Network Security

• 
  Network World on Security

• Cyberattacks on U.S. military jump sharply in 2009

  Robert McMillan

  20 Nov 2009 | 8:00 am

  Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

• Three indicted for Comcast hack last year

  Nancy Gohring

  20 Nov 2009 | 8:00 am

  Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.

• EU security agency highlights cloud computing risks

  Mikael Ricknäs

  20 Nov 2009 | 8:00 am

  Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency (ENISA).

• Security pro says new SSL attack can hit many sites

  Robert McMillan

  20 Nov 2009 | 8:00 am

  A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

• Cisco's free iPhone app grabs security feeds

  Ellen Messmer

  20 Nov 2009 | 8:00 am

  Cisco has made available a free iPhone app that can be used to receive over a dozen security-related information feeds in customizable form related both to Cisco products and to general security topics, such as newly detected threats.

• 
  COMPUTERWORLD: Networking Security

• Security pro says new SSL attack can hit many sites

  19 Nov 2009 | 11:17 pm

  A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

• Cyberattacks on U.S. military jump sharply in 2009

  19 Nov 2009 | 7:12 pm

  Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

• UK police reveal arrests over Zeus banking malware

  18 Nov 2009 | 7:59 am

  British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.

• Merchants caught in middle of Heartland, VeriFone dispute

  17 Nov 2009 | 11:00 am

  Tens of thousands of customers of Heartland Payment Systems are finding themselves caught in the middle of an escalating war between the payment processing vendor and point-of-sale terminal vendor VeriFone Inc.

• Clear Metrics for Cloud Security? Yes, Seriously

  17 Nov 2009 | 8:12 am

  In the second installment of his series on "Clearing the Cloud," security expert Ariel Silverstone proposes some clearer definitions and metrics to improve cloud security.

• 
  Computerworld Security News

• Teen gets prison term for attack on Scientology Web site

  20 Nov 2009 | 12:16 pm

  A New Jersey teenager was sentenced to a year in jail and was fined $37,500 after pleading guilty to charges in connection with a DDOS attack on the Church of Scientology Web site.

• Judge sets schedule for Google book search case

  20 Nov 2009 | 7:15 am

  The judge in the copyright infringement case pitting the Authors Guild and the Association of American Publishers (AAP) against Google and its book search program has set a date for the final hearing on the parties' controversial settlement proposal.

• Banks on watch after suspected card breach

  20 Nov 2009 | 6:29 am

  An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.

• Three indicted for Comcast hack last year

  20 Nov 2009 | 4:36 am

  Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.

• Security pro says new SSL attack can hit many sites

  20 Nov 2009 | 4:34 am

  A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

• 
  Google: Network Security News

• Second-busiest IPO week this year shows mixed performance - Renaissance Capital

  20 Nov 2009 | 2:30 pm

  Second-busiest IPO week this year shows mixed performanceRenaissance CapitalThis week was the second-busiest IPO week of 2009 with network security specialist Fortinet (FTNT) making its debut on Wednesday, followed by four Archipelago Learning 6.25M-Share IPO Priced At $16.50 EachWall Street Journalall 113 news articles »

• IT security for medical devices a problem, officials say - FCW.com

  20 Nov 2009 | 12:26 pm

  IT security for medical devices a problem, officials sayFCW.comNetwork engineers are often blocked from using network security tools on the medical devices, Roger Baker, va's chief information officer, and Steph Warren,

• Health agency execs explore network security boundaries, performance - Government Health IT

  20 Nov 2009 | 11:07 am

  Health agency execs explore network security boundaries, performanceGovernment Health IT for Standards and Technology (NIST) rules call for federal agencies to enhance their network security and continuously monitor their network traffic.

• Beware business cloud dangers, says EU agency - ZDNet UK

  20 Nov 2009 | 8:46 am

  SYS-CON Media (press release)Beware business cloud dangers, says EU agencyZDNet UK"There is very little in the way of tools and standards for exporting data from one provider to another," said Enisa network security expert Giles Hogben. Report: How risky is cloud computing?CNET News5 steps to secure your data centerGCN.comEU Security Agency Highlights Cloud Computing RisksPC WorldGovInfoSecurity.com -Public Service -Dark Readingall 28 news articles »

• Bluetooth® Reader offers hands-free network log-on. - ThomasNet Industrial News Room (press release)

  20 Nov 2009 | 5:35 am

  Bluetooth® Reader offers hands-free network log-on.ThomasNet Industrial News Room (press release)Unit supports HID on the Desktop(TM), enabling organizations to implement network security by using same enterprise-wide physical access control cards to and more »

• 
  Google Online Security Blog

• Do machines dream of electric malware?

  Panayiotis Mavrommatis

  29 Oct 2009 | 3:17 pm

  Posted by: Oliver Fisher, Anti-Malware TeamWe've explored Google's anti-malware processes several times recently, as well as our efforts to work with webmasters to help protect their users. However, there's been some confusion about the objectivity of our scanning and flagging procedures.Google uses fully automated systems to scan the Internet for potentially dangerous sites. These systems help detect sites infected with malware and then add a warning that appears in Google search results and in many web browsers. We flag sites in this way to help protect users who might visit them. The…

• Best Practices for Verifying and Cleaning up a Compromised Site

  Panayiotis Mavrommatis

  22 Oct 2009 | 10:38 am

  Written by Panayiotis Mavrommatis, Security Team As part of Cyber Security Awareness Month, Google's Anti-Malware Team is publishing a series of educational blog posts inspired by questions we've received from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center…

• Protecting Users and Ads from Malware

  Jay

  16 Oct 2009 | 2:05 pm

  Posted by Eric Davis, Head of Anti-MalvertisingAs part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/.At Google, we always aim to provide users with useful, relevant information. Readers of this blog know that we also work hard to detect malicious content on the web and protect users from harm. But did you know that we strive…

• Show Me the Malware!

  Panayiotis Mavrommatis

  12 Oct 2009 | 3:53 pm

  written by Lucas Ballard, on behalf of the Anti-Malware, Anti-Malvertising, and Webmaster Tools teamsAs part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.To help protect users against malware threats, Google has built…

• The Malware Warning Review Process

  Panayiotis Mavrommatis

  9 Oct 2009 | 10:38 am

  written by Lucas Ballard and Ke Wang, Anti-Malware TeamAs part of Cyber Security Awareness Month, Google's Anti-Malware Team is publishing a series of educational blog posts inspired by questions we've received from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help…

• 
  Security Watch

• 2,100 ATMs Worldwide Hit at Once

  20 Nov 2009 | 11:34 am

  A world-wide gang of criminals stole money from over 2,100 ATMs one year ago according to information released by the FBI. The machines were in at least 280 cities in the US, Canada, Italy, Hong Kong, Japan, Estonia, Russia, Ukraine and elsewhere.. The attack was coordinated by "...three 20-something Eastern Europeans and an unnamed person called simply 'Hacker 3'." These individuals were charged earlier this month following an investigation involving the FBI, other federal agencies and agencies abroad. One of the masterminds, a 28 year-old Moldovan uncovered a vulnerability in the networks…

• SSL/TLS Protocol Flaw Subject to Redirect Attack

  20 Nov 2009 | 11:07 am

  A recently-revealed weakness in the SSL3 and TLS protocols for secure networking could allow an attacker, positioned as a "man in the middle," to redirect a client from an https site to other sites, according to research reported in Computerworld. I'm on record downplaying the severity of this problem and I still look on it as an attack that doesn't scale, but it's disturbing to see the implications of the vulnerability escalate. I was not all that impressed with the first proof of concept, exploiting a separate vulnerability in Twitter, but successful exploitation of this version of the…

• The (Spyware) Doctor Is In

  20 Nov 2009 | 8:37 am

  Spyware Doctor is a household name, and Spyware Doctor with AntiVirus 2010 is our current editor's choice for standalone antivirus/antispyware. But did you know that for $10 more you can super-size your protection? Spyware Doctor is the core of PC Tools Internet Security 2010, a lightweight security suite that adds a firewall, spam filter, phishing protection and a site-rating browser toolbar.In testing, the firewall did its job, putting all ports in stealth mode and preventing unauthorized programs from accessing the Internet. Well, it did after I tweaked its settings. The firewall blocks…

• Scareware Downloads Porn On Your System

  18 Nov 2009 | 3:03 pm

  In a YouTube video, AVG's Roger Thompson shows a new kind of scareware attack with a really scary twist. Most of the attack is mundane stuff by now: A legitimate web site is hacked to include links to load a fake malware scan. This scan, however, includes pornographic pictures which it claims were found on your computer. Of course they were not found on your computer, they were downloaded to your computer by the fake scan in order to create a sense of panic and press you to buy the fake removal software. Not much more to say about this, other than to recognize these things when you see them…

• Google Fixes Chrome Flaw Reported by Microsoft

  18 Nov 2009 | 1:23 pm

  Google has released an update to Google Chrome Frame that fixes several crashes and other bugs and one High-severity security issue. Google Chrome Frame, in case you don't remember, is a plug-in version of the Chrome browser that runs inside Internet Explorer. If a web page uses features unsupported by IE, like the HMTL5 video tag, then Google Chrome Frame kicks in and renders it. When it was announced Microsoft said that they weren't all that hot on the idea and didn't recommend using it. The security problem fixed in the update is a cross-origin violation issue, but it's noteworthy because…

• 
  SearchSecurty: Tactics

• How to prepare for a secure network hardware upgrade

  10 Nov 2009 | 6:31 am

  Thanks to the spread of 64-bit technologies and the growing interest in IPv6 -- not to mention the possibility of a merger or acquisition -- a major network hardware upgrade is a definite possibility for many organizations. Michael Cobb shows you how to prepare for the transition.

• Preventing SQL injection attacks: A network admin's perspective

  3 Nov 2009 | 5:32 am

  Your database administrators and application developers should certainly be following best practices to avoid SQL injections, but Michael Cobb explains how network admins can do their part to fight those security exploits.

• Screencast: How to launch an OpenVAS scan

  27 Oct 2009 | 7:26 am

  In this screencast, Peter Giannoulis demonstrates the OpenVAS Linux/Unix-based assessment and penetration testing tool.

• Endpoint protection best practices manual: Combating issues, problems

  20 Oct 2009 | 5:32 am

  In this endpoint protection best practices manual, you will learn how to employ effective endpoint security controls, technologies and policies, and well as defining methods and techniques for developing a multilayered defense system. This guide also highlights best practices for installing endpoint protection systems and information on endpoint protection product costs and pricing information.

• Wireless network guidelines for PCI DSS compliance

  18 Oct 2009 | 9:00 pm

  The PCI Security Standards Council recently released additional guidance for WLANs, but do they make the compliance process easier? Contributor Ben Rothke examines the key points of the new guidelines and offers additional advice for organizations with existing Wi-Fi networks.

• 
  SearchSecurity: Security Wire Daily

• Increase in Gumblar backdoors poses FTP credential problems

  20 Nov 2009 | 5:58 am

  Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

• Hackers to sharpen malware, malicious software in 2010

  19 Nov 2009 | 12:02 pm

  Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.

• Health Net healthcare data breach affects1.5 million

  19 Nov 2009 | 5:41 am

  A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net customers.

• Massive T-Mobile UK security breach involves insiders

  18 Nov 2009 | 7:23 am

  A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors.

• InZero Systems launches hardware-based security gateway

  17 Nov 2009 | 2:52 pm

  New InZero gateway uses hardware to halt malware by separating the endpoint from the network and isolating desktop software.

• 
  Martin McKeay: Network Security

• No podcast this week

  netsecpodcast@mckeay.net (Martin McKeay)

  18 Nov 2009 | 9:44 am

  We worked at it, we really did. I made special arrangements to be able to Skype in from my hotel room, Zach called in from home and Rich recorded everything at his home office. It all worked out. Or so we thought. When Rich went back to edit the podcast he found that his software had failed without warning and all he had recorded was his own audio, which might be interesting as a funny aside some day, but hardly makes for a satisfying podcast. We’ll back next week. I’m still on the road, Rich will be doing the recording again, but this time he’ll be recording to a secondary…

• Masking vs. Truncating

  netsecpodcast@mckeay.net (Martin McKeay)

  12 Nov 2009 | 8:02 pm

  I don’t get a ton of questions about PCI sent to me, but from time to time someone asks a question that deserves a blog post.  Earlier today I received a question from a reader, Michele, that reflects a common misunderstanding in the PCI sphere: I was reviewing the PCI DSS 1.2 section 3.4 yesterday, and was surprised to see that “masking” was not an option for PAN at rest / storage.  Am I interpreting it correctly that it must be encrypted while stored, but upon display it would be decrypted and masked?  To further that thought, if we receive PAN already masked and…

• Network Security Podcast, Episode 173

  netsecpodcast@mckeay.net (Martin McKeay)

  10 Nov 2009 | 3:09 pm

  It’s one of those glorious days we all look forward too; all of the regular hosts of the podcast are on the road and in most cases thousands of miles from home.  Luckily we planned ahead and this week Martin is joined by Adrian Lane of Securosis instead of the usual cast of characters.  We recorded a couple of days early so that we’d have a podcast out, even though we probably missed one or two breaking stories.  Not that we’d know, since we’re all on the road and have limited access to our news feeds and Twitter.Network Security Podcast, Episode 173,…

• Simple worm RickRolls jailbroken iPhones

  netsecpodcast@mckeay.net (Martin McKeay)

  8 Nov 2009 | 10:36 am

  I knew it had to be just a matter of time before someone took advantage all of the jailbroken iPhones and created another malicious tool to pwn them.  This time the attacker has been RickRolling iPhone users, changing the background on the phones to a picture of Rick Astley.  The worm is fairly simple and uses the default password set up on the SSH daemon when you jailbreak your iPhone, so if you’ve taken the 5 minutes required to change the password, you’re perfectly safe from the effects of the worm.  Of course, it’s written by someone in Australia going by…

• Ethics of spilled COFEE

  netsecpodcast@mckeay.net (Martin McKeay)

  8 Nov 2009 | 9:06 am

  Last year Microsoft released a tool called COFEE (Computer Online Forensic Evidence Extractor) to law enforcement agencies around the nation and around the world a couple of years ago.  While COFEE is a professional tool, it’s meant for the average police officer who may not have a lot of experience with computers; you just plug a USB key with COFEE installed and if autorun is enabled on the computer, it will run a series of diagnostics, writes a report and generally gives a quick and dirty analysis of the computer.  It’s not an exhaustive tool and most of the commands…

• 
  Security Fix

• Alpha Software disclosure leads to confusion

  20 Nov 2009 | 10:15 am

  A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real. Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed by similarly confused users posting to the company's online forum. The e-mail notice to affected customers reads: November 9, 2009 Dear Customer, We have been informed that there has been a security breach at the Internet Service Provider where our web…

• FDA targets rogue Internet pharmacies

  19 Nov 2009 | 1:45 pm

  The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs. The FDA's office of criminal investigations said it sent 22 warning letters to the operators of the sites, and alerted the appropriate ISPs and domain name registrars that the sites were selling phony pharmaceuticals, all without requiring a prescription. The agency said none of the sites represent pharmacies located in the United States or Canada, as most claim. According to the letters sent to…

• Bill would ban P2P use on federal networks, PCs

  18 Nov 2009 | 9:50 am

  The chairman of the House Oversight and Government Reform Committee introduced legislation on Tuesday to prohibit the use of peer-to-peer (P2P) file-sharing software across all federal government computers and networks. The "Secure Federal File Sharing Act" would direct the White House's Office of Management and Budget to issue guidelines barring the use and/or installation of P2P software on federal systems, unless otherwise approved for a specific purpose. The bill also calls on OMB to develop a policy that would extend to networks and computers operated by agency contractors, as well as to…

• Featured Advertiser

  18 Nov 2009 | 6:33 am

• Experts: Smart grid poses privacy risks

  18 Nov 2009 | 6:33 am

  Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called "smart grid" efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers' daily power consumption. "The modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information," warns a report (PDF) jointly released Tuesday by the Ontario…

• 
  DarkReading

• ENISA Offers Security Recommendations For Cloud Services

  19 Nov 2009 | 8:04 pm

  New ENISA report outlines security benefits and risks of cloud services, offers guidelines for choosing providers

• Product Watch: Ksplice Wins Global Cybersecurity Challenge

  19 Nov 2009 | 2:10 pm

  Startup wins award for software that delivers security updates without a reboot

• In-Q-Tel Joins Forces With FireEye To Fight Cyberthreats

  19 Nov 2009 | 1:39 pm

  FireEye sells an out-of-band security appliance that monitors all inbound network traffic

• New IBM Database Flaw Could Affect Several Other Vendors' Products

  19 Nov 2009 | 1:08 pm

  Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView

• Firefox 3.6 Beta 3 Debuts

  19 Nov 2009 | 12:37 pm

  Mozilla made structural change that aims to improve the browser's stability

• 
  SearchNetworking

• Enterprises demand next-generation firewalls with IPS, app visibility

  29 Oct 2009 | 8:58 am

  Next-generation firewalls are getting plenty of hype, but not many vendors have completely solved the firewall architecture challenges involved in combining firewalls with IPS and other network security functions.

• Network user management

  14 Oct 2009 | 2:41 pm

  While networking professionals protect their network perimeters, they must be just as careful to manage users on the inside. How can admins enforce network security policies and allocate user permissions? Take a look at these problem user profiles to guide you in network user management.

• Desktop virtualization network challenges: A primer

  13 Oct 2009 | 2:38 pm

  Virtual desktop infrastructure is seeing speedy uptake, but desktop virtualization network challenges mean investing in load balancing, traffic prioritization and even more bandwidth to support real-time applications to the desktop.

• Preventing hacker attacks with network behavior analysis IPS

  13 Oct 2009 | 5:43 am

  Deter enterprise network attacks by learning how network behavior analysis can be used to protect data. Understand the advantages and disadvantages of anomaly-based and signature-based protection and how to use them together to secure your network against complex hacks.

• Network security risks multiply when enterprises begin outsourcing

  7 Oct 2009 | 8:45 am

  Network security risks of outsourcing tech jobs worry IT executives, according to a new survey. Without the right protections, outsourcing could expose companies to a network security breach.

• 
  Techworld.com Security

• How to avoid joining a botnet

  20 Nov 2009 | 2:59 am

  3 easy steps to web securityBanging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding.

• Microsoft denies building security 'backdoor' in Windows 7

  19 Nov 2009 | 9:48 pm

  Privacy organisations shouldn't read too much into NSA involvement it saysMicrosoft has denied building a backdoor into Windows 7, responding to concerns from privacy organisations after it was revealed that the National Security Agency (NSA) had worked on the operating system.

• Pentagon expands exclusive deal with McAfee

  19 Nov 2009 | 2:57 am

  Department of Defense uses McAfee productsThe US Defense Department is expanding its exclusive arrangement with McAfee, whose security software is at the heart of the military's cybersecurity efforts.

• Police arrest pair over global banking web scam

  19 Nov 2009 | 1:15 am

  Man and woman arrested in Manchester for using notorious Zeus TrojanBritish police said they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.

• Security star Fortinet sets price for IPO

  18 Nov 2009 | 4:02 am

  Investors still have taste for tech.Security star-in-the-making Fortinet has announced more details of its initial public offering (IPO), which was able to set a price of $12.50 (£7.40) per share.

• 
  Computer Security News

• Hackers Infiltrate World's Leading Climate Research Unit

  20 Nov 2009 | 11:20 am

  The email system of one of the world's leading climate researchers was just reported to be infiltrated by hackers.

• Security Pro Says New SSL Attack Can Hit Many Sites

  20 Nov 2009 | 6:48 am

  A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet.

• How Robert Pattinson Can Really Bite You

  20 Nov 2009 | 2:16 am

  Beware, "New Moon" fans: Hackers are taking advantage of the latest "Twilight" movie to try and bite into your computer.

• Feds Charge 3 With Comcast.net Hijacking

  19 Nov 2009 | 9:49 pm

  Three alleged members of the hacker gang Kryogeniks were hit with a federal conspiracy charge Thursday for a 2008 stunt that replaced Comcast's homepage with a shout-out to other hackers.

• Building an Online Bulwark to Fend Off Identity Fraud

  19 Nov 2009 | 5:12 pm

  Published: Thursday, November 19, 2009 at 10:29 a.m. Last Modified: Thursday, November 19, 2009 at 11:26 a.m. A clotheshorse racked up thousands of dollars in mystery charges on a friend's credit card.

• 
  Speaking of Security

• Curse of the Were-Laptop

  19 Nov 2009 | 4:00 pm

  Richmond, Virginia - Sunday 8:00 PM ET The storm outside sent wave after wave of heavy rain drops that banged on the large window, trickling down into the garden bushes below. Distant thunderclaps rolled, making the glass vibrate every other minute, not before the bright flashes of lightning lit Jack's study.

• Social Networking and the Government -- Weighing the Benefits vs. the Pitfalls

  17 Nov 2009 | 4:00 pm

  Organizations everywhere have been rapidly adopting the use of social networking tools over the last couple of years and recent data suggests that the use of these tools has exploded exponentially in enterprises during the last six months of 2009. For more on that phenomenon, see this recent story in Government Computer News. During its first year, the Obama Administration has encouraged the adoption of social networking tools by federal government agencies to help increase information sharing, improve collaboration, and foster more transparency in government.

• Speaking of Security #169

  17 Nov 2009 | 4:00 pm

  Click to Download/Listen This week's Speaking of Security podcast presents an interesting discussion on healthcare data and the fraudster underground.

• The Heist

  12 Nov 2009 | 4:00 pm

  A stealthy hack into a financial system; manipulation of data by exploiting hidden vulnerabilities; an international cash-out operation of gargantuan proportions reminiscent of Al-Qaeda multiple-attack plan. FBI agents working internationally to trace the criminals and bring them to justice. All the elements of a good Hollywood Heist film, except it happened for real.

• When Renegotiation is a Bad Thing: MITM Attacks on SSLv3/TLS Protocol

  11 Nov 2009 | 4:00 pm

  Over the last few days, an attack against the SSLv3/TLS protocol was made public.  The following is my opinion based on public information and industry discussion. TLS is the current version of a protocol that was originally developed by Netscape (under the name of SSL).  The protocol was originally developed to secure connections between a web browser and a web server.  The protocol has since found application in areas as diverse as protecting email services to virtual private networks.  It is the Internet standard for communication between programs running on different…

• 
  Hot Security News

• BitDefender Top Ten Malware Threats for October 09

  3 Nov 2009 | 12:55 pm

  The top spot on BitDefender's Top Ten list of e-threats for October is once again Trojan.Clicker.CM, which is mostly present on websites hosting illegal applications such as cracks, keygens and serial numbers for popular commercial software applications. It is typically used to force advertisements inside the browser and comprises 9.47 percent of infected files this month.

• Nov. 09 Microsoft Security Intelligence Report

  3 Nov 2009 | 12:29 pm

  Microsoft Corp. today released the seventh volume of the  (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.

• StopSign AntiVirus and Anti-Malware is Windows 7 Compatible

  7 Oct 2009 | 1:19 pm

  The engineers at StopSign™ have updated their state-of-the-art malware and spyware Internet security programs to ensure they are Windows 7 compatible, even before the highly anticipated operating system hits the market for purchase by the general public. StopSign™, one of the leaders in antivirus and malware/spyware protection, is proud to announce its Internet security software is now Windows 7 compatible.

• New Outlook Backup and Migration Software By Disk Doctors

  7 Oct 2009 | 1:11 pm

  Disk Doctors Smart Email Backup helps users to easily migrate Outlook emails along with all its settings &attributes to a newer version of Outlook or migrating Outlook from Windows XP/Windows Vista to Windows 7. Along with migration this tool provides a very simple complete Outlook Backup mechanism.

• Microsoft Security Essentials, FREE Security Tool Just Released

  30 Sep 2009 | 2:20 am

  Microsoft Security Essentials, Microsoft Corp.’s new no-cost, core anti-malware service that helps protect consumers against viruses, spyware and other malicious software, is available starting Tuesday, Sept. 29. Microsoft Security Essentials, independently certified by West Coast Labs, is backed by the company’s global security response team and is built on the same award-winning core security technology found in the company’s security solutions for businesses. It requires no registration, trials or renewals and is available for download directly from Microsoft at…

• 
  CNET: Crave Security Blog

• Two new remote Webcams: Mole and Vue

  Rafe Needleman

  10 Nov 2009 | 3:56 pm

  One is small and simple but fails as a security camera; the other is big and ugly but does it all. Originally posted at Rafe's Radar

• Divining rod reborn as explosive-detection device

  Darius Chang

  6 Nov 2009 | 6:00 am

  The Iraqi government has purchased more than 1,500 units of the ADE 651, a bomb detector that makes very questionable claims.

• Hacker breaks into jailbroken iPhones, asks for $7

  Elinor Mills

  3 Nov 2009 | 12:29 pm

  A hacker asks victims to pay $7 to get instructions for fixing a security hole in their jailbroken iPhones. Originally posted at InSecurity Complex

• Get Norton Internet Security 2010 for $9.99

  Rick Broida

  28 Oct 2009 | 10:11 am

  That's an incredible price for a highly rated security suite with three user licenses. Just be prepared to fill out a pair of rebate forms and wait 8-10 weeks on your $50. Originally posted at The Cheapskate

• Hands on: Lexar total security thumbdrive

  Dong Ngo

  8 Oct 2009 | 4:21 pm

  Lexar's new thumbdrive can keep your data safe, even when you lose it.

• 
  eWeek: Security

• Three Charged in Comcast Cyber-Attack

  20 Nov 2009 | 6:27 am

  Three men were charged by federal indictment Nov. 19 in connection with attacking Comcast.net and redirecting traffic to sites under their control. The group altered Comcast's DNS records and is estimated to have cost the company more than $128,000. - Three men have been charged by federal authorities for redirecting traffic for Comcast.net last year to sites under the trios control. According to the FBI, Christopher Allen Lewis, 19, of Newark, Del., Michael Paul Nebel, 27, of Kalamazoo, Mich., and 20-year-old James Robert Black Jr. o...

• Microsoft Uncovers Vulnerability in Google Chrome Plug-in for IE

  20 Nov 2009 | 5:42 am

  Microsoft uncovers a vulnerability in a controversial Google plug-in for Internet Explorer that could be exploited to bypass cross-origin protections. Google patched the issue this week in an update. - Microsoft researchers uncovered a flaw in the Google Chrome Frame plug-in for users of Internet Explorer. According to Google, which patched the problem Nov. 18 with an update, the vulnerability could be exploited to bypass cross-origin protections. The plug-in which injects Google Chromes ren...

• Google Chrome OS Security Model Breaks the Traditional Mold

  19 Nov 2009 | 1:42 pm

  With Chrome OS, Google says it has abandoned the traditional operating system security model and put its focus on using process isolation, verified boot, encryption and system hardening to protect users. - Google previewed Chrome OS Nov. 19 and opened up about how its security strategy deviates from the traditional model for securing today's operating systems. In a presentation, Google painted a picture of a slim operating system that uses a combination of sandboxing, encryption of user data...

• Up Close and Technical look at SocialPet

  19 Nov 2009 | 1:36 pm

  SocialPet, a new product from Jetmetric, lets administrators send fake phishing e-mails to selected employees to determine which ones know enough to ignore the messages and which dont - posing a threat to company security. - Video Content....

• 10 Lessons Google Must Learn About OS Security

  19 Nov 2009 | 12:09 pm

  News Analysis: Google is new to the operating system market, so it has to demonstrate that it understands how to build and maintain a secure Web OS. The history of Windows security has shown there are many avenues of attack against a desktop operating system. There are even more potential attack strategies for an online OS. But whether Google has learned the many hard lessons of Web security is very much in doubt at this point. - Much has been made of Google's intentions in the operating system space. The company has made it clear that it wants its products to be used on netbooks. It wants to…

• 
  Security Watch

• New Study Provides Real-World Data on Leading Software Security Initiatives in Europe

  Fortify Software, the market leader in Software Security Assurance solutions, and Cigital, the largest software security consulting firm in the world, announced today the release of the Building Security In Maturity Model for Europe or “BSIMM Europe,” an application of the industry’s first-ever set of benchmarks for developing and growing ...

• Check Point Awarded International Common Criteria EAL4 Certification for Full Disk Encryption

  Check Point Software Technologies Ltd, the worldwide leader in securing the Internet, today announced Check Point Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 has received Common Criteria Evaluation Assurance Level 4 (EAL4) certification from the National Information Assurance Partnership (NIAP). Government agencies and security-conscious enterprises that require EAL4 certification ...

• Cyber-Ark Expands Into Superuser Access Control Market

  When it comes to managing privileged identities, most enterprises have been forced to invest in separate solutions to manage the lifecycle and access-control policies across all shared and superuser accounts, resulting in cumbersome controls, inconsistent policies and audit gaps. With the newest version of its Privileged Identity Management Suite, ...

• NetAge joins the Neptuny Business Partner Program

  Neptuny, the leading provider of Performance Optimization and IT Resource Management solutions for large data centers and networks, today announced that NetAge Solutions GmbH, a German-based innovative consulting firm, has joined the Neptuny Business Partner Program. The Neptuny Business Partner Program is designed to support partners in reselling its solutions ...

• Financial Executive Is Keynote Speaker for ISACA’s 2010 EuroCACS Conference in Budapest

  ISACA, the not-for profit IT security, governance and assurance association with more than 80,000 members worldwide, has revealed that the keynote speaker for its world-leading European Computer Audit, Control and Security (CACS) Conference will be Dániel Némethy, general manager of the KBC Global Services branch in Hungary and CIO of ...

• 
  Network Security Podcast

• Network Security Podcast that Wasn’t

  rmogull

  16 Nov 2009 | 5:49 pm

  Due to a technical failure, we ended up with a podcast that was only one half of the Skype conversation. Since Martin was traveling, only one of us was recording, and as a result we lost all of it. Thus here are the show notes Martin, Zach, and I talked about… but you will never hear. Microsoft confirms Windows 7 Exploit. OWASP is updating the Top 10 for 2010. Mike Bailey’s Flash exploit worth taking seriously. Rich’s post on it. Most security products fail initial certification testing. Is the security industry too cliquish?

• Network Security Podcast, Episode 173

  martin

  8 Nov 2009 | 9:37 pm

  It’s one of those glorious days we all look forward too; all of the regular hosts of the podcast are on the road and in most cases thousands of miles from home.  Luckily we planned ahead and this week Martin is joined by Adrian Lane of Securosis instead of the usual cast of characters.  We recorded a couple of days early so that we’d have a podcast out, even though we probably missed one or two breaking stories.  Not that we’d know, since we’re all on the road and have limited access to our news feeds and Twitter.Network Security Podcast, Episode 173,…

• The Network Security Podcast, Episode 172

  rmogull

  3 Nov 2009 | 4:55 pm

  “The Episode that almost Wasn’t”  It’s been a day.  Shortly before we were scheduled to start, there was a pop and the power went out at Martin’s house.  Rich has issues of his own to deal with.  And Zach is … somewhere.  It was only because the local electric company responded quickly for the first time I can remember were we able to squeeze in a podcast recording between emergencies.  And now that we’ve recorded and posted, it’s time to put our noses back to the grindstone and work for a couple more hours. Network…

• The Network Security Podcast, Episode 171

  martin

  27 Oct 2009 | 8:32 am

  Before we proceed with the show notes, may we please have a moment of silence for the passing of Geocities, the last refuge of the blink tag. (The rest of the show is all about security stuff, and we even have all three of us on together again, but I’m just too chocked up over the death of Geocities for proper show notes. It was as if a million cheesy fan sites cried out, and were suddenly silenced.) This really is Episode 171, even if I called it 170 at the beginning of the podcast – Martin Network Security Podcast, Episode 171Time:  38:54 Show Notes: Rapid7 Acquires…

• Network Security Podcast, Episode 170

  martin

  20 Oct 2009 | 8:02 pm

  For the first time in a long time, Martin, Rich, and Zach are all together on the podcast. Sorry we missed last week, but we’ve all been dealing with job changes (Zach and Martin) or vacations in tropical paradises (Rich). After a brief wandering to talk about Halloween preparations, we get back on topic and catch up with some new stories, and a few from the week we missed. We talk about the evolution of security professionals, tokenization, and how the Danger/Sidekick thing had nothing to do with cloud computing. Network Security Podcast, Episode 170Time:  34:12 Show Notes: Josh…

• 
  WindowSecurity.com

• VIDEO: Securing Windows 7 desktops with AppLocker

  18 Nov 2009 | 1:00 am

  This video explains of the process of securing Windows 7 desktops using AppLocker utility.

• Microsoft Azure: Security in the Cloud

  11 Nov 2009 | 1:00 am

  What Microsoft is doing to address the biggest cloud security hot spots.

• Top 10 Windows Security Configurations: Where and How! (Part 3)

  3 Nov 2009 | 10:00 pm

  The final installation on Derek Melber's top 10 security configurations.

• Nessus Security Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software

  29 Oct 2009 | 12:00 am

  Nessus Security Scanner was selected the winner in the Security Scanner Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and AW Security Port Scanner were first runner-up and second runner-up respectively.

• Buffer Overflows, Data Execution Prevention, and You

  28 Oct 2009 | 2:00 am

  What a buffer overflow is, how it can allow a potential attacker to execute a code on your system and how data execution can be employed in order to safeguard against this threat.

• 
  Tenable Network Security

• Auditing 100,000 Hosts or More with Nessus

  Ron Gula

  18 Nov 2009 | 4:00 am

  Recently, the State Department Deputy CIO and CISO John Streufert participated in a podcast where he talked about moving past the Federal Information Security Management Act (FISMA) to a metrics based security program. Performing routine vulnerability scans is a key metric to his strategy and he referenced the State Department’s Tenable solution for accomplishing this. After this podcast, Tenable received several inbound requests for more information on very large-scale network scanning from a variety of federal and commercial organizations. This blog entry summarizes some of the political…

• Marcus Ranum Named "Industry Pioneer" By SC Magazine

  Paul Asadoorian

  17 Nov 2009 | 5:00 am

  Tenable's CSO Marcus Ranum was quoted in an article from SC Magazine titled "Industry pioneers". In it Marcus gives us some insight into how he perceives his accomplishments: “I like to think of myself as a filter for good ideas.” We also get some insight as to how he came up with the idea for building the world's first firewall: The firewall was really born on a day in 1986 when Ranum, then a network administrator at Johns Hopkins University, noticed something strange: Someone was able gain access to an MRI machine via a Sun Workstation default configuration. Nothing malicious happened,…

• Tenable Network Security Podcast - Episode 12

  Paul Asadoorian

  16 Nov 2009 | 10:38 am

  Welcome to the Tenable Network Security Podcast - Episode 12 Announcements A new blog post has been released that covers my experiences scanning Windows 7 with the latest version of Nessus 4.2 (yet to be released). Tenable in the news: Marcus Ranum Presents "Internet Nails" at TED, A Review of Nessus published by SC Magazine "Everyone needs a good network vulnerability scanner " was published Marcus Ranum was named one of the "industry pioneers" in a recent SC Magazine article, and Ron Gula was named in an article about market entrepreneurs also published by SC Magazine We're hiring! - Visit…

• Patch Tuesday - November 2009

  Paul Asadoorian

  13 Nov 2009 | 9:06 am

  Another Tuesday, another round of security bulletins from Microsoft. Are you patched? Nessus contains credentialed local checks for all security bulletins, and a network-based uncredentialed check for MS09-064. Severity is a Matter of Perspective What struck me as interesting this month are the severity ratings. Microsoft publishes these ratings as a guide to help customers evaluate the vulnerability risk. In many cases, they seem to be doing their customers a disservice. For example, a remotely exploitable vulnerability in Microsoft Word or Excel could be leveraged by attackers to compromise…

• Scanning Windows 7 With Nessus 4.2

  Paul Asadoorian

  12 Nov 2009 | 6:17 am

  Windows 7 - a "Shiny" New Operating System Most experts agree that producing Windows Vista was not a shining moment for Microsoft. It was plagued with problems from the start, including performance and stability issues. Many organizations flat out refused to upgrade from Windows XP to Vista, deeming it not worth the investment of resources and overall cost of the upgrade. Windows 7 is now here to replace Vista and XP, and the reviews have been positive from the beginning. In my own environment, I stayed away from Vista and jumped right into Windows 7. I believe that as Windows XP comes to its…

• 
  @RISK: The Consensus Security Alert

• SANS 2009

  More than 35 courses, SANS top instructors, all in one great place! SANS 2009 is being held in Orlando, FL on March 2-9. Register today!

• (1) CRITICAL: Apple Safari Multiple Vulnerabilities

  Category: Widely Deployed Software Affected: Apple Safari versions prior to 4.0.4

• (2) HIGH: RhinoSoft Serv-U FTP Server TEA Decoder Buffer Overflow Vulnerability

  Category: Widely Deployed Software Affected: RhinoSoft Serv-U 9.0 .5 RhinoSoft Serv-U 9.0.0.1

• (3) MODERATE: Microsoft Windows SMB Packet Denial of Service Vulnerability

  Category: Widely Deployed Software Affected: Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems* Microsoft Windows Server 2008 R2 for Itanium-based Systems

• (4) MODERATE: GIMP Image Parsing Integer Overflow Vulnerability

  Category: Widely Deployed Software Affected: GIMP version 2.6.7 and prior

• 
  Team Cymru Internet Security News

• Digital Economy Bill confirms crackdown on file sharers

  20 Nov 2009 | 12:33 pm

  "Illegal filesharers could be disconnected from their internet accounts under proposed legislation in the finalised Digital Economy Bill published today. The Government published its draft legislation, but has stopped short of making online piracy a criminal offence. The bill will oblige Internet Service Providers (ISPs), such as Sky or Virgin, to send out warning letters to those caught file-sharing on their networks...."

• Tying New Tech, Trends to Specific Risks

  20 Nov 2009 | 9:40 am

  "The fact that new technologies and trends present new threats to government information systems isn't new, but research released Thursday from the Ponemon Institute, a think thank that studies privacy and data protection, links particular technologies or trends to specific vulnerabilities...."

• House Panel Inches Toward Privacy Bill

  20 Nov 2009 | 7:51 am

  "Members of a pair of House subcommittees inched closer to the long-awaited privacy legislation that would set rules of the road for advertisers in a joint hearing today, though the lawmakers made it plain that they continue to wrestle with the right balance between protecting consumers' rights without unnecessarily restricting economic activity...."

• The Six Greatest Threats to U.S. Cybersecurity

  20 Nov 2009 | 7:08 am

  "It s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking. From the GAO: The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, and other critical services...."

• FTC: Online check-writing service not authenticating users

  20 Nov 2009 | 7:05 am

  "The U.S. Federal Trade Commission (FTC) has filed a civil contempt complaint against an online check-writing service, saying the company continues to allow customers to create and e-mail checks without verification of their identities. Even after a January court order requiring Thomas Villwock, James M. Danforth and G7 Productivity Systems to implement fraud prevention safeguards at online check-writing service Qchex. com, the defendants continue to operate a "nearly identical" operation at FreeQuickWire...."

• 
  IT Security

• Only the Mobile Enterprise will Survive: 10 Practical Strategies for Supporting a Next-Generation Mobile Workforce

  11 Nov 2009 | 4:04 pm

  WHEN: Wed, November 18Time: 10am PT / 1pm ET  Join Now!SPONSORED BY: Nortel and AT&TJoin leading mobility experts to hear why only the mobile enterprise will survive! Join Now!Why the mobile ...

• Top 5 Compliance Challenges Keeping IT Directors Awake At Night

  11 Nov 2009 | 3:26 pm

  On-Demand Webinar > Watch Now! SPONSORED BY: TripwireWatch this FREE on-demand webinar to learn how to overcome the top 5 compliance challenges keeping IT directors awake at night! Watch Now! Overc...

• IT Security Ask the Experts: October, 2009

  5 Nov 2009 | 3:18 pm

  This Web site was designed to be a clearing house for technical IT security queries. However, readers continue to submit a broad range of fascinating questions exploring the interface between technolo...

• Smart Green IT: How to Cut Energy Costs Across Your IT Environment

  20 Oct 2009 | 5:47 pm

  WHEN:  Wednesday, October 28th10am PT / 1pm ET Join Now!>> SPONSORED BY:  AT&T and NortelJoin this FREE live webinar to learn how you can save energy and costs effectively across ...

• How Web Controls Are Changing Audio Conferencing

  2 Oct 2009 | 2:21 pm

  WHEN:Wednesday, October 21Time: 11am PT / 2pm ET Join Now!>> SPONSORED BY: Citrix Online Audio Services GroupJoin us for this FREE live webcast to hear Marc Beattie of Wainhouse Research as he...

• 
  Google: Internet Security News

• JustAskGemalto.com Continues Weekly Digital Security Video Series - SYS-CON Media (press release)

  20 Nov 2009 | 1:28 pm

  JustAskGemalto.com Continues Weekly Digital Security Video SeriesSYS-CON Media (press release)This Friday's video features USA Today's highly acclaimed, Internet security reporter, Byron Acohido, talking specifically about current and widespread and more »

• Spyware Doctor at the Heart of PC Tools 2010 - PC Magazine

  20 Nov 2009 | 12:35 pm

  Spyware Doctor at the Heart of PC Tools 2010PC MagazineSpyware Doctor is the core of PC Tools Internet Security 2010, a lightweight security suite that adds a firewall, spam filter, phishing protection and a and more »

• Cisco Debuts 24/7 Security iPhone App - InternetNews.com

  20 Nov 2009 | 10:00 am

  Earthtimes (press release)Cisco Debuts 24/7 Security iPhone AppInternetNews.comCisco today introduced a free iPhone app for those who want customized Internet security data on-the-go. Cisco iphone App Can Check Website Reputations On The FlyThe InquisitrCisco launches iphone security appCNET NewsCisco releases Web security app for iPhoneAFPSan Francisco Chronicle -CNNMoney.com (press release) -ReadWriteWeb (blog)all 42 news articles »

• PC Tools Internet Security 2010 - PC Magazine

  19 Nov 2009 | 7:18 am

  PC Tools Internet Security 2010PC MagazineBut did you know the company also offers a security suite? For just $10 more than Spyware Doctor alone, PC Tools Internet Security 2010 ($49.95 direct) adds

• Silicon Valley IPO: Fortinet shares soar on first day of trading - San Jose Mercury News

  18 Nov 2009 | 11:00 pm

  Hurriyet Daily NewsSilicon Valley IPO: Fortinet shares soar on first day of tradingSan Jose Mercury NewsShares of Sunnyvale Internet security company Fortinet soared more than 30 percent Wednesday in its first day of trading on the Nasdaq, Computer Security Firm Fortinet Up 33% Post-IPOWall Street Journalall 380 news articles »

• 
  CyberInsecure.com

• Botnet’s New Component Imitates Human Facebook Users

  CyberInsecure

  11 Nov 2009 | 1:29 pm

  The Koobface botnet has pushed out a new component that automates the following routines: Registering a Facebook account Confirming an email address in Gmail to activate the registered Facebook account Joining random Facebook groups Adding Facebook friends Posting messages to Facebook friends’ walls Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook. [...]

• Protesters Hijack Hundreds of Facebook Groups, Pointing Out Weakness In Social Networks

  CyberInsecure

  11 Nov 2009 | 3:23 am

  Hundreds of Facebook groups have been hijacked in recent days by users pointing out what they say is a weakness in how the social-networking site handles the administration of its groups. By Tuesday morning, 286 groups had apparently been renamed Control Your Info and had a new message posted to their walls. “Hello, we hereby announce [...]

• Microsoft Patches Windows Worm And Drive-by Download Vulnerabilities

  CyberInsecure

  10 Nov 2009 | 12:58 pm

  As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines. Four of the six bulletins include patches for Windows and Windows Server and two affect Microsoft Office products (Excel and Word). Three of the six [...]

• High-profile Advertiser Media-servers.net Website Hacked, Serving Exploits Cocktail

  CyberInsecure

  10 Nov 2009 | 12:54 pm

  Websense Security Labs has reported that the site media-servers.net has been compromised and injected with malicious code. The Web site belongs to a high-profile advertiser on the Internet realm. It’s important to note that media-servers.net serves advertising content from ad.media-servers.net, and that this site is clean. The injected code is part of an ongoing mass injection [...]

• Coordinated Effort Knocked Out Of Commission Mega-D/Ozdok Botnet

  CyberInsecure

  10 Nov 2009 | 9:26 am

  A botnet that was once responsible for an estimated third of the world’s spam has been knocked out of commission thanks to researchers from security firm FireEye. After carefully analyzing the machinations of the massive botnet, alternately known as Mega-D and Ozdok, the FireEye employees last week launched a coordinated blitz on dozens of its command [...]

• 
  SecurityProNews: Internet Security

• Senate Uncovers Online Credit Card Tricks

  A report issued by a U.S. Senate committee only uses the word "scam" when quoting different consumers; the report's title employs the phrase "aggressive sales tactics," instead. Still, it looks like a number of big online companies have been caught profiting off people's confusion.Senate Uncovers Online Credit Card Tricks An investigation ordered by Senate Commerce Committee Chairman John D. Rockefeller IV discovered that Affinion, Vertrue, and Webloyalty "gain access to online consumers by entering into financial agreements with reputable online websites and retailers," according to the…

• McAfee: Cyberwarfare A Big Threat

  It might not be long before we return to the days of schoolchildren diving under their desks in warfare preparedness drills. Only now, instead of hiding from nukes, the kiddos may be unplugging their computers, since McAfee has indicated that a cyberarms race is taking place.McAfee: Cyberwarfare A Big Threat Dave DeWalt, the president and CEO of McAfee, said in a statement, "[S]everal nations around the world are actively engaged in cyberwar-like preparations and attacks." These include China, France, Israel, Russia, and the U.S., and it's no secret that the members of this group aren't all…

• ICSA Labs Finds Flaws In New Security Products

  It's sometimes fun to be an early adopter, as the long lines and waitlists for things like iPhones and the new Camaro have proven. But where security products are concerned, do yourself a favor and let other folks go first, since a fresh report indicates that it can take more than a single try to get things right.ICSA Labs Finds Flaws In New Security Products ICSA Labs, which is based in Pennsylvania and has been around for 20 years, tests and sometimes certifies products. Emphasis on "sometimes." An ICSA Labs Product Assurance Report indicated that just 4 percent of security products attain…

• Nigeria Announces Early Results Of Anti-Scammer Initiative

  No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.Nigeria Announces Early Results Of Anti-Scammer Initiative Nigeria's Economic and Financial Crimes Commission is the force behind Project Eagle Claw, and with Microsoft's help, has just started ramping it up. Waziri explained in a statement, "We expect that Eagle Claw as…

• MessageLabs Names Most- (And Least-) Spammed States

  When considering where to live, it's wise to look up stats about an area's climate, the cost of living, and its proximity to other important stuff in your life. Symantec's MessageLabs recently supplied some information about your odds of getting spammed, too.MessageLabs Names Most- (And Least-) Spammed States Somewhat surprisingly, the states you might imagine as being the "most wired" - California, New York, Washington - weren't at the top of the list. Instead, the state in which spam represents the highest percentage of all emails received is Idaho, with 93.8 percent. In an email to…

• 
  Computer Internet network security News

• Instances Of Computer Hardware – Understanding Computer Constituents

  system

  20 Nov 2009 | 6:45 am

  It is plain to get confused when you are researching computers . Many newcomers get disappointed and it seems like the seller at the local big box electronic market is speaking a foreign language. Many items and words apply to the computer [...]

• Blogging And Money – Is It Actually True?

  system

  20 Nov 2009 | 6:18 am

  A lot of people these days have been trying to seek a job and not all of them have been successful. People who may not always find it comfortable dealing with people personally on a day-to-day basis will then find a great alternative in creating a blog that will become a good source of income. [...]

• The Entrance Of Mobile Phones Revolutionize The Style Of Our Days

  system

  20 Nov 2009 | 3:48 am

  Mobile phones arrived in to our living not a long back. But they took no time in infecting the mind with their effortlessly attractive functions and conveniences. Before the arrival of this focused sort of phones, no one had visualized that a phone can do such wonders. Thr point, wireless, cellular or cell phones are [...]

• Earn Money Blogging – Learn The Easy Steps

  system

  20 Nov 2009 | 2:51 am

  Blogging is one of the most modern ways for anyone to earn money online. In fact, blogs are so popular nearly everyone has their own somewhere on the Internet. One thing that contributes to blogs’ appeal is the fact that they allow people to express their thoughts, feelings and expertise about a certain topic. Basically, [...]

• Why Your Marketing Plan Should Include A Blog

  system

  20 Nov 2009 | 12:46 am

  Blogging is a great way for a business to effectively market their product or service without spending a lot of money. There are many benefits of business blogging. Businesses that keep up with a blog can introduce their products or services to consumers and can better communicate their customers. In addition, businesses that blog can [...]

• 
  Google: Network Security Blog Posts

• Cisco iPhone Security App Reaches Across the Network ...

  Alex Williams

  20 Nov 2009 | 1:49 am

  iPhones are becoming a standard in the enterprise. And with the the iPhones, we are seeing a number of applications for a variety of different uses. The latest ...

• Computer Internet network security News » Why Your Marketing Plan ...

  system

  20 Nov 2009 | 12:46 am

  Computer Internet network security News. online information Computer security community for internet safety and trusted networks – news & articles for windows & other operating systems securiour.com first NEWS breaking in intrusion ...

• Pls Help Me Out For Starting A Network Security Project ...

  cstenstu

  19 Nov 2009 | 10:16 pm

  I have to submit a project based thesis paper on 'Network Security for an Embeded System'. I have some ideas for it but it's not sufficient. Pls tell me from where I should start with which level or type of security. ...

• Cisco Lets You Access Network Security Information On The Go Via ...

  unknown

  19 Nov 2009 | 10:02 pm

  Cisco Lets You Access Network Security Information On The Go Via iPhone App. via techcrunch.com · Loading mentions Retweet. Posted by Ammadz Faiz. Comments (0). Leave a comment... Got an account with one of these? ...

• Cisco Lets You Access Network Security Information On The Go Via ...

  CMS Report

  19 Nov 2009 | 9:00 pm

  The app gives giving users real-time access to security information and also lets users create personalized alerts to show security threats that could impact their network. Powered by the Cisco's Security IntelliShield Alert Manager . ...

• 
  TaoSecurity

• Extending Security Event Correlation

  16 Nov 2009 | 4:31 am

  Last year at this time I wrote a series of posts on security event correlation. I offered the following definition in the final post:Security event correlation is the process of applying criteria to data inputs, generally of a conditional ("if-then") nature, in order to generate actionable data outputs.Since then what I have found is that products and people still claim this as a goal, but for the most part achieving it remains elusive.Please also see that last post for what SEC is not, i.e., SEC is not simply collection (of data sources), normalization (of data sources), prioritization (of…

• Embedded Hardware and Software Pen Tester Positions in GE Smart Grid

  13 Nov 2009 | 12:34 pm

  I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetration Tester (1080237) and an Embedded Firmware Penetration Tester (1080236). If interested, search for the indicated job numbers at ge.com/careers or go to the job site to get to the search function a little faster.I don't have any other information on these jobs, so please work through the job site. Thank you.Update Mon 16 Nov: As noted by Charlene in the comments below, the jobs are no longer posted. If I hear they are back I will post an update here.Update…

• Reaction to 60 Minutes Story

  10 Nov 2009 | 7:01 pm

  I found the new 60 Minutes update on information warfare to be interesting. I fear that the debate over whether or not "hackers" disabled Brazil's electrical grid will overshadow the real issue presented in the story: advanced persistent threats are here, have been here, and will continue to be here. Some critics claim APT must be a bogey man invented by agencies arguing over how to gain greater control over the citizenry. Let's accept agencies are arguing over turf. That doesn't mean the threat is not real. If you refuse to accept the threat exists, you're simply ignorant of the facts. That…

• Notes from Talk by Michael Hayden

  7 Nov 2009 | 7:22 pm

  I had the distinct privilege to attend a keynote by retired Air Force General Michael Hayden, most recently CIA director and previously NSA director. NetWitness brought Gen Hayden to its user conference this week, so I was really pleased to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s; I served in the information warfare planning division at that time.Gen Hayden offered the audience four main points in his talk."Cyber" is difficult to understand, so be charitable with those who don't understand it, as well as those who claim…

• Bejtlich on Security Justice Podcast

  7 Nov 2009 | 5:51 pm

  After I spoke at the Information Security Summit in Ohio last month, the guys at the Security Justice podcast interviewed me and Tyler Hudak.You can listen to the archive here. It was fairly loud in the room but you'd never know it listening to the audio. Great work guys.We discuss open source software, vulnerability research and disclosure, product security incident response teams (PSIRTs), input vs output metrics, insourcing vs outsourcing, and building an incident response team.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

• 
  Jon's Network

• Gartner Note on Next-Generation Firewalls

  admin

  20 Nov 2009 | 2:10 pm

  In October, Gartner released a research note on Next-Generation Firewalls. In the paper, Gartner states that an NGFW should at least: support bump-in-the-wire configuration act as a platform for network traffic inspection and network policy enforcement with the following minimum features: standard first-generation firewall capabilities: packet filtering, NAT, stateful inspection, VPN, etc. integrated IPS and threat prevention (not colocated like a UTM) application awareness Extrafirewall intelligence: Bring information from sources outside the firewall to make improved blocking decisions, or…

• Barracuda Acquires Purewire

  admin

  13 Oct 2009 | 4:38 pm

  Barracuda Networks has acquired Purewire, which offers a web security service. This will be the second service product Barracuda offers, the first being their backup service. I had never heard of Purewire until today. There are a couple of demos about their web security service available here. They offer the same protection strategy as something like McAfee’s Web Gateway (Webwasher) but probably with less management overhead. In my experience, Webwasher was only a good fit for a large shop with the resources to fiddle with it all the time. With Purewire, Barracuda may be able to offer…

• Facebook Application Control

  admin

  17 Sep 2009 | 9:32 am

  Palo Alto Networks regularly updates their software to detect and control more types of traffic to give customers more granular control. The latest content update included control over Facebook applications. If you are a company that wants to allow Facebook use for business reasons but want to avoid the distraction of the third-party applications, you can easily do that with a PAN firewall.

• Chinese Schools Removing Green Dam

  admin

  15 Sep 2009 | 4:11 pm

  New York Times reports that some Chinese schools are uninstalling the government mandated filtering software because it is a management nightmare. The software must be installed on each computer, not from a central server, and can cause other programs to crash. via Sunbelt

• Vericept as DLP

  admin

  15 Sep 2009 | 3:40 pm

  Dave at onDLP.com has noted that Vericept as a DLP solution is likely dead, since Trustwave will probably stop developing it as a product to sell and just use it as a tool in their compliance practice. That may be true. Like I said before, Vericept also has a good content monitoring solution that found favor with school districts and HR departments to augment standard URL filters. I hope things turn out well for those customers. I’m interested to hear what Trustwave plans for them.

• 
  Roger's Security Blog

• Talking about Transparency – Windows Azure Dashboard

  rhalbh

  20 Nov 2009 | 12:21 am

  This is a nice feature – on this page http://www.microsoft.com/windowsazure/support/status/servicedashboard.aspx we show the current state of our Azure services. This is the kind of transparency (on the operations’ side) we need. There is much more needed with regards to process transparency but this is a great first step Roger

• Security – A Feature Discussion? Some Thoughts on Google’s Chrome OS

  rhalbh

  19 Nov 2009 | 1:18 pm

  To be clear upfront: This is not a “Microsoft versus Google” post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model. This article, like so many when security of an Operating System is to be discussed, is completely feature driven. So, we talk about Process Sandboxing, Toolchain Hardening, Kernel Hardening etc. But how relevant is this really? Do not get me wrong: It is. But these features have to be the result of an engineering process. These…

• Why it pays to be secure – Chapter 4 – I want to learn!

  rhalbh

  13 Nov 2009 | 6:04 am

  Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. Use these Learning Paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation. Threat and Vulnerability Mitigation Learning Resources:…

• COFEE freely downloadable on the Internet?

  rhalbh

  10 Nov 2009 | 9:44 am

  You definitely have heard of COFEE (Computer Online Forensic Evidence Extractor) which we make freely available to Law Enforcement through Interpol and NW3C. Now, the probably unavoidable happened and the tool leaked to the Internet. There was actually an interesting statement by ArsTechnica yesterday: Chances are you won't have any use for the tool, but pirates get a thrill from having something they shouldn't, and a forensics tool only distributed to police departments around the world is pretty high up on the list of things you shouldn't have on your computer. To make our point clear, let…

• International Collaboration on Policies for Cybersecurity and Data Protection

  rhalbh

  5 Nov 2009 | 12:41 pm

  Since a few years we are working with the Council of Europe in a partnership to help to drive a Cybersecurity treaty. We realize that a problem a lot of Law Enforcement agencies have is inconsistent legislation which makes is unbelievably hard to catch the criminals. The Council of Europe treaty is a great starting point and has been ratified not only by most of the member states of the Council of Europe but by a lot of additional countries around the globe. Now, the European Union and the United States have agreed to treat such challenges as international issues and to develop joint policies…

• 
  Topix: Spyware News

• Scareware tool dumps smut on Windows PCs

  20 Nov 2009 | 1:16 pm

  Rogue anti-virus slingers are getting even sneakier. Instead of offering to clean up non-existent malware threats as per the traditional approach, one rogue scanner offers to clean up images of porn it claims to have found on a prospective mark's PC.

• Cyberfraud Arrests Unlikely to Stem ZeuS Rampage

  19 Nov 2009 | 1:12 pm

  Two alleged cybercrooks have been nabbed in the UK on suspicion of using a well-know Trojan to commit banking fraud.

• Suspected Zbot Trojan hackers arrested in Manchester: Sophos comments.

  18 Nov 2009 | 9:10 pm

  Malware attack that stole banking and social networking details blamed for thousands of infections worldwide IT security and data protection firm Sophos has welcomed the news that British police have arrested two people suspected of involvement in a computer crime gang that spread malware around the world.

• UK police make 2 Trojan computer virus arrests

  18 Nov 2009 | 1:07 pm

  A couple suspected of helping spread some of the Internet's most aggressive computer viruses has been arrested in the English city of Manchester, police said Wednesday.

• Gumblar botnet on the march again

  18 Nov 2009 | 8:44 am

  Security experts at ScanSafe are warning users to be on their guard after recording a resurgence of the notorious Gumblar botnet and its associated malware.

• 
  SPYWARE NEWS - Google News

• Spyware Doctor at the Heart of PC Tools 2010 - PC Magazine

  20 Nov 2009 | 12:35 pm

  Spyware Doctor at the Heart of PC Tools 2010PC MagazineSpyware Doctor is a household name, and Spyware Doctor with AntiVirus 2010 is our current editor's choice for standalone and more »

• High-Tech PC Security for 2010: xoftspyse Anti-Spyware 7.0 Compatible with ... - PRLog.Org (press release)

  20 Nov 2009 | 11:31 am

  High-Tech PC Security for 2010: xoftspyse Anti-Spyware 7.0 Compatible with PRLog.Org (press release)prlog (Press Release) – Nov 20, 2009 – xoftspyse Anti-spyware 7.0, which saw significant upgrades earlier this season, has been tested to meet all of the

• Get Chrome OS Now - PC World

  20 Nov 2009 | 11:07 am

  Channel 4 News (press release) (blog)Get Chrome OS NowPC WorldBe warned, though, the torrent version could come with malware or spyware. If you download from gdgt, make sure you get the right version of Chrome OS for Google chromeos: It's basically a modified browser that runs web appsDownloadsquad (blog)all 1,019 news articles »

• Kenya 2009 growth to be 3 pct: c.bank governor - The Africa Report

  20 Nov 2009 | 10:37 am

  Kenya 2009 growth to be 3 pct: c.bank governorThe Africa ReportInternet Explorer 7 makes surfing the web fundamentally safer by offering greater protection against viruses, spyware, and other online risks. and more »

• NetQin Unveiled the Establishment of Strategic Partnership With PhoneGuard - SYS-CON Media (press release)

  20 Nov 2009 | 7:57 am

  NetQin Unveiled the Establishment of Strategic Partnership With PhoneGuardSYS-CON Media (press release) announced today the company has debuted in the North America market through the partnership with Cellular Spyware Inc., (NV) ("CSI") d/b/a PhoneGuard. Introduction of New Cellular Phone Safeguard Software Revolutionizes Personal Market Wire (press release)all 7 news articles »

• 
  Uncommon Sense Security

• Whose customers are they?

  15 Nov 2009 | 5:31 pm

  Those nice folks who give money to your company, you know, the customers- whose customers are they? Are they the company's customers, or the salesman's? Or a bit of both? Maybe it is more complicated than that, if your company sells through partners/agents/resellers- now whose customers are they? And the tricky bit- you aren't trying to secure customer data without everyone involved understanding, and agreeing on, whose customers they are, and who is responsible for the data, are you? That would be waste of time, wouldn't it? If you are new at this, especially if you only see it from an…

• Widgititis

  2 Nov 2009 | 3:42 pm

  I know, that cool Podcast.com widget over there needs an update.  I tried that, but they are having "technical difficulties" at Podcast.com right now.  I'll be adding Exotic Liability, Threatpost podcasts, and others, with some details soon- if they get the widget fixed.  If not, I'll swap it out for a different widget. While you're waiting, head over to Pauldotcom and listen to me humiliate myself and several others on their Halloween episode.  Not or the faint of heart, easily offended, or anyone burdened by a sense of decorum.  The remaining parts of the…

• diff MA 201 CMR 17.00

  30 Oct 2009 | 6:01 pm

  What changed in the latest "final" version of Massachusetts 201 CMR 17.00?  Here's what I see (emphasis is mine): Under 17.02, Definitions "Owns or licenses: receives, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment." became "Owns or licenses: receives, stores, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment. That's a big win, adding that little…

• 201 CMR 17.00, Final Version (really, I think)

  30 Oct 2009 | 5:38 pm

  The "Final" (I think this is the third final version, but who's counting?) version of Massachusetts 201 CMR 17.00 was released today.  I believe this is really final, I doubt that anyone has the stomach for more of the political process that crafted this regulation.  Below is the complete and unedited final version.  The changes seem subtle at first glance, I'll follow up once I have time to review and compare. 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH Section: 17.01: Purpose and Scope 17.02: Definitions…

• ROSI, not that nonsense again.

  26 Oct 2009 | 6:04 am

  I recently listened to a panel discussion on the regulation which shall not be named and heard someone say something stupid (amazing, I know).  He tossed out some very large numbers of dollars that Hannaford Bros has lost and will likely lose in the future due to their breach, he said it could total up to one billion dollars over time- but that it could have been prevented with an expenditure of "only" ten million dollars.  I'm with him so far, even if I am skeptical of the accuracy of some of the figures.  Then he said that "ROI is the answer to your…

• 
  Security Bytes

• Increase in Gumblar backdoors poses FTP credential problems

  Robert Westervelt

  20 Nov 2009 | 5:54 am

  Security Researcher explains how to detect the Trojan, but many victimized website owners don’t have the technical expertise to fix the problem. Mary Landesman, a senior security researcher at security vendor ScanSafe writes about how to decode and identify backdoor PHP scripts – the kind of code associated with the FTP stealing Trojan, Gumblar. The Gumblar and Martuz Trojans surfaced earlier this year and have been successfully stealing thousands of FTP credentials, gaining access to websites in order to set them up as an attack platform to host malware. We don’t know exactly how…

• New York cafe WiFi passwords show Mac versus PC reality

  Robert Westervelt

  17 Nov 2009 | 11:07 am

  Photograph depicts password needed to use cafe WiFi. The Apple blog, Cult of Mac posted a picture of the day depicting the stark difference between a WiFi password needed for Apple laptops versus those using a Windows PC. The picture was taken at the Lure Restaurant in New York City.

• Russian cybercriminals target H1N1 Swine flu fears

  Robert Westervelt

  17 Nov 2009 | 5:29 am

  Report outlines massive affiliate campaigns pushing pharmaceuticals, including counterfeit Tamiflu, making Russian hackers millions. Researchers at security vendor Sophos’ Canadian-based research labs have released a report outlining how some Russian cybercriminals are making millions off the H1N1 flu by pushing counterfeit Tamiflu through well organized affiliate programs. The cybercriminals have created an affiliate network to make it more difficult to track them down by distributing responsibility for different spam tasks while increasing advertising space to gain visibility and more…

• iPhone worm Rickrolls jailbroken phones

  Robert Westervelt

  9 Nov 2009 | 6:15 am

  Security researchers warn iPhone users of the ikee worm, which uses SSH default passwords to hack the smartphone and change the wallpaper to a Rick Astlee photo. A hacker from Wollongong, New South Wales is claiming responsibility for the new ikee worm, which started to infect jailbroken iPhones in Australia and is a possible threat for iPhone users in other countries. The worm, which the SANS Institute Storm Center calls very simple, scans certain IP addresses and uses Cydia – a replacement packaging and repository manger for jailbroken iPhones – to try to login to the IP address as…

• Israeli Mossad add Trojan Horse to Syrian laptop

  Robert Westervelt

  6 Nov 2009 | 6:18 am

  Data stealing malware helped Israeli spies reap data from official’s laptop. Sophos security guru Graham Cluley writes today about the Mossad, Israel’s intelligence gathering operation and how spies there gained access to a Syrian official’s laptop and uploaded a Trojan to collect data. According to German magazine Der Spiegel, the data collected using the malware helped Israeli officials plan a bombing run against a suspected Syrian nuclear facility in 2007. According to Der Spiegel story on the Syria bombing: The hard drive contained construction plans, letters and hundreds of photos.

• 
  CCCure

• Security University has been selected to be added to 8570

  Posted by cdupuis

  16 Nov 2009 | 6:22 pm

   Brochure 4,000+ CISSP's were "Certified" from SU's CISSP Prep classes. Special Pricing for CISSP® Prep Class - 2 attendees for $2,495 /same class! Click here to learn more Got your CISSP? 2,930 CISSP's are More than Certified...validate your tactical security skills with Q/ISP®! Q/ISP® Qualified/ Information Security Professional Certification! Security University named Best Professional Training Program Finalist 2009 SC Magazine Awards! Contact us at 877.357.7744 or info@securityuniversity.net. CISSPs, SSCPs and ISACA members can receive 40 CPE credit for attending each…

• Webcast: “SC Magazine’s 20 Influential Security Products of the Past 20 Years”

  Posted by cdupuis

  12 Nov 2009 | 12:35 pm

    Webcast: "SC Magazine’s 20 Influential Security Products of the Past 20 Years”with Peter Stephenson YOU’RE INVITED: IT SECURITY WEBCAST    “SC Magazine’s 20 Influential Security Products of the Past 20 Years” with Peter Stephenson   Presenter:  Peter Stephenson, technology editor at SC Magazine Date:  Thursday, November 19, 2009 Time:  2pm EST / 11am PST (GMT -5:00, New York) Register: http://www.coresecurity.com/Form/generic/campaign/CS20secProducts   *** A recording of the webcast will be sent to everyone who…

• Microsoft Security Intelligence Report for first half of 2009

  Posted by cdupuis

  10 Nov 2009 | 6:00 pm

  Microsoft Security Intelligence Report provides an in-depth perspective on malicious and potentially unwanted software, software exploits, security breaches and software vulnerabilities (both in Microsoft software and in third-party software). Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the first half of 2009. The latest Microsoft Security Intelligence Report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable…

• FREE SC World Congress tickets from CCCure and Security University

  Posted by cdupuis

  1 Oct 2009 | 6:39 pm

  Oct 13-14 2009 SC World Congress 2009 Free Tickets Worth $1500!! SU and CCCure are offering 3  free passport ticket to SC World Congress 2009 Oct 13 - 14 worth $1500. In addition to dozens of other presentations from esteemed security leaders, the conference has four information tracks designed to increase the security professionals' knowledge: Policy/Management, Emerging Threats/Risk Planning, Editor’s Choice and Technical requirements and advances. Through these tracks, attendees will examine topics ranging from data theft and compliance to establishing partnerships between…

• 2-for-1 Security+ Class - Beat the 8570 Deadline!

  Posted by cdupuis

  22 Sep 2009 | 4:01 pm

  2-for-1 Security+ Class - Beat the 8570 Deadline! October 5-9, 2009 - Reston, VA Delivered by Clément Dupuis We have a small class size / an amazing passing rate! Still pressured to get your Security+ training for 8570 Compliance? October 5-9, 2009 Security University's special 2 attendees @ $2,495 pricing in Reston, VA. The last 7 Security+ classes had a 96 - 98% pass rate! Our track record for Security+ training and testing is impossible to match. Our SU Security+ courseware is mature and you get a world class instructor that can lead you to success, regardless of who you are or your…

• 
  IHS

• Let go

  Johnny

  16 Nov 2009 | 4:21 am

  Fun night. For the past week, I’ve been feeling like crap. Feverish, congested, achy, the works. This just on the heels of my Norwegian dental escapades. So I went to the AOET clinic and Betty listened to my lungs, which sounded clear, and she suggested I get on some antibiotics (which my wife had suggested earlier. That of course is another entire blog post about why my wife is right 104% of the time. The other 4% is to account for the times she’s right about a topic she knows absolutely nothing about, which I count as bonus points). So I got on antibiotics. Three days later, I…

• Ugandan Rain

  Johnny

  7 Nov 2009 | 12:37 pm

  It’s the rainy season here in Uganda. This doesn’t mean much to people who haven’t experienced African weather. Check out this video of today’s rain. It took me three hours to upload it on our “fast” landline connection (we have this from 7pm-7am Mon-Fri and on weekends @40/month). The transfer averaged 5KB/sec. Enjoy. Share this on del.icio.usShare this on RedditBuzz up!Stumble upon something good? Share it on StumbleUponShare this on TechnoratiPost this to MySpaceShare this on FacebookTweet This!Share this on LinkedinAdd this to Google Bookmarks

• Back to work

  Johnny

  4 Nov 2009 | 8:24 am

  I’m now officially pain-free. What an answer to prayer. It’s kinda crazy how something like a “toothache” can throw me completely off. I couldn’t concentrate.. It was bad times. But now I’m back and the week is a bit crazy. To fill you in, I have to tell you about our school models. The used model: $50/student This setup relies on used equipment sent from donors. At St. John’s we put in 20 Compaq N610c’s donated by “Dean”. These are P4’s, and nice little machines. Including shipping and taxes, these come in at about $50 per…

• No pain no gain

  Johnny

  31 Oct 2009 | 1:13 pm

  Or: Four days, two continents, four dental procedures in a pear tree. Location: Jinja, Uganda Sunday, October 25, 10:00 pm 48 hours to takeoff I leave for Norway to speak at Paranoia 2009 in 50 hours, and my tooth’s starting to bother me. Location: Jinja, Uganda Monday, October 26 10:00 am 36 hours to takeoff The pain is intense. I head into our little town and find the dental clinic. I explain the situation to the very kind receptionist then wait in the “lobby”. There are two “medical rooms” separated by curtains. The one on the right has pretty steady traffic.

• Katana Security Distro v1.0

  26 Oct 2009 | 10:38 am

  Thanks to Ronin over at http://www.hackfromacave.com for this addition! Katana v1.0 (Kyuzo) is now available for all Informer subscribers. Click here: https://www.hackersforcharity.org/?pagename=SumaSubscribe if you'd like to subscribe! Katana v1.0 (Kyuzo) is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with…

• 
  Cloud Security

• ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben

  Craig Balding

  20 Nov 2009 | 10:27 am

  Today, ENISA published the results of their Cloud Computing Risk Assessment. ENISA, supported by a group of subject matter experts comprising representatives from Industry, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, a risk assessment on cloud computing business model and technologies. The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also provides a set of practical recommendations. I highly…

• RSA Europe 2009 Presentation Posted

  Craig Balding

  27 Oct 2009 | 2:57 pm

  Thanks to those that requested a copy of my RSA Europe 2009 presentation, “What Everyone Ought To Know About Cloud Security”.  RSA gave me the go-ahead to post it on my blog so here it is. What Everyone Ought To Know About Cloud Security View more presentations from craigbalding. Whilst at RSA, Mirko from Help Net Security asked me to talk on a 5 minute podcast about Cloud Security from a technical perspective (thanks Mirko!). This was my last high level presentation on Cloud Security issues - there’s lots of chewy cloud goodness to dive into hence future presentations will…

• Slides from my BruCon Talk: “The Belgian Beer Lovers Guide to Cloud Security”

  Craig Balding

  21 Sep 2009 | 9:00 am

  I’ve received some requests for the slides I presented at BruCON, so here they are.  As the slides are mostly devoid of text, I’ve included the speaker notes.  The notes are not polished, hence treat accordingly ;-).  To view in “Full Screen” mode click on the icon at the bottom right of the slideshare embed below and click “Fit to Height” to see the notes. P.S If you weren’t at BruCON, you missed an excellent security conference - strong content, excellent organisation and facilities, friendly crowd.  Thanks to Benny & crew for being…

• Cloud Security @ Brucon

  Craig Balding

  17 Sep 2009 | 1:15 am

  This evening I’m off to Brussels, Belgium to attend the very first Brucon - a 2 day information security conference aimed squarely at those curious about technologies from a security point of view.  I’m scheduled to talk about Cloud Security on the last slot on Saturday before the after-party.   Conscious of the timing and location, I’m employing some less-than-subtle marketing tactics to get “bums on seats” as you’ll see below. Here’s the abstract: In a hurry? The short version: learn about cloud security and in the process win a tasty Belgian…

• Cloud Cartography & Side Channel Attacks

  Craig Balding

  30 Aug 2009 | 5:38 pm

  Last week, saw the release of a research paper called “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds” [pdf].  The abstract reads: Third-party cloud computing represents the promise of outsourcing as applied to computation. Services, such as Microsoft’s Azure and Amazon’s EC2, allow users to instantiate virtual machines (VMs) on demand and thus purchase precisely the capacity they require when they require it.  In turn, the use of virtualization allows third-party cloud providers to maximize the utilization of their sunk capital…

• 
  Schneier on Security

• Interview with Me

  schneier

  20 Nov 2009 | 11:21 am

  Yet another interview with me. This one is audio, and was conducted in Rotterdam in October.

• FailBlog on Security

  schneier

  20 Nov 2009 | 9:11 am

  Funny: career fair fail.

• Denial-of-Service Attack Against CALEA

  schneier

  20 Nov 2009 | 4:11 am

  Interesting: The researchers say they've found a vulnerability in U.S. law enforcement wiretaps, if only theoretical, that would allow a surveillance target to thwart the authorities by launching what amounts to a denial-of-service (DoS) attack against the connection between the phone company switches and law enforcement. The University of Pennsylvania researchers found the flaw after examining the telecommunication industry standard ANSI Standard J-STD-025, which addresses the transmission of wiretapped data from telecom switches to authorities, according to IDG News Service. Under the 1994…

• A Taxonomy of Social Networking Data

  schneier

  19 Nov 2009 | 10:51 am

  At the Internet Governance Forum in Sharm El Sheikh this week, there was a conversation on social networking data. Someone made the point that there are several different types of data, and it would be useful to separate them. This is my taxonomy of social networking data. Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number. Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on. Entrusted data. This is what you…

• Stabbing People with Stuff You Can Get Through Airport Security

  schneier

  19 Nov 2009 | 5:10 am

  "Use of a pig model to demonstrate vulnerability of major neck vessels to inflicted trauma from common household items," from the American Journal of Forensic Medical Pathology. Abstract. Commonly available items including a ball point pen, a plastic knife, a broken wine bottle, and a broken wine glass were used to inflict stab and incised wounds to the necks of 3 previously euthanized Large White pigs. With relative ease, these items could be inserted into the necks of the pigs next to the jugular veins and carotid arteries. Despite precautions against the carrying of metal objects such as…

• 
  Security Uncorked

• JJ- Back in the lab: 802.1X and more

  jj

  19 Nov 2009 | 9:57 am

  Hi everyone! I know I’ve been missing in action yet again, so I thought I’d give you all a quick update. I’ve been on site quite a bit recently, working on various customer projects and security implementations. I’m spending time in the coming weeks in the lab here; mostly working on access control, port security, 802.1X and possibly even some NAC/NAP proof of concepts. To those of you who have posted comments or emailed questions to me; I promise I’m getting to them! I’ve received quite a few inquiries on various 802.1X topics; implementations, functions…

• Mystery Solved: SQUIRREL (An Ode to…)

  jj

  16 Oct 2009 | 6:29 pm

  An Ode to SQUIRREL For months I’ve wondered    with eager anticipation       how Hoff, Jack and crew          created this new SQUIRREL Nation I prayed, I questioned, I pondered    for mental emancipation       but the enigma just grew          until I clicked the Disney station And so now I’ve uncovered    the source of SQUIRREL’s creation       I bet no one ever knew          about the SIMP-elation I present to you all for your viewing pleasure the definitive source of SQUIRREL Happy Friday !

• Good, Bad and Ugly: On SecTor’s Wall of Shame

  jj

  8 Oct 2009 | 12:57 pm

  In the past 48 hours or so, rumours about the SecTor Wall of Shame have been circulating through the intertubes, blogs, twitter and exhibitor floor conversations. After an obviously agitated media member (a blogger for InternetNews.com) wrote this post about SecTor’s Wall of Shame, several security professionals attending the event began asking questions about the collection of data on the Wall. Honestly, I blew off most of the blogger’s statements due to his poor writing, agitated tone and obvious misunderstanding of the technology and security. I didn’t investigate until…

• Retaliation: Network Security Talk at SecTor

  jj

  30 Sep 2009 | 10:33 am

  Now that I have all the important fun stuff out there for you on Why You Can’t Miss SecTor, I’ll tell you a little bit about my talk at the conference. My talk this year is different- it’s different from my talk last year at SecTor (Network Security Stripped) and it’s actually a stark contrast to the majority of my past talks. Event though I’ve spoken extensively on network security, 802.1X, wireless and NAC, my previous content was based on experience of actual implementations and extensive lab testing of these technologies over the years. THIS presentation,…

• Why You Can’t Miss SecTor

  jj

  30 Sep 2009 | 5:00 am

  I haven’t been as consistent in blogging about the events I’m speaking at as I would like to be. I did want to take a few minutes from this crazy work week to remind everyone about SecTor, Security Education Conference in Toronto next week. I had the pleasure of speaking at SecTor last year and I’m returning again this year with new content. More on that below. I’ve heard SecTor referred to as the “Black Hat of Canada” among other things and I’d say that’s a fairly accurate description if we’re comparing status. In content, I have to say…

• 
  PCI Blog

• “After Data Loss ID Theft Soars”….really?

  cmark

  20 Nov 2009 | 8:45 am

  I have worked in payment card security since 2000 when I was involved with Visa in writing/re-writing/updating the CISP.  Since that time I have had opportunity to work with Visa and MasterCard, work as a QSA, and QSA Trainer.  During that time I have had many opportunities to work with compromised companies and review data forensic reports.  I am disturbed by the article I found on MSNBC.com titled “After Data Loss ID Theft Soars”. One of the first paragraphs in the article provide language from what they refer to as the Dear John letters: “Dear Consumer.We’ve lost…

• Only 3 Seats Left for Dallas CPISM/A!

  cmark

  26 Oct 2009 | 8:49 am

  The Dallas CPISM/A training and certification course has filled up quickly and we only have 3 seats left.  If you are interested in attending the November 10-13th event, sign up soon. After reviewing the registrants, this should be a very interactive course with some great comments and input from the participants and a very good opportunity to network.    If you are signed up already we will see you in Dallas in a few weeks!

• Another End to End / Tokenization Entrant

  cmark

  25 Oct 2009 | 8:48 am

  Everyone who has read my blogs over the past few years or spoken to me about PCI DSS knows my feelings on end-to-end encryption and data replacement technologies.  I have a huge proponent and feel that these technologies will help secure our industry and provide significant benefits in reduction of PCI DSS requirements.  There are a number of companies entering the market with these solutions and we have another.  First Data recently announced their “First Data Secure Transaction Management” solution which combines end-t0-end encryption and tokenization.  You can read their…

• China Expands Cyberspying in the US

  cmark

  22 Oct 2009 | 7:15 am

  The Wall Street Journal has a very interesting article out today that talks about cyberspying in the US.  A report released today by the U.S.-China Economic and Security Review Commission indicates that the Chinese government is ratcheting up their cyber espionage efforts in the US.  US companies have been specifically targeted.  The report says that US companies are being attacked to steal intellectual property and secret information from defense contractors and other companies.  The report states that Chinese cyberspies steal up to $50 billion a year in intellectual property.

• California Taking a Step Back?

  hmark

  21 Oct 2009 | 11:25 am

  California has long been credited with the creation of the state breach notification law. For many in the security world breach notification and SB 1386 are practically synonymous. Over the years since its passage, however, breach notification laws have undergone a number of evolutionary changes - central reporting requirements, requiring organizations to provide details of the breach and the type of information that was potentially compromise are among those changes. The notion behind including these elements in the notification requirements is that a citizen that is well-informed is…

• 
  Information Security Resources

• Effective Security Policy Messaging Important

  anthonymfreed@gmail.com (Information Security Resources)

  19 Nov 2009 | 9:30 pm

  By Christopher Burgess, Senior Security Adviser Clearly communicate that, in fact, there are secrets. Once employees understand that they have a responsibility to protect the enterprise, the chasm... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]

• Windows Security Logs and MS Log Parser

  anthonymfreed@gmail.com (Information Security Resources)

  19 Nov 2009 | 9:30 pm

  By Bozidar Spirovski, CISSP, MCSA, MCP Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]

• ATM on Craigslist Loaded with Card Data

  anthonymfreed@gmail.com (Information Security Resources)

  18 Nov 2009 | 8:10 pm

  By Robert Siciliano, Identity Theft Expert I started looking on e-bay and found plenty of new and used ATMs ranging from $500-2500 but quickly determined I didn’t want to pay $300 for shipping.... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]

• ISAlliance: Cyber Security is Economic Issue

  anthonymfreed@gmail.com (Information Security Resources)

  18 Nov 2009 | 8:09 pm

  By Anthony M. Freed, Information-Security-Resources.com Managing Editor "First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]

• Innovative Analytic Tool Empowers Investors

  anthonymfreed@gmail.com (Information Security Resources)

  17 Nov 2009 | 4:20 pm

  By Anthony M. Freed, Information-Security-Resources.com Managing Editor An innovative new investor analytic tool made its public debut today, and it offers an exciting look at what may well be the... [[ This is a content summary only. Visit my website for full links, other content, and more! ]]

• 
  Decurity

• 2009 SANS Incident Detection Summit

  rocky@decurity.com

  17 Nov 2009 | 11:23 am

  When Richard asked me to participate as a moderator for the MSSP/SOC Panel I was of course flattered and thrilled to participate!  I’ll be moderating a panel discussion on MSSP and Corporate SOC capabilities.  I’m looking to expose “what works” from each perspective and hopefully we’ll gleam some valuable insight from both perspectives.  Let’s face it most larger organization flip-flop between internal/external capabilities every few years… let’s find out why and what value they gain from each perspective.  If you’d…

• Low Level Information Collection

  rocky@decurity.com

  27 Oct 2009 | 7:13 am

  This morning as my wife was leaving for work she noticed a extended cab pickup truck parked out in front of our neighbor’s house.  As she began to pull out of the driveway she noted that the driver got out and was beginning to go through the neighbors trash.  My wife parked at the end of the street and then called me.  I dismissed it at first but as I observed for a few moments I was amazed at how thoroughly this gentleman was going through each bag.  His urgency and purpose was like he was looking for a lost wedding ring. Needing something to do today I walked up to…

• Upcoming Opportunities

  rocky@decurity.com

  20 Oct 2009 | 6:36 pm

  There are a lot of major changes going on at Decurity and soon enough we’ll be in a position to announce them to the world!  In the mean time this is just a quick note to say that Rocky DeStefano will be participating in a couple of fun information security events in the near future: 1.  NetWitness User Conference Nov 4-5 2009 in DC, Gabe Martinez and I are teaming up again and presenting some real-world examples of SIEM and NetWitness integrations in a technical training session on Nov 4th.  This integration is probably one of the most powerful enhancements you can make…

• ArcSight Protect ‘09 Wrap-up

  rocky@decurity.com

  17 Sep 2009 | 8:50 am

  ArcSight Protect ‘09 was a whirlwind of activity for Decurity.  I would love to thank everyone that came up to the booth and gave us feedback on the blog, to all of our customers that stopped by and helped introduce us to their friends and of course to all my friends at ArcSight that made the week so enjoyable.  Technology advances announced as part of Protect ‘09: 1. ArcSight Logger 4.0 While still technically in Beta, this product goes a long way to resolving any perceived flaws in the technology.  Unstructured search, incredible insert rates, better and much fast…

• Decurity’s “Back to School” Series:� SIEM 201: SIEM Use Cases

  rocky@decurity.com

  30 Aug 2009 | 1:00 pm

  Part 2 of Decurity’s “Back to School” Series:  SIEM 201: SIEM Use Case Definition  For the full article click here Course Prerequisites: A while back I published a diagram and associated text illustrating the benefits of a combined SIEM and Log Management architecture. This diagram/post did a good job of explaining the features and functionality of Log Management and SIEM at a very high level. If you haven’t seen that post or if you haven’t read Decurity’s SIEM 101 previously I would encourage you to go back and take a look. Basic concepts from those…

• 
  Get Safe Online

• Spreading the Get Safe Online message – 2009 Summit

  Tony Neate

  20 Nov 2009 | 6:39 am

  On Monday (16th November 2009) I chaired the Get Safe Online Summit which took place in central London. The Summit is one of the cornerstones of Get Safe Online Week, and this year attracted over 120 key partners and stakeholders from across the public, private and voluntary sectors. The keynote was given by the Rt. Hon. Angela Smith, Minister of State for the Cabinet Office. The Minister commented: “The internet can be a great tool to help people find work during the global economic downturn, but with criminals using increasingly sophisticated methods to take advantage of jobseekers,…

• Shopping online this Christmas?

  tcallington

  18 Nov 2009 | 2:42 pm

  It’s that time of year again, and with people’s pockets feeling stretched, many of us will be looking online to find those bargain buys. Shopping online offers convenience, choice and value for money. However, wherever there is money being exchanged, you can be sure there are fraudsters waiting to take advantage of anyone who’s not aware of the risks and fully protected. It doesn’t mean avoiding the internet, but just making sure you don’t make life easy for fraudsters. As part of Get Safe Online Week, Ofcom has published a new video setting out steps consumers can take and things…

• Don’t be a mule! Get Safe Online Week 2009

  tcallington

  16 Nov 2009 | 2:35 am

  No, it’s nothing to do with a dearth of donkeys on Blackpool Pleasure Beach; Mule Recruitment is a sophisticated type of online fraud that could leave you with a frozen bank account and facing criminal charges. It only seems like yesterday we were launching Get Safe Online Week 2008. But a great deal has happened in the past year and we’re now seeing a rapid rise in ‘money mule’ scams as fraudsters seek to exploit our financial worries in the wake of the recession. A money mule is someone who, recruited by a fraudster, transfers money illegally gained in one country to another…

• Get Safe Online wins award

  John Evelyn

  21 Jul 2009 | 10:59 am

  Get Safe Online won a Nominet Best Practice Challenge award earlier this month. This recognises our success in achieving collaboration between government, law enforcement and the private sector to promote internet security for citizens and small businesses.  

• Ofcom offers “Managing your Media” guide

  John Evelyn

  20 May 2009 | 7:51 am

  To support Adult Learners’ Week Ofcom has published the first in a series of Managing Your Media guides designed to promote media literacy across the UK. Available as a video and downloadable guide, this resource is intended to show parents and guardians how to use parental controls and filters to manage their children’s access to digital TV and internet content. The guide also encourages parents and guardians to talk to their children about what they do on the internet and how to use it safely. Ofcom research found that 57 per cent of children aged 8-15 mostly watch TV without an adult…

• 
  The Security Catalyst

• Identity Management in 13 Easy Steps

  securitycatalyst@gmail.com (Michael J. Santarcangelo, II)

  20 Nov 2009 | 3:00 am

  by Ioana Justus If you were asked to throw a few million dollars out the window, would you do it? If yes, let me know where and when – I’ll happily wait outside with my catcher’s mitt. More likely, the quick answer to this question is a resounding “NO”. Few circumstances would lead someone to literally throw millions of dollars out the window, down the drain, etc. Not a million dollars, not in a million years. What about companies that, effectively, waste millions of dollars trying to implement identity management? The sad reality is that many organizations trying to…

• Continue Playing

  securitycatalyst@gmail.com (Michael J. Santarcangelo, II)

  17 Nov 2009 | 3:00 am

  by Jeff Kirsch In “Playing Games”, I shared some lessons that I learned while playing chess with my son. Chess is a rich example of the need for, and challenge of, planning ahead. For those unfamiliar with this game of skill and strategy, the goal is simple: Capture your opponent’s king and force him into a position known as “checkmate.” During the game, opponents take turns moving one piece at a time until a player is considered to be in “checkmate”, meaning he can no longer move his king. An interesting element is the need to notify an opponent when they are one move away…

• For Information Security Newcomers, It’s More Good than Bad.

  securitycatalyst@gmail.com (Michael J. Santarcangelo, II)

  12 Nov 2009 | 3:00 am

  by Dennis Kuntz Most people like attention. Just like we did when we were kids, to get that attention we sometimes engage in good behavior and sometimes in bad behavior. As a parent I know that a sound approach is to focus on and reward the good behavior, while not giving the attention sought via the bad behavior. A perspective among some information security practitioners seems to have emerged: This industry is mean to newcomers. People I respect – though admittedly only through my exposure to them via Twitter and some subsequent blog reading – have recently lamented the current…

• Firefox Patch Tuesday

  securitycatalyst@gmail.com (Michael J. Santarcangelo, II)

  10 Nov 2009 | 3:00 am

  by Carl Anctil Background: A few months ago, Microsoft released (and silently installed through Windows Update) a .NET Framework Assistant add-on for the Firefox web browser. Microsoft installed this add-on to Firefox without warning the user that the add-on would be installed as part of the .NET Framework 3.5 Service Pack 1. Security professionals, bloggers, users in general all over the Internet were in an uproar over Microsoft’s activities. Propel forward a few months, and Mozilla proactively disables two Microsoft-installed add-ons; one of them is the infamous .NET FA add-on.

• FTC Says Bloggers Must Disclose Freebies

  securitycatalyst@gmail.com (Michael J. Santarcangelo, II)

  5 Nov 2009 | 3:00 am

  by Aaron Titus The FTC recently announced new guidelines requiring bloggers to disclose when they get freebies in exchange for reviews. Adopted by a vote of 4-0, this is the first update of the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising in 29 years. The rules go into effect on December 1, 2009. The FTC press release emphasizes that under the new rules, “both advertisers and endorsers may be liable for… failure to disclose material connections between [them].” Material connections include payments or free products, which must be…

• 
  Security Warrior

• Smart vs Stupid: But Not Why You Think So!

  Dr Anton Chuvakin

  20 Nov 2009 | 11:59 am

  This slightly rambling post was born out of some fun conference discussions and well as pondering the “PCI is the Devil” theme. So, some interesting dichotomy was born as a result. Let’s temporarily call it “smart” vs “stupid” security, but if offensive labels … well.. offend you, you can pick something else instead :-) The table below shows some concepts loosely associated with each security paradigm (of course, this whole thing is a gross oversimplification, but useful for our purposes nonetheless): “Smart” Security “Stupid” Security Incident response Badness…

• SANS Log Management Class in Sacramento

  Dr Anton Chuvakin

  17 Nov 2009 | 4:13 pm

  FYI, I will be teaching my SANS class SEC434 called “Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting” on December 2nd in Sacramento. Details: “This first-ever dedicated log management class for IT and security managers will cover system, network, and security logs and their management at an organization. We will start with the basics, like making sure that logs exist, and then go on to touch upon everything from managing log storage, to analysis techniques, to log forensics and regulatory issues related to logging. In the beginning, we will cover various…

• On SIEM Complexity

  Dr Anton Chuvakin

  16 Nov 2009 | 10:05 am

  I love Laura Ries (@lauraries). Not in that way, but I think she is the source of non-trivial marketing awesomeness (despite her iPhone fiasco). In any case, here are three pictures from her recent presentation: Note that on the 3rd picture she uses the line that I’ve heard many times, but never fully accepted: “Changing the reality doesn’t change the perception.”  This is pretty darn profound – and darn hard to accept for folks of the scientific or engineering persuasion. What is has to do with Security Information and Event Management (SIEM)? You know, “SIEM is very…

• FUDSec FUD Piece Reposted – With Comments

  Dr Anton Chuvakin

  13 Nov 2009 | 5:55 am

  My fudsec post (reposted below for backup purposes with a two week delay) was not “an endorsement” of FUD, it was a reminder to many overly excited folks that FUD is largely all we have today – and there are signs that change just ain’t coming.  As I hinted in  my quick follow-up (“Smelly Goat vs Flying Unicorn”), I am not defending Fear/Uncertainty/Doubt for the merits, I am explaining that we are largely stuck with it, for now. Another way to explain is to quite Churchill, as I do in the comments. Those who know me can confirm that I am a huge proponent of metrics (but…

• More PCI Devil Defense

  Dr Anton Chuvakin

  12 Nov 2009 | 4:15 pm

  Our paper “PCI: No Angel, but Not the Devil Either” just went up on “CSO Magazine” online (and a few other sources), check it out. It debates this piece which quotes Joshua Corman of The 451 Group. Sorry, Josh, we had to argue with the imperfect retelling of your words, so some points might not have came out well… Hopefully, we can have a real industry-advancing debate at some point! In any case, I am getting a bit tired defending PCI DSS (ya know, “I’d rather be logging” :-)) from smart people who should (IMHO) know better. As I am doing it, I am also looking for some sort of…

• 
  SC Magazine

• Report: Cyberattacks against the U.S. "rising sharply"

  20 Nov 2009 | 5:57 am

  During just the first half 2009, there were 43, 785 cyberattack incidents against the DoD, a new report states. If this volume is maintained for the rest of the year, it will represent a 60 percent increase over 2008.

• Trio indicted in connection with Comcast.net hijacking

  20 Nov 2009 | 5:13 am

  Three individuals have been charged with compromising Comcast.net's DNS records to divert customer traffic to a prank website.

• Health insurer, Health Net loses 1.5 million medical records

  19 Nov 2009 | 8:52 am

• Federal P2P ban weighed

  19 Nov 2009 | 5:36 am

  New legislation introduced in the U.S. House on Tuesday would restrict the use of peer-to-peer (P2P) file sharing software across the federal government. The Secure Federal File Sharing Act, introduced by U.S. Rep. Edolphus Towns, D-N.Y., chairman of the House Oversight and Government Reform Committee, comes after numerous sensitive government documents were found on P2P networks, including blueprints for President Obama's helicopter, Marine One. — AM

• Windows 7 likely to come into cross-hairs of attackers

  19 Nov 2009 | 3:25 am

  Cyberattackers will target Windows 7 and spam volumes will spike next year, according to a recently released Symantec report covering internet security trends.

• 
  Verizon Business Security Blog

• Weekly Intelligence Summary: 2009 – 11 – 20

  Dave Kennedy

  20 Nov 2009 | 2:10 pm

  Availability failures dominate risk developments this week.  The regional blackout in  Brazil at the end of last week’s report occurred on Tuesday, 9 November.  First reports pointed to a thunderstorm, but this week technical details emerged suggesting an electronic attack was at least possibly to blame.  A router configuration error resulted in a nationwide disruption of air traffic in the US on 19 November. These events contribute to the crescendo of cyber warfare and cyber terrorism posturing contemporaneous to development of the US Federal fiscal year 2011 budget. Early reports of…

• Verizon at SANS Incident Detection Summit

  Wade Baker

  18 Nov 2009 | 6:51 am

  The SANS WhatWorks in Incident Detection Summit 2009 will be held on December 9-10 in Washington, D.C. It follows the 2008 and 2009 editions of the SANS WhatWorks in Forensics and Incident Response Summits. For this summit, SANS is teaming with Richard Bejtlich to create a practioner-focused event dedicated to incident detection operations. The SANS Incident Detection Summit will share tools, tactics, and techniques practiced by more than 40 of the world’s greatest incident detectors in two full days of content consisting of keynotes, expert briefings, and dynamic panels. Wade…

• ICSA Labs Product Assurance Report

  Wade Baker

  16 Nov 2009 | 4:29 am

  Today ICSA Labs (an independent division of Verizon Business) released a report based on testing results and observations taken during its 20-year history certifying security products. We mention it here because several members of this team worked with ICSA Labs to design the study, collect and analyze data (a non-trivial feat given the time span), and write the report. Although bookended by other information and recommendations, the bulk of the report hits on three main topics: how often product deficiencies occur during testing, which types occur most often, and what factors contribute to…

• Weekly Intelligence Summary: 2009 – 11 – 13

  Dave Kennedy

  14 Nov 2009 | 12:33 am

  The most significant impact on risk over the last week was November’s Microsoft Tuesday security bulletins, and most developments this week had a positive impact on risk. Kerfuffles over another SMB issue is of little consequence as was the news of SCADA hacking in Brazil. The US Congress has taken up data privacy and breach legislation, but it remains to be seen whether it will increase risk by costing business more to comply, or decrease it by better protecting data. Signing the DNS root zone will have a positive impact on risk, but use of non-Latin alphabet in domains will probably…

• Weekly Intelligence Summary: 2009 – 11 – 06

  Dave Kennedy

  9 Nov 2009 | 1:52 pm

  The most risk significant development this week was Microsoft’s Advance Notification for release of six security bulletins on 2009-11-10. Sun released an update to Java addressing seventeen vulnerabilities, but none are presently the target of attack. Historically, Java vulnerabilities are ignored by criminals or attacked months after patching. Social networks continue to be a primary target of criminal activity. Gumblar, the FTP-stealing trojan is now targeting Wordpress blogs. Bredolab, Virut and Zeus activity continues with malicious code disguised as shipping confirmations…

• 
  Infosec Ramblings

• Interesting Information Security Bits for 11/18/2009

  kriggins

  18 Nov 2009 | 5:00 pm

  Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Adobe offers some guidance on securely deploying cross-domain policy files (Hat tip to cgisecurity.com) Securely deploying cross-domain policy files – ASSET Tags: ( adobe crossdomain ) I have to agree with this post. Free isn’t always best. MSI :: State of Security >> Beware of ‘Free’ InfoSec Tags: ( pentesting webappsec ) Is this really the best use of our legislature’s time? Security Fix – Bill would ban P2P use…

• Some Interesting Stats From My Bits Posts

  kriggins

  17 Nov 2009 | 8:11 pm

  I’m sitting at home this evening and I should have been doing any number of productive things, but foremost on my mind for some bizarre reason was the question “What kinds of stats can I generate from my bits posts?” I know, I know, you were thinking the exact same thing So, with the help of a quick wget call to Delicious (wget –no-check-certificate -O <output.file> https://<username>:<password>@api.del.icio.us/v1/posts/all?tag=<tagyouwant>), a little awk, sort, and uniq magic  plus a pivot table in Excel I bring you stats! Current Number of…

• Interesting Information Security Bits for 11/17/2009

  kriggins

  17 Nov 2009 | 4:35 pm

  Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it. Reusable Code: The Mason Jars of Security | threatpost Tags: ( programming general ) Yes, we are the unsung heroes. BTW – you have to read this if for no other reason that the Y2K reference towards the end. Securosis Blog | Why Successful Risk Management is Still a Failure Tags: ( general risk-management ) I love a good…

• Interesting Information Security Bits for 11/16/2009

  kriggins

  16 Nov 2009 | 12:42 pm

  Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Xavier decided to fuzz his car. Good thing he didn’t do it when he was driving down the road. /dev/random >> Fuzzing a Car Multimedia System? Tags: ( fuzzing ) Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS – Links/tutorials on writing windows (stack based) exploits Tags: ( exploit-writing )…

• Interesting Information Security Bits for 11/12/2009

  kriggins

  12 Nov 2009 | 12:05 pm

  Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Why Information Security is the Hardest Career | Information Security Leaders Tags: ( career ) Layer 2 Network Protections against Man in the Middle Attacks Tags: ( defense networking ) Acunetix Web Application Security Blog >> Looking back at 2009 through SQL Injection goggles Tags: ( sql ) Branden Williams’s Security Convergence Blog >> More Fun with Hashed PANs Tags: ( pci-dss pans creditcard ) Pentesting Adobe Flex Applications with a…

• 
  Verizon Business Security Blog

• Weekly Intelligence Summary: 2009 – 11 – 20

  Dave Kennedy

  20 Nov 2009 | 2:10 pm

  Availability failures dominate risk developments this week.  The regional blackout in  Brazil at the end of last week’s report occurred on Tuesday, 9 November.  First reports pointed to a thunderstorm, but this week technical details emerged suggesting an electronic attack was at least possibly to blame.  A router configuration error resulted in a nationwide disruption of air traffic in the US on 19 November. These events contribute to the crescendo of cyber warfare and cyber terrorism posturing contemporaneous to development of the US Federal fiscal year 2011 budget. Early reports of…

• Verizon at SANS Incident Detection Summit

  Wade Baker

  18 Nov 2009 | 6:51 am

  The SANS WhatWorks in Incident Detection Summit 2009 will be held on December 9-10 in Washington, D.C. It follows the 2008 and 2009 editions of the SANS WhatWorks in Forensics and Incident Response Summits. For this summit, SANS is teaming with Richard Bejtlich to create a practioner-focused event dedicated to incident detection operations. The SANS Incident Detection Summit will share tools, tactics, and techniques practiced by more than 40 of the world’s greatest incident detectors in two full days of content consisting of keynotes, expert briefings, and dynamic panels. Wade…

• ICSA Labs Product Assurance Report

  Wade Baker

  16 Nov 2009 | 4:29 am

  Today ICSA Labs (an independent division of Verizon Business) released a report based on testing results and observations taken during its 20-year history certifying security products. We mention it here because several members of this team worked with ICSA Labs to design the study, collect and analyze data (a non-trivial feat given the time span), and write the report. Although bookended by other information and recommendations, the bulk of the report hits on three main topics: how often product deficiencies occur during testing, which types occur most often, and what factors contribute to…

• Weekly Intelligence Summary: 2009 – 11 – 13

  Dave Kennedy

  14 Nov 2009 | 12:33 am

  The most significant impact on risk over the last week was November’s Microsoft Tuesday security bulletins, and most developments this week had a positive impact on risk. Kerfuffles over another SMB issue is of little consequence as was the news of SCADA hacking in Brazil. The US Congress has taken up data privacy and breach legislation, but it remains to be seen whether it will increase risk by costing business more to comply, or decrease it by better protecting data. Signing the DNS root zone will have a positive impact on risk, but use of non-Latin alphabet in domains will probably…

• Weekly Intelligence Summary: 2009 – 11 – 06

  Dave Kennedy

  9 Nov 2009 | 1:52 pm

  The most risk significant development this week was Microsoft’s Advance Notification for release of six security bulletins on 2009-11-10. Sun released an update to Java addressing seventeen vulnerabilities, but none are presently the target of attack. Historically, Java vulnerabilities are ignored by criminals or attacked months after patching. Social networks continue to be a primary target of criminal activity. Gumblar, the FTP-stealing trojan is now targeting Wordpress blogs. Bredolab, Virut and Zeus activity continues with malicious code disguised as shipping confirmations…

• 
  Amrit Williams Blog

• To All Those That Have Sacrificed For Our Freedoms – Thank-You!

  amritw

  11 Nov 2009 | 10:36 am

  Image from United States Department of Veterans Affairs (here) We should all be extremely grateful for the commitment, the difficulties and the sacrifices those in our armed forces go through so that we all can enjoy and experience the freedoms of our great nation.

• Gartner Magic Quadrant Under Fire – Lawsuit Alleges Defamation and more

  amritw

  22 Oct 2009 | 11:31 am

  A storm is brewing throughout the analyst community as one of the largest and most influential technology analyst firms comes under fire for one of their highest prized research artifacts – The Gartner Magic Quadrant (MQ) – ZL Technologies has filed a lawsuit alleging damages from Gartner’s Email and Archiving MQ and the MQ process [...]

• Microsoft Security Essentials Impact on Enterprise Security

  amritw

  30 Sep 2009 | 9:15 pm

• 50th “Beyond The Perimeter” Podcast HighLights

  amritw

  21 Sep 2009 | 4:10 pm

  Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to [...]

• Has Technology Killed Privacy?

  amritw

  16 Sep 2009 | 9:50 am

  From Computer World UK (here) There is little doubt that advances in technology have radically changed many aspects of our lives, from healthcare to manufacturing, from supply chains to battlefields, we are experiencing an unprecedented technical revolution. Unfortunately, technology enables the average person to leak personal information at a velocity that few understand. Take a moment and [...]

• 
  Hackers Center

• NIST releases Security Content Automation Protocol for FISMA

  5 Nov 2009 | 6:44 am

  Automated tools take sweat out of security compliance Nov 05, 2009 When it comes to complying with federal security mandates, chief information security... Read the rest of the story here

• A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public.

  5 Nov 2009 | 2:25 am

  Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its... Read the rest of the story here

• Use Data Masking to Secure Sensitive Data in Non-Production Environments

  23 Oct 2009 | 12:10 pm

  Data masking is the process of de-identifying (masking) specific elements within data stores by applying one-way algorithms to the data. The process ensures that sensitive data is replaced with... Read the rest of the story here

• Symbian Microkernel released as Open Source

  23 Oct 2009 | 5:48 am

  It was well over a year ago now that news of the Symbian operating system--found on approximately half of global smartphones--going open source broke. The news was interpreted as particularly... Read the rest of the story here

• Congressional Advisory Panel: China taking valuable information from hitech companies

  23 Oct 2009 | 5:45 am

  The Chinese government is stepping up efforts to steal valuable information from high-technology companies in other countries, according to a congressional advisory panel, which detailed one... Read the rest of the story here

• 
  TradePub: IT Security

• Best of Both Worlds: Secure and Virtual

  18 Nov 2009 | 4:20 pm

  Brian Stevens, CTO and Vice President of Engineering at Red Hat, discusses Red Hat's enterprise virtualization manager for desktops — the next step in virtualization for businesses. Learn what's to come and how to keep virtualized components secure.Request Free!

• The Top 10 Reports for Managing Vulnerabilities

  18 Nov 2009 | 11:50 am

  New network vulnerabilities appear constantly and the ability for IT security professionals to handle new flaws, fix misconfigurations and protect against threats requires constant attention. However, with shrinking budgets and growing responsibilities, time and resources are at constrained. Therefore, sifting through pages of raw vulnerability information yields few results and makes it impossible to accurately measure your security posture.This paper cuts through the data overload generated by some vulnerability detection solutions and introduces The Top 10 Reports for Managing…

• A New Anti-virus Platform that Reduces Bloat and High Resource Usage

  17 Nov 2009 | 5:50 pm

  To counter the latest malware threats, market leaders like Symantec, McAfee and Trend Micro simply stack new layers of functionality on top of their existing engines. The result: the ever expanding code bases of the leading antivirus/antispyware packages invariably result in bloatware. The remedy to bloatware is a better, more efficient product that is specifically engineered to scan, detect and remove myriad security threats without impacting performance and taking a big bite out of the IT capital expenditure budgets. Read this report to learn how a new antivirus technology platform reduces…

• Antivirus Scanning Performance for Small and Medium-Sized Businesses

  17 Nov 2009 | 5:50 pm

  IT system administrators need to balance the security requirements of the enterprise with usability of PCs. As the threat landscape evolved, PC security solutions have become resource hungry to the point that the PC becomes unusable during periods of security scanning. Test show that Sunbelt Software's VIPRE Enterprise endpoint security solution offers better scanning performance with minimal system resource usage compared to McAfee VirusScan Enterprise and Symantec Endpoint Protection products.A Tolly Group Report, Commissioned by: Sunbelt SoftwareRequest Free!

• Small Business Messaging and Web Threat Solutions

  17 Nov 2009 | 5:50 pm

  Messaging, internal and Web-based threats are increasing in number and severity. The risks to organizations large and small are not theoretical – there are real problems that users and their employers face if they do not establish adequate defenses against the growing variety of malware, exploits and other threats that are directed against them. Read this Osterman Research paper to learn how organizations must implement a layered defensive strategy to protect against all types of threats and how Sunbelt Software can help.Written by Osterman Research, Sponsored by Sunbelt SoftwareRequest…

• 
  symantec.com

• Symantec Talks Trends and Looks into the Crystal Ball

  Marian Merritt

  20 Nov 2009 | 6:45 am

  I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway.

• This Utility Has Zero Business with Your Mailbox

  Mayur Kulkarni

  19 Nov 2009 | 1:35 pm

  We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks.

• Two Arrested in Connection with Zeus Botnet Package

  Eric Chien

  18 Nov 2009 | 11:54 am

  Zeus is a botnet package that allows for the easy creation and command and control of a botnet.  We've discussed Zeus previously in Zeus, King of the Underground Crimeware Toolkits.

• Don’t Read This Blog

  Kevin Haley

  17 Nov 2009 | 12:13 pm

  Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need.

• Breadth of Security Issues in 2009 = Stunning

  Kevin Haley

  17 Nov 2009 | 11:59 am

  The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year.

• 
  Optimal Security

• Don’t Procrastinate on Red Flags Rule Compliance Despite Latest Delay

  Chris Merritt

  18 Nov 2009 | 1:42 pm

  So, the Federal Trade Commission (FTC) has, for the fourth time (!) delayed enforcement of the so-called “Red Flags” rules, according to a statement posted on the agency’s website. Compliance enforcement is now scheduled for June 1, 2010 –- in case you’re keeping score at home, the previous dates were 01-Nov-08 (original), 01-May-09 (first delay), 01-Aug-09 (second deferment), and 01-Nov-09 (third postponement). These rules are designed to compel all organizations which offer consumer credit accounts and other “covered accounts” to develop and implement written identity theft…

• The Worldwide State of the Endpoint: What Organizations Should Pay Attention to in 2010

  Pat Clawson

  17 Nov 2009 | 7:35 am

  We’ve been discussing how unprepared organizations in the U.S. are for cyber attacks, and now there’s new research that backs up these concerns and illustrates the inherent weaknesses that must be addressed if we’re to adequately safeguard our information and vital systems. A new Ponemon-Lumension survey on the worldwide state of the endpoint shows that companies feel less secure than they did last year, mainly because of ineffective budget allocations, poor collaboration across IT operations and security and lack of company-wide policies. Here are a few of the key findings of the…

• Windows 7 First Zero-Day Vulnerability Crops Up

  Chris Merritt

  16 Nov 2009 | 2:06 pm

  So, no sooner do I get done writing about how Win7 is a much better OS, albeit not perfect, from a security perspective than the first zero-day threat is revealed. And this after Microsoft (triumphantly?) issued no Win7 security updates in last week’s Patch Tuesday extravaganza, that included a fix (MS09-065) to a Windows kernel flaw which could leave users open to remote code execution when a website or document has a specially crafted Embedded OpenType (EOT) font. [BTW, if you haven’t looked into this one, please do … as the good folks at SANS say: Researchers are in agreement that in…

• Windows 7: One Window You May Want to Jump Through

  Chris Merritt

  13 Nov 2009 | 10:54 am

  Windows 7 has arrived on the scene with much hoopla. Understandably, many IT folks have greeted it with some trepidation. Here are my thoughts on what you should consider before migrating to this new platform. No. 1: Windows 7 is better than XP, which is now already eight years old. While Windows 7 may not be the perfect OS, it’s certainly better than almost decade-old technology. And in our knowledge-based economy, forcing knowledge workers to stay on old technology may be difficult. If people feel that their technological evolution is being thwarted by the organization, they’ll…

• November 2009-Patch Tuesday Security Briefing

  Paul Henry

  11 Nov 2009 | 1:47 pm

  Video Blog discussing Patch Tuesday November 2009.

• 
  Sourcefire, Inc.

• Sourcefire Announces Participation in Upcoming Financial Conference

  19 Nov 2009 | 6:02 am

  COLUMBIA, Md.--(BUSINESS WIRE)--Nov. 19, 2009-- Sourcefire, Inc. (Nasdaq:FIRE), a leader in intelligent Cybersecurity solutions, today announced expected participation in the following upcoming financial community event. The session will be webcast and interested listeners may access the live broadcast in the Investors section of the Sourcefire® website at: http://investor.sourcefire.com. (Please note, date, time and speakers are as currently scheduled and are subject to change.) Barclays Capital Global Technology ConferenceSan Francisco, CATuesday, December 8, 2009 @ 11:00 a.m. PST / 2:00…

• Sourcefire Announces 2009 Third Quarter Results

  29 Oct 2009 | 4:03 am

  Largest Revenue and Earnings Quarter in Company History Q3 Revenue: $27.4 million, an increase of 35% year-over-year Q3 GAAP Net Income: $2.7 million, or $0.09 per diluted share Q3 Adjusted Net Income: $4.6 million, or $0.16 per diluted share COLUMBIA, Md.--(BUSINESS WIRE)--Oct. 29, 2009-- Sourcefire, Inc. (Nasdaq:FIRE), a leader in intelligent Cybersecurity solutions, today announced financial results for its fiscal third quarter ended September 30, 2009. “Sourcefire’s strong performance this quarter was balanced across our business,&...

• Sourcefire Launches Vulnerability Protection Video Series, Active Malware Report, and iPhone Application

  26 Oct 2009 | 6:02 am

  Sourcefire Delivers Security Updates via YouTube, Twitter, iTunes and iPhone, Enabling Security Professionals to Access Critical Security Information from Virtually Anywhere COLUMBIA, Md.--(BUSINESS WIRE)--Oct. 26, 2009-- Sourcefire, Inc. (Nasdaq:FIRE), a leader in intelligent Cybersecurity solutions, today announced the launch of its new Vulnerability Research Team (VRT) Vulnerability Report video series, Active Malware Report, and iPhone application. These new resources are designed to provide IT security professionals with the tools and intelligence necessary to stay ahead of emerging…

• Sourcefire Named to Deloitte Technology Fast 500 List for Third Consecutive Year

  22 Oct 2009 | 6:04 am

  National Award Recognizes the Fastest Growing Companies in North America COLUMBIA, Md., Oct 22, 2009 (BUSINESS WIRE) -- Sourcefire, Inc. (Nasdaq:FIRE), a leader in Cybersecurity, today announced that the company has been selected for the third consecutive year to the Deloitte Technology Fast 500, this year ranking 348. The Deloitte Fast 500 program lists the fastest growing technology, media, telecommunications, life sciences and clean technology companies in North America based on their percentage revenue growth over a five-year period. Sourcefire(R) achieved its ranking on this year's…

• Sourcefire Continues Adding Channel Partners In EMEA Market

  12 Oct 2009 | 5:01 am

  New partner signings expand reach for Sourcefire products across region WOKINGHAM, England--(BUSINESS WIRE)--Oct. 12, 2009-- Sourcefire, Inc. (Nasdaq:FIRE), a leader in Cybersecurity, today announced the addition of twelve new channel partners in the Middle East, Eastern Europe, Benelux and the Nordics. Sourcefire® has also appointed two new regional managers to support its new channel partners in the Middle East and Eastern Europe territories. “Expanding in these markets is an exciting and progressive milestone for Sourcefire. Directing additional resources to these regions is a…

• 
  SophosLabs

• Koobface, new promises?

  Numaan Huq, SophosLabs Canada

  19 Nov 2009 | 9:31 am

  Koobface started life compromising Twitter accounts. It then diversified to attack various social networking sites including Facebook, MySpace, Bebo, hi5, GeoCities, Friendster among the prominent ones. Recently I came across what could possibly be the next iteration of Koobface, W32/Koobfa-O, which came with Skype hacking functionality and some additional promises for the future. The new variant of Koobface attacks Skype accounts on the compromised machine to get various pieces of information about the victim using the different Skype API commands. The following screenshot demonstrates a…

• Twitter spam explosion

  SavioL, SophosLabs, Canada

  18 Nov 2009 | 3:32 pm

  Starting early this morning, we have seen a major uptick in the use of Twitter links inside spam messages. Here are a few different variants of them. Most of the spam refers to online med sites although a few campaigns tout making lots of money: Following the links will lead a user to arrive at “making-money-with-Google” or Online Pharmacy sites: The Twitter accounts themselves appear to be legitimate and do not look to be bot-registered. They contain normal-looking tweets in the previous days and months. We’re still looking into how the accounts are compromised. Certain…

• Katya, My Queen-To-Be

  Lennard Cher

  15 Nov 2009 | 9:35 pm

  Do you think she’s hot? Her name’s Katya and she is my latest entry to my long list of “girlfriend-wannabe” / “potential one-night-stands”. If my mum were to find out about her, she will definitely give me a hard backhand on my head for letting such a great girl like Katya waiting. Katya wrote me a really sweet email. However, I am appalled by her English. Let me share snippets of her declaration of love for me :) 1.   The agency of acquaintances has a contact to other agencies of acquaintances in other countries and I have received yours e-mail,…

• Malware, but only for a second in a day

  Pete, SophosLabs AU

  15 Nov 2009 | 6:09 pm

  Malware authors and software-protectionists alike go to great lengths to obfuscate and contort their code in an attempt to hide or obscure its true nature [1,2]. The assumption being that it is difficult for human or machine to make sense of the code, extending analysis time and giving the bad guys a free run. For the most part, such obfuscations (in particular JavaScript) are relatively easy to unravel because they are static transformations [3]. The more complex encrypted forms require some form of script emulator (or your browser of choice) and a skillfully inserted alert() instead of…

• Alert! Conflicker detected! … or is it?

  XinranWu

  13 Nov 2009 | 7:12 pm

  Today we have spotted a batch of messages arriving in our spam systems titled “Conflicker.B Infection Alert”. The message goes like this: Dear Microsoft Customer, Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus. Please install attached file…

• 
  Sophos: Graham Cluley's blog

• Hackers steal information from Climate Research Unit

  Graham Cluley, Sophos

  20 Nov 2009 | 5:25 am

  The UK-based Hadley Climate Research Unit (CRU), at the University of East Anglia in Norwich, is reported to have sufferered a security breach which has resulted in many confidential emails and files being uploaded to the internet. A 61MB zip file containing information stolen from one of the world's leading climate research centres, was posted onto an anonymous FTP server in Russia, accompanied by a note saying: We feel that climate science is, in the current situation, too important to be kept under wraps. We hereby release a random selection of correspondence, code, and documents In total…

• Scientology website attacker sent to jail

  Graham Cluley, Sophos

  20 Nov 2009 | 2:30 am

  A 19-year-old man has been sentenced to a year and a day in prison after instigating a distributed denial-of-service attack (DDoS) against websites belonging to the highly controversial Scientology organisation. Dmitriy Guzner, of Verona, New Jersey, played a key role in an attack in January 2008 which crippled Scientology websites by flooding them with internet traffic, making them inaccessible to the outside world. Guzner, a student at Quinnipiac University, admitted his involvement in the attack a year ago, but has denied being a member of the Anonymous group which believes Scientology to…

• Guest blog: Evil Maid wanted, B.S. in Computer Science a plus

  Michael Alfred Schmidt, Sophos

  20 Nov 2009 | 1:56 am

  Guest blogger Michael Alfred Schmidt is worried that next time room service tidies his hotel room they might do something rather more sinister than make the bed and refresh the mini-bar. Discover more about the "evil maid" threat and how you can reduce the risks of your laptop's sensitive data being compromised. Over to you Michael.. Some weeks ago, Polish researcher Joanna Rutkowska published an attack on the TrueCrypt Full-Disk Encryption (FDE) software, which allows an attacker with access to an unattended PC to install a password sniffer in a first strike, and to steal the PC including…

• Sarah Palin says email hack paralysed Presidential campaign

  Graham Cluley, Sophos

  19 Nov 2009 | 6:30 am

  An email hack can ruin your chances of becoming Vice President of the United States. That's the message that Sarah Palin appears to be sharing with the world in her new book, Going Rogue: An American Life, where according to media reports, where she describes that a hacker breaking into her personal Yahoo account "created paralysis" in her campaign camp, because it cut off easy communication with her colleagues in Alaska. Clu-blog readers will remember that in September 2008 hackers broke into Sarah Palin's Yahoo account and posted examples of her emails, addresses of her contacts, and family…

• Facebook Easter Egg causes a flap

  Graham Cluley, Sophos

  19 Nov 2009 | 3:34 am

  My mate Ben told me a story the other day which he thought I would find amusing. He's a Facebook addict, and has been regularly cajoled for spending hours checking the social networking site for updates from his buddies instead of the biology job he's supposed to be busy doing.. The other day he stepped away from his desk for what Americans charmingly call a "comfort break", and returned to his desk to find bizarre red circles appearing like a lens flare on the Facebook page he was logged into. In reality, he had fallen victim to an office prank - one of his colleagues had turned on a…

• 
  TRUSTe Blog

• CNN: The End of Privacy?

  John Gamble

  20 Nov 2009 | 10:43 am

  See our earlier blog post on why privacy is not anonymity.

• CEO Fran Maier wins a Stevie!

  John Gamble

  18 Nov 2009 | 1:12 pm

  Last Friday, TRUSTe’s own Fran Maier won a Stevie Award for Best Executive. Way to go Fran! She was honored out of hundreds of candidates for her outstanding accomplishments as CEO of TRUSTe for the past eight years. Honoring companies of all types and sizes and the people behind them, the Stevies recognize outstanding performances in the workplace worldwide.  One of four Award categories, The Stevie Awards for Women in Business are presented to well-rounded women who have accomplished both personal and professional achievements and have made positive contributions to the…

• TRUSTe @ 2009 Cross Border Data Flows Conference

  John Gamble

  17 Nov 2009 | 11:24 am

  Maureen Cooney, TRUSTe’s Chief Privacy Officer and VP for Public Policy, spoke at the 2009 Conference on Cross Border Data Flows, Protection and Privacy, in Washington DC today about TRUSTe’s EU Safe Harbor Seal Program.   She outlined the requirements of the program and how companies go through the process of getting certified. In keeping with the theme of accountability mentioned in remarks by US Commerce Department, FTC and EU Data Protection officials, Maureen detailed the workings of TRUSTe’s Watchdog issue resolution program.   She noted that it handles consumer…

• Congrats to eBay on European Privacy Approval

  John Gamble

  11 Nov 2009 | 12:25 pm

  TRUSTe seal holder eBay is now the first e-commerce company to receive approval from Luxembourg’s National Data Protection Commission on their rules for the protection of customer and employee privacy in European countries. These new rules, called “Binding Corporate Rules” (BCR), demonstrate eBay’s commitment to meet European data privacy standards when it comes to transferring and using customer and employee personal information overseas. Also, eBay became the first company to win approval for both employe and customer BCRs in less than 12 months time! That comes as…

• VIDEO: Cloud Computing Explained

  John Gamble

  4 Nov 2009 | 11:07 am

• 
  SecurityTube.Net

• Sqlmap Usage Demo Video Tutorial

  Sqlmap Usage Demo Video Tutorial

• Xdoor (Ajax based Backdoor) Video Tutorial

  Xdoor (Ajax based Backdoor) Video Tutorial

• Bypassing 403 Forbidden Errors Video Tutorial

  Bypassing 403 Forbidden Errors Video Tutorial

• DLL Injection Basics Video Tutorial

  DLL Injection Basics Video Tutorial

• Websense Threatscape (October 2009) Video Tutorial

  Websense Threatscape (October 2009) Video Tutorial

• 
  The iViZ Blog

• Is Twitter the new source of Malware?

  rudrak

  9 Nov 2009 | 5:36 am

  Ok, I’m going to keep this one real short. A few days ago I created one Squidoo Lens on the vulnerabilities of facebook and twitter which received good user feedback and comments. Following up on that, here is a summary (as well some new ones) that you may consider to prevent your computers being targeted [...]

• How much secure your VPN really is?

  rudrak

  6 Nov 2009 | 2:01 am

  Late at night one Friday, I got a phone call from a long time buddy who worked for a big countrywide construction company in the role of a chief engineer. Calls from him were predictable while his workstation was giving him a hard time or else a weekend expedition was being considered . However, this [...]

• 14 Live CDs for Penetration Testing (Pen Test) and Forensic

  rudrak

  28 Oct 2009 | 5:14 am

  Yesterday I was researching for some of the other lesser known live CDs for penetration testing.  While I’m an avid user and a fan of backtrack, someone mentioned that there are other live CDs as well which are good for specific functionality. I did take a look from the post at darknet but I feel [...]

• How Web Application Security Assessment Can Grow Your Business

  rudrak

  9 Sep 2009 | 5:30 am

  In this day and age, the way we do business has raised the demand for Web application security testing services. Every progressive and successful company nowadays has their own Web site or web application. Since the 1990s, more and more businesses have extended their presence online. The Internet is no longer just a [...]

• How to choose Penetration Testing companies?

  rudrak

  1 Sep 2009 | 8:14 am

  A common question is: Why should get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by companies (read outsiders) with no bias and partiality to anyone or anything [...]