The local chapters of the Signal Corps Regimental Association, Armed Forces Communications Electronics Association, and the Association of the United States Army hosted a Tri-Fecta general membership luncheon Nov. 3 at the Gordon Club. The luncheon was attended by approximately 100 military personnel, DA civilians, and community leaders.

The guest speaker was Tom Cross, the manager of IBM Internet Security System’s XForce Advanced Research team. Cross’ team includes a number of renowned information security experts who are engaged in a daily effort to identify, analyze, and mitigate computer security vulnerabilities.

Cross discussed X-Force’s 2009 Mid-Year Trend and Risk Report. The report’s findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge.

According to the report, there has been a 508 percent increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.

The X-Force report also reveals that the level of veiled Web exploits, especially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled.

Web security is no longer just a browser or client-side issue; criminals are leveraging insecure Web applications to target the users of legitimate Web sites.

“The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users,” Cross said.