MIEL Logo

LIVE WIRE !  THE SECURITY NEWSLETTER 

VOLUME 1: January 31, 2007  

WELCOME NOTE                        

Welcome to the first issue of Livewire, the Security Newsletter from MIEL e-Security Pvt. Ltd.

We, at MIEL, wish you a very happy and prosperous 2007!

This Newsletter aims to educate and enlighten the reader with a collection of interesting insights and developments from the industry, and most importantly - to increase the reader's current level of Security Awareness and knowledge.

Just as the famous quote, “Man's mind, once stretched by a new idea, never regains its original dimensions" - Oliver Wendell Holmes, we endeavour to do the same and hope that you will find it a quality read.

 

M. N. Kutty Nair

Chairman and Managing Director

GLOBAL NEWS

IT industry analyst firm, IDC (India), has announced its Top 10 IT Market Predictions for the year 2007, predicts IT spending worth Rs. 75,891 crore in 2007

  • India continues to soar. South Asia’s largest economy will continue to lead the pack as the next IT market opportunity.

  • Dynamic IT to enter Phase 2 in 2007: From Consolidation to Virtualization and Service Oriented Architecture (SOA).

  • Disruption to set in for Small and Medium Business (SMB) focused go-to-market strategies – new delivery and usage models will evolve in 2007.

  • Connectivity, Content and Convergence will run parallel courses, but their real orchestration into a fully evolved ‘digital home’ phenomenon will remain elusive in 2007.

  • Vendors will adopt a ‘productized services’ delivery model in 2007 to achieve standardization and enhance profitability.

  • Internal security concerns will drive the enterprise security solutions market in 2007.

  • Despite huge investments slated for telecom network infrastructure, 2007 will be a year of build-outs rather than rollouts for 3G and WiMAX services.

  • IT retailing to gain momentum, but 2007 will be remembered more as a year of experimentation.

  • Emerging Asia approaches BRIC-like performance.

  • Worldwide IT spending will be marginally higher in 2007, driving vendor risk taking.

Read more: "Source: IDC

http://www.idcindia.com/pdf/IDC's_india_top10_IT_Market_predictions_2007.pdf"

------------------------------------------------------------------------

'Storm' Worm continues surge around the globe

"Storm Worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front. Storm Worm is a Trojan horse with an executable file as an attachment.

Cyber-criminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge. The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.

Storm Worm carries subject lines like "230 dead as storm batters Europe", "U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and...". A new round of Storm worm attacks on January 22nd, featured romance-themed subject lines such as "The Mood for Love" and "I Dream of You."

------------------------------------------------------------------------

Phishing takes on a new form with a new Universal Man-in-the-Middle (MITM) phishing kit

The new Universal MITM phishing kit enables cyber criminals to intercept their victims' credentials submitted to a target site instead of using the conventional phishing technique.

The MITM technology enables fraudsters to sit between prospective marks and legitimate businesses, allowing the fraudster to capture the victims' personal information in real time. Rather just setting up a bogus website that's promoted through spam email that impersonates a bank or an online merchant such as Amazon or eBay in attempt to harvest logins and passwords, crooks set up a fraudulent website as a conduit through a legitimate website to communicate with their victims.

Right now, there is no preventative technology to combat the new MITM phishing kits. The best advice to combat such increasing sophisticated phishing attacks and techniques is to be knowledgeable and extra vigilant when giving out your information.

TIPS TO SECURE YOUR WORKSTATION

ü  Do not share passwords.
 ü  Do not open e-mail attachments from unknown people.
 ü  Lock your desktop when you leave your work area.
 ü Logoff or disconnect from all network systems. Do not leave your computer unattended.
 ü Make periodic backup copies of work from your hard drive or floppy disks that are essential to your business function.
 ü Install anti-virus software, keeping its virus signatures current.
 ü Do not propagate virus hoaxes or chain mail.
 ü Information that is no longer needed should be destroyed.
 ü Beware of shareware; it may contain a virus.
 ü Keep patches current, especially the security related ones.

MIEL NEWSBYTES

NASSCOM shortlists MIEL for the ‘NASSCOM’s IT Innovation Award 2006’ in the Emerging Companies category for its Technology Innovation 'Helios - the anti-malware product'

Helios – a patent-pending technology from MIEL’s R&D labs has been shortlisted by the National Association of Software and Service Companies (NASSCOM) for the ‘NASSCOM’s IT Innovation Award 2006’ for excellence in ‘Product Innovation’ in the ‘Emerging Companies’ category.

Helios, the first Indian next-generation Information Security product, is an anti-malware system that redefines the way you protect your IT systems from malicious software. Using unique detection technology, Helios is able to protect against zero-day and future security threats – today.

Read more: http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=50719

------------------------------------------------------------------------

MIEL's R&D product, Helios, now part of the official curriculum at Georgia Tech University, USA

MIEL's Technology innovation, HELIOS – a patent-pending, first Indian next-generation Information Security product is being currently utilized by Georgia Tech University as part of their official curriculum for their “Internet work Security” course (ECE 4112).

Georgia Tech is consistently rated as among the Top 10 public universities in the United States especially for computer science and engineering.

Helios is being used in the course as a practical lab example of how Behavioural based detection is superior to Signature based detection. The lab course requires the students to install and use Helios to detect a wide range of rootkits and other malware.

Read more:
http://users.ece.gatech.edu/owen/Academic/ECE4112/Fall2006/Projects/Helios.doc
------------------------------------------------------------------------

F I S T, Mumbai Police and MIEL e-Security together launch ‘e-Panchayat’ on 12th January, 2007

The Foundation of Information Security and Technology (F I S T) and Mumbai Police along with MIEL e-Security Pvt. Ltd., one of the largest pure-play Information Security Consulting and Services Companies in India, have launched the world’s first 'e-Panchayat' - a forum to help combat the ever-increasing cyber-crimes in today’s virtual world. The distinctive feature of the service is that it can be virtually attended, through VoIP, the Internet and even through the mobile phone.

Mr. M N Kutty Nair, Chairman and Managing Director, MIEL e-Security Pvt. Limited will be one of the 5 e-Panchs heading the e-Panchayat comprising of eminent industry people.

Read more:

http://www.thehindubusinessline.com/2007/01/13/stories/2007011301811900.htm
------------------------------------------------------------------------

MIEL, the Authorized Training Centre of EC-council in India, starts its own Exam Centre

MIEL, in association with EC-Council, conducts regular programs on Ethical Hacking, popularly known as Certified Ethical Hacking Course (CEH). Taking this endeavour further, MIEL has started its own Exam Centre (web based prometric centre) for CEH (312-50). The Centre is open to all for examinations.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker. To register, contact us today at isti@mielesecurity.com!
 ------------------------------------------------------------------------

MIEL initiates PRISM (Post Graduate Diploma in Information Security Management), to bridge the info-security skills shortage

MIEL recently initiated its own one-year Post Graduate Diploma in Information Security Management (PRISM) – to bridge the demand-supply gap of information security personnel – and is a first-of-its-kind partnership between the industry and academy in this field.

MIEL has partnered with K J Somaiya College of Management Studies and Research in Mumbai (SIMSR) and the International School of Management and Research (ISCOM) in Pune for this purpose. The first batch has commenced courses in January 2007.

Your ideas, suggestions, tips and recommendations are highly valued. Please send us your feedback about our newsletter at marketing@mielesecurity.com, and thank you once again for your continued support of MIEL.

MIEL Logo

Headquartered in Mumbai, with offices across India and with a fully-owned European subsidiary in the UK, MIEL offers its clients in over 15 countries across 4 continents, the benefit of Global reach with Local presence and is among the largest pure-play Information Security Consulting Companies in India.

MIEL has an impressive track record of providing services and solutions to some of the leading names in Banking and Finance, Insurance, Manufacturing, IT and IT Enabled Services, Healthcare, Shipping, Logistics and Government.

| Consulting  |  Technical Services |  Managed Security Services  | Training  |    | Products & Solutions  |  R&D - MIEL Labs  |

MUMBAI  ·  BANGALORE  ·  CHENNAI  ·  HYDERABAD  ·  PUNE  ·  AHMEDABAD ·  LONDON

C - 611 / 612, Floral Deck Plaza, MIDC, Central Road, Andheri (East), Mumbai 400 093.

Tel # : +91 (22) 28215050 | FAX : +91 (22) 28215838 |

Email : Corporate at feelsecure@mielesecurity.com

           Marketing at marketing@mielesecurity.com

www.mielesecurity.com

DISCLAIMER NOTICE:

The information contained in this electronic mail ("e-mail") transmission is intended by MIEL e-Security Private Limited for the use of the named individual or entity to which it is addressed and may contain information that is privileged or otherwise confidential. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee (or a person authorised to deliver it to the named addressee), except as otherwise expressly permitted in this e-mail transmission. If you are not the intended recipient and have received this e-mail transmission by error, please do not read, copy, use, disseminate or disclose this communication to others. Additionally, please notify the sender, by replying to this message or by using the contact details provided herein and then delete this e-mail from your system. To discontinue receiving any more e-mails, please notify the sender of this message by replying to this message by using the subject line as "unsubscribe". Thank you.