InfoWorld published the 10 most common security land mines that experts say you need to avoid.

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

And almost all can be done without spending one more dime.

1. A slip of the finger reveals the company secret

2. People give away passwords and other secrets without thinking

3. A trusted partner ends up not being so trustworthy with your data

4. Web-based apps can be portals to leaks and thieves

5. Hoping the worse doesn’t happen only makes it worse

6. Avoiding or diluting response leadership makes breaches worse

7. Handling breach details sloppily tips off the perp

8. Trusting "silver bullet" technology hides real threats

9. Spending unthinkingly wastes resources you might need for important threats

10. Don't save the wrong data

In short, weakest point in ICT technologies is always the same one… guess who ?

The full article is available here on InfoWorld

The attacks on Swiss financial institutes with the aim of unjustified enrichment and the threat of the targeted industrial espionage via the internet are the main topics of the fifth semi-annual report of the Reporting and Analysis Centre for Information Assurance.

The report assesses the situation of the first half of the year 2007 in Switzerland and is now available online and clearly shows that the human factor remains the weakest point of ICT security.

Focus areas of issue 2007/I

• Attacks on Swiss financial services
  "Classic" phishing attacks by e-mail with password requests have decreased substantially in Switzerland. Moreover, all such attacks have been unsuccessful. On the other hand, successful attacks with malware have increased. Two-factor authentication systems (e.g. transaction authentication numbers, SecurID, etc.) do not afford protection against such attacks and must be viewed as insecure once the computer of the customer has been infected with malware.

• Industrial espionage and data theft
  The threat posed by targeted state or private industrial espionage continues. Not only the operators of critical infrastructures, the armament industry, or public authorities are threatened. Medium-sized industrial companies as well as manufacturers of luxury articles and fashion are also being targeted. The attacks are carried out by sending targeted e-mails to individual employees which contain malware in their attachments or links to bogus websites.
• Attacks on web servers:
  malware distribution, phishing, data theft Compromising of web servers has increased. The purpose is to use web servers to distribute malware, such as by drive-by infection, to steal data (especially on commercially used servers), to carry out (interim) storage of data (e.g. in connection with phishing), or to distribute messages that are generally political in nature.
• Malware / attack vectors
  Malware is still usually distributed through e-mail attachments or e-mails with links to bogus websites. Using clever social engineering techniques, the victim is deceived into opening the attachment or clicking on the link. Websites installing malware on the computer without any action by the user (drive-by infections) have heavily increased as an infection vector. Vulnerabilities in the operating system, the browser, or other applications are exploited. For a long time now, this no longer only happens on dubious sites, but also on (compromised) serious and well-known sites. Rates of recognition of malware by anti-virus software remain low.

The complete report is available on Melani website in italian, german, french and english.

A complete and useful list of all Internet risks and related protection measures is also available.

AT&T threaten to disconnect its customers (Def. Customer:someone who pays for goods or services) who may criticized its services on the Internet (blog, others sites, etc..). AT&T customers must accept TOS (Terms of Service) where you can find the following statement on the section "Term & Termination".

5.1 Suspension/Termination. Your Service may be suspended or terminated if your payment is past due and such condition continues un-remedied for thirty (30) days. In addition, AT&T may immediately terminate or suspend all or a portion of your Service, any Member ID, electronic mail address, IP address, Universal Resource Locator or domain name used by you, without notice, for conduct that AT&T believes (a) violates the Acceptable Use Policy; (b) constitutes a violation of any law, regulation or tariff (including, without limitation, copyright and intellectual property laws) or a violation of these TOS, or any applicable policies or guidelines, or© tends to damage the name or reputation of AT&T, or its parents, affiliates and subsidiaries. Termination or suspension by AT&T of Service also constitutes termination or suspension (as applicable) of your license to use any Software. AT&T may also terminate or suspend your Service if you provide false or inaccurate information that is required for the provision of Service or is necessary to allow AT&T to bill you for Service

AT&T also reserves the rights to update or change from time to time the terms of the agreement and apparently without notice. It is the customer's responsibility to regularly check, on their website, to check if terms have changed and if he/she still agrees with them as they become effective immediately after being posted on AT&T website.

This Agreement may be updated or changed from time to time. The current Agreement shall be posted at: www.att.net/legal/tos (“Website”). This site will be updated as changes are made. You agree to visit the Website periodically to be aware of and review any such revisions. All changes shall become effective upon posting of the revised Agreement on the Website. Your continued use of the Service following such notice constitutes your acceptance of those changes. If you do not agree to the revisions, you must terminate your Service immediately.

So, Dear and Cherished AT&T customer, if you really expect to have "The World. Delivered" by AT&T, you rather have to be nice with them. Otherwise…… 

Source: Zataz