Data Security Blog

Few days back i was trying to find out some survey on global IT security market for 2008 on google. I came across the website www.itfacts.biz. And here is what i found. Each of the points mentioned below are alarming and must be known to every internet user who care about the security of their data.

$1.7 trillion of assets stored with online brokerages
$12 bln worth of security software to sell in 2010
$28.5 bln will be spent on homeland security in 2007-2011
$4 bln spent globally on antivirus in 2005
$9.1 bln will be spent on IT systems defense tools in 2007
1 mln zombie PCs on the Internet
1 out of every 600 social network profile pages hosts some malware
11% of Americans received a notice that their private data had been compromised
1142 phishing Web sites in October 2004
120 mln credit cards compromised in 2004
13% of companies monitor employee IM activity
15 mln fingerprint readers to ship in 2006
175% more bots in 2005
18 mln phishing attempts recorded, viruses on decline
20% of Dell support calls are spyware-related
22 atacks on P2P networks in October 2005
22% of mobile device owners have lost a device in 2005
23% of corporate networks rely on users applying security patches themselves
27% of movie industry professionals claim to have lost revenues to piracy
28% of women would read boyfriend’s/husband’s e-mails
3.4% had their personal data compromised
30% of Japanese companies monitor employee PC usage
30% of users are not concerned with security threats
30.67% of companies had virus infections, 90% ran antivirus software
30000 Internet-connected zombie networks in 2004
31% of all infections belonged to Sasser virus
32% of malicious Web sites install trojans and unwanted toolbars
32% of phishing sites are hosted in the US
34% of companies do not forbid personal apps on corporate PCs
36% of Asia-Pacific businesses have disaster recovery measures
39% of companies who use remote access, use SSL VPN
39% of corporate employees believe IT departments can prevent spyware and phishing
4% of Brits quit online banking because of security concerns
4% of IT budgets will be spent on security
4% of IT managers do not use anti-virus
40% of IT execs do not monitor databases for suspicious activity
40% of US consumers confident medical organizations can provide adequate security for healthcare records
41 mln US households have had an Internet security problem
44% of consumers do not want to share personal info
44% of IT decision makers name consumer data theft their top priority
44% of online banking users choose the same password for multiple accounts
44% of online banking users choose the same password for multiple accounts
46% are better prepared to access critical data during disaster
49% of companies have no policy regarding instant messaging and peer-to-peer
50% of corporate networks have been compromised
50% of organizations to deploy email security at gateway
50% of the companies have had a data loss in the past 12 months
51% of online Americans aware of the link between the browser and PC security
51% of security officers secure their networks at the edge only
55% of online users have been infected with spyware
56% of small businesses have had a security incident within the past 12 months
58% of IT executives measure security through manual reporting
6,191 keylogging applications published in 2005
6,200 keyloggers out there
60 mln consumer electronics devices to ship with hardware security by 2013
60% of large European companies do not adequately use encryption
62% of PC users run antispyware, only 44% have updated antivirus
62% of PCs scanned by Microsoft had at least one trojan
63% of companies need at least one day to implement a new patch
63% of consumers would pay for biometrics if it provided additional security
64% of IT professionals have end-point security solutions in place
65% of businesses to spend money on anti-spyware
68% of Brits think national ID would relieve identity theft problem
70% of network pros satisfied by network security
70% of online buyers don’t think the merchants are protecting identity information
70% of security dealer revenues currently come from security systems
70% of Web users use an anti-spyware tool
71% support tougher laws to make Internet safer
75% of security spending is going into compliance
75% run anti-spyware tools, 80% suffered from spyware attack
77% of US consumers willing to change banks for better protection policy
78% of Linux users have never had their machines hacked
80% of companies will have IP VPNs by year-end 2005
80% of corporate PCs are infected with adware/spyware
80% of Internet users worried about identity theft
80% of network intrusions go unreported
80% of SMBs are using VPN, 80% think SSL-VPN is too expensive
81% of companies have a cyber security plan
81% of Internet users stopped opening unknown attachments
82% of companies deployed IP VPN
83% of UK companies have been violated online
84% people had their PCs infected with spyware in 2004
86% of insider attacks against the companies come from employees in technical positions
88% of federal government employees received computer security training
88% of PCs have spyware, CoolWebSearch most prevalent
9 bln CDs, DVDs and VHS tapes have Macrovision protection
9% of kids harassed online in 2005
90% of parents believe they are responsible for ensuring online safety for their children
90% of security attacks can be avoided without increase in security spending
90% of UK users try to protect themselves from online threats
90% of Web apps are vulnerable
92% of end-user software companies had security issues
92% of online Americans feel confident about handling credit card fraud
93% of corporate users will install a non-sanctioned app within the next 6 months
94% of US adults think Internet is dangerous for children
Adware is a $3 bln industry
Almost 75% of worms in the first half of 2005 exposed confidential information
Antivirus market up 39.7% in 2004
Asia-Pacific Internet security market to generate $2.4 bln in 2008
Asian Internet security solutions market to generate $4.9 bln in 2008
Average PC is home to 28 spyware programs
Between January and June 2005 63% more machines got infected with spyware
Biometric products market to grow 40x by 2010
Business cyberattacks
CCTV surveillance market to grow 12.4%
Chinese piracy cost US companies $2.4 bln in 2005
Compliance infrastructure to generate $21 bln by 2010
Consumers would shop more at online retailer with better security
Cyberattack damages average $290,000
Demand for IT security professionals to grow at 13.7% a year
Design-to-manufacturing currently generates $350-400 mln
Digital rights management revenues to grow by 28% in 2005
DRM market to generate $274 mln by 2008
E-mail security boundary market generated $660 mln in 2005
Electronic document discovery market generated $1.3 bln in 2004
EMEA security software market to generate $4.2 bln by 2010
Enterprises will spend 12% of IT budgets on security
European IP VPN market to generate 8.56 bln euros in 2008
European managed IP VPN market generated $4.3 bln in 2004
European security appliance market generated $183 mln in Q4 2004
European security appliance market up 54% in Q3 2004
European security market generated $2.5 bln in 2003
Executives worry about security (26%) and costs (23%)
Firewall and VPN market to reach $6 bln in 2007
Firewall market to grow 25% by 2005
Firewall/VPN security appliance market up 27% in 2003
For 52% of the networks the perimeter is the only defense
For 75% of businesses the number of online transactions grew in 2005
Gartner: Security transactions far from paperless
German medium businesses sent $390 mln on anti-virus and anti-spam in 2004
Global IT security services spending to reach $24.6 bln by 2009
Global security appliance and software revenues up 30% in 2004
Global VPN and firewall market up 13% in 2003
Global VPN services revenues to reach $29.8 bln by 2009
Gulf state security software spending to rise 27% in 2004
IDC: IT security spending up in Asia
IDC: Spending on security to grow fast
IM attacks up 25% in April 2006
In 2004 an average of 2,500 Web servers were hacked daily
In 2008 spyware removal will be $305 mln industry
In 23% of companies the employees intentionally downloaded spyware and viruses
Information breaches cost US companies $182 per record
Instant messaging attacks up 400% in Q2 2005
Instant messaging security threats doubling every 6 months
Instant messaging viruses and worms up 271% in Q1 2005
Instant messaging viruses grow at 50% a month
Integrated security appliances to generate $3.3 bln by 2009
Internet security vulnerabilities up 11% in Q2 2005
Intrusion detection systems and intrusion prevention systems will generate $1.4 bln by 2008
IP VPN equipment to generate $658 mln in 2009
IP VPN market to flatten by 2007, but grew 107% in Western Europe
IP VPN services revenues reached $2.9 bln in 2004
IP VPN spending to reach $6.1 bln by 2009
IP VPN to grow in Australia
IT security spending by small businesses to reach $1.7 bln in 2007
Malware cost estimated at $169-204 bln for 2004
Malware damage for February estimated at $50 bln
Malware damages down to $13.3 bln in 2006
Messaging security appliances to generate $400 mln in Western Europe by 2009
mi2g estimated spyware and virus damage at $290 per PC
More than 50% of companies do not have a written security policy
Most popular adware apps: Claria, CoolWWW
Most popular IT services among small businesses
Most prevalent spyware in May 2006: DesktopScam, SpyFalcon, 180SearchAssistant
Most zombies are AOLers
Network security appliance and software market generated $3.7 bln in 2004
Network security appliance market up 4% in Q2 2005
Network security appliances sales surge
Nordic IT security market generated 610 mln euros in 2004
Number of shredding companies doubled within 3 years
On average company lost $526,000 after a security breach in 2005
Only 14% of business users use a different password for each site
Only 20% of companies view information security as CEO-level priority
Only 26% of companies have IT continuity plans
Only 37% of IT professionals think their company can detect data breaches
Only 38% of organizations run scans to detect rogue WLANs
Only 4% of government wiretaps are electronic and PC-based
Only 7% of businesses encrypt their backups
Outbound content compliance will generate $1.9 bln by 2009
Personal firewall software market to grow 21.7% annually
Remote household monitoring to grow at 25% a year
Sales of IP VPN equipment reached $267 mln in 2003
Secure content management to reach $7.5 bln in 2008
Security appliance market grows 57% in Q2 2004
Security appliance market to generate $5.5 bln by 2011
Security appliances to generate over $1.4 bln in Western Europe by 2009
Security breaches cost UK businesses $18 bln a year
Security information software market up 32.2% in 2005
Security market up 7.2% in 2006
Security remains top concern for wireless deployments
Security software in Asia-Pacific generated $805 mln in 2005
Security software in Asia-Pacific market to generate $1.7 bln in 2010
Security software market generated $7.4 bln in 2005
Security software market to generate $13.5 bln in 2011
Security software sales to reach $9.6 bln in 2004
Security software spending in Europe to reach $3.3 bln in 2007
Security software spending to reach $808 mln in 2008
Security software to generate $111 mln in Gulf states in 2006
Security specialists in high demand
Security spending in UK and Ireland to more than double
Security spending in Western Europe to grow at 15.2% a year
Security spending was $42 bln in 2003, just below printers
Small businesses: 73% in Spain, 51% in Germany and 39% in UK update virus definitions once a week
Software developers rank Linux security higher than Windows
Spyware to reach 25% of business PCs
SSL VPN revenues to grow 33% in 2006
Third-party cookie blocking up 4x in 2005
Top privacy policies: Intel, Expedia, e-Loan
Top reason for identity theft: stolen wallet
Top spyware applications
UK businesses spent $17,000 on their worst security incident in 2004
UK SMBs to spend $2.2 bln on data storage and security
Ukrainian businesses lost 95 mln euros to viruses in 2004
US consumers make 285 mln visits to hostile sites monthly
US mobile security market will reach $415.9 bln in 2006
US movie piracy costs $1.3 bln
Vehicle tracking systems to generate $86 mln in China in 2007
Video surveillance to generate $1 bln in 2010 in the US
Viruses and outside hacking top the IT security priority list
Vulnerability-related downtime to triple by 2008
Web cams with embedded servers to account for 20% of European surveillance market
Web filtering software to generate $929 mln in 2009
Western European IT security spending to reach $7.5 bln in 2009
Western European security appliance market up 27% in Q2 2005
Western European security software to reach $6 bln by 2009
Wireless security to becom a $4.4 bln industry by 2010
Wireless security to bring in $8.4 bln by 2008
Wiretapping up 19% in 2004
Worldwide network security appliance market up 1% in Q3 2005
Worldwide network security market up 5% in Q1 2005
Worldwide security appliance revenues up 16.6% in Q2 2005
Worldwide security software support to reach $2.13 bln in 2010
Worms responsible for only 12% of attacks in the second half of 2004
Young salespeople the worst IT security offenders
Zombie rankings for second half 2004: UK - 25.2%, USA - 24.6%, China - 7.8%

Few months back i got an email from an unknown user . There was a link in the email and the sender was some female from Patna wanted to have friendship with me. The sender wrote that her photograph is available on the following link. when i opened that link it was a proper yahoo login page with yahoo photos. I didn’t understand one thing, that if the sender wants me to see her why didnt she sent me her photo as attachment. Anyway , i entered my yahoo email account and was about to put my password,suddenly a pop up add came on the screen. It was related to some low cost online software website. But, yahoo never gives popup on the login screen as far as i know. Till this point i never looked at the address bar. When i saw the address bar i immediately figured it out that it is some fake page and someone is trying to get hold of my password.

I just got saved from a theft . I am into software security and understand these stuffs related to phishing ,password hacking etc. But, had it been someone who don’t know about online thefts of passwords, privacy and data etc would have been a victim of this mail. May be the sender who sent me this mail has got a huge database of large amount of user ids and passwords and thus access to all their private information. Now i will explain how much effort is needed to hack a password from an online account and how people can save their online information from theft.

Few days back i visited a doctor. He has implemented an online ERP system for day to day activities of the clinic and the whole network is wireless.After i cam out after my diagnosis i found few medical representatives waiting outside and one of them had a PDA in his hand. He was typing something . I felt like finding out . I went to him and asked him what he was doing. The guy told me .. “Checking my mail”. Then i asked him, “you have an internet in ur PDA”. He told “No, i can connect to the clinic’s internet router through wireless”. This was a shoking thing to know, as this meant the network is absolutely open and any wireless device can connect to the wireless router of this clinic.

Next day i rang that doctor and suggested him to do something about it. I also told him to look into the log files to find out what else has been accessed till now.

Apache JMeter  can be used to test applications utilizing HTTP(s)  or FTP servers. It has been developed using Java  and is highly extensible through a provided API. A typical JMeter test involves creating a loop and a thread group. The loop simulates sequential requests to the server with a preset delay. A thread group is designed to simulate a concurrent load. JMeter provides a user interface. It also exposes an API that allows you to run JMeter-based tests from a Java application. To create a load test in JMeter build a test plan, which is essentially a sequence of operations JMeter will execute. The simplest test plan normally includes the following elements:

• Thread group - These elements are used to specify number of running threads and a ramp-up period. Each thread simulates a user and the ramp-up period specifies the time to create all the threads. For example with 5 threads and 10 seconds of ramp-up time, it will take 2 seconds between each thread creation. The loop count defines the running time for a thread. The scheduler also allows you to set the start and end of the run time.
• Samplers - These elements are configurable requests to the server HTTP, FTP, or LDAP requests. This tutorial focuses on the Web service requests only.
• Listeners - These elements are used to post process request data. For example, you can save data to a file or illustrate the results with a chart. At the moment the JMeter chart does not provide many configuration options; however it is extensible and it is always possible to add an extra visualization or data processing module.

A more detailed description of the available elements is given on the Apache JMeter Web site. In some cases, when the available elements are not suitable for a particular test, a developer can write his or her own script or Java class and embed it into a test plan by placing a jar file into the JMeter installation \lib\ext\ directory.

These days, all communication technology faces the
issue of privacy and identity theft, with Bluetooth
being no exception. Almost everyone knows that email
services and networks require security. What users
of Bluetooth need to realize is that Bluetooth also
requires security measures as well.

The good news for Bluetooth users is that the
security scares, like most scares, are normally over
dramatized and blown entirely out of proportion. The
truth being told, these issues are easy to manage,
with various measures already in place to provide
security for Bluetooth technology.

It’s true that there has been some Bluetooth phones
that have been hacked into. Most devices that are
hacked into are normally those that don’t have any
type of security at all.

According to Bluetooth specialists, in order to hack
into a Bluetooth device, the hacker must:
1. Force two paired devices to break their
connection.
2. Steal the packets that are used to
resend the pin.
3. Decode the pin.

Of course, the hacker must also be within range of
the device, and using very expensive developer type
equipment. Most specialists recommend that you
have a longer pin, with 8 digits being recommended.

Fundamentals of security
The “pairing process” is one of the most basic levels
of security for Bluetooth devices. Pairing, is
two or more Bluetooth devices that recognize each
other by the profiles they share - in most cases
they both must enter the same pin.

The core specifications for Bluetooth use an
encryption algorithm, which is completely and entirely
secure. Once the devices pair with each other,
they too become entirely secure.

Until they have successfully paired, the Bluetooth
devices won’t communicate with each other. Due to
this pairing process and the fact that it is short
range - Bluetooth technology is considered to be
secure.

As the news has indicated, experienced hackers
have developed ways to get around this level of
basic security. There are ways to get around this
threat, as you can install software to prevent
hackers from getting in.

With Bluetooth becoming more and more popular, it’s
really no wonder that security is always in
question. As Bluetooth gets bigger and better,
security will always be something that no one
really takes lightly.

If you’ve been concerned about Bluetooth security
in the past, rest assured that newer devices will
offer bigger and better security. Preventing
hackers from getting in is something every owner
is concerned about - and the manufacturer’s are
very aware.