“The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity.”

“Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks,” Lamb said. “The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”

GFIRST5: The Five Pillars of Cyber Security: Threat, Vulnerability, Attack & Detection, Mitigation and Reflection. These foundations support the cyber security and incident response community by identifying the core components of incident management. Regardless of what sector you work in, these five pillars provide a framework that must be covered to secure information systems.

The Five Pillars of Cyber Security:

Threat: Collection and analysis of information regarding attacks and/or malware utilized to breach controls in information systems that would otherwise be unavailable to our constituency. Organizations need to understand the threats: who are they, what their intent is, and what capabilities they have. Understanding the threat assists in protecting systems against them and helps organizations prioritize them.

Vulnerability: Providing identification and aggregation of exploitable weaknesses in information systems from an authoritative source. Understanding the vulnerabilities being exploited by attackers is key to planning the release of information and protecting systems. Once the vulnerabilities are understood, they can be prioritized against other vulnerabilities which will assist in determining those that are most important to protect against and mitigate first (i.e. patching). Prioritization allows organizations to release high quality products with the most important, relevant information.

Attack & Detection: Actions used to identify threat activity that exists in a complex, multi-agency, multi-platform environment. Attack & Detection is better implemented once an organization understands the threat and the vulnerabilities being exploited. Once this information is understood, organizations can implement the appropriate detection mechanisms on their systems.

Mitigation: Solutions that contain or resolve risks through analysis of threat activity and vulnerability data which provide timely and accurate responses. Mitigation is the way in which organizations prevent attacks, reduce vulnerabilities and fix systems. Mitigation is sometimes difficult to implement as it is time consuming and tedious, but prioritization coupled with understanding the threats and vulnerabilities assists in forming an effective mitigation strategy.

Reflection: Maturing and developing the defense of critical information systems by compelling or influencing changes in law, regulation, policy, or procedure. Reflection allows organizations to review the threats, vulnerabilities exploited, attacks and overall system posture to implement policy and technology changes that will assist in protecting systems from similar incidents in the future.

Don’t miss your opportunity to hear the latest in cyber security trends and technology plus interact with key industry and government leaders. In an increasingly connected society, building partnerships and strengthening relationships among the incident response and security community are essential to effective response coordination and collaboration – and the 5th Annual GFIRST National Conference is the place to be this summer!

Why Should You Attend?

There are many reasons to attend the GFIRST Conference; benefits include:

* Networking with top information security professionals and government officials
* Hearing expert speakers discuss the latest in cyber security news and trends as seen by government agencies, law enforcement, private sector and academia
* Participating in information-sharing groups on topics such as collaboration methods and incident response practices
* Continuing professional growth with industry peers and keeping abreast of the newest issues, trends, preemptive measures and case studies

Who Should Attend?

The GFIRST Conference is open to all interested in learning more about cyber security and incident response. GFIRST is a great place for public and private sector leaders serving in non-technical roles to become familiar with the fundamentals of cyber security and incident response. GFIRST is also an excellent resource for practitioners in incident response and information security from the public and private sectors to include:

* GFIRST Members
* Cyber Incident Responders
* Chief Information Security Officers
* Chief Technology Officers
* Information System Security Officer
* Information System Security Managers
* Information Technology Directors
* Information Technology Administrators
* Network Administrators
* Cyber Security Experts
* Law Enforcement Personnel Supporting Cyber Security Issues
* Emergency Managers
* Incident Response Directors
* Academia with Cyber Security Specialties
* Cyber Security Association Members
* Computer Forensic Personnel
* Security Engineers
* Software Developers & Managers
* Process Improvement Managers
* Inspector Generals
* Critical Information Infrastructure Owners & Operators
* ISAC Members

What is GFIRST?

GFIRST is a group of technical and tactical practitioners from incident response and security response teams responsible for securing government information technology systems and providing private sector support. GFIRST members work together to understand and handle computer security incidents and to encourage proactive and preventative security practices across government agencies. GFIRST promotes cooperation among the full range of Federal, State and local agencies, including defense, civilian, intelligence, and law enforcement.

What is US-CERT?

The United States Computer Emergency Readiness Team “US-CERT” is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation’s Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. US-CERT is charged with protecting our nation’s Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for:

* Analyzing and reducing cyber threats and vulnerabilities
* Disseminating cyber threat warning information
* Coordinating incident response activities

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

From: “Microsoft Customer Support”
Subject: Update for Microsoft Outlook

Critical Update

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:

http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=860973044736591820463007000000

Quick Details

* File Name: officexp-KB910721-FullFile-ENU.exe
* Version: 1.4
* Date Published: Tue, 23 Jun 2009 07:21:24 -0400
* Language: English
* File Size: 81 KB

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
* This update applies to the following product: Microsoft Outlook / Outlook Express
Contact Us
© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement

The above URL is not the actual link. Hidden in the HTML code it the domain name that the link really take you to –
http://update.microsoft.com.ilfl1i1.net/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=860973044736591820463007003404087″>http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=86097304473659182046300700340000

If you get one of these emails, you should safely clear it from your computer and under no circumstance visit the website. In fact, if you are using a Microsoft based computer and / or email program, you should not open the email.

Los Angeles – Sixty-eight percent of American households play computer or video games, according to new research from the Entertainment Software Association (ESA), which represents U.S. computer and video game publishers. The number of households playing games increased three percent over 2008, illustrating the expanding use of entertainment software across all demographics. The ESA released these findings as part of its Essential Facts About the Computer and Video Game Industry 2009 report during the E3 Expo, the computer and video game industry’s annual trade show.

“This is the new golden age of entertainment software. Our products are now being enjoyed by over two-thirds of Americans,” said Michael D. Gallagher, CEO of the ESA. “As the findings of the 2009 Essential Facts illustrate, more and more Americans across all demographics are now embracing the interactive entertainment experience that computer and video games provide.”
Other findings of the survey include:

* Forty-two percent of American homes have a video game console;
* Adult gamers have been playing for 12 years on average, a decrease from 2008, an indication that more Americans are picking up video game controllers for the first time;
* The average game player is 35 years old;
* Seventy-seven percent of parents believe that the parental controls available in all recent video game consoles are useful;
* Almost half of all games sold (45 percent) are rated ‘E’ for Everyone by the Entertainment Software Rating Board; and,
* Forty-three percent of online game players are female.

In addition, the report includes statistics about the high level of parental involvement in video game play. Sixty-three percent of parents who have children under 18 with a gaming console in the home believe games are a positive part of their children’s lives. Those parents are present when games are purchased or rented 92 percent of the time and report always or sometimes monitoring the games their children play 91 percent of the time.

The research for Essential Facts About the Computer and Video Game Industry 2009 was conducted by Ipsos MediaCT and is the most in-depth and targeted survey of its kind, gathering data from almost 1,200 nationally representative households that have been identified as owning either or both a video game console or a personal computer used to run entertainment software.

The Entertainment Software Association is the U.S. association dedicated to serving the business and public affairs needs of companies publishing interactive games for video game consoles, handheld devices, personal computers, and the Internet. The ESA offers services to interactive entertainment software publishers including a global anti-piracy program, owning the E3 Expo, business and consumer research, federal and state government relations, First Amendment and intellectual property protection efforts. For more information, please visit www.theESA.com.
About E3 ExpoTM

E3 Expo is the world’s premiere trade show for computer and video games and related products. The show is owned by the Entertainment Software Association (ESA), the U.S. association dedicated to serving the business and public affairs needs of the companies, publishing interactive games for video game consoles, handheld devices, personal computers, and the Internet. For more information, please visit www.e3expo.com or www.theesa.com.
About the ESA

The Entertainment Software Association is the U.S. association dedicated to serving the business and public affairs needs of companies publishing interactive games for video game consoles, handheld devices, personal computers, and the Internet. The ESA offers services to interactive entertainment software publishers including a global anti-piracy program, owning the Electronic Entertainment Expo (E3), business and consumer research, federal and state government relations, First Amendment and intellectual property protection efforts. For more information, please visit www.theESA.com.
About IDG World Expo

IDG World Expo (www.idgworldexpo.com) is a leading producer of tradeshows and events for professionals and consumers seeking world-class education, peer-to-peer networking and one-stop comparison shopping. IDG World Expo’s portfolio of conferences and events includes Entertainment For All® (E For All®), E3 Media & Business Summit, LinuxWorld Conference & Expo®, Macworld Conference & Expo®, Next Generation Data CenterTM (NGDCTM) and REVEAL Los Angeles… The Fashion & Design EventTM. IDG World Expo is a business unit of IDG, the world’s leading technology media, research and event company.

Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled for Tuesday, May 12.

US-CERT will provide additional information as it becomes available.

The Safest Web Browser

Mozilla says, “Simply put, your online security is our top priority. Firefox includes strict anti-phishing and anti-malware measures, plus easy ways to tell the good guys from the bad like our new one-click site ID info. And, thanks to our open source process we have thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.”

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

“Any computer connected to the Internet is potentially vulnerable. Getting to the actual infrastructure devices directly — that’s always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.”

There is debate over whether the owner of a compromised computer can be held criminally responsible for allowing their PC to be taken-over.

Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems.

Isn’t it better to have more protection?

Spyware and viruses can interfere with your computer’s ability to process information or can modify or destroy data. You may feel that the more anti-virus and anti-spyware programs you install on your computer, the safer you will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, you may introduce problems.
How can anti-virus or anti-spyware software cause problems?

It is important to use anti-virus and anti-spyware software (see Understanding Anti-Virus Software and Recognizing and Avoiding Spyware for more information). But too much or the wrong kind can affect the performance of your computer and the effectiveness of the software itself.

Scanning your computer for viruses and spyware uses some of the available memory on your computer. If you have multiple programs trying to scan at the same time, you may limit the amount of resources left to perform your tasks. Essentially, you have created a denial of service against yourself (see Understanding Denial-of-Service Attacks for more information). It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software.
How can you avoid these problems?

* Investigate your options in advance – Research available anti-virus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software you may be running on your computer.

* Limit the number of programs you install – Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together. However, if you decide to choose separate programs, you really only need one anti-virus program and one anti-spyware program. If you install more, you increase your risk for problems.

* Install the software in phases – Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, you have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility.

* Watch for problems – If your computer starts processing requests more slowly, you are seeing error messages when updating your virus definitions, your software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check your anti-virus and anti-spyware software.