Tuesday, July 22, 2008

Spliced feed for Security Bloggers Network

Spliced feed for Security Bloggers Network

Chinese and Iranian hacker connection? [The Dark Visitor]

Posted: 22 Jul 2008 05:58 AM CDT

Skimming through the news today and came across an article in pr-inside.com, on Iranian hacker attempts to disrupt Jewish American leader’s message to Iran. A small blurb in the piece suggested that there was some evidence of Chinese fingerprints or assistance:

In the month since Hoenlein’s message was posted, Rosen said there have been «dozens» of attempts to hack into the site, called Jerusalemonline.com. He said they succeeded in labeling the Web site as «dangerous» on the Google search engine.

In an e-mail message to The Associated Press, Rosen said his technicians identified the hackers as «probably Iranian based with Chinese assistance or fingerprints.

I have written to Jerusalemonline for further clarification on this section of the article and hopefully will have an update. It would be very interesting to see if there is more to this, even if the Iranians are just using Chinese hacker malware.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

TSGrinder - Brute Force Terminal Services Server [Darknet - The Darkside]

Posted: 22 Jul 2008 04:14 AM CDT

This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server. TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since...

Read the full post at darknet.org.uk

Another take on reviews [StillSecure, After All These Years]

Posted: 22 Jul 2008 01:40 AM CDT

Without putting out misleading press releases, I do want to mention a review that came out today that I was pretty proud of. The folks at Channel Web and CRN put out a review today of StillSecure Safe Access baked off against two well known competitors, Symantec and Sophos. You can go read the review for yourself for the entire story, but here are the final two paragraphs:

After evaluating each of these products, the Test Center found that StillSecure's Safe Access 5.0 slightly outpaced the others, followed by Symantec (NSDQ:SYMC)'s solution and then Sophos'.

Safe Access 5.0 is robust and customizable, justifying adding a NAC as an extra layer of security. Symantec offers a nice solution, but finds itself more limited than Safe Access 5.0 without deploying agents. Sophos, too, is good, but we were left wanting more. While all the solutions could be fine in particular deployments, functionality led us to choose Safe Access 5.0 first, Symantec second and Sophos third in this comparative review.

'Nuff said on that one!  In other NAC news today, Mike Fratto and the Information Week folks have released their 2008 NAC survey and Mike will be doing a follow up webcast on this on Wed, July 23rd.  Check out the site for all the details. This report is chock full of great stuff about NAC including vendor profiles.  There is a ton of great information there for anyone interested in NAC.

Zemanta Pixie

When is 4 out of 5 stars not 4 out of 5 stars or do I have a car for you! [StillSecure, After All These Years]

Posted: 22 Jul 2008 12:19 AM CDT

After my "used car salesman of NAC" series I was going to give Ray and the gang a break.  But the depths they sink to just never cease to amaze me! Today I received a Google alert on NAC with a link to a press release announcing the NAC used car sales guys continuing to deliver best in class security management solutions, yada, yada, yada.  The basis for this claim was that "SC Magazine awarded ForeScout's CounterACT a four-out-of-five star rating, lauding the product's ability to "function like a firewall, an IPS and a NAC device all rolled into one".  They wrapped some customer quote (that had nothing to do with the SC magazine story) and voila!, can they put you in this car today?

So why do I call this out? No, no sour grapes here.  Actually StillSecure Safe Access received the same 4 out of 5 stars and when we dig into the rating here are some interesting facts:

forescout  stillsecure sc magslimy_salesguy

In actuality, our friends the used car salesmen only received a 2 star rating in ease of use, a 2 star rating in documentation and a 3 star rating in support.  In contrast StillSecure Safe Access received 5 stars across the board, except for a 4 star grade in documentation.  How both products finish up with a 4 star rating overall based upon this is frankly baffling to me. I think it has more to do with the reviewer not wanting to spank any of the products too badly.  I have already asked for a clarification and will let you know what I find out.  But being a slick marketing machine, I thought it the height of chutzpah that they would put out a release around this, considering the best buy and editors choice were two different products.  But I guess that is why they did not have a quote or a link to the actual review.  The review starts out with this memorable quote, "The ForeScout CounterACT was the device which took the most time to install and configure."  Later on the reviewers had this to say, "The second part of the configuration was far more difficult. The initial screens for the GUI made us feel lost and we immediately began looking for the documentation CD."  Now does that sound like a review to be touting?  Only those master car salesman would seek to put out a press release trumpeting the results of this review.  They are counting by wrapping enough other quotes (and frankly who knows about those) around it, no one will bother to dig into the facts here. Hey, thats what you guys pay me for, telling it like it is!

DNS Exploit Is Out Of The Bag [Liquidmatrix Security Digest]

Posted: 21 Jul 2008 11:07 PM CDT

Well, there was a rumble earlier today when Halvar Flake made it known that he had puzzled out Dan Kaminsky’s DNS vulnerability.

From ADD / XOR / ROL:

I know that Dan asked the public researchers to “not speculate publicly” about the vulnerability, in order to buy people time. This is a commendable goal. I respect Dans viewpoint, but I disagree that this buys anyone time (more on this below). I am fully in agreement with the entire way he handled the vulnerability (e.g. getting the vendors on board, getting the patches made and released, and I understand his decision not to disclose extra information) except the proposed “discussion blackout”.

Next up we saw the good folks over at Matasano jump in with their analysis of the DNS exploit.

From Matasano Chargen:

Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.

A rather lengthy explanation ensues and is soon taken offline when Thomas Ptacek realizes that the nature of the post is far too informative.

By then, it was too late. Google had already sunk its teeth in.

Matasano published an apology soon afterward,

We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.

We dropped the ball here.

Since alerting the Internet earlier in July about the upcoming announcement of his finding, Dan has consistently urged DNS operators to patch their servers. We confirmed the severity of the problem then and, by inadvertantly verifying another researcher's results today, reconfirm it today. This is a serious problem, it merits immediate attention, and the extra attention it's receiving today may increase the threat. The Internet needs to patch this problem ASAP.

Dan Kaminsky jumped on Twitter shortly after 11 pm to confirm the worst.

Get yer patch on people.

Foundry Networks - Brocade's 3 billion dollar baby [StillSecure, After All These Years]

Posted: 21 Jul 2008 11:04 PM CDT

By now you have probably heard that Brocade is making a big push from storage networking switches into Ethernet switches by buying Foundry Networks for almost 3 billion in cash.  Actually the deal is valued at about 2.8 billion.  However, Foundry has about 800 million or so in cash and liquid assets.  So taking that into account, the deal is for about 2 billion really, according to the San Jose Mercury News. Still that is quite a number when you consider that $18.50 of the $19.25 price per share is in cash.  That works out to about 2.7 billion.  Considering Brocade only had about 700 to 800 million in cash itself, that means someone is lending them about a billion and half.  Again according the Mercury News, it is Bank of America and Morgan Stanley. This is a 41% premium over Foundry's closing price.  Pretty sweet!

The real question is what does Brocade do with this.  With all of that debt, do they have what it takes to go on and take on Cisco now?  The highways and byways of Silicon Valley are littered with companies that have tried to take Cisco out of this market.  What about the 7 dwarfs who currently compete in this market.  Companies like HP ProCurve, Extreme Networks, Nortel, Enterasys, Alcatel-Lucent and Force 10 are not small little companies. These are companies with 100's of millions, if not billions of dollars of market cap themselves.  They are not going to roll over and die here. Will this set off a round of consolidation for these players to bulk up in order to compete in this brave new world of networking? I think so. What about next gen secure switches like ConSentry, Nevis and Napera? Or some of the other smaller switch vendors like D-link?  Do they view this a a good opportunity to get bought by one of the giants or do they think they can run through the legs of these giants?  I don't know but it is going to be a high barrier of entry into this market.

Ultimately though I don't think Cisco will lose its place of dominance very easily. Brocade will be another competitor among the other switch vendors fighting over 25% of the market. But it sure will be interesting in the switch market for a while.

Zemanta Pixie

What a Weekend [BumpInTheWire.com]

Posted: 21 Jul 2008 10:29 PM CDT

Saturday was a big day.  While our DBAs performed a flawless migration from SQL 2000 to SQL 2005 we took advantage of their window to retire one Vmware ESX 3.5 cluster and bring a new one into full production.  This involved storage changes and migration of nearly 50 virtual servers along with VMware Tools upgrades.  This also went nearly flawless.  If we would have tried to coordinate all of these moves and changes it would have taken three months to complete.  Luckily this SQL migration provided the perfect opportunity to get it done in four hours.  Timing is everything.

In the middle of writing this post my damn laptop dropped its network connection again as I previously wrote about.  I’m gonna throw this damn curse into that damn pond!

Yes! Now I Can Attend Nate Lawson’s Talk at BlackHat! [Zero in a bit]

Posted: 21 Jul 2008 10:14 PM CDT

By now, you probably know that details of the DNS vulnerability have leaked. Halvar Flake speculated on DailyDave and the momentum built from there, despite the fact that his guess was short on a few key details. I don’t need to rehash the full technical details here; by now, they are easy enough to find with a couple Google searches. When Slashdot picks up the story, it’s hardly a secret any more.

What’s more interesting to me, now that I’ve digested the big secret, is how this whole situation has played out in the security community.

The security community has been polarized for the past two weeks, not so much over the technical details being withheld, but about Dan’s plea that people not speculate about the vulnerability. As many pointed out, the “bad guys” won’t stop trying to figure it out just because the “good guys” keep quiet. To be honest, my own lack of public speculation wasn’t because I agreed with the philosophy; I just wasn’t smart enough to figure out the vulnerability myself.

People implied — or stated outright — that Dan just didn’t want anyone stealing his thunder. Considering the timing of the release and the subsequent BlackHat talk, it’s obvious why such accusations were made. Personally, I think it’s a little of each. I believe the coordinated patch effort was undertaken with the best of intentions, but I also think Dan relished some of the glory and media attention as well. It’s hard to blame him for that; if you were in his shoes, wouldn’t you want some recognition too?

By many accounts, dealing with the DNS vulnerability from the operational side has been an exercise in frustration. Plenty of IT people wanted to patch but couldn’t get approval without being able to justify the operational risk. “Because Dan said so” is apparently not a convincing enough argument. Some wondered why the people who were responsible for creating the problem should be blindly trusted to implement an appropriate fix?

Ultimately, vulnerability disclosure is a minefield. No matter how you choose to disclose, somebody will always disagree.

P.S. If you didn’t figure out the title of the post by now, Nate was one of the unlucky few to draw the same timeslot at BlackHat as Dan Kaminsky.

Another One Bites the Dust [BumpInTheWire.com]

Posted: 21 Jul 2008 09:26 PM CDT

Life in the technology business is volatile.  Tonight I got an email with a subject of “Accelerating the Evolution of Networking.”  I get a handful of these emails every day with subjects similar to the this one and rarely read them at the time of receipt.  For whatever reason I decided to read this one.  Needless to say I was a little shocked at what I read.  Brocade has agreed to aquire Foundry Networks.  This hits close to home.  Real close to home.  That’s life though.  Eat or get eaten.

DNS VULNERABILITY NOW IN THE WILD [ARCHIMEDIUS]

Posted: 21 Jul 2008 08:35 PM CDT

There are about 11 million servers using the Internet's core Domain Name System (DNS) protocol to coordinate traffic across the Internet to their proper destinations.  About 6 months ago Dan Kaminsky, director of penetration testing at IOActive, discovered a way to exploit long-known DNS vulnerabilities to easily implement cache poisoning attacks that can compromise the integrity of the Internet.    A few [...]

DNS vulnerability in the wild [Kees Leune]

Posted: 21 Jul 2008 08:13 PM CDT

Well, it had to happen. The DNS vulnerability discovered by Dan Kaminsky has been leaked. Go read here, here, or here. Then read this and this . The vulnerability is conceptually simple, and frankly it is amazing that no other researchers ever found it. I'll not elaborate on how dangerous it is (patch now!) or how it works exactly. Instead, I'll be trying to wrap my head around this one and get ready to explain the details when asked. Kudos to Dan on how he handled it.

NOW is the time to patch those unpatched DNS servers. Details have leaked. (updated) [Security4all] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 08:11 PM CDT

So what happened? Matasano had an article ready with some more details on the DNS vulnerability for after Blackhat and posted it in error. They removed it as soon as they noticed it. But it seems,...

the secretive private Dow Jones Watchlist in your mobile ? [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:55 PM CDT

Dow Jones Watchlist is a global database, which tracks and monitors over
500,000 individuals and other entities that represent a legal or commercial
risk to institutions, including criminal activity that did not result in
political sanctions

This is used by Vodafone for its M-Pesa mobile money transfer service to ensure compliance with AML regulations from bodies such as the UK’s Revenue and Customs, the European Union, the Central Bank of Kenya, and the Central Bank of Tanzania as well as with the U.S. Patriot Act. The system checks customer names against Sanctions and Politically Exposed Persons (PEPs) from the Dow Jones Watch List.

Regulator BIPT has A war fund of 3 million Euro [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:46 PM CDT

It is strange to read that the minister that is responsable for the BIPT (our regulator of postal and telecommunication services) blasts his own administration away and says that it is nearly the worst regulator of the European Community. One reason - to make it totally hilarious - is that the public service operator Belgacom makes its work nearly impossible as regulator by taking to court against any of its decisions that it doesn't agree with.

So the minister says that more internal specialists of the BIPT should be internally transfered to these devisions of the BIPT that should open up the telecom market. It should also use - according to its minister - its own cash it has been piling up the last years.

Maybe it should use some of that cash to build finally a CERT that is worth that name.

Belgium obliges the use of electronic documents but has no standards for archiving [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:40 PM CDT

the reason is simple, they have forgotten to make the necessary laws by december 2007 as was foreseen in the law that wanted to regulate the necessary services that would develop such services as electronic archiving.

well, who cares, who needs standards anyway ?

Belgium has no clue how many people are prosecuted because of wifihacking [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:31 PM CDT

In an answer to parliament the minister of Justice answered that his database of information about ICT criminal activity didn't have the possbility to indicate how many people were prosecuted or had a case against them because of the fact that they had hijacked a WIFI connection.

 

Belgium has no clue how many people are prosecuted because of wifihacking [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:30 PM CDT

In an answer to parliament the minister of Justice answered that his database of information about ICT criminal activity didn't have the possbility to indicate how many people were prosecuted or had a case against them because of the fact that they had hijacked a WIFI connection.

 

Ondertussen in de kamer van volksvertegenwoordigers [belsec] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 07:20 PM CDT

Leader of Chinese female hacker “security” team not happy [The Dark Visitor]

Posted: 21 Jul 2008 06:04 PM CDT


On May 29th, we posted a profile of Cn Girl Security Team, an organization of female hackers. A reporter from the Daily News and Analysis, Venkatesan Vembu, picked up the story and called for an interview.

Not sure how widely the story was circulated in the western press but it sure was popular in China.

On her blog, Xiao Tian admits that all the sudden publicity came as a shock when people started calling asking about the article. She claims to have stepped away from the “security” site for quite some time and that much of what was written was hype. Just a girl who enjoys blogging and computers. For someone who takes so many pictures of herself, it is hard to believe that this has become such a burden on her.

The Cn Girl Security Team website has been showing a 403 error for the past week and some have suggested it was done by hackers. They say this further demonstrates the low-level technical skills possessed by the group. Xiao Tian denies the rumor and contends there was a problem with the hosting service.

Either way, one more hacker website bites the dust. Hundreds remain but we got you covered.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Missing the Point [Zero in a bit]

Posted: 21 Jul 2008 05:19 PM CDT

A co-worker passed along this snapshot taken at the Karsten Nohl, Jake Appelbaum, and Dino Dai Zovi talk at HOPE this past weekend. The context, of course, is that the overzealous Debian developer who accidentally crippled OpenSSL back in 2006 said he did so because valgrind reported uninitialized memory use. Click through for the full-size version.

So automated software review is dangerous now? Perhaps that bullet should read “modifying code you don’t understand is dangerous.”

Updated SQL injection list and some Belgian websites infected [Security4all] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 05:09 PM CDT

Shadowserver published an up-to-date list with the domains used in the SQL injection attacks. http://www.shadowserver.org/wiki/uploads/Calendar/sql-inj-list.txt Abstract: Domain (292 domains) ...

A complete list of security livecd distributions [Security4all] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 05:05 PM CDT

We all know Backtrack or Helix. But there might be a few security livecds you never heard of. Here is a complete list: BackTrack Knoppix STD HelixDamn Vulnerable Linux (DVL)FCCU LinuxHakin9OWASP...

This blog is at least a solid 8.1…maybe an 8.2!! [The Dark Visitor]

Posted: 21 Jul 2008 04:55 PM CDT

Received an e-mail today from www.blogged.com that has rated us as follows:

We evaluated your blog based on the following criteria: Frequency of Updates, Relevance of Content, Site Design, and Writing Style.

After carefully reviewing each of these criteria, your site was given its 8.0 score.

An 8.0…I mean WTF? I strongly suspect that Jumper has pulled the blog down from my own unbiased rating of around 8.15 prior to his arrival.

An 8.0 is great? Not in my book buddy, that is like low hanging “B” work. We at TDV vow to increase the quality of our postings, we will spare nothing to move up the ladder at blogged.com…unless of course it involves too much effort.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Do we need a farm system in the security industry? [StillSecure, After All These Years]

Posted: 21 Jul 2008 04:17 PM CDT

Just read a good article by Lisa Vaas on Computerworld titles "When security staffers fail up". The article talks about some of the challenges that are faced by companies trying to provide proper security. While one of the issues is "bundled badness" which I will talk about later, the bigger problem that Lisa writes about is the profile of our security administrators. It is a familiar story I am afraid. Security people don't do a good job of "humanizing" themselves. Their peers don't understand what they are trying to accomplish and too often we speak in geek terms and try to dictate how people conduct business. As a result we are the "people in the way".

The next thing Lisa hits on is the obsession with certifications. Too many people think having a CISSP is the be all and end all of security. First of all, you can't hire enough of them and many of them don't have the practical business experience to take it to the next level. Than there is the security "prima donna". They just think they are smarter than everyone else and too many tasks are below them as to elementary. We have all met these types before as well.

Quickly on the "bundled badness" thing. Lisa rightfully points out that in spite of Mike Rothman's feelings to the contrary, though CIO and CFO types like to buy the bundle and get the jack of all trades suite cheaper than buying best of breeds individually, at the end of the day it is hurting our security. If you are really serious about securing the environment there is a world of difference between buying the bundle of goodness versus best in class tools.

Ultimately though, what are we to do about getting better security pros in the workplace? Do we need to change the certification process? Should companies have a different profile of who they hire for security positions. Do we need to develop some sort of farm system where security pros can cut their teeth and learn their craft, like the guilds and apprentices of yesteryear? The construction industry used to work like that. Maybe we should consider it too?

Barclay Simpson’s 2008 Information Security Market Report. [Security4all] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 01:44 PM CDT

Barclay Simpson, a corporate governance recruitment agency published an interesting document about the information security market 2007-2008. Abstract: Full analysis of the prospects for 2008 Up...

Interesting Information Security Bits for July 21st, 2008 [Infosec Ramblings]

Posted: 21 Jul 2008 01:09 PM CDT


And we’re off.

From the Blogosphere

Via F-Secure’s blog, a discussion of what needs to happen to exploit the Microsoft Access Viewer vulnerability under a couple of different scenario’s. Worth a look.

Gunnar Peterson has an pointed view of outside vs. inside as it applies to our enterprise networks. I won’t spoil it for you since it is a good read.

Jeramiah has survey up for Web Application Security Professionals. He will be releasing the results in the near future. I took it and so should you if you have anything to do with WebApp security. Good questions.

Via Wesley McGrew, Princeton released their tools for dumping and retrieving keys from memory after a cold boot. There was a bit of twittering going on about these tools during The Last Hope conference. Intersting stuff.

Via DevCentral, a new Google tech talk is up. This time covering SQL injection, XSRF, and XSSI. Good stuff.

LearnSecurityOnline has released Crackme 0×04 for us to solve.

TaoSecurity has a perspective on the recent DNS vulnerability that is worth reading.

The tisecurityguy brings to our attention an open source tool for tracking your laptop should it be stolen. As he says, “best of all, it’s open source, which means free.”

From the Newsosphere

DarkReading: The U.K.’s Ministry of Defence lost some USB sticks….with secret information on them.

DarkReading: Damballa Inc. is to release and new tool for malware analysis at Black Hat 2008 in Las Vegas. Free to enterprises and vendors.

Information Week: RIM has fixed the BlackBerry Enterprise Server pdf vulnerability.

That’s all folks. Have a great day.

Kevin

Technorati Tags: , , , , , , ,

Storm's-a-Brewin': How Many Clouds Are You Going to Need? [Rational Survivability]

Posted: 21 Jul 2008 01:03 PM CDT

Stormycloud For the second time in some months, Amazon's S3 (Simple Storage Service,) one of the most "invisibly visible" examples of the intersection of Web2.0 and cloud computing, has suffered some noticeable availability hiccups. 

Or, if you prefer to use Amazon's vernacular "elevated error rates" ;)

Many well-known companies such as Twitter rely upon content hosted via Amazon's S3 which is billed as offering the following capabilities:

Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.

It's not realistic to think that infrastructure as complex as this won't suffer service disruption, but one has to wonder what companies who rely on the purported resiliency of the "cloud" from a single provider do in cases where like it's namesake, the skies open up and the service takes a dump?

Amazonfail I'll go one further.  If today you happen to use S3 for content hosting and wanted like-for-like functionality and service resiliency with a secondary provider, would your app. stack allow you to pull it off without downtime?

What happens if your apps are hosted in a cloud, too?

Sounds like a high-pressure front to me...

Next up: "CPE Security Is Dead(?): All Hail Security in the Cloud(?)"

;)

/Hoff

Social engineering at work. Some videos from The Last HOPE conference [Security4all] [Belgian Security Blognetwork]

Posted: 21 Jul 2008 12:33 PM CDT

After Kevin Mitnick gave some stories of his exploits that landed him in jail, he and HOPE organizer Emmanuel Goldstein talked about social engineering experiences from their past. They even did a...

Extended Laundry List - July 21, 2008 [Security Incite Rants]

Posted: 21 Jul 2008 11:36 AM CDT

I'm back....

But I also have a lot of catching up to do, and I'm not going to be able to get through all the news and blog posts that accumlated without comment while I was away. So I figure I'll do a little extended laundry list action today and maybe Wednesday (perhaps even Friday if I'm so motivated) to at least point to the things I found interesting.

The Extended Laundry List

  1. Stiennon's sense of timing continues to amaze. Now he's talking about the most important networking trend of 2008 (it's July bro) to be new routers with (wait, wait, wait, wait)... multiple functions. When will IDC coin the URM term (unified routing management). - Stiennon's blog

  2. Most consumer security stuff is downloaded, according to NPD. No surprise there, but the fact that 36% is free (as opposed to 42% being paid) is kind of interesting. Long live AVG and Avast!, slaying the AV cash cow one download at a time. - NPD release

  3. pdp talks a little about Mozilla's Weave and the ability to save passwords in the cloud. Oh crap. "Hack the cloud, get the goodies" is right. Keep your eyes peeled, it's just a matter of time before the trains wreck. - GNUCITIZEN

  4. NAC as a personal firewall? Or NAC capabilities within the agent that runs on my device? Just what we need, more confusion on what NAC does. Thanks Tim. - Tim Greene's NetworkWorld newsletter

  5. Matasano finally ships Playbook (it used to be Clockwork, I think). If you have a bunch of firewalls check it out. - Matasano blog

  6. NexTier introduces yet another DLP appliance, this one evidently tells you what files are important. I wonder how many patents they have on the ESP algorithm. - NetworkWorld coverage

  7. AT&T takes a page out of the Cisco poster boy marketing model and puts Amoroso on a press tour. It's about time, it's not like this is novel stuff. - GCN interview

  8. The king of marketing futures, Microsoft counters the FFX 3 launch by talking about how IE8 will improve security. Malware blocking, smarter filtering, and XSS support, amongst other stuff. Guess they've been perusing the FFX add-ons page. - NetworkWorld coverage

  9. Deal: Since the SafeNet deal was nixed, nCipher gets a big UK defense contractor called Thales to put them out of their misery. That key management stuff is pretty big outside of the military. Uh huh. - NetworkWorld coverage

  10. Deal: NitroSecurity figures they've had enough Mad Dog and they go for some RippleTech. They get log management and some database activity monitoring (and a kick ass hangover) - NitroSecurity release
Photo credit: "laundry" by fotomele

Virtualization and information-centric security [Data-Centric Protection and Management]

Posted: 21 Jul 2008 11:33 AM CDT

Many more of the customers I talk to are focused on virtualization as a core infrastructure strategy. They obviously want to know more about how this will affect how they look at security. While I am not the expert on anti-virus/malware, NAC, intrusion prevention etc, one area that I get excited about is the data protection implications of this trend...

As devices get abstracted and pushed to the background, it appears we are left, at the core, with applications and data. The interactions between the two dictate productivity, security et al. In this context, an information-centric security paradigm becomes even more important.

There are no devices to lock down (these will be virtual - appearing and dissapearing as required). Much of the data will be accessed from virtual containers. Therefore, protecting the data itself, regardless of the applications, the devices, the networks will become crucial in this evolving landscape...

No comments: