Two recently released studies found that security is lacking on government sites and on mobile devices.
One report from a U.S. government security audit by Finjan Inc. reveals that of all Web threats spyware is the most predominant — including viruses and browser-based vulnerabilities — followed by behavior-based violations.
Finjan’s analysis is based on a security audit that the Web security firm conducted during the fourth quarter of 2005 for an unnamed government organization. Live Internet access information was gathered during a period of one week and was based on the surfing activities of 25,000 users. Finjan scanned all content downloaded during the study period. Its findings were based on counting each content type that violated the government body’s security policy. A total of 171,000 instances where this security policy was breached were logged.
Of those 171,000 instances, 37,323 had access to spyware sites, 9,670 were behavior-based violations using scripts and 7,660 of those instances were attempts to exploit operating system/browser vulnerabilities.
Further to those results were 5,626 instances of behavior-based violations using active binary code, 4,844 high-risk site categories (URL Filtering: adults, hacking, remote proxies, violence, etc.), 284 instances of Spyware and 83 instances of known viruses.
The study is part of Finjan’s ‘in the wild’ security audits, an ongoing effort by the company to educate organizations about the silent threats coming through Web traffic.
Mobile privacy
Meanwhile a recent public opinion poll by Forrester Research may indicate that road warriors have to firm up security on their laptops.
Forrester found that 43 per cent of the respondents felt that location-based services would threaten their privacy.
Roger Entner, vice-president of wireless telecoms at IT research company Ovum, said the biggest hole in the mobile network operator offering is the lack of guaranteed privacy. Users want to control access to and use of their personal information to avoid the type of trouble the theft of credit data is posing on the Internet.
Notebook security is one reason why Seagate, a manufacturer of hard drives, is working on a drive with automatic encryption. This drive will encrypt all hard drive data, not just selected files or partitions.
According to the company, hardware-based full disc encryption delivers significantly stronger protection against hacking and tampering than traditional encryption approaches by securely performing all cryptographic operations and key management within the drive.
Encryption keys for sensitive data was sited as a preventative measure that could have avoid a recent security breach at Boston-based Fidelity Investments, one of whose clients is Hewlett-Packard. One of the financial institution’s laptops was stolen this month, an act that may have compromised the personal information of approximately 190,000 of former HP employees. This breach has not yet led to identity theft.