Oct 24, 2004 Tel Aviv, Israel - Software Associates and PTA Technologies have announced a partnership to provide advanced software and data security risk models using PTA - Practical threat analysis. Software Associates will develop a line of threat libraries and provide professional services and support to global customers for security and compliance risk assessment.

Contact us today and set an appointment with one of our consultants and we will show you how to save money and produce an effective risk mitigation plan using PTA threat models.

This article will show how threat modeling techniques can make the PCI DSS 1.1 compliance process highly effective for any-sized retailer.

The high profile data breaches at PCI DSS-compliant retailers like Haanaford  underscore the need go beyond compliance and mitigate internal and external threats to customer data.

PCI DSS 1.1, when used wisely, can be more than a compliance checklist - it can be a way for merchants at all levels to protect customer data assets. The question is how merchants can use the PCI Data Security Standard effectively to reduce their data breach risk whether in a self-assessment or in the on-site audit required for Mastercard requirements for merchants .

There has been so much hype from Microsoft and other sources - about which O/S and Web server has a better security track record. It appears that the FOSS community is maturing from an I hate Microsoft mentality to a competitive We have a better product at any time mentality.

The list is composed through cooperation of security experts all over the world, from the Korea Information Security Agency (KISA) and Brasil Telecom to the U.S. Air Force. It seems that all of the top 20 are due to known software defects.

Commercial Spyware applications are a threat to customer data. I've heard that the going rate for a custom spyware application is about 800 Euro.

If you've suspected that spyware has gotten out of hand then you are right; spyware applications are being distributed wholesale by spammers and being used for targeted personal and industrial espionage in order to steal customer data and company intellectual property. Consider four hot spyware trends

• Spyware for Market research. Before we knew the word, we had all those cool Windows BHO's ( browser helper objects ) like Gator and Alexa that tap into your online browsing and e-commerce experience and collect clicks. Too bad they dont pay us for it. Alexa is still around by the way.
• Industrial espionage. A key logger inserted by some spyware was used in the well-publicized case of Microsoft Windows NT source code extrusion from Mainsoft this past year. It is also a great way to see if an employee or husband are cheating on you. In local markets, its still cheaper to pay off the cleaning crew to fish the trash baskets for sensitive information.
• Mass distribution by spambots. Spambots are distributed to millions of PC's and wake up to executed distributed email spam distribution campaigns ($595 for 10 million users) or deliver a customized piece of spyware
• Identity theft, customer data breaches and credit-card theft. The fastest-growing trend in the US and No. 1 concern for US consumers who get thrown to the dogs of their Credit record agencies - Equisys, TUT and the like. Spend the next 6 months getting your life back.

Acoustic Keyloggers - keyboards are like drums.

Do you still have faith in firewalls? Do you still think passwords will protect you? Not so fast: it is now possible to eavesdrop on a typist's keystrokes and, by exploiting minute variations in the sounds made by different keys, distinguish and decipher what is being typed.

Qualys reports this week on two Skype vulernabilities, a Multiple Buffer Overflow and a heap overflow. What is most significant about this, is that Skype is now using CVSS - the Common Vulnerability Scoring system to score it's vulnerabilities and has awarded itself an 8.

The Skype VoIP software official website says that users form a community, a community you might not necessarily want to be a part of. Even when the application is closed Skype remains active in the background consuming precious bandwidth. Installing Skype turns the private user computer into an intersection through which all other Skype users may network.