Security

Chinese credibility on hacker training action - remember age of gymnasts in Olympics?

Wed, 10 Feb 2010 09:46:53 +0000

Actions taken publicly by the Chinese government may not always be taken at face value.

certifications

Wed, 10 Feb 2010 07:42:25 +0000

I'm certified, and I'm an idiot.

Cisco Captures Two Leaders Magic Quadrants in Security

jheary — Wed, 10 Feb 2010 04:46:11 +0000

Gartner has recognized Cisco's SSLVPN and Secure Web Gateway solutions as leaders in their respective technology. To this end, Gartner has positioned Cisco into the coveted leaders Magic Quadrant for each technology. These two categories arguably have the most industry buzz of all security technologies making this achievement even more prestigious right now. The Gartner magic quadrants are frequently...

Oracle's "roadmap"

tdubois65 — Wed, 10 Feb 2010 01:44:41 +0000

Sun IDM has one of the largest install bases of IDM in the world. The fact that Oracle assumes that current customers are going to simply roll over and convert to OIM makes my blood boil. I hope all current Sun IDM customers realize that while Oracle may be able to come up with a migration 'tool', it will be for the DB and OOTB code. All workflows and forms will need to be re-worked. Sun IDM is too customized for a cookie cutter migration tool. Oracle had so many options, like turning Sun IDM over to the public like Solaris and OpenSSO.

Read more

Bitlocker can also use a 256-bit key length

Wed, 10 Feb 2010 00:35:31 +0000

"BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 or 256 bits, as well as an optional Diffuser. The default encryption setting is AES-128 with Diffuser, but the options are configurable by using Group Policy." http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_Form

"focus on people and process" - correct but also would need focus on software design! Rugged coding is very difficult, sometimes

tuomoks — Tue, 09 Feb 2010 22:54:05 +0000

"focus on people and process" - correct but also would need focus on software design! Rugged coding is very difficult, sometimes almost impossible, when the design works against it! Anyway, a great idea, good luck - just hope it gets going against "agile" and other fast profit ideas! Unfortunately after 40 years "rugged" software design I have seen the skills almost disappear on coder level (sorry, did mean on developer? level).

Read more

Microsoft fixes 26 security holes, warns on unpatched multi-vendor SSL vulnerability

Microsoft Subnet — Tue, 09 Feb 2010 20:18:39 +0000

As expected, today's Patch Tuesday is a doozie. Microsoft released 13 bulletins to fix 26 vulnerabilities in Windows and Microsoft Office. This includes the first Hyper-V-specific patch. But wait, there's more. Microsoft also issued a security advisory (977377) over a publicly-known vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Read more

Adobe

Tue, 09 Feb 2010 18:47:44 +0000

Apologies are all well and good. The most important thing is that fix!

61 CCIEs dropped out of Cisco's highly coveted cert program over the last 30 days

Brad Reese — Tue, 09 Feb 2010 12:43:15 +0000

According to Dual CCIE #18532 R&S/Security - George Morton: "Over the last 30 days we have seen CCIEs drop their highly coveted certifications at a much greater rate than net new CCIEs. "61 CCIEs dropped out of Cisco's prestigious certification program during the month of January 2010 alone. "For further clarification, let's do the math together: Read more

good article, but...

Tue, 09 Feb 2010 03:50:53 +0000

...what is SIEM?

US National Climate Service to monitor world of climate change

Layer 8 — Tue, 09 Feb 2010 03:14:53 +0000

After almost a year or so of wrangling, the US government today said it wants to set up a National Climate Service that is designed to meet the burgeoning demand for climate information. Read more

Too many Security Certs

wrap2tyt — Tue, 09 Feb 2010 03:05:23 +0000

I have mixed feelings about the security certifications argument. In my experience it depends on where you live and work. I currently live in the Minneapolis area and the large majority of job descriptions merely state that CISSP or other security certifications “Certification preferred, but not required”. However, most people I know are required to after some time on the job to acquire the proper certs. Now, in the D.C.

Read more

Firefox updates

cxroberts — Mon, 08 Feb 2010 21:21:39 +0000

The concluding sentence in the article states: "The genuine install site for Firefox updates can be found here." The last two words link to Mozilla Europe [ http://www.mozilla-europe.org/en/firefox/ ].

Research in Motion comments on this article

Mon, 08 Feb 2010 17:50:06 +0000

Research in Motion, the maker of BlackBerry, provided Network World with the following commentary on the related article: "As a point of clarification to the article entitled 'BlackBerry spyware source code released,' please note the following fact which is highly relevant for your readers in understanding the risk of spyware. Applications containing spyware cannot be installed on the Blackberry smartphone without the user's explicit consent unless of course someone else gains physical possession of the user's device along with knowledge of any enabled password.

Read more

Curious why Mozilla doesn't use free Virustotal.com?

Sat, 06 Feb 2010 17:53:52 +0000

Because detecting or not detecting in VirusTotal, means nothing. http://blog.trendmicro.com/on-the-trustworthiness-of-the-av-industry-and-av-tests/

pluto

Sat, 06 Feb 2010 01:41:20 +0000

could you make it more acurit

Yet more reasons to use Linux

Billbeau — Fri, 05 Feb 2010 22:05:01 +0000

Rather than a reason to "get the newest (MS) operating system" this seems to me like more proof of the superiority of the Open Source method vs. the proprietary course. And yes, I do mean in business, not just at home. I only have Windows computers because I have to know how to fix the virus/spyware/trojan riddled systems. Linux? No such problem, far more secure, far fewer holes in security. Therefore, less downtime and less security and maintenance cost. But hey, stick with your M$ if you really think it's better. Not me.

western union hacking tool

Fri, 05 Feb 2010 20:12:51 +0000

WESTERN UNION MTCN GRABBER WESTERN UNION MTCN GRABBER POPUPLARLY KNOWN AS WESTERN UNION BUG IS A SOFTWARE WRITTEN IN PHP THAT HACKS AND CRACKS THE WESTERN UNION MTCN PAYMENT DETAILS BEEN SENT TO ANY COUNTRY IN THE WORLD USING MYSQL7.1 DATABASE INJECTION PROTOCOL.THE INTERESTING FEATURE ABOUT THE SOFTWARE IS THAT IT ENABLES YOU TO RE-EDIT RECIEVERS INFORMATION TO ANY NAME OF YOUR CHOICE,THAT IS WHY IT IS CALLED A BUG.YOU AS WELL MAKE TRANSFER WITH IT USING THE WESTERN UNION VIRTUAL GOLD CARD.ALSO AVAILABLE IS BANK LOGINS AND TRANSFERS FOR US AND UK BANKS. CHAT ID:WUATMBUG@YAHOO.COM PHONE:+23

Read more

"Cyber Warfare is sublethal, but only for now"

Fri, 05 Feb 2010 17:16:50 +0000

Not true. Cyber warfare can definitely be lethal, especially if targeted at sophisticated automated medication handling systems in a networked healthcare environment. The author is insufficiently informed on this point.

IE flaw that lets remote hackers read your hard drive is extra bad for XP users

Microsoft Subnet — Fri, 05 Feb 2010 02:42:52 +0000

On Wednesday a security researcher demonstrated a flaw in Internet Explorer at the Black Hat DC conference that could allow a hacker to remotely read files on the victim's local drive. The demonstration prompted a security advisory from Microsoft. Read more