Studies warn of Web and mobile threats

Two recently released studies found that security is lacking on government sites and on mobile devices.

One report from a U.S. government security audit by Finjan Inc. reveals that of all Web threats spyware is the most predominant — including viruses and browser-based vulnerabilities — followed by behavior-based violations.

Finjan’s analysis is based on a security audit that the Web security firm conducted during the fourth quarter of 2005 for an unnamed government organization. Live Internet access information was gathered during a period of one week and was based on the surfing activities of 25,000 users. Finjan scanned all content downloaded during the study period. Its findings were based on counting each content type that violated the government body’s security policy. A total of 171,000 instances where this security policy was breached were logged.

Of those 171,000 instances, 37,323 had access to spyware sites, 9,670 were behavior-based violations using scripts and 7,660 of those instances were attempts to exploit operating system/browser vulnerabilities.

Further to those results were 5,626 instances of behavior-based violations using active binary code, 4,844 high-risk site categories (URL Filtering: adults, hacking, remote proxies, violence, etc.), 284 instances of Spyware and 83 instances of known viruses.

The study is part of Finjan’s ‘in the wild’ security audits, an ongoing effort by the company to educate organizations about the silent threats coming through Web traffic.

Mobile privacy

Meanwhile a recent public opinion poll by Forrester Research may indicate that road warriors have to firm up security on their laptops.

Forrester found that 43 per cent of the respondents felt that location-based services would threaten their privacy.

Roger Entner, vice-president of wireless telecoms at IT research company Ovum, said the biggest hole in the mobile network operator offering is the lack of guaranteed privacy. Users want to control access to and use of their personal information to avoid the type of trouble the theft of credit data is posing on the Internet.

Notebook security is one reason why Seagate, a manufacturer of hard drives, is working on a drive with automatic encryption. This drive will encrypt all hard drive data, not just selected files or partitions.

According to the company, hardware-based full disc encryption delivers significantly stronger protection against hacking and tampering than traditional encryption approaches by securely performing all cryptographic operations and key management within the drive.

Encryption keys for sensitive data was sited as a preventative measure that could have avoid a recent security breach at Boston-based Fidelity Investments, one of whose clients is Hewlett-Packard. One of the financial institution’s laptops was stolen this month, an act that may have compromised the personal information of approximately 190,000 of former HP employees. This breach has not yet led to identity theft.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

CDN Staff
CDN Staff
For over 25 years, CDN has been the voice of the IT channel community in Canada. Today through our digital magazine, e-mail newsletter, video reports, events and social media platforms, we provide channel partners with the information they need to grow their business.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.