institutions looking to offer their customers protection against fraudulent sites. Called Trust Guard for Financial Services, the software performs real-time heuristics and contextual analysis to decide if a Web page is fraudulent and also checks sites against the MarkMonitor's own black list.
The software is available as a stand-alone application or can be integrated into existing applications and toolbars. Financial institutions can rebrand the software and distribute it directly to their customers.
This week Tipping Point, a division of 3Com, plans to announce a Firefox browser add-in designed for use by cybercrime investigators, network operators and security companies that provides instant information about the Web site the user is visiting. Called Monkeyspaw and based on open source code, the tool aims to help security professionals analyze and report fraudulent sites, says Tod Beardsley, lead counterfraud engineer with Tipping Point.
Monkeyspaw provides information such as the IP address of a Web server, its configuration information and its geographical location -- data that can prove helpful in determining whether a site is valid. While this information can be obtained by some digging, Monkeyspaw presents it quickly and clearly, Beardsley says. The tool also can be used to report a fraudulent site to CastleCops' Phishing Incident Reporting and Termination Squad, which takes down phishing sites.
It's a daunting process just staying in place
Cara Garretson Today’s Top Stories or Other Cybercrime/Hacking Stories
Securing Credit Card Data: Are Your Customers at Risk Because of Spyware?
Don't Make Me Come Over There-Tapping Into The Power of Symantec pcAnywhere's Improved Connectivity
Symantec Backup Exec System Recovery-Restore Systems Anytime, from Anywhere to Virtually Any Device
How Secure is VoIP?
An Executive's Guide to Vulnerability Management
Data Protection Strategy Kit
Intrusion Protection
Intrusion Protection
Voice-over-IP will dominate the enterprise in the next few years - are you ready?
October 11, 2006 (Network World) -- While many experts say phishers will continue to stay one step ahead of even advanced preventive measures, some security companies are developing new ways to keep the public informed about fraudulent Web sites and cut down on scams.
These initiatives are designed to fight phishing by providing helpful data to ISPs, e-mail security firms and antimalware vendors whose products are designed to protect their customers from cybercrime, as well as the financial institutions and online retailers whose Web sites are mimicked by fraudulent ones.
Meanwhile, the fight against phishing also is playing out on the desktop, as tools to keep Web users from visiting fraudulent sites become more prominent. For example, the next version of Internet Explorer will include the Phishing Filter, designed to warn users if they visit a fraudulent Web site, according to Microsoft officials. The next version of the Firefox browser is expected to have a similar feature.
Yet by the time these upgrades are widely adopted, phishers will have found ways around the blocking mechanisms, one analyst says.
"Phishing attacks as we know them will go away, but I'm sure [phishers] will come up with something else," says Avivah Litan, a vice president at Gartner.
"I think it's spy vs. spy," echoes Todd Bransford,vice president of marketing with antiphishing vendor Cyveillance. "We see more variants of phishing as the bad guys get more creative and come up with new ways to circumvent security . . . they're just different enough so that they're not recognized by the security efforts."
Among the new initiatives designed to fight phishing is an offering from Cyveillance, whose service is used by financial institutions, online retailers and other companies to protect their brand on the Web. Last week the company announced it will make its data regarding phishing sites available for reuse by other vendors.
The OEM Content Program is designed for ISPs and security companies that need to block users from phishing sites, Bransford says. This phishing data from Cyveillance is used by AOL and Microsoft with their ISP offerings.
The company's crawlers and agents constantly scour the Web for misuse of its clients' brands, and often discover fraudulent sites. With the new offering, Cyveillance will make this information available to companies that interact directly with users to help protect them from these sites, Bransford says. The information provided via this service is backed by a no-false-positives service-level agreement.
Cyveillance competitor MarkMonitor late last month announced a private-label desktop application that it will sell to financial institutions looking to offer their customers protection against fraudulent sites. Called Trust Guard for Financial Services, the software performs real-time heuristics and contextual analysis to decide if a Web page is fraudulent and also checks sites against the MarkMonitor's own black list.
The software is available as a stand-alone application or can be integrated into existing applications and toolbars. Financial institutions can rebrand the software and distribute it directly to their customers.
This week Tipping Point, a division of 3Com, plans to announce a Firefox browser add-in designed for use by cybercrime investigators, network operators and security companies that provides instant information about the Web site the user is visiting. Called Monkeyspaw and based on open source code, the tool aims to help security professionals analyze and report fraudulent sites, says Tod Beardsley, lead counterfraud engineer with Tipping Point.
Monkeyspaw provides information such as the IP address of a Web server, its configuration information and its geographical location -- data that can prove helpful in determining whether a site is valid. While this information can be obtained by some digging, Monkeyspaw presents it quickly and clearly, Beardsley says. The tool also can be used to report a fraudulent site to CastleCops' Phishing Incident Reporting and Termination Squad, which takes down phishing sites.
# posted by raveneye @ 9:30 PM 
