After a recent attack on Power Downloader's home system, Power wanted to find a way to monitor or block usage on his computer while away. Ideally, Power wanted a program that could block usage of certain applications and record usage if a bad guy somehow accessed his system. With the holiday season just around the corner, Power knew that he would probably need to take extra precautions.… Read more
Red Hat just concluded its Red Hat Government User's Conference, but it also announced an initiative with HP that will persist beyond the one-day conference: Multi-Level Security (MLS) Services for Red Hat Enterprise Linux 5.At the core of MLS Services is the fact that HP has achieved Common Criteria certification at the EAL 4 level with the Labeled Security Protection Profile (LSPP) -- certifications that mean HP, and now Red Hat, are can meet high-level government security requirements. Common Criteria certifications, for instance, are key government certifications that ensure a degree of security compliance against known criteria.
The expectation is that by raising the level of security in its products, Red Hat can lower barriers to open-source adoption.
While security isn't isolated to Red Hat Enterprise Linux (HP also supports Debian and SUSE), HP says that RHEL offers the highest level of security:… Read more
Linux isn't perfectly secure, but Microsoft Windows is architected for security failure, as IT Wire points out. Good design decisions in Linux may well account for the glaring difference between security in Linux and insecurity in Windows:
The reality is Windows is naturally insecure for a variety of reasons, not least being Windows' users were always conditioned to login and run programs as the administrator user. Windows Vista has made an attempt, too late, to stifle this behaviour but the far number of complaints about the intrusive UAC box is testament to how many ordinary, daily, Windows tasks require administrative privileges - not necessarily due to legitimate need, but often just bad programming.… Read more
IBM on Thursday detailed new products and services aimed at securing corporate networks and announced it will spend $1.5 billion on security product development and marketing in 2008.
The computing giant's approach is to combine technology with consulting services that focus on mitigating risk.
The centerpiece of the announcement are products IBM gained through its $1.3 billion acquisition of security services firm ISS last year. IBM added data inspection software meant to prevent loss of valuable data and related services.
The company also introduced enhanced data security software to track, report, and investigate potential security breaches on … Read more
Dan Farber reports on IBM's $1.5 billion security push, dubbed "an enterprise free of fear." (Note to IBM: "Free from fear" would be the more direct way of saying it.) But IBM, like others, is approaching security as code an enterprise would layer on other code, and processes on top of that code, rather than something inherent in the code itself, as Stuart McIrvine, director of IBM?s Corporate Security Strategy, relates:
"Our approach is that security is kind of broken. Companies are leaving security in the hands of IT and operations people, looking at servers, databases and putting up firewalls and updating antivirus signatures. But they have no real view of what they are protecting from a business strategy viewpoint, understanding the core objectives and risks to meeting those objectives."… Read more
There's a new piece of malware out there targeting Mac users that takes advantage of the inclination to watch porn.
Intego, a Mac security software company, issued an alert Wednesday warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse. Those of you familiar with mythology recognize the reference, and OSX.RSPlug.A disguises itself as a video codec that would ensure whatever porn video you just stumbled upon will play on your Mac.
But to get infected with the malware, you have to accept the invitation to download "new version of … Read more
Matasano Security's Thomas Ptacek provides an excellent run-down of Leopard's new security features (tip o' the antlers to Ryan Naraine). Remember what the Macalope said a couple of weeks ago?
We can argue whether these are the right measures to be taken or how effectively they're being implemented, but this is still good news.
Well, a funny thing happened on the way to implementing Leopard's new security features...
Some of it's good, but much of it's bad or at least disappointing that Apple did not implement the features in a more robust method.
It'… Read more
Although Apple is selling its new Mac OS X Leopard operating system on its improved security, researchers at Heise Security have already found fault with its firewall. Unlike with Windows Vista, the Apple firewall is not enabled by default and must be enabled by the end user. Even if you had the firewall enabled in a previous version of the Mac OS X, after an upgrade to Leopard the firewall will again be set to "Allow all incoming connections." It will be disabled.
According to Jürgen Schmidt, editor in chief at Heise Security, if you enable … Read more
McAfee announced plans on Tuesday to acquire ScanAlert in deal worth approximately $51 million in cash.
And what is McAfee looking to get for its money? For starters, it'll snap up ScanAlert's Hacker Safe Web site security certification service, bolster its own SiteAdvisor security-rating system, and become the keeper of ScanAlert's proverbial "good housekeeping" seal for sites seeking to reassure customers that they are conducting safe online transactions.
The acquisition, expected to close in the first quarter, calls for integrating ScanAlert's e-commerce security certification service into McAfee's SiteAdvisor system. McAfee last year acquired SiteAdvisor, … Read more
There is absolutely no question that large organizations are growing more and more concerned about data privacy and security. In fact, a recent ESG Research survey reveals that security professionals rate "protecting confidential/private data" as the biggest influence on their security management needs--more important than regulatory compliance or corporate governance. The survey was based on a recently released Enterprise Strategy Group report titled "Security Management Matures," which I co-authored.
Obviously, product demand should be healthy but suppliers may be facing a tougher market because of growing consolidation in the data loss prevention market. The market … Read more