Risk
10/1/2013
10:48 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Online Trust Alliance Embraces National Cyber Security Awareness Month

Announces three-part initiative to advance industry self-regulatory efforts

Bellevue, WA (October 1, 2013) – On the 10th anniversary of the National Cyber Security Awareness Month, the Online Trust Alliance (OTA) today announced a three-part initiative to advance industry self-regulatory efforts addressing security and privacy issues that affect consumers and businesses worldwide.

Networks of malicious malware - known as botnets and fraudulent ads are at the center of online privacy and security concerns. The explosive rise in botnets is estimated to have compromised one in 10 home-based computers. Concurrently, international cybercriminals are increasingly using malicious and fraudulent advertising, known as malvertising to compromise users' privacy, bank accounts and to facilitate identify theft. In just the past twelve months, OTA estimates over one-billion malicious ad impressions were served to unsuspecting consumers as they surf the web. Counter-measures introduced by OTA today to combat this problem include:

• Botnet Remediation & Removal Best Practices

• Fraudulent Advertising & Customer Risk Framework

• Customer On-Boarding Best Practices for Hosters and Cloud Service Providers

OTA was recognized by the White House last year and recently re-appointed by the Federal Communications Commission to the Communications Security, Reliability and Interoperability Council, OTA as a leading convener of multi-stakeholder efforts. OTA works across the ecosystem with commerce sites, advertisers, hosters, ISPs, financial instructions, and security vendors to provide prescriptive advice to help neutralize botnets, stem the spread of malicious and fraudulent advertising, and help cloud service providers identify fraudulent businesses.

"It is critical that we implement technical safeguards, but also equip business and internet intermediaries with the tools needed to help stem the tide of cybercrime," said Craig Spiezle, executive director and president OTA. "By implementing these practices, consumers, businesses, and industry will mutually benefit. Businesses who fail to adopt are unnecessarily putting consumers at risk."

"We have a shared responsibility to help prevent, detect, and remediate the spread of botnets. Collaboration among ISPs, the security community, OS providers, banking and commerce sites is a key to fighting these threats. It is critical for users to keep their software applications up-to-date including protection from malicious downloads and dubious apps," said John Scarrow, general manager of online safety service at Microsoft.

"One 'bad actor' can hurt an ESP's or hoster's overall reputation and adversely affect the reputation of other customers using the same infrastructure. Having a solid vetting process in place can obviously help minimize the risk to an organization's reputation," said James Koons, chief privacy officer at Listrak. "Being on the front lines we have learned vetting is a great opportunity to detect fraud while enhancing client relationships. OTA's New Account Risk Framework is an excellent tool for any organization and underscores the value of collaboration and data sharing."

Recognizing that over one billion malicious ad impressions were served this past year, the OTA Advertising Security Working Group has been working with publishers, ad networks, and advertisers. Based on their analysis upwards of 60% of malvertising is attributed to cybercriminals merely masquerading as legitimate advertisers or agencies inserting malicious and fraudulent ads. These prescriptive guidelines will make a significant dent into the threats which are undermining the trust and integrity of online advertising.

"Protecting the integrity of online advertising is critical to the industry and the vitality of the internet. The combination of malvertising, click fraud, and ads from fraudulent companies is undermining consumer trust, which in turn undermines marketing effectiveness. We call on our partners and fellow ad networks to adopt these best practices to help stem the tide of fraudulent and malicious advertising," said Paul Harrison, co-founder and chief technology officer at Simpli.fi. "We applaud OTA's leadership to help protect consumers' data, identity and privacy from abuse."

These documents and additional resources are available at https://otalliance.org/resources. OTA will be hosting webinars providing prescriptive advice to enhance consumer protection and online trust.

Thursday, October 3, 9 AM PDT – Noon EST

On-Boarding Best Practices for Ad Networks, Hosters & Cloud Service Providers

https://cc.readytalk.com/r/qg2gdfyhikcy&eom

Friday, October 4, 9 AM PDT / Noon EST

Anti-Botnet Remediation Best Practices

https://cc.readytalk.com/r/6xwcmo5v6cev&eom

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
themagnificentdance
50%
50%
themagnificentdance,
User Rank: Apprentice
9/19/2014 | 11:40:45 AM
Adtomatik is the best!

Adtomatik has been my predetermined ad network for a long time. Never tried anything better. Higher fill rates and the best ecpm. An the most important thing: it's brand safe! Recommended!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.