Security Product Watch, November 12, 2010


As Internet-based fraud, identity theft, and other forms of cyberattacks on Web users increase, one of the tools available to help consumers protect themselves is

The site is designed to help visitors avoid fraudulent websites. Its About Us page explains its mission thusly: "We envision a day when consumers no longer have to deal with online scams or fraud and have all the information they need to make informed decisions about the online businesses and websites they use."

(Perhaps they should have dubbed themselves, instead.)

Nevertheless, consumers willing to take the time to think before they act can use SiteJabber to research unfamiliar websites before they risk a visit to them, as well as to read and write reviews of online businesses.

SiteJabber is supported by a grant from the National Science Foundation—your tax dollars at work!--and has been endorsed by the venerable Consumer Reports.

Recently, the site prepared an infographic demonstrating the "high cost of a data breach." You can view the image at the SiteJabber blog.

The blog features helpful sections on Consumer News (recent posts cover secure online credit card transactions and penny auctions); Scam Alerts (recent posts cover get-rich-quick real estate scams and scams targeting kids); Smart Shopping (recent posts cover Groupon and e-commerce); Privacy Protection (recent posts cover Twitter and Facebook); and SJ Updates (news about the site itself).

Speaking of spam… Kaspersky Lab has released its 2010 Q3 Spam Report. Its research seems to indicate that spam is mutating—it’s not just an unwelcome guest in your inbox any more, it’s an unwelcome guest with light fingers, a highly contagious disease, and lots of seedy friends.  According to Kaspersky, malicious emails accounted for 4.6 percent of all email traffic in Q3 of 2010, the highest rate since Kaspersky Lab began monitoring email traffic patterns.

Kaspersky Spam.jpg

The monthly percentage of spam in the third quarter of 2010. Image courtesy Kaspersky Lab.

And where’s it all coming from? Right next door, it turns out. The United States is the primary source of worldwide spam in Q3. India and Vietnam were second and third respectively.

You can read the report in full here.

Where in the world?

At the government and corporate level, cybersecurity, of course, is about more than just protecting one consumer’s data or one user’s PC, it is about protecting valuable industrial or military secrets or guarding the safety of a nation’s electrical grid or economic structure, among other things. One firm introduced a new security system this month, which seeks to enhance data security by revealing the true geographic source of a server.

Internet security company Microdasys unveiled its new solution, GeoShield, on November 4th. The company claims it is “the only data origin security software system that adds a new layer of security to Microsoft Forefront TMG by providing visibility into the actual geographic location of a server.”

The software is designed to prevent data theft, phishing and online fraud by blocking data flow from specific regions and hostile nations.

"The development of GeoShield was intended to provide enterprises with better visibility into their data streams,” said Matthew Schroeder, CTO at Microdasys in a press release. “As GeoShield allows the definition of a trusted realm, a geographic representation of a company's business interests, it greatly reduces threat exposure and risk of attack. The recent spike in malicious iFrame attacks through hacked websites and poisoned banner ads that silently download malware from offshore hosts, confirm the need for security policies that take geo-location into consideration."

The software is a native 64-bit plug-in into Forefront TMG and ISA Server 2006. Microdasys says administrators can set security policies that confine users and devices to certain geographic regions, thereby potentially limiting exposure to attack and data loss with minimal impediments to business processes.

Microdasys says GeoShield blocks access to servers that are located in untrusted geographical regions, enables security policies based on server location, intercepts embedded email and Web links and blocks or allows connections based on the Geo Policy, and stops Phone-Home Trojans and data exfiltration to untrusted countries, regardless of protocol or port.

For pricing, you’ll need to contact a reseller. A list by nation is available at the Microdasys Website.

Naomi Graychase is Managing Editor at Keep up-to-date with security product news; follow eSecurityPlanet on Twitter @eSecurityP.