Understanding Microsoft's Secure Remote Access Offerings
By tshinder@tacteam.net (Thomas Shinder)
The secure remote access options currently available to Microsoft networks.
Database Sizing Charts for vSphere 4.0
By vmtn@vmware.com (VMTN) on VMTN Blogs
Many of our customers have databases running on proprietary hardware that is approaching end of life. Often these databases are not considered as candidates for virtualization due to the fact that they are running on larger systems with more sockets...
VMware vSphere Resources And Webcasts Customers Should Know About!
By vmtn@vmware.com (VMTN) on VMTN Blogs
Hi everyone, I am one of the VMware vSphere product marketing managers at VMware and wanted to give you a summary of all the upcoming content related to the vSphere launch. We have developed resources for all audiences and technical...
Introducing VMware vSphere 4 - The Industry's First Cloud Operating System
By vmtn@vmware.com (VMTN) on Technical Information
. VMware Unveils the Industry’s First Operating System for Building the Internal Cloud—VMware vSphere™ 4. PALO ALTO, CA, April 21, 2009 — VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced...
Partners Support on SMB offerings in VMware vSphereTM 4
By vmtn@vmware.com (VMTN) on News Releases
Fujitsu"VMware and Fujitsu together provide a compelling, feature-rich and cost-effective solution for mid-market customers. With Fujitsu's support of VMware vSphere 4 on Fujitsu PRIMERY servers, customers have a rock-solid and energy-efficient platform upon which to build flexible virtual infrastructure solutions."—Manuel Martull, senior director, Server Marketing, Fujitsu America HP"Channel partners and small and mid-sized businesses can turn to HP for a complete virtualization solution designed to save them money and reduce the risks associated with implementing a new infrastructure. As a leader in providing technology solutions to small and midsized businesses, HP has collaborated with...
VMware vSphere™ 4 Sets New Records in Virtualization Performance
By vmtn@vmware.com (VMTN) on Nontechnical information
VMware vSphere 4 Demonstrates Industry-Leading Application Throughput, Virtualization Efficiency and Hardware Support, Enabling Large Applications to Be Run in the Cloud. PALO ALTO, Calif., April 21, 2009 — VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today heralded a new era in virtualization performance with the introduction of VMware vSphere 4, extending scalability limits for servers and virtual machines. (See press release, “VMware Unveils the Industry’s First Operating System for Building the Internal Cloud— VMware vSphere 4.”) With industry-leading support for new hardware virtualization assist features and a...
VMware vSphereTM 4 Launch Supported by Broad Virtualization Ecosystem
By vmtn@vmware.com (VMTN) on News Releases
More than 500 Technology Partners Embrace Groundbreaking Release of VMware vSphere 4 with Current or Planned Support; VMware Partner Network Includes Ecosystem of More Than 22,000 Channel and Technology Partners. PALO ALTO, Calif., April 21, 2009 – VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced broad support from its virtualization partner ecosystem, with more than 500 technology partners supporting the launch of VMware vSphere™ 4 (See press release, “VMware Unveils the Industry’s First Operating System for Building the Internal Cloud—VMware vSphere 4.”) This robust ecosystem, which includes more than 22,000...
VMware Unveils the Industry’s First Operating System for Building the Internal Cloud—VMware vSphere™ 4
By vmtn@vmware.com (VMTN) on News Releases
Next Generation Virtualization Platform Helps Enable Enterprises and Service Providers to Deliver Efficient, Flexible and Reliable IT as a Service. PALO ALTO, CA, April 21, 2009 — VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced VMware vSphere™ 4, the industry’s first operating system for building the internal cloud, enabling the delivery of efficient, flexible and reliable IT as a service. With a wide range of groundbreaking new capabilities, VMware vSphere 4 brings cloud computing to enterprises in an evolutionary, non-disruptive way – delivering uncompromising control with greater efficiency while preserving...
VMware vSphere™ 4 Provides ‘Always On IT’ for SMB and Branch Office IT Environments With Low Cost, High Availability Solutions
By vmtn@vmware.com (VMTN) on News Releases
Reliable and Affordable Enterprise-Class IT Operations for Small IT Environments Available Starting at $166 per Processor. PALO ALTO, Calif., April 21, 2009 – VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today unveiled VMware vSphereTM 4, with new features and product editions that deliver “Always On IT” for small and midsized businesses (SMBs) and remote and branch office (ROBO) IT environments. (See press release, “VMware Unveils the Industry’s First Operating System for Building the Internal Cloud— VMware vSphere 4.”) VMware vSphere 4 will deliver zero-downtime application availability and enterprise-class data protection...
VMware Enables Users to Easily Test-Drive Cloud Computing through the VMware Virtual Appliance Marketplace (VAM) and VMware vCloud™ Service Provider Free Trials
By vmtn@vmware.com (VMTN) on News Releases
More Than 1,000 Virtual Appliances, Hundreds of Service Providers, and Hundreds of Thousands of Users Connect through the VMware VAM . PALO ALTO, Calif., Apr.21, 2009 — VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced new services within the VMware Virtual Appliance Marketplace (VAM) to help businesses explore cloud computing offerings based on VMware software. The new services include a beta release of VMware VAM App on Demand, which enables businesses to evaluate software in the cloud, as well as free trials of VMware vCloud partner offerings. “The VMware Virtual Appliance Marketplace is by far the...
VMware Recognizes Top Channel Partners at Annual VMware Partner Exchange 2009
By vmtn@vmware.com (VMTN) on News Releases
VMware Partners from Across the Globe Take Home Top Honors for Delivering VMware Virtualization Solutions to Companies of All Sizes. PALO ALTO, Calif., April 20, 2009 — VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, recognized a number of key performances and outstanding achievements from VMware channel partners at its annual Partner Exchange event which took place in Orlando, FL. April 14-16. Winners from the United States, Canada and Latin America were recognized in eight categories: Rising Star AwardWinners: Veristor, Intego Technical Achievement AwardWinner: Mainline Information Systems Corporate Reseller of the...
Cisco Security Center: IntelliShield Cyber Risk Report
April 13-19, 2009
Report Highlight: Vandals Cut Silicon Valley Communications Cables
NYPD computers targeted by international hackers (AP)
AP - New York Police Commissioner Raymond Kelly says international hackers try at least 70,000 times a day to gain unauthorized entry into the computer system of the nation's largest police force.
Criminal Infrastructure Lets Malware Thrive (PC World)
PC World - The lurking Trojan and the password-hungry keylogger are only the tip of the iceberg.
Malware Seeks to Alter Your Reality (PC World)
PC World - Years ago, ads pushed by malware were painfully obvious. Often, you couldn't help but realize a machine was infected when a huge number of porn-pushing pop-ups brought a hapless PC to its knees.
Paradise Lost: Malware Targets Macs (PC World)
PC World - With researchers reporting the first Macintosh-specific malware to be found "in the wild" on the Internet, Mac users want to know what to do. My advice: Nothing. But, this is a good news/bad news story.
Web founder makes online privacy plea (AFP)
AFP - Plans by Internet service providers to deliver targeted adverts to consumers based on their Web searches threaten online privacy and should be opposed, the founder of the Web said Wednesday.
Ditch Adobe Reader for Better Security (PC World)
PC World - The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative, he says.
Fighter Jet Hack Far From First Government Breach (PC World)
PC World - Cyberspies have hacked into government computers and stolen sensitive information on a next-generation stealth fighter, according to an investigation published in The Wall Street Journal Tuesday. The hackers lifted terabytes of data on the Pentagon's $300 billion Joint Strike Fighter project, the Journal reports, including details about the aircraft's design that could expose vulnerabilities.
Nokia: We Don't Know Why Criminals Want Our Old Phones (PC World)
PC World - The mystery why cybercriminals want a discontinued Nokia phone isn't getting any clearer.
ThreatFire Won't Just ID Malware, It Will Profile Them (PC Magazine)
PC Magazine - The next version of PC Tools' ThreatFire will add "behavioral profiling" in addition to its existing behavioral analysis. Executives likened it to the profiling used by Homeland Security to identify potential terrorists, but it's a little better than that.
MSN New Zealand Hacked, Defaced (PC Magazine)
In technology
PC Magazine - Microsoft got a little egg, er, pie on its face today when msn.co.nz, the New Zealand version of its MSN homepage, was infiltrated by hackers.
Blue Coat's Software Products Add Link Analysis (PC Magazine)
PC Magazine - Sooner or later the browser has to make an HTTP request to download the malware. That's when Blue Coat stops it.
Report: Hackers Break Into Pentagon's Fighter Jet Project (PC World)
PC World - Hackers broke into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the Joint Strike Fighter, a US$300 billion stealth fighter currently under development, according to The Wall Street Journal.
Net Security, Windows 7 and Conficker Under Scrutiny (PC World)
PC World - Cross-domain security on the Internet, Windows 7 vulnerabilities and the Conficker worm will be among the topics under scrutiny at the Hack In The Box Security Conference (HITB) held in Dubai this week.
Chinese hackers nick Joint Strike Fighter plans
By hannibal@arstechnica.com (Jon Stokes) on cyberwar
Add top-secret plans for the expensive, much-delayed Joint Strike Fighter to the list of victims of alleged Chinese and Russian hack attacks, or so the Wall Street Journal reports. The paper cites "current and former government officials familiar with the attacks," and claims that the Air Force's air traffic control system has also been compromised. These reports follow allegations from earlier in the month that hackers have also been probing our electrical grid.
We've been reporting on the alleged Chinese hack attacks for at least two years now, but nobody is certain that China is actually behind them. Indeed, as is typical with these incidents, the Chinese government has denied any involvement in the latest intrusions. Still, China has been blamed for breaching everything from Pentagon e-mail to congressional PCs. And there are relatively frequent reports of "widespread" and "systematic" waves of China-based attacks on both the private and public sectors.
Third-party software leaves users open to security risks
By jacqui@arstechnica.com (Jacqui Cheng) on vulnerability
Users should make sure to keep their third-party software patched, lest they expose themselves to malware and other security risks. Vulnerability research firm Secunia has gathered data from a number of organizations showing that the large majority of vulnerabilities are found in third-party applications, many of which are in older versions of the software. As a result, users should stay on top of updates as much as they can, and software makers should do a better job of informing their customers of available patches.
Secunia cited data from Microsoft showing that third-party software vulnerabilities are the ones that are most frequently exploited, and said that its own data showed that users simply don't update as frequently as they should. Instead, they're usually running software that isn't current. In fact, according to a Secunia blog post from December of 2008, the firm says that less than two percent of all PCs are fully patched.
Microsoft, Xerox, Coca-Cola (and more) Hacked
By Rik Ferguson on SQL Injection
Last night just before midnight, I noticed someone tweeting that msn.co.nz had been hacked. Obviously such a high profile domain is an attractive target for hackers and hacktivists alike, but it is relatively rare that they are succesful, so I quickly tapped the link into my browser and went to take a look. Sure enough, this [...]
ESET Announces 'Securing Our eCity' Public Education Initiative
Initiative aims to educate and protect consumers and businesses from the growing threat of cybercrime
Secunia Pushes For Standard That Updates Consumer Apps
Danish vendor asks industry for help in building standard application scanner
Cisco Launches Security Services For Cloud Computing, Collaboration
Cisco launches a range of new security services
RSA Offers Encryption Toolkit Free To Developers
New Share Project program will help build security into software from the ground up
Intel finds stolen laptops can be costly
By Brooke Crothers
A laptop's value is more than meets the eye. Intel says stolen laptops cost corporate owners more than $100,000 in some cases, in a study announced Wednesday.
The study on notebook security, commissioned by Intel and conducted by the Ponemon Institute, states that laptops lost or stolen in ...
Originally posted at Nanotech - The Circuits Blog
Norton Online Family to leave beta, remain free
By Seth Rosenblatt
Back in February, Symantec debuted a new security program that sought to help parents talk to their kids about how they use the Internet. Norton Online Family has been a free beta since then, but this Monday at midnight, the program will leave beta and remain free at least until ...
Originally posted at The Download Blog
Botnet expert suggests hitting cybercriminals in pocket book
By Elinor Mills
SAN FRANCISCO--Technology is not enough to help the security industry keep botnets from stealing peoples' money and committing denial-of-service attacks, a top botnet researcher said on Wednesday. His suggestion? Stop the flow of money to their coffers.
"We need to disrupt their business model and make it hard for them ...
The Cold War moves to cyberspace
By Charles Cooper
This story was originally published at CBSNews.com.
Somewhere deep in Washington's national security apparatus, more than a few old-timers surely pine for the clarity of the Cold War. Black versus white, American versus Russian, spy versus spy--the good old days.
Now, however, they face more ephemeral threats from shadowy foes that prefer to cloak their identities.
"There's a cyberwar going on," said Ed Giorgio, who spent nearly 30 years with the National Security Agency before starting an IT security consultancy in 2007. The problem, he says, is that identifying an online adversary isn't as easy as pinpointing an enemy tank formation.
"Adversaries are just as likely to be nationalists as they are likely to be countries," said Giorgio, echoing a theme that cybersecurity experts say is likely to shape the Pentagon's approach to building Internet defenses in an increasingly networked world.
The extent of the problem was hinted at earlier in the day by Defense Secretary Robert Gates. In an upcoming 60 Minutes interview, Gates told CBS News anchor Katie Couric that the United States is "under cyberattack virtually all the time, every day" and that his department will more than quadruple the number of experts to battle cyber attacks.
Public-private security cooperation at RSA
By Jon Oltsik
In past years, I looked at the RSA security conference as a high-tech flea market staffed by the world's best security carnival barkers. Yes, important security topics were discussed, but the real focus of the show was selling products and doing deals.
This year's event has its share ...
Security flaw leads Twitter, others to pull OAuth support
By Caroline McCarthy
A security hole in OAuth, the open-source protocol that acts as a "valet key" for users' log-in information, has led services like Twitter and Yahoo to temporarily pull their support, CNET News has learned.
Some developers were dismayed when Twitter pulled its support for OAuth, which it had only recently ...
Originally posted at The Social
Firefox 3.0.9 targets 12 security vulnerabilities
By Steven Musil
Updated at 11:32 a.m. PST with a summary of the bug fixes.
Mozilla released an update to Firefox 3 on Tuesday that patches 12 security vulnerabilities, four of which it rated as critical.
Firefox 3.0.9, the Web browser's third update this year, fixes two critical ...
Finjan finds botnet of 1.9 million infected computers
By Elinor Mills
SAN FRANCISCO--Security firm Finjan has uncovered what it says is one of the largest bot networks controlled by a single cybergang, with 1.9 million infected zombie computers.
The botnet has been in use since February, is hosted in the Ukraine, and is controlled by a gang of six people ...
Gates: Cyberattacks a constant threat
By CBS Interactive staff
Defense Secretary Robert Gates said Tuesday that the United States is "under cyberattack virtually all the time, every day" and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks.
In an interview for an upcoming edition of 60 minutes.
Tainted products--sabotage or shoddy manufacturing?
By Elinor Mills
Updated 10:30 p.m. PDT with comment from ESET.
SAN FRANCISCO--Computer equipment is arriving on stores shelves in the U.S. with viruses and other malicious software, but industry insiders said at the RSA conference on Tuesday that they don't know whether it's the result of intentional
F-Secure says stop using Adobe Acrobat Reader
By Elinor Mills
With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on Tuesday.
Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while ...
Crypto pioneers differ on cloud-computing risks
By Elinor Mills
SAN FRANCISCO--A group of pioneers in the security field, whose work in encryption is used to protect Internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference on Tuesday.
They tackled various questions about cyber security in general, ...
Microsoft tests identity technology in schools
By Elinor Mills
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, delivers a keynote address at RSA.
(Credit: James Martin/CNET)
SAN FRANCISCO--Microsoft is testing some of its new identity-based security technology in Washington state schools, where students and teachers will be able to securely access grades and class schedules, ...
RSA 2009: Security pros stay on message
By CNET News staff
The RSA Conference 2009 brings security professionals together in San Francisco to talk about the latest developments in protecting consumers and businesses online.
Botnet expert suggests hitting cybercriminals in pocketbook
Cutting off the money flow to cybercriminals could be the best way to stop them, a top botnet researcher says.IBM aims to secure clouds and virtual networks
By Elinor Mills
SAN FRANCISCO--IBM on Tuesday introduced cloud security services and said it is initiating a company-wide project to develop a security architecture for hosted computing.
The company, which made the announcements at the RSA security conference, also unveiled an appliance designed to protect virtual network segments. Proventia Virtualized Network Security Platform, ...
Cisco puts more security in the cloud
By Elinor Mills
SAN FRANCISCO--Cisco is set to make several cloud-related security announcements at the RSA conference on Tuesday, including the expansion of its hosted security services and the integration of security-as-a-service applications with corporate network infrastructures.
The new products include Cisco Security Cloud Services, Cisco IPS Sensor Software 7.0 for intrusion ...
OAuth vulnerability , (Wed, Apr 22nd)
My friend Jason Kendall pointed to me that OAuth had acknowledged the report of a vulnerability. The ...(more)...
Earthlink is down?, (Wed, Apr 22nd)
(On Earth Day, Ironic?) We have been getting a few reports recently of Earthlink (the ISP) having D ...(more)...
Firefox gets an update., (Wed, Apr 22nd)
We had several readers write in this morning to let us know of Firefox version 3.0 ...(more)...
SANS ISC is on Twitter too!, (Wed, Apr 22nd)I've posted about this before, and many people started following us after that, however, since the O ...(more)...
Bind 10 press release has been issued, (Wed, Apr 22nd)
According to a press release today by the ISC. (www ...(more)...
Web application vulnerabilities, (Tue, Apr 21st)
In last two weeks we have been all witnesses of couple of major attacks that exploited web applicati ...(more)...
Turks hijack Kiwi MSN via DNS cracks
A pie in the face of Microsoft (and everyone else)
RSA The New Zealand version of Microsoft's MSN website was briefly hijacked after attackers penetrated that country's prominent domain name registrar. Websites for Sony, BitDefender, and HSBC were also commandeered.…
One third of workers open to bribes for data theft
Who wants to be a millionaire?
A somewhat self-serving survey ahead of an information security trade show in London next week reveals a third of workers can potentially be bribed into handing over company data.…
Gov systems found on 1.9m zombie botnet
Ooh, nasty
Government and corporate Windows PCs were among the ranks of a 1.9 million botnet recently discovered by net security firm Finjan.…
Cache-poisoning attack snares top Brazilian bank
Google Adsense spoofed
One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report.…
Microsoft security chief trapped in endless identity sales pitch
No end to 'End to End Trust'
RSA Microsoft on Tuesday gave the world a sneak peak at technology it said would streamline the process of validating people's identity without compromising their privacy.…
MS opens kimono on Windows 7 security features
Less invasive control
Microsoft has unveiled the security improvement is expects to deliver with Windows 7, the next version of its flagship operating system.…
Teenage hacking menace jailed for 11 months
Fraudster spoofed calls to set SWAT teams on adversaries
A teenage hacker who ran a botnet of compromised machines and made fake 911 emergency calls has been jailed for 11 months, The Boston Herald reports.…
Police charge suspected Craigslist murderer
Boston man to be arraigned today
Boston Police have charged a 22 year old man over the murder of Julissa Brisman, a Craigslist masseuse found dead at the Copley Marriott Hotel on April 14.…
€25k for an old Nokia handset?
Scammers pay through the nose for old tech
Scammers are reportedly prepared to pay €25,000 for German Nokia 1100 handsets, on the basis that they can be reprogrammed to intercept SMS messages and thus crack banking security.…
EFIPW - Modify Apple EFI Firmware Passwords
By Darknet on hacking apple efi
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as [...]
Hacker Develops Tool To Hide Malware in .NET Framework
By Darknet on viruses
Once again something is wrong with part of the Microsoft suite of software and once again they are denying it’s anything to do with them. This time a researcher has developed a rootkit style infection tool aimed at the .Net framework. Most modern computers come with .Net of some description installed so this could be quite a [...]
Firefox 3.0.9 Released to Fix Multiple Security Flaws
By Robert A. on XSS
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString MFSA 2009-18 XSS hazard using third-party...
Adam O'Donnell: Celebrity Viruses Improve Security
Celebrity Viruses Improve Security
Brief: Chief: NSA has no wish to control cybersecurity
Chief: NSA has no wish to control cybersecurity
Brief: Researcher argues for CERTs with teeth
Researcher argues for CERTs with teeth
White House cybersecurity advisor calls for public-private cooperation
By Michael S. Mimoso, Editor, Information Security magazine
Melissa Hathaway delivered precious few details about her 60-day review of the country's cybersecurity policies and structures during her RSA Conference keynote.
Cloud computing security group releases report outlining trouble areas
By Robert Westervelt, News Editor
The non-profit Cloud Security Alliance says its comprehensive report serves as the starting point for a broader discussion on cloud computing security issues.
SIEM: Not for small business, nor the faint of heart
By Neil Roiter, Senior Technology Editor
Technologists say security information and event management success depends not on the product, but on the risk and information management program implemented with it. Also, small businesses lack the resources to get much value from SIEM systems.
Firefox update addresses several security flaws
By SearchSecurity.com Staff
Mozilla's latest browser release repairs a critical vulnerability that could have been exploited to run arbitrary code.
Government needs a plan to limit Web usage during a security crisis
By Robert Westervelt
A panel of government officials says the Net neutrality debate will heat up as cybersecurity becomes a bigger priority at the federal level.
Secure software development starts before coding begins
By Neil Roiter
Source code and binary analysis tools both play a role in secure software development, but experts say careful planning, better education and a lot of hard work are even more important.
Opinion: Gartner gets NAC wrong, again
By Eric Ogren, Contributor
Columnist Eric Ogren has harsh words for Gartner following the recent release of its NAC magic quadrant report. The reality, Ogren writes, is that NAC isn't maturing; it's already half dead.
In Oracle-Sun deal, analysts predict identity management fallout
By Eric B. Parizo
Updated: As a combined company, Oracle and Sun Microsystems will be the No. 1 vendor in enterprise identity management, but analysts and a competing vendor say consolidating and unifying the product portfolio could be a painful process for customers.
RSA Conference 2009 shines spotlight on security vendor innovation
By Eric Ogren
Columnist Eric Ogren highlights the Innovation Showcase at the 2009 RSA Conference, noting that while only one vendor can win the competition, the real winner is the industry as a whole.
Cryptographers say cloud computing can be secured
By Robert Westervelt
While securing data in the cloud will remain an issue in the near term, researchers will develop ways to better protect data in the cloud, say a panel of cryptographers at the 2009 RSA Conference.
NSA does not want to run cybersecurity, director says
By Michael S. Mimoso
Instead, Lt. General Keith B. Alexander pushed for a collaborative effort among the intelligence communities, government and private industry to secure cyberspace.
Cloud, virtualization servers pose challenges for PCI compliance
By Robert Westervelt, News Editor
A special interest group and an emerging technologies study could help the Payment Card Industry Security Standards Council address compliance when payment data is in the cloud.
RSA Conference 2009: News, video and podcast updates
By Eric B. Parizo
SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest news stories, interviews and rumors, as well as videos, podcasts and more. Check back for updates throughout the week.
Mimic the IBM approach to security at RSA
By Eric Ogren, Contributor
Columnist Eric Ogren says IBM's announcements at the 2009 RSA Conference should remind security pros that security should be built into business initiatives rather than layered on as an afterthought.
Symantec acquires Mi5 Networks, bolsters Web security
By Robert Westervelt, News Editor
Mi5's technology gives Symantec URL and malware filtering as well as control of unmanaged applications, such as instant messaging and VoIP programs.
VMware releases long-awaited VMsafe security API
By Neil Roiter, Senior Technology Editor
With the release, the virtualization powerhouse will now enable third-party security vendors to apply security within the hypervisor to safeguard virtual machines at the host level.
In Oracle-Sun deal, analysts predict identity management fallout
By Eric B. Parizo
As a combined company, Oracle and Sun Microsystems will be the No. 1 vendor in enterprise identity management, but analysts say consolidating and unifying the product portfolio could be a painful process for customers.
Oracle to buy Sun Microsystems for $7.4 billion
By Barney Beal, News Director
IBM was the early favorite to purchase Sun, but Sun reportedly cast aside Big Blue's $7 million offer. Oracle gets the Sun Solaris OS, the most popular platform for Oracle's database.
Elvis Presents IDS vs NSM
By Richard Bejtlich
When I teach Network Security Monitoring I often introduce the alternative using an image like the following. It shows what an analyst (here, Elvis) might do if the only data he had to work with as an alert from something like a traditional intrusion detection system.
Compare that workflow with the possibilities provided by Network Security Monitoring:
Usually when I present this concept I take the opportunity to mention that Elvis studied American Kenpo with the founder of the style, Ed Parker. I also mention that Elvis frequently performed karate on stage, even doing so at someone else's concert!
Firefox Addon Fights Social Network Phishes
Crooks are targeting social network sites such as Twitter and Facebook with aggravating attacks that might send a message that reads "Don't Click! www.tinyurl.com/XXXXXXXX." But a Firefox addon called LongURL can quickly reveal the real URL and foil the scam.
NKill aims to catalog vulnerabilities of every computer
A security consultant is developing a search engine called NKill that aims to track the security vulnerabilities on every computer connected to the Internet, with the ability for users to search for vulnerable computers in a country or inside a specific company.
Optus flags participation in Net filtering trial
Australia's second largest internet service provider, Optus, will belatedly take part in the federal government's controversial internet filtering trial.
Shavlik puts cheap AV into patching system
Patching-to-security company Shavlik has announced the latest version of its NetChk Protect 7.0 software with a little surprise for the faithful. From version 7.0 on, anti-virus has been integrated at "insignificant" cost.
Trend Smart Surfing protects users from online scams
Trend Micro on Wednesday announced the release of Trend Smart Surfing for Mac. It's $70; a 30-day free trial is available for download.
Automation, Integration Key to Fighting Cyber Crooks
A familiar theme is taking shape at this year's RSA security conference: With cyber cooks growing more clever and insidious, security vendors who compete with one another have no choice but to come together to fight a common enemy.
Mozilla patches 12 Firefox bugs, a third of them critical
Mozilla Tuesday patched 12 security vulnerabilities in Firefox 3, just days before it hopes to roll out the newest beta of its next open-source browser, Firefox 3.5.
Making contextual judgments about access before authentication
Regular readers will know that I'm a big fan of context-based access. I like the idea of gathering as much context information as possible and using it for authentication and authorization as well as governance and entitlement. But suppose we could make contextual judgments about access even before authentication?
NSA chief: We don't want to run U.S. cybersecurity efforts
The director of the National Security Agency (NSA) Tuesday downplayed widespread concerns about his agency's growing role in national cybersecurity affairs.
NSA chief doesn't want to do cyber security solo
The National Security Agency doesn't want sole responsibility for running U.S. cyber security, the agency's director said Tuesday.
Ditch Adobe Reader for Better Security
The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative, he says.
Can you cut information security in hard times and survive
Although some analysts actually expect security spending to rise this year -- at least as a percentage of total IT spending -- some CIOs are giving serious thought to the once-unthinkable idea of trimming security budgets as businesses look to cut costs during this global recession.
Symantec introduces new Protection Suites
In a shift away from selling point-product solutions towards selling suite-based ones, Symantec Corp. Tuesday announced new Protection Suites and its new Endpoint Protection Suite for small businesses as part of its suite-based go-to-market approach.
Researcher wants hacker groups hounded mercilessly
Criminal cyber gangs must be harried, hounded and hunted until they're driven out of business, a noted botnet researcher said today as he prepared to pitch a new antimalware strategy later this week at the RSA Conference in San Francisco.
EMC, Symantec kick-off security barrage at RSA
McAfee and EMC’s RSA division and Symantec made announcements regarding products and acquisitions today at the RSA Conference here in San Francisco.
Upgraded tool tests SAP security weaknesses
Sapyto, a tool to test the security of SAP systems, has been upgraded with new plugins that allow more thorough testing, according to the tool's developer.
AirPatrol upgrades Wireless LAN-cellular intrusion prevention
The new version of AirPatrol's Wireless Locator System has been scaled up for big networks and includes an optional database to store location, intrusion, event and client data for Wi-Fi and cellular devices.
Lenovo shows tool to manage encrypted drives
PC maker Lenovo hopes to give IT managers a helping hand with encrypted hard drive systems after announcing a new password management tool.
RSA: IBM delivers on Phantom promise
IBM/ISS is making good on a promise it made at last year’s RSA event to deliver protection for virtual environments.
The state of spam 2009, Part 4
Jamie de Guerre, CTO of Cloudmark, talks about the latest antispam technologies coming out of Cloudmark's research labs.
Microsoft could be a winner in Sun-Oracle deal
Microsoft has had few critics more vocal than Oracle CEO Larry Ellison and Sun Chairman Scott McNealy. With their companies set to merge in a blockbuster $7.4 billion deal announced Monday, is it time for Microsoft to worry?
Net security, Windows 7 and Conficker under scrutiny
Cross-domain security on the Internet, Windows 7 vulnerabilities and the Conficker worm will be among the topics under scrutiny at the Hack In The Box Security Conference (HITB) held in Dubai this week.
Hackers break into Pentagon's fighter jet project
Hackers broke into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the Joint Strike Fighter, a $300 billion stealth fighter currently under development, according to The Wall Street Journal.
Verizon's cloud service offers 3 levels of security
When Verizon Business wheels out its cloud computing service this June, it will have a fistful of security credentials to give customers confidence.
Official: Cybersecurity review advances
Apr 22, 2009
President Barack Obama will review the results of the completed 60-day cybersecurity review, official says.
House panel wants cybersecurity briefing
Apr 22, 2009
After reports that information about the Joint Strike Fighter Program was stolen, the House Oversight and Government Reform Committee requests a briefing.
Experts: Clear data-sharing policies needed
Apr 22, 2009
Exports tell a Senate subcommittee that clear governmentwide policies are needed for sharing information believed to be related to terrorism.
Researchers: Botnet infects thousands of government computers
Apr 22, 2009
Company officials say nearly 2 million computers have been infected — some on U.S. government networks.
Interior Department to upgrade disaster monitoring
Apr 21, 2009
The U.S. Geological Survey will upgrade volcano, earthquake, and flood monitoring and warning systems.
Report: Hackers penetrate DOD computer systems
Apr 21, 2009
The Wall Street Journal reports that hackers broke into computer systems that had data on DOD’s Joint Strike Fighter project.
HHS releases guidance on securing electronic health data
Apr 20, 2009
The department issues guidelines on encryption and destruction to protect sensitive personal health records.
Administration addresses power grid weaknesses
Apr 17, 2009
The Obama administration is speeding development of cyber protections for the smart grid.
GAO urges review of ship-tracking plans
Apr 17, 2009
The Government Accountability Office wants the Coast Guard to make sure its plans to improve ship tracking electronically for security will add value.
Greater energy efficiency relies on better information
Apr 16, 2009
Agencies have until October 2012 to install power meters on many of their buildings to help them get a better sense of their energy consumption and identify areas for savings.
Verizon: Organized crime behind data breaches
Apr 16, 2009
The company studied 90 confirmed network breaches and found that 91 percent were linked to organized crime.
CIOs urge more telework programs
Apr 14, 2009
Officials also say managers need different skills to supervise employees who work at remote locations.
Obama administration said to consider military cyber command (NetworkWorld Security)
Time for an Internet A-Team? (SecurityFix Blog)
Adware Firm Zango Shuts Doors (E-Week Security)
ISC StormCast for Wednesday, April 22nd 2009
Spies Penetrate Pentagon's Joint Fighter-Jet Project (April 21, 2009)
Cyber spies have stolen tens of terabytes of design data on the US's most expensive costliest weapons system -- the $300 billion Joint Strike Fighte project.......
British Council Violated Data Protection Act, Says Information Commissioner's Office (April 17 & 20, 2009)
The UK Information Commissioner's Office says that the British Council's loss of an unencrypted disk containing personally identifiable information constitutes a breach of the Data Protection Act.......
UK's Regulation of Investigatory Powers Act Under Review Due to Alleged Overuse (April 17, 2009)
UK Home Secretary Jacqui Smith has announced a review of the Regulation of Investigatory Powers Act (RIPA) following complaints that the powers had been invoked for trivial offenses, including littering and taxi overcharging.......
Dept. of Health and Human Services Issues Electronic Health Record Data Security Guidance (April 20, 2009)
The US Department of Health and Human Services has released a document offering guidance on protecting electronic health record data.......
Aneesh Chopra Named White House CTO (April 18 & 20, 2009)
President Barack Obama has named Aneesh P.......
Newly Released Documents Shed (a Bit) More Light on FBI's Spyware (April 16, 2009)
Documents obtained under the Freedom of Information Act (FOIA) indicate that the FBI has used technology known as a computer and Internet protocol address verifier, or CIPAV, in a number of cases over the last seven years.......
NSA Wiretaps Have Exceeded Limits (April 15, 2009)
US government officials said that the National Security Agency's (NSA) domestic wiretaps have gone beyond established legal limits.......
Guilty Plea in Pirated Software Case (April 17, 2009)
Gregory William Fair has pleaded guilty to charges of criminal copyright infringement and mail fraud stemming from the sale of pirated software on eBay.......
MySpace Employee Stole Co-Workers' Personal Information (April 18 & 20, 2009)
A MySpace employee allegedly stole personal information, including Social Security numbers (SSNs), of his co-workers.......
Secure Shell Attacks (April 18, 2009)
Administrators are being urged to protect their networks from a new wave of Secure Shell (SSH) attacks.......
Baker College Wins Cyber Defense Competition (April 20, 2009)
A team of eight students from Baker College in Flint, Michigan took top honors at the National Collegiate Cyber Defense Competition, held April 17-19 in San Antonio, Texas.......
NSA Chief: 'We Do Not Want to Run Cyber Security'
By Kim Zetter
The general running the National Security Agency tells the RSA conference that the spy agency does not want be be charged with overseeing cybersecurity in the United States. There appears to be some disagreement in the higher levels of government.
Cyberspies Hack Into U.S. Fighter Project: Report
By Reuters
WASHINGTON (Reuters) - Computer spies have repeatedly breached the Pentagon's costliest weapons program, the $300 billion Joint Strike Fighter project, The Wall Street Journal reported on Tuesday.
The newspaper quoted current and former government officials familiar with the matter as saying the intruders were able to copy and siphon data related to design and electronics systems, making it potentially easier to defend against the plane.
The spies could not access the most sensitive material, which is kept on computers that are not connected to the Internet, the paper added.
Citing people briefed on the matter, it said the intruders entered through vulnerabilities in the networks of two or three of the contractors involved in building the fighter jet.
Lockheed Martin Corp is the lead contractor. Northrop Grumman Corp and BAE Systems PLC also have major roles in the project. Lockheed Martin and BAE declined comment and Northrop referred questions to Lockheed, the paper said.
The Journal said Pentagon officials declined to comment directly on the matter, but the paper said the Air Force had begun an investigation.
The identity of the attackers and the amount of damage to the project could not be established, the paper said.
The Journal quoted former U.S. officials as saying the attacks seemed to have originated in China, although it noted it was difficult to determine the origin because of the ease of hiding identities online.
The Chinese Embassy said China "opposes and forbids all forms of cyber crimes," the Journal said.
The officials added there had also been breaches of the U.S. Air Force's air traffic control system in recent months.
(Writing by Peter Cooney; Editing by John Stonestreet)
Click Fraud Rate Dropped in Q1
Incidence of this search advertising scam had hit a record high in Q4
Cloud Computing a 'security Nightmare,' Says Cisco CEO
Swamp computing might be a more appropriate name says one security expert.
Firefox 3.0.9 Fixes Bugs So You Don't Have to
It's true: Mozilla has released a new maintenance and security update for Firefox.
How IT Must Prepare for Windows 7
Here are the top five Windows 7 features that IT managers need to understand now.
Malware Seeks to Alter Your Reality
Today's malware uses subtle tricks, like modifying the Google page you see, to rake in illegal profits.
Is the FBI Behind Spyware?
In the pursuit of cybercrooks, the FBI is casting itself as an ethical hacker.
Virtualization Is 'the New Mainframe,' VMware Says
The company hopes customers will run big enterprise applications on its platform
NSA Chief Doesn't Want to Do Cyber Security Solo
His comments follow criticism that the NSA plays too large of a role
Ditch Adobe Reader for Better Security
Tthe program is a top hacker target, says a security researcher with F-Secure, and you should use an alternate program.
Fighter Jet Hack Far From First Government Breach
Cyberspies hacked into government computers and gathered data on a next-generation stealth fighter, but it's far from the first U.S. cyber-break in.
Tap In Systems Monitors and Runs in the Cloud
Its Cloud Management Service integrates with Amazon's cloud platform
Can You Cut Information Security in Hard Times and Survive?
Although some analysts actually expect security spending to rise this year--at least as a percentage of total IT spending--...
Posts
No comments:
Post a Comment