|
|
|
|
defense against the dark artsMarch 13, 2008
Thursday, March 13, 2008 5:23 PM/EST
IBM identifies enterprise single sign-on in EncentuateIBM announced its acquisition of enterprise single-sign-on vendor Encentuate on March 12. Ian Yip has interesting analysis of the deal here. I've been following Passlogix and Encentuate for years and I have to agree with Ian on the business analysis. Also what this means for IBM customers who bought ESSO from IBM.... December 19, 2007
Wednesday, December 19, 2007 4:27 PM/EST
Anti-Malware Testing Working GroupAnti-Malware Testing Working Group is a group of vendors and test organizations that plan to release methodologies for testing security products. Brian Prince, one of my news colleagues, has more on the story here. The question Brian asks, "Why has testing lagged so far behind the threat landscape?" is a good one, but one that's got an easy answer. It's very expensive to do this type of testing. In many ways it's like testing spam ... you have to have a fresh crop of malware every time you test, so it's practically impossible to repeat the tests. BAD (Behavioral Anomaly Detection) software, which is supposed to be superior to signature-based anti-malware systems because it can catch zero-day attacks, usually requires some type of user interaction (such as signing up for mail lists, interacting with a system or clicking on a call-to-action to activate the malware). At a recent Symantec security... December 12, 2007
Wednesday, December 12, 2007 6:29 PM/EST
Security Reviewers WorkshopI attended a Symantec endpoint security reviewer workshop in San Francisco Dec. 11. These workshops are always an interesting mix of "head fixing" on the part of the workshop sponsor (Symantec is far from the only company that holds such events) combined with often feisty reviewers on the other side. Our wrangles yesterday ranged from what constitutes malware (does a piece of malware have to be active to be considered a threat?) to what constitutes a good test for false positives in a behavior analysis tool (Symantec says the minimum test harness configuration should include 500 legitimate applications to get a meaningful test of a behavior-based threat prevention tool.) We didn't spend that much time on virtualization except to say that some malware turns itself off if it detects a VM because virus makers know how much the security industry relies on VMs to expedite the testing and detection process.... November 7, 2007
Wednesday, November 07, 2007 7:00 PM/EST
Ca.gov Still Dealing Drugs, but One Site Does the Right ThingIt was big news in early October when federal officials essentially deleted the ca.gov domain because the Transportation Authority of Marin Web site was hacked up to redirect to serve porn pages. While speaking with Dianne Steinhauser, executive director of the Marin transportation authority, I advised her to shut down the Web site until competent staff could be found to run the site. To her credit, she did just that. As of today the site now has an "under construction" front page. A Google search for ca.gov sites that are still serving drugs and pornography reveals, however, that there are still many sites, including the hapless California School for the Deaf-Riverside, that are still hacked up. In this case, CSDR is being used by US Pharm, where I was able to go all the way to the "click here to buy" screen for a generic Valium (90 10-mg pills) for... October 31, 2007
Wednesday, October 31, 2007 2:09 PM/EST
Password-Protect Your Cell Phone--Learn from My MistakeI got home last night, felt for my cell phone, a Treo 650 that I've had since 2005, and found only an empty holster. Crap. I immediately flashed back to when I probably lost it. I was sitting on the floor of the BART train because I wanted to talk with a friend, there weren't enough seats and, well, in San Francisco it's not THAT uncommon to see middle-aged professionals sitting on the carpeted floor of the train. My phone holster doesn't have a flap or cover and a few times in the past sitting or crouching has caused my phone to fall out of the case. No panic. I make a habit of regularly backing up my phone data. All my data was safe and sound in my home computer. And then the second wave of realization struck me and I was afraid. All of my personal data--more than... October 4, 2007
Thursday, October 04, 2007 2:58 PM/EST
Transportation Authority of Marin Still Hacked UpThe Transportation Authority of Marin Web site was hacked to link to porn sites, causing the Federal agency that oversees .gov domains to temporarily remove ca.gov from Domain Name System servers. The porn links were removed and California and Federal IT workers scrambled to get ca.gov back online before major havoc was unleashed. The TAM (Transportation Authority of Marin) site is still hacked up with (non-functioning) links to Web pages selling diet pills. Although the links no longer work, the fact that there is still bad code in the page means that someone is not, in my opinion, diligently seeking to secure the site. When I told Dianne Steinhauser, the executive director of the Marin transportation authority, that the site was still hacked she said, "I'm frustrated." Because the site provides no emergency services, my advice to her was shut it down until she's able to hire a competent site... August 30, 2007
Thursday, August 30, 2007 7:01 PM/EST
Backtrack2 pen testing toolset is very coolI have access to the best commercial security test tools in the market including Mu Security's Security Analyzer and Core Security Technologies Core Impact. For a long time, however I've been a fan of open source security tool kits including STD. A couple days ago I became aware of Backtrack 2 when I was thumbing through one of the stacks of computer security books sitting on my bookshelf. (The book is Penetration Tester's Open Source Toolkit and you can read Richard Bejtlich damning and very informative review here (you have to scroll down a bit to get to Richard's post, but read some of the other reviews to get the full flavor of his American Idol reference.) But, I digress. I'm working my way through Backtrack2 in my lab testing, so I'll start at the top and say this looks like an excellent collection of no cost, penetration test tools.... |
|
|
|
|
