Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Game Plan: Keeping Your Family Safe Online

0
0

A Huffington Post article I read back in late July asked a poignant question: “Why no Internet safety course for kids and parents?” The author of the article was Tony Loftis, president and executive director of Find Your Missing Child, an organization that aims to use social media to locate missing and runaway children. Loftis equated the lack of Internet safety training to handing car keys to a 16-year-old with almost no driving experience, and it is an apt comparison.

Symantec’s FY13 Corporate Responsibility Report released last week shows that 26 percent of Symantec’s FY13 philanthropic giving was spent on online safety– the second largest category after education (46 percent). From taking care of your social media privacy settings to being aware of potential mobile device risks while out at an event, we are reminded that there are many steps we can take to prevent cybercrime and protect everyone – from budding Internet users to Internet veterans – from the shady characters that we know are lurking out in cyberspace.

While there is no magic spell to guarantee Internet safety (if only “Expecto Patronum” worked on cyber Dementors! Harry Potter, anybody?), Symantec is dedicated to providing the research, software programs and training to help you develop a game plan to keep your family safe online.

Talk first, surf later

When we implement a new rule about technology with our kids, they often stare back and ask: “Why?” Our young ones are growing up in a digital and mobile world, and just as we explain why they should stay alert while walking home from school, we should discuss why it is important to be on alert while engaged with the online world for school and play.

To help start the conversation, Symantec’s Norton Family software can help to encourage your kids to participate in ensuring their own Internet safety. By involving your kids in the rule creation process, you won’t be accused of “spying” on them – and they will be much more likely to follow the rules that they help design. We know from research that kids who have rules end up safer than those without; and kids whose parents engage with them in their online activities have closer offline relationships too. Let them know you’ll be checking in on their browsing/search and social network history and agree to “friend” each other – they might grumble when you set time limits on their computer time, but that’s a battle that even we can’t help you fight.

It’s just Common Sense

While you may talk to your kids at home about online safety, we know that your young ones are spending at least a third of their day somewhere else – at school where they are increasingly using online resources. In 2013, Symantec created a partnership with Common Sense Media and Cyber Safe Kids to support a digital citizenship initiative, Growing Up Digital, for Australian students and communities. The program provides ongoing, accessible resources to Australian schools, K-12 lesson plans, interactive modules for students and parents and training for teachers. The initiative will not be limited to just Down Under, either – Symantec will help Common Sense Media spread its digital curriculum to schools across the Asia Pacific region.

We also know that stories are powerful tools that can convey important messages in a fun and friendly way – enter iDecide, an interactive online storybook engaging middle school students in topics related to digital literacy. iDecide is an expansion on Symantec’s Digital Passport literacy project, which is tailored for elementary school students, but now middle school students can join the fun.

We believe it is crucial to teach younger generations around the world to be responsible, ethical, safe and respectful online citizens. Find out more about how Symantec is working to keep you and your family safe by taking a look at our Corporate Responsibility Report and website. And then, let us know how you think we're doing by answering a few short survey questions. At the end of the survey, you can vote for a nonprofit project to receive a $50,000 USD grant from Symantec. Let us know where you think it should go!

 

Marian Merritt is Symantec's Norton Internet Safety Advocate.

Next in this series: Where Are All the Women in Technology? A look at Symantec’s diversity and inclusion initiatives….


Hidden Lynx – Contratando Hackers Profesionales

0
0

En los últimos años, han aparecido informes que detallan las actividades y actores detrás de varios ataques persistentes o APT. En Symantec Security Response hemos seguido de cerca a un grupo que consideramos entre los mejores de su clase, lo denominamos como “Hidden Lynx” (lince escondido) por una cadena encontrada en las comunicaciones de servidores de control y comandos. “Hidden Lynx” es un grupo con un impulso y deseo que superan a otros grupos muy conocidos, tales como APT1/Comment Crew. Las principales características de este grupo son:

  • habilidades técnicas
  • agilidad
  • organización
  • inventiva
  • paciencia

Estos atributos se ven en las fuertes campañas y ataques que han realizado contra múltiples blancos en simultáneo durante un período de tiempo ininterrumpido. El grupo es pionero de la técnica "watering hole" que se utiliza para emboscar a los blancos o víctimas. Tienen acceso temprano a vulnerabilidades de día cero, además de la tenacidad y paciencia de un cazador inteligente para comprometer la cadena de suministros y así llegar a su blanco real. Estos ataques a las cadenas de suministro se llevan a cabo infectando computadoras de un proveedor del blanco planeado y luego esperando a que las computadoras infectadas se instalen y contacten a su base. Claramente, estas son acciones calculadas y no incursiones impulsivas de amateurs.

Asimismo, el grupo no se limita a un conjunto de blancos pequeño, sino que atacan a cientos de organizaciones distintas en muchos países diferentes, incluso al mismo tiempo. Dada la amplitud y el número de blancos y países involucrados, es muy probable que la organización esté formada por hackers profesionales contratados por clientes para obtener información. Ellos roban lo que sea que les pueda interesar a sus clientes bajo pedido. De ahí la gran variedad y amplitud de blancos.

También creemos que para llevar a cabo ataques a esta escala, el grupo debe tener una experiencia considerable de hackeo a su disposición, tal vez entre 50 y 100 empleados organizados en por lo menos dos equipos que llevan a cabo distintas actividades con diferentes herramientas y técnicas. Los tipos de ataques identificados requieren tiempo y esfuerzo para desplegarse, y en algunos casos, las campañas  requieren de recolección de inteligencia y una investigación antes de articular los ataques con éxito.

Al frente de este grupo hay un equipo que utiliza herramientas desechables junto con técnicas básicas pero efectivas para atacar a muchos blancos distintos. También pueden actuar como recaudadores de inteligencia. Hemos llamado a este equipo el “Equipo Moudoor”, por el nombre del troyano que utilizan. “Moudoor” es un troyano de puerta trasera que el equipo utiliza con libertad, sin preocuparse por ser descubierto por las empresas de seguridad. Un segundo equipo actúa como una unidad de operaciones especiales, personal de élite, que se dedica a los blancos más valiosos o más resistentes. El equipo de élite usa un troyano llamado Naid y por eso nos referimos a él como “Equipo Naid”. A diferencia de “Moudoor”, el troyano “Naid” se usa moderadamente y con cuidado para evitar detección y captura. Funciona como un arma secreta que solamente se utiliza cuando fallar no es una opción.

Según nuestra investigación, desde 2011 el grupo realizó al menos seis campañas importantes, de las cuales la más notable es la campaña de ataque VOHO descubierta a mediados de 2012. Lo especialmente interesante de este ataque fue el uso de la técnica de “watering hole” y que se comprometió la infraestructura confiable de registro de archivos de Bit9. La campaña VOHO tenía como objetivo final atacar contratistas de defensa de los Estados Unidos cuyos sistemas estuvieran protegidos por el software de seguridad basado en archivos confiables de Bit9. Cuando el progreso de los atacantes de “Hidden Lynx” se vio bloqueado por este obstáculo, reconsideraron sus opciones y descubrieron que la mejor manera de esquivar la protección era comprometer el propio centro de la protección y usarlo para sus propósitos. Así que eso fue exactamente lo que hicieron cuando dirigieron su atención a Bit9 y atravesaron sus sistemas. Una vez adentro, los atacantes rápidamente encontraron el camino a la estructura de registro de archivos que era la piedra fundamental del modelo de protección de Bit9 y luego usaron el sistema para registrar una serie de archivos de malware, mismos que después se usaron para vulnerar a los blancos planeados.

Para aquellos interesados en obtener más información sobre esta investigación, hemos publicado un informe que describe al grupo y los ataques que han realizado.

También compartimos a continuación una infografía con datos clave sobre el prolífico grupo “Hidden Lynx”.

E3292280-HiddenLynx-Infographic.png

Symantec VIP Mobile Push Demo

0
0

We are very excited to demo this cool feature from Symantec VIP, called VIP Mobile Push Authentication. This feature will allow users to get access to resources protected with Symantec VIP  Authentication, with just ONE click. Besides ease of use, it helps avoiding usual errors caused due to manual entry like typing in wrong passcode. 

Instead of going through complex workflow charts to understand how it all works, you can see a demo  :

 

 

 

Connect Dev Notes: 18 September 2013

0
0

Updates deployed to the Connect production servers as a result of the code sprint that ended 17 September 2013.

User Facing: Desktop

  • Fixed an issue where the Search and the RSS Builder were returning a slightly different number of results from the same criteria.
  • Fixed an issue with blog posts that were hosting images with an ampersand (&) as part of the file name that was causing the image to not display in RSS feeds.

Admin Facing

  • Modified the system that imports user Certifications and Accreditations to allow for configurable email addresses. This gives us the ability to add or remove management who would like to be notified each time the import script completes.
  • Modified the group list (on the add/edit forms) to use a list box (when being viewed by an administrator) instead of the standard group list with checkboxes. Since admins see all 400+ groups on Connect, scrolling to the submit button can take its toll.
  • Created a script that allows us to house clean our Solr search index and remove posts that have been deleted from Connect but for some reason or another still exist in our search index.
  • Added beta code for the next version of Connect to our working codebase to give our developers access to the new tools.

Behind the Scenes

  • Fixed an issue with a Solr search query that was showing up in our error logs. The error was being caused by code that allows users to request an email notification based on a saved search.

SEO Wins

  • Added code that communicates with Adobe's Site Catalyst analytics system to determine old content that can/should be removed programmatically from Connect's xml sitemap.

Hidden Lynx and MSS protection

0
0

On Tuesday September 17, 2013, Symantec’s Security Response organization published a whitepaper report and blog on Hidden Lynx, a Chinese APT group of professional hackers with advanced capabilities.  Evidence suggests that Hidden Lynx is a Chinese state sponsored hacker group with affiliations to “Operation Aurora”.  This group was responsible for the compromise of security firm Bit9’s digital code-signing certificate, used to sign 32 pieces of malware.  They have been involved in a number of operations over the last four years. 

The group offers a “hackers for hire” operation that is tasked with retrieving information from a wide range of corporate and government targets.  They are a highly efficient team who can undertake multiple campaigns at once, breach some of the world’s best-protected organizations, and can quickly change their tactics to achieve their goal. 

They usually attack using multiple customized Trojans designed for specific purposes.  Backdoor.Moudoor is used for larger campaigns and has seen widespread distribution, while Trojan.Naid is reserved for special operations against high value targets.  The group uses cutting-edge attack techniques which makes this team stand out from other major attack groups.  Symantec has been tracking this group since 2009.

THREAT DETAILS:

The Hidden Lynx group has been in operation since at least 2009 and appears to be a professional organization that offers a “hackers for hire” type service. They have the capability to attack many organizations with concurrent running campaigns. They operate efficiently and move quickly and methodically. Based on these factors, the Hidden Lynx group would need to be a sizeable organization made up of between 50 and 100 individuals. The members of this group are experts at breaching systems.

Their method for exploitation and pay-to-order targeted attacks involve a two-pronged strategy using two Trojans designed for each purpose:

·         Team Moudoor distributes Backdoor.Moudoor, a customized version of “Gh0st RAT”, for large-scale campaigns across several industries. The distribution of Moudoor requires a sizeable number of people to both breach targets and retrieve the information from the compromised networks.

·         Team Naid distributes Trojan.Naid, the Trojan found during the Bit9 incident, which appears to be reserved for more limited attacks against high value targets. This Trojan was leveraged for a special operation during the VOHO campaign and is probably used by a specific team of highly skilled attackers within the group. This Trojan was also found as part of “Operation Aurora” in 2009.

Much of the attack infrastructure and tools used during these campaigns originate from China. The group makes use of regular zero-day exploits. They are methodical in their approach and they display a skillset far in advance of some other attack groups also operating in that region, such as the Comment Crew (also known as APT1). The Hidden Lynx group is an advanced persistent threat that is breaking into some of the best-protected organizations in the world. With a zero-day attack already under their belt in 2013, they continue to operate at the leading edge of targeted attacks.

MOTIVATION

This broad range of targeted information would indicate that the attackers are part of a professional organization. They are likely tasked by their consumers with obtaining very specific information that could be used to gain competitive advantages at both a corporate and nation state level.

Corporate Espionage

The financial services sector has been identified as the most heavily targeted industry overall. There is a tendency to target specific companies within this sector. Investment banks and asset management agencies account for the majority of organizations targeted within this industry.

Attacks against Government Contractors

In attacks that have targeted all levels of government from local to national level, this group has repeatedly attempted to infiltrate these networks. Attacks against government contractors and, more specifically, the defense industry indicate that the group is in pursuit of confidential information and suggests that the group had been working for other nation states.

WHAT ARE THEY CAPABLE OF?

The Hidden Lynx group’s advanced capabilities are clearly demonstrated in three major campaigns. In the VOHO campaign, they showed how they could subvert Bit9’s established trust models. In the FINSHO campaign, they managed to get advanced knowledge of a zero-day exploit. In the SCADEF operation, they undertook supply chain attacks in their campaign.

IMPACT:

Despite the exposure of the Hidden Lynx Chinese APT Hacker group, Symantec believes they will continue their activities. Symantec will continue to monitor activities and provide protection against these attacks. We advise customers to use the latest Symantec technologies and incorporate layered defenses to best protect against attacks by groups like Hidden Lynx.

SOC DETECTION CAPABILITIES:

For customers with MSS IDS/IPS Security Management services, vendor-based signatures will be automatically deployed, as per the vendor’s recommendation.  If you would like further information regarding the signature states on your devices, or would like to request the activation of a specific signature, please contact support@monitoredsecurity.com.

For customers with monitor-only IDS/IPS devices, Symantec MSS stands ready to provide security monitoring for these vulnerabilities once your IDS/IPS vendor releases signatures and those signatures are enabled on your monitored devices.

COMPONENTS AND DETECTION

·         Backdoor.Moudoor – MSS Detection

[MSS URL Detection] Backdoor.Moudoor Command and Control Communications

·         Backdoor.Moudoor – Vendor Detection

Symantec SEP/AV - Backdoor.Moudoor

·         Trojan.Naid – MSS Detection

[MSS URL Detection] Possible Trojan.Naid HTTP Request (Vector: CVE-2013-1493)

[MSS URL Detection] Trojan.Naid Malware Callbacks

·         Trojan.Naid – Vendor Detection

Symantec SEP/AV - Trojan.Naid

·         Trojan.Hydraq – MSS Detection

MSS Hot IP Detection - Possible Trojan.Hydraq Traffic

MSS Hot IP Detection - Trojan.Hydraq C&C Server

MSS Hot IP Detection - Trojan.Hydraq Data Exfiltration Site

MSS Hot IP Detection - Trojan.Hydraq Traffic

·         Trojan.Hydraq – Vendor Detection

SSIM - Possible Hydraq Activity

Symantec SEP/AV - Trojan.Hydraq

Snort/SourceFire - Trojan.Hydraq - Beaconing activity

·         Trojan.Hikit – MSS Detection

[MSS URL Detection] Backdoor.Hikit Command and Control Communications

·         Trojan.Hikit – Vendor Detection

Symantec SEP/AV - Trojan.Ascesso

·         Backdoor.Vasport – MSS Detection

[MSS URL Detection] Backdoor.Vasport Command and Control Communications

·         Backdoor.Vasport – Vendor Detection

Symantec SEP/AV - Backdoor.Vasport

·         Backdoor.Boda - MSS Detection

[MSS URL Detection] Possible Backdoor.Boda (“LadyBoyle”) Request to Command and Control

·         Backdoor.Boda – Vendor Detection

Snort/SourceFire - ET CURRENT_EVENTS Adobe Flash Zero Day LadyBoyle Infection Campaign

·         Symantec Endpoint Protection (SEP) IPS Signatures:

CVE-2011-3544:

Web Attack: Oracle Java Rhino Script Engine CVE-2011-3544 3 detected

Web Attack: Oracle Java Rhino Script Engine CVE-2011-3544 attack blocked

CVE-2012-1875:

Web Attack: MSIE Same ID Property CVE-2012-1875 attack blocked

            

CVE-2012-1889:

Web Attack: MSIE MSXML CVE-2012-1889 2 attack blocked

Web Attack: MSIE MSXML CVE-2012-1889 3 detected

Web Attack: MSIE MSXML CVE-2012-1889 detected

               

CVE-2012-1723:

Web Attack: Java CVE-2012-1723 RCE 2 detected

Web Attack: Java CVE-2012-1723 RCE attack blocked

Web Attack: Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability 3 attack blocked

Web Attack: Oracle Java Type Confusion Attack CVE-2012-1723 4 detected

               

CVE-2013-1493:

Web Attack: Java CVE-2013-1493 RCE 2 attack blocked

Web Attack: Java CVE-2013-1493 RCE attack blocked

                               

·         McAfee AV: Viral Signatures:

                               

CVE-2012-1723:

Java/CVE-2012-1723

Java/CVE-2012-1723!jar

Java/CVE-2012-1723.CSU

 

MITIGATION STRATEGIES AND RECOMMENDATIONS:

 

·         Symantec recommends customers use a layered approach to securing their environment, using the latest Symantec technologies including Enterprise-Wide security monitoring from Edge to Endpoint.

·         In the case of technologies not monitored/managed by MSS, ensure all signatures are up to date, including endpoint security systems.

·         Ensure all operating systems and public facing machines have the latest security patches, and antivirus software and definitions up to date.

·         Ensure systems have a running firewall, unnecessary ports are closed/blocked, and all unused services are disabled.

·         Ensure that your staff is educated on Social Engineering and Phishing techniques.

 

WHAT TO EXPECT FROM MSS:

 

Symantec MSS SOC security analysts will continue to diligently monitor, analyse, and validate any events indicative of Hidden Lynx activity:

 

·         Possible or suspect activity may be notified at a lower severity

·         MSS will continue to perform ongoing refinement of detection

·         MSS will continue to reach out to clients that may have had historical indicators of compromise unveiled due to new data

 

Please note Symantec MSS stands ready to provide security monitoring for these vulnerabilities once your IDS/IPS vendor releases signatures and those signatures are enabled on your monitored devices. Thanks and appreciation to the Global Intelligence Network’s analysis team for all their hard work in creating the wealth of information regarding this threat.

標的型攻撃で見つかった Internet Explorer の新しいゼロデイ脆弱性

0
0

9 月 17 日、Microsoft 社は Internet Explorer の新しいゼロデイ脆弱性「Microsoft Internet Explorer のメモリ破損の脆弱性」(CVE-2013-3893)に関するセキュリティアドバイザリを公開しました。アドバイザリによると、この脆弱性によってメモリが破損する場合があり、攻撃者はそれを悪用して任意のコードを実行できる可能性があります。この攻撃は、脆弱性を利用して特別に細工した Web サイトにアクセスするようユーザーを誘うことによって実行されます。Microsoft 社によれば、現時点でこの脆弱性の悪用が確認されているのは少数の標的型攻撃に限られるということです。

Microsoft 社はこの脆弱性に対するパッチをまだリリースしていませんが、セキュリティ更新プログラムが利用可能になるまでの回避策として、一時的な「Fix It」ツールを提供しています。シマンテックは、製品をお使いのお客様を Internet Explorer のこのゼロデイ脆弱性から保護するために、以下の保護対策を提供しています。

ウイルス対策

侵入防止システム

シマンテックは、最善の保護対策を提供できるように、この攻撃の調査を続ける予定です。いつものように、最新のソフトウェアパッチを適用してシステムを最新の状態に保ち、疑わしい電子メールは開かないようにすることをお勧めします。また、このような攻撃から保護するために、シマンテックの最新技術をお使いいただき、シマンテックのコンシューマ向けまたはエンタープライズ向けの最新ソリューションを導入してください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Enable Symantec VIP 2-factor authentication on SalesForce.com with Microsoft ADFS

0
0

Michael Olsen from Symantec VIP team shows on a whiteboard, how to easily integrate Symantec VIP with SalesForce.com using ADFS as user store.

Where are all the Women in Technology?

0
0

Everyone wants to know where the women are in technology and what can be done to draw them to the field. What is the magic solution? At Symantec, we’re taking on the challenge of attracting more women to technology from a variety of angles.

We start when they’re young by encouraging not only girls but all children to study STEM subjects – science, technology, engineering and math – in grade school and college, and to pursue STEM as a career. We believe providing STEM education to children and young adults is a business imperative in order to build a diversified and innovative workforce for the future.

Symantec puts its money where its mouth is. According to our FY13 Corporate Responsibility Report , 46 percent of our corporate giving in FY13 went toward education, which largely includes STEM initiatives.

If we can encourage more women to consider STEM professions, we’ll be doing the U.S. economy a favor. We’ll help fill the STEM shortage in this country and put women in jobs where they’ll earn 33 percent more than women in non-STEM jobs, according to National Center for Women & Information Technology (NCWIT).

Despite more job opportunities and better pay, why aren’t more women going down the STEM road? This conundrum has been discussed over and over. According to a 2012 CNET Women in Tech panel, it’s because women need more role models – not just those like Marissa Mayer or Meg Whitman, but also women executives who are approachable in everyday situations.

That’s where the Symantec Women’s Action Network (SWAN) comes in. It provides a comfortable networking environment where women can build relationships and share information with other women of all levels throughout the company. At Symantec, you’ll see a good proportion of women in leadership roles. We’re proud that the number of women in leadership at Symantec is up from 25 percent to 27 percent, matching the 27 percent of overall employees who are women.   

These numbers are consistent with women’s representation in the tech industry as a whole. Women make up 57 percent of the professional occupations in the U.S. workforce, but only 26 percent of those in the computing workforce are female (according to NCWIT). To increase the number of women in leadership and technical positions at the company, Symantec has committed to a proactive, deliberate approach to create systemic change.

We have an active recruitment program aimed at getting more women in the door. Symantec participates in diversity events, university relations, internal mentoring and other similar strategies intended to attract qualified women– as well as other minorities – to seek employment in positions with Symantec. For example, Symantec has sponsored the TechWoman program (an initiative of the U.S. Department of State’s Bureau of Educational and Cultural Affairs (ECA)) since its first year, supporting professional mentorship and exchange programs for women in IT from the Middle East and North Africa. All of these programs help us to build a diverse pool of qualified individuals from which to select the very best talent.

We have also built strong relationships with our nonprofit partners including NCWIT, the Anita Borg Institute and the San Francisco Gender Equity Challenge.

Read more about our efforts to address the shortage of women in technology in our newly released Corporate Responsibility Report and on our Corporate Responsibility web page.

 

Charmy Ruparel is Symantec's Program Manager, Diversity and Inclusion.


Symantec 4.0 goes Va Va Voom on Verticals

0
0

As mentioned in Phil’s blog last week, he has asked me to give you a little more insight in to the Verticals focus as part of Symantec 4.0.   Here at Symantec, we understand the strategic importance of the Vertical markets and as part of the transformation, there is now a dedicated Global & Vertical Offerings Integration team.  This team is focused on ensuring the right offerings for our customers across the verticals along with making certain we are addressing new routes to market in order to evolve our go-to-market strategy.

Many of you will know that Steve Bennett communicated earlier this year that there will be four verticals that we are going to focus on namely: Telco, Public Sector, ISPs and XaaS.  We will also continue to focus on other industries such as Healthcare, Manufacturing, Finance and Energy, all verticals where we have seen success over the years.   

For now, why don’t you take a look at these short videos where our experts share some insights on how we at Symantec address some of the vertical industries:

Symantec also has some great success stories with customers including the Ghent University Hospital, Bridgend County Borough Council, NASDAQ OMX Group and Boeun County.  More customer success stories can be found here.

If you are interested in finding out more about Symantec’s vertical offerings or require a briefing, please contact me at: caroline_dennington@symantec.com

Breaking Bad Fans Targeted in Twitter List Spam

0
0

On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.

Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.

A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.

Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
 

Breaking Bad 1.png

Figure 1. Twitter spam account for Breaking Bad
 

This weekend, the penultimate episode of Breaking Bad, “Granite State,” will air. The show has received a lot of buzz and fans, like myself, have eagerly counted the days until Sunday. Spammers are riding the coattails of the show’s popularity in an attempt to trick users into downloading a leaked copy of the next episode.
 

Breaking Bad 2.png

Figure 2. Twitter lists used in Breaking Bad spam
 

Twitter list spam starts off with being added to a list along with thousands of other users.  Usually, this type of spam requires you to visit the list creator’s page to see the spam link. In this case however, the link is presented in the list description.
 

Breaking Bad 3.png

Figure 3. Pastebin contains links to file hosting services
 

The URL leads to Pastebin, which contains links to different file hosting services for downloading the episode.
 

Breaking Bad 4.png

Figure 4. File hosting services hosting an episode of Breaking Bad
 

The file hosting services contain a 280MB file for the user to download. Additionally, users can opt to download a torrent file to use peer-to-peer downloading to obtain the episode.
 

Breaking Bad 5.png

Figure 5. File contained within the archive
 

Once downloaded, there are two files in the Zip: a text file named “How To Open – READ FIRST.txt” and a large file (nearly 300MB).
 

Breaking Bad 6.png

Figure 6. Readme text file contains a shortened URL
 

In order to open the large file, users are instructed to download the latest version of 7-Zip. The link directs users through an affiliate program, which is how scammers make money. The affiliate program directs users to an installer that comes bundled with other applications. Users can choose not to install these applications.
 

Breaking Bad 7.png

Figure 7. Breaking Bad season 5, episode 12
 

Ultimately, installation of this file is unnecessary as the video file can be opened in any media player. Unsurprisingly, the downloaded episode is from earlier this season.
 

Breaking Bad 8.png

Figure 8. Reporting spam account to Twitter
 

Twitter list spam is a new trend, one that is gaining quite a bit of traction. If you find yourself added to a Twitter list, you can remove yourself from the list by reporting the user that added you.

OVStoreSize Percentage / Vault Cache Size Limits in Enterprise Vault

0
0
Although products like Enterprise Vault offer the idea of 'unlimited' archiving, there are still several limits that an administrator or consultant should consider when it comes to deploying Enterprise Vault. One of the options available in the Enterprise Vault Desktop Policy is the ability to set the OVStoreSize as a percentage.  OVStoreSize is the way to set the size limit of Vault Cache.  
 
As can be seen below it can be set in two ways:
 
2013-09-15_18h25_25.png
 
Maximum Size
 
The first way is a specific maximum size.  If set to 5 Gb, then the Vault Cache will not grow beyond 5 Gb.  Someone with an archive which is bigger than this will get the 'newest' 5 Gb, with things slowly sliding along, newer data pushing out older data.
 
Percentage Size
 
The second way is a percentage size.  This size is the percentage of free disk space at the time that Vault Cache is setup.  Sometimes people think that it is the percentage of the size of the archive - but that's not the case.  
 
Using the percentage mechanism allows more flexibility but at the 'cost' that people don't end up with a standard size of Vault Cache-ness, and it adds another step to the troubleshooting process.  Sometimes people have different mechanisms in different desktop policies applied to different groups of users.
 
Do you set limits in the Vault Cache Size?
 

 

How to find the process recalling a placeholder

0
0
Sometimes in order to figure out what is happening in Enterprise Vault FSA it might be necessary to determine which process is recalling items. What I mean is that you might see some sort of mass recall issue, where lots and lots of items are constantly being turned back from placeholders to full-fat items, and, you want to know why!
 
The way to determine what is recalling the placeholders is to perform a DTrace of the EVPlaceholderService, perform a recall (or leave things running for a while if something is mass-recalling items) and then review the DTrace. In detail then we would:
 
1. Login to the file server that is hosting the Enterprise Vault placeholder service.
2. Open an elevated command prompt
3. Go to the EV Program Files folder
4. Launch DTrace (by typing dtrace, and then return)
5. Do: set EVPlaceholderService V
6. Do: log c:\temp\who-is-it.log
7. Maybe, depending on how busy your file server is, do the command MON, just for a little while so you can see things working.
8. On a desktop/laptop machine, open Windows Explorer, and browse to the share (or one of the shares) that is on the file server that was just configured for tracing.
9. Open 1-2 placeholders of different file types
10. Check that MON is showing something.
11. Review the trace.
 
In the trace you should see things like this:
 
210  10:58:50.568 [3,844] (EvPlaceholderService) <2848> EV:M Filter message event signaled [WAIT_OBJECT_0 + 1]

211  10:58:50.568 [3,844] (EvPlaceholderService) <2848> EV:M [EvRequestArchivedFile] Queueing placeholder request for file: C:\source\EV 2007 ReadMeFirst_EN.htm

212  10:58:50.584 [3,844] (EvPlaceholderService) <2848> EV:L {RequestArchivedFile::RequestArchivedFile} (Entry)

213  10:58:50.584 [3,844] (EvPlaceholderService) <2848> EV:L RequestArchivedFile::RequestArchivedFile Caller SID is S-1-5-21-2561182712-3591106754-569776174-500

214  10:58:50.584 [3,844] (EvPlaceholderService) <2848> EV:M WorkItem::GetExeName: Trying to get the .exe name for pid: 3888

215  10:58:50.584 [3,844] (EvPlaceholderService) <2848> EV:M WorkItem::GetExeNameUsingPHHelper: entry - PID:3888

216  10:58:50.600 [3,844] (EvPlaceholderService) <2848> EV:M WorkItem::GetExeNameUsingPHHelper: exit - PID:3888, exe name:iexplore.exe

217  10:58:50.615 [3,844] (EvPlaceholderService) <2848> EV:M WorkItem::GetExeName: The .exe name for for pid: 3888 is iexplore.exe

218  10:58:50.615 [3,844] (EvPlaceholderService) <2848> EV:L {RequestArchivedFile::RequestArchivedFile} (Exit) Status: [Success]

219  10:58:50.615 [3,844] (EvPlaceholderService) <2848> EV:L {CQueue::EnQueue} (Entry)
 
That can be helpful to see what is recalling files, though of course you might have to leave the trace running for some time in order to see the mass-recall effects.  You might also see that the PID can't be resolved to a process.  In my testing this was always the case when the recall was happening from a different machine, rather than the local file server...  your testing results may differ!
 

『ブレイキング・バッド』のファンを狙う Twitter リストスパム

0
0

AMC の人気テレビドラマ『ブレイキング・バッド』のファンは、シリーズ最高の評価を得たエピソードの放映直後から、同作についてツイートすると新たな手口の Twitter スパムに狙われるようになっているようです。

これまで何年間も、スパマーや詐欺師は Twitter の返信機能を悪用してきましたが、今度は Twitter ユーザーの注目を引く新しい方法を探してきました。現在使われている最も新しい手口は、リストスパムと呼ばれるものです。

Twitter のリストは、Twitter ユーザーが集約されたグループで構成され、ユーザーは自分でリストを作成したり、他のユーザーが作成した既存のリストを購読したりできます。スパマーは、この機能を利用して Twitter ユーザーの注意を引き付けようとしているのです。

最近の Twitter リストスパムでは、有名人の電話番号から無料のギフトカード、デバイス、テレビゲームまで、さまざまなワナが使われています。
 

Breaking Bad 1.png

図 1.『ブレイキング・バッド』を悪用する Twitter スパムアカウント
 

この週末には、『ブレイキング・バッド』の今シーズン最終話直前のエピソードである「Granite State」が放映されます。『ブレイキング・バッド』は非常に好評で、筆者のようなファンは放送日である日曜日を指折り数えて待っています。スパマーはその人気に便乗し、ユーザーを欺いて次回エピソードの海賊版コピーをダウンロードさせようと試みます。
 

Breaking Bad 2.png

図 2.『ブレイキング・バッド』スパムで使われている Twitter リスト
 

Twitter リストスパムは、すでに多数のユーザーが登録されているリストに登録されるところから始まります。このタイプのスパムでは、リスト作成者のページにアクセスしてスパムリンクを閲覧する必要がありますが、今回はリストの説明文中に URL が示されています。
 

Breaking Bad 3.png

図 3. Pastebin にファイルホスティングサービスへのリンクが記載されている
 

その URL は Pastebin にリンクしており、そこに別のファイルホスティングサービスへの URL が記載されていてエピソードをダウンロードできるようになっています。
 

Breaking Bad 4.png

図 4.『ブレイキング・バッド』のエピソードがアップロードされているファイルホスティングサービス
 

このファイルホスティングサービスに、ユーザーがダウンロードできる 280MB のファイルがあります。また、P2P ダウンロードを使ってエピソードを入手するための torrent ファイルをダウンロードするオプションも使えます。
 

Breaking Bad 5.png

図 5.アーカイブに含まれているファイル
 

ダウンロードした Zip には、2 つのファイルが含まれています。「How To Open – READ FIRST.txt」という名前のテキストファイルと、サイズの大きいファイル(300MB 近い)です。

Breaking Bad 6.png

図 6. Readme テキストファイルに短縮 URL に記載されている
 

大きい方のファイルを開くために、ユーザーは最新バージョンの 7-Zip をダウンロードするように指示されます。そのリンクからは、アフィリエイトプログラムを通じてサイトに誘導されます。詐欺師が金銭を獲得する仕組みは、これだったのです。アフィリエイトプログラムは、他のアプリケーションにバンドルされているインストーラにユーザーを誘導しますが、ユーザーはそのアプリケーションをインストールしない選択もできます。
 

Breaking Bad 7.png

図 7.『ブレイキング・バッド』シーズン 5、エピソード 12
 

最終的にこのファイルのインストールは必要ありません。ビデオファイルは他のメディアプレイヤーでも再生できるからです。また、結局ダウンロードされるのは、このシーズンの前半のエピソードですが、これも特に驚くことではありません。
 

Breaking Bad 8.png

図 8. Twitter 社にスパムアカウントを報告
 

Twitter リストスパムは新しいトレンドですが、急速に広まりつつあります。自分が Twitter リストに追加されていることがわかった場合には、そのリストを所有しているユーザーを報告すれば、リストから自分を削除することができます。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Craigslist SMS Spam Scam, with a Twist

0
0

While Craigslist has always been a favorite social engineering theme for scammers, Symantec has identified another on-going SMS spam campaign abusing Craigslist’s popularity. The scam tricks users into installing free and legitimate open source software on their PC by leveraging phone numbers posted on Craigslist ads. The software comes bundled with additional software that will allow scammers to make money through affiliate programs. 

craigslist_sms_spam_scam02.gif

FigureHow the SMS spam redirects users to download open source software

The first stage of the scam involves the victim receiving an SMS text message on their device. Online research suggests that the scammers are harvesting phone numbers directly from online Craigslist postings for this scam campaign. The sale of spamming and harvesting tools, which automate the harvest of phone numbers, is common on underground forums.

When a user follows the link provided in the SMS sent to them they are informed: "Device not compatible. Please view from a desktop or laptop computer." If a user then navigates to the link from their PC, they are informed that they need to install the GIMP Viewer legitimate open source software). Attempting to install GIMP does not take the user to the official GIMP website, but instead to a different website offering to install GIMP with the option to install several other pieces of software. If the additional software is installed, the scammers make money from affiliate commissions.

In this scam users are being tricked into installing unwanted software onto their computers and affiliate programs are being abused by scammers. The scammers could also easily switch tactics and trick victims into installing malware on their computers.

To avoid being a victim of this and other scams, be cautious when receiving any unsolicited SMS text messages and avoid downloading and installing any type of software unless it comes from an official and reputable site. Symantec also recommends users everywhere install a mobile security app and desktop antivirus protection, such as Norton Mobile Security and Norton antivirus.

Enterprise Vault StorageCrawler issue with Calendar Items

0
0

I know that Enterprise Vault has to deal with ALOT of different messages generated by many, many different systems. I know it's archiving for example from an Exchange server, but there are countless service packs and hotfixes available even for 'recent' versions of Exchange. On top of that though there is a huge amount of mail that will be stored in Exchange which won't have been generated in Exchange. It could have been generated by one of tens of thousands of email systems around the world. And I'm not talking installations (there are probably millions in total) - I'm talking of products, and versions.

Yet knowing all this it does worry me when I see technotes like this one:

http://www.symantec.com/docs/TECH210783

.. especially as it only seems to apply to Enterprise Vault 10.0.4, the latest incarnation of Enterprise Vault. It's worrying because it means that 'something' has changed that breaks the processing of these types of messages. It's doubley worrying that it means that all available disk space will eventually be consumed.  And it's tripley worrying that there is no fix, yet.

Keep an eye on the technote is my advice !


CWoC Patch Trending SiteBuilder v12 just released!

0
0

I have just released version 12 of the Site Builder on the Connect download [1]/

Here's the shortlog I added to the download:

Version 12 is here with massive amount of changes. A full release note article will be published soon, but here's a short list of additions / improvements:

  • All dates are not ISO based and displayed on the graphs using the MMM dd (for example 2013-07-14 is displayed Jul 14)
  • We have a new site layout that lists all Microsoft bulletins by month, all the way to January 2009
  • We now have a site map listing all generates pages and sub-pages
  • Headers (linked or not) were on all stub pages
  • A navigation tool allow the suer to quickly go back home, to the sitemap or help center
  • A help center (empty for now)
  • We filter out superseded / inactive updates / bulletins from the site
  • We added a Compliance by Computer page that use a range selector
  • We have used the same range selector in the bulletin / update page (getbulletin.html).

For a test drive, you can go to the sample site that was updated as well:

http://patchtrending.15-cloud.fr/sample-site

And in case you want to see the changes in-situ, you can check the version 11 of the sample site as well:

http://patchtrending.15-cloud.fr/sample-site-v11

[1] {CWoc} Patch Trending SiteBuilder

Craigslist を悪用する SMS スパム詐欺

0
0

Craigslist はこれまでも常に、詐欺師が好んでソーシャルエンジニアリングに使う題材でしたが、シマンテックは同サイトの人気を悪用する新たな SMS スパム活動が発生していることを確認しています。この詐欺は、Craigslist の広告に掲載されている電話番号を悪用して、ユーザーを欺いて無償で正規のオープンソースソフトウェアをコンピュータにインストールさせます。このソフトウェアには別のソフトウェアもバンドルされており、詐欺師はこれを利用してアフィリエイトプログラムによって金銭を獲得します。

craigslist_sms_spam_scam02.gif

図. SMS スパムによってリダイレクトされたユーザーがオープンソースソフトウェアをダウンロードさせられる仕組み

この詐欺の第 1 段階では、被害者のデバイスに SMS のテキストメッセージが送信されます。オンラインの調査によると、詐欺師は Craigslist サイトの投稿から電話番号を直接収集し、この詐欺行為に利用しているようです。電話番号の収集を自動化できるスパムツールや収集ツールはアンダーグラウンドのフォーラムで販売されており、珍しいものではありません。

SMS に記載されているリンクをたどると、「Device not compatible. Please view from a desktop or laptop computer.(デバイスが対応していません。デスクトップまたはラップトップコンピュータで閲覧してください)」という情報が表示されます。指示されたとおりに PC からリンク先にアクセスすると、正規のオープンソースソフトウェアである GIMP Viewer をインストールする必要があると説明されます。GIMP をインストールしようとしても、GIMP の公式 Web サイトには移動しません。代わりに別の Web サイトに移動しますが、そこで提供されている GIMP のインストールでは、別のいくつかのソフトウェアと一緒にインストールするオプションが付いています。こういった別のソフトウェアがインストールされると、詐欺師はアフィリエイトの手数料として金銭を獲得できるのです。

今回の詐欺では、ユーザーを欺いて不要なソフトウェアをコンピュータにインストールさせて、アフィリエイトプログラムプログラムを悪用しているだけですが、詐欺師はいつでも手口を変える可能性があり、被害者を騙してマルウェアをインストールさせようとするかもしれません。

このような詐欺の被害に遭わないように、迷惑 SMS メッセージを受信した場合には注意してください。また、信頼できる公式のサイト以外からソフトウェアをダウンロードしたりインストールしたりすることは避けてください。どのようなデバイスにも、ノートン モバイルセキュリティノートン アンチウイルスといった、モバイル用のセキュリティアプリや PC 用のウイルス対策ソフトウェアをインストールすることをお勧めします。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Seven Ways a Donation to the Rainforest Alliance can make a Difference

0
0

In its fiscal year 2013, Symantec contributed more than $24 million in cash and software to nonprofits working within its four philanthropic focus areas: science, technology, engineering, and math (STEM) education; online safety; diversity; and environmental responsibility. Over the next few weeks, we will hear from several of our partners on various projects and programs that Symantec is helping to support. Last month, we heard from Acterra, an environmental nonprofit serving Silicon Valley, and a few weeks ago from Edwin Link, Sr. Director of Academic Success, Arts, and Innovation at the Boys & Girls Clubs of America. Today we feature Dresden Joswig from the Rainforest Alliance.

 

This month, the Rainforest Alliance was the proud recipient of a $25,000 donation from Symantec. We thought we’d say “thank you” by sharing a short list of a few of the ways a donation to the Rainforest Alliance helps to protect the planet.

  1. It helps to safeguard endangered species. Rainforest Alliance Certified™ farm and forestry operations and Rainforest Alliance Verified™ hotels abide by strict standards to ensure that local wildlife are protected and their habitats remain intact.
  2. It protects waterways.When logging roads are built and trees are felled, soils can erode into nearby waterways. Similarly, runoff from farms can pollute local water sources. Rainforest Alliance Certified and Verified farms, forests and tourism businesses manage buffer zones (which protect water quality), treat wastewater and implement water conservation practices.
  3. It mitigates the effects of climate change.By keeping forest ecosystems intact, the Rainforest Alliance is helping to protect trees which play a major role in absorbing the greenhouse gases that lead to climate change.
  4. It ensures sustainable livelihoods for millions of forest-dependent families.On Rainforest Alliance Certified farms and forests, owners learn techniques to increase yields and, ultimately, their incomes. Workers are guaranteed a decent salary.
  5. It supports environmental education.The Rainforest Alliance’s educational materials and workshops provide kids, teachers and parents with the information they need to understand fundamental environmental issues and to take action that will help protect our planet.
  6. It promotes conscientious consumption. The Rainforest Alliance works to teach people about the impact of their everyday purchasing decisions and the value of the Rainforest Alliance Certified green frog seal.
  7. It supports local economic development. Sustainable businesses working with the Rainforest Alliance purchase local goods and services, hire locally, and offer training and other outreach programs that contribute to local workforce development and promote prosperity in their local economies.

Want to learn more about the Rainforest Alliance’s work? Explore our website and blog!

 

Dresden Joswig is Communications Assistant at the Rainforest Alliance.

Linux Automation and hardware support

0
0

Today, I'm looking at problem with NS7 inventory.

Whenever Linux automation has a kernel upgrade (which hasn't happened for a while but is about too), one of the steps I do is confirm hardware support. In NS6 I did this by gathering up all the relevent device IDs of the PCI bus for network cards and storage with the following SQL,

 

SELECT * 

FROM   (SELECT Count(*) AS [Card Count], 

               pciid, 

               [device description] 

        FROM   (SELECT LEFT([hardware id], 21) AS PCIID, 

                       [device description] 

                FROM   altiris.dbo.inv_aex_hw_pci_bus bus 

                       JOIN dbo.inv_aex_hw_serial_number hw 

                         ON hw._resourceguid = bus._resourceguid 

                WHERE  class = 'net' 

                       AND [device description] NOT LIKE '@%' 

                       AND [device description] NOT LIKE '%wireless%' 

                       AND [device description] NOT LIKE '%wifi%' 

                       AND [device description] NOT LIKE '%wlan%' 

                       AND [device description] NOT LIKE '%advanced-n%' 

) xxx 

        GROUP  BY pciid, 

                  [device description]) yyy 

WHERE  [card count] > 1 



SELECT * 

FROM   (SELECT Count(*) AS [Card Count], 

               pciid, 

               [device description] 

        FROM   (SELECT LEFT([hardware id], 21) AS PCIID, 

                       [device description] 

                FROM   altiris.dbo.inv_aex_hw_pci_bus bus 

                       JOIN dbo.inv_aex_hw_serial_number hw 

                         ON hw._resourceguid = bus._resourceguid 

                WHERE  class = 'HDC' 

                       ) xxx 

        GROUP  BY pciid, 

                  [device description]) yyy 

WHERE  [card count] > 1 

Where I ignore cards which are just singly instanced in the estate as these are usually from random hardware, unsupported motherboard upgrades and NIC installs. 

From the NS6 Altiris DB, this gives me a list of devices and IDs as shown below,

 

pci_query1.png

 

From this I could extract all the device IDs which I needed to support in my environment (there are caveats, but they're too complicated to go into here). These device IDs I then save to a file on my DS6.9 Deployment Share called ids.txt.

In automation, I can then analyse these device IDs against the hardware support in the linux environment which can be scavenged from the modules pcimap file. The contents of this file id_scan.sh is detailed below,

 

#!/bin/bash
# myids is a windows file which contains a list of the device IDs
# which are required in Linux automation.
#
# The list is newline delimeted, and each line just contains the 4 characters
# that specify the device ID
#
 
myids=/mnt/ds/ids.txt
 
 
IFS=$'\r\n'
mymap=`find /lib/modules -name modules.pcimap`
 
 
  lines=($(cat ${myids}))
  for (( i=0; i<=${#lines[@]}; i++)) 
  do
   myresult=`cat ${mymap} | sed 's/\s\s*/ /g' | cut -d' ' -f 3 | grep "${lines[$i]}"`
   if [ $? -ne 0 ]; then
     echo "NO ${lines[$i]}" 
   fi
   
  done
 
This will flag up any device IDs which are not present in the modules pcimap. I then cross-reference that against my hardware models to check if I'm missing any critical model support in my Linux upgrade (and therefore if I need to go on a driver hunt).
 

That process works fairly nicely, and now I'm transferring this process to the CMS 7.5 inventory.  It turns out that the table Inv_Aex_HW_PCI_Bus no longer exists and the data mapping guide for Inventory solution migrations says I should now refer to Inv_HW_Logical_Device which isn't helpful for this data.

I'm exploring more tables... and not finding the critical data I need of PCI device IDs and device classes. Some of the tables say they have that data as columns, but what they contain so far isn't actually what I understand by these items...

If anyone can prod me in the right direction, please, please don't hesitate to chip in... ;-)

Kind Regards,
Ian./
 
 

 

 

From Seoul to DC: Highlights of Cybersecurity Awareness Month

0
0

October was National Cyber Security Awareness Month, and Symantec published a series of posts on how we're meeting Our Shared Responsibility to secure the Internet. Previous posts included National Cyber Security Awareness Month Turns 10! by Michael Kaiser, Executive Director of the National Cyber Security Alliance, Being Mobile: Best Practices for Keeping Your Child Safe on Mobile Technology by Marian Merritt, Norton Internet Safety Advocate, Is Your Family “Switched On”? by the UK PR team, and more. Today, we conclude this series with a post looking at highlights of our NCSAM activities across the globe.

 NCSAM.jpg

This October marked the tenth annual National Cyber Security Awareness Month (NCSAM). Started as a public-private partnership between the National Cyber Security Alliance (NCSA) and the U.S. Government, the annual event has been adopted by governments and industry around the world with the goal of creating a safer, more secure online environment. Ten years later, the initiative has grown to include more than 300 companies, universities, and organizations. 

Symantec has been a proud member of the NCSA since it was founded, and every year has sponsored and participated in NCSAM activities to promote cybersecurity awareness for individuals, businesses, and organizations.

Because cybersecurity is a major focus of governments around the globe to secure citizens’ data, as well as to protect critical infrastructure systems, Symantec plays an active role in public policy, and partners with many governments to provide training, share threat information, and broaden overall awareness.  Below is a snapshot of just a few of the events the Symantec Global Government Affairs team participated in to support the broader objectives of NCSAM around the world. 

Symantec Participates in Seoul Conference on Cyberspace and Signs MoU with Korea Cyber Terror Response Center

Symantec participated in the Seoul Conference on Cyberspace, a major international summit on cybersecurity which gathered approximately 1,000 delegates from more than 90 countries for discussions on a broad range of cyber issues, including international security and cybercrime. At the conference, we spoke on the Cybersecurity Panel about the importance of public-private partnerships and the distinct roles that governments and industry play. During the same week, Symantec signed a Memorandum of Understanding (MoU) with the Korea National Police Agency’s Cyber Terror Response Center (CTRC). This new partnership establishes a framework for Symantec and the CTRC to increase cyber awareness education and share cyber threat information.

KNPA MoU Signing.jpg

Get Safe Online Week

In partnership with Get Safe Online, a not for profit initiative funded by the UK Government and the private sector, Symantec launched the “Switched On” campaign targeted at parents with the aim of giving them the confidence, information and tools to help their children stay safe online. As part of the campaign, Symantec is providing a consumer telephone hotline where UK residents with online safety concerns can get advice on Internet security and parental controls. In addition, we partnered with the Neighbourhood Watch association to distribute leaflets at meetings where the discussion topic is online safety.

Symantec Co-Hosts Cybersecurity Conference with Bloomberg Government

To cap off the month-long series of events, Symantec and Bloomberg Government partnered to host a cybersecurity conference titled “Cybersecurity:  Risk. Response. Reward.”  The event brought together a wide range of industry and government leaders, including the White House, U.S. Department of Homeland Security, Financial Services Roundtable, and Information Technology Industry Council, for a series of discussions on protecting commerce and markets, public-private partnerships, and  effective cyber strategies. Click to watch a recording of the Bloomberg Government Conference.

Steve Bennett Speaking at Bloomberg.jpg

As a globally connected and shared resource, securing the Internet is a shared responsibility that involves citizens, businesses and governments. While NCSAM is officially designated in October every year, the efforts to raise awareness about cyber security do not begin and end with the month. As the global leader in online and endpoint security, Symantec participates throughout the year in numerous public-private partnership initiatives to address the intersection between cyber security, public policy and technology. 

We hope you will follow these activities online at Symantec's Government Affairs and Corporate Responsibility websites.  

 

Cheri F. McGuire is Symantec's Vice President of Global Government Affairs & Cybersecurity Policy.

Viewing all 5094 articles
Browse latest View live




Latest Images