Date: 02/08/08 (Security)    Keywords: security

For years now I've been trying to define DRM and how commercial companies use it to lock consumers into a buying cycle.  Finally I've found a definition that's just perfect. The definition comes from security guru Bruce Schneier: In my last column, I talked about the...

Source: http://blogs.zdnet.com/hardware/?p=1246

Date: 02/08/08 (Web Technology)    Keywords: technology, security

Court order lets Homeland Security obtain precise location data from T-Mobile about customer's movements in real time. Police Blotter is a weekly News.com report on the intersection of technology and the law. What: Minnesota man charged with alien smuggling says data from a location tap of...

Source: http://news.zdnet.com/2100-9588_22-6229805.html

Date: 02/12/08 (Security)    Keywords: security

This is a note to all my readers.  All of my future security-related content will be appearing on the ZDNet Zero Day blog instead of here in "Real World IT".  Some of you may have wondered why I haven't posted any security-related content in a while because I've been posting on Zero Day for quite...

Source: http://blogs.zdnet.com/Ou/?p=999

Date: 02/13/08 (Security)    Keywords: browser, security

Mozilla launched the third beta of its Firefox 3 browser Tuesday night with enhanced security features. Firefox 3 Beta 3 contains more than 1,300 changes from the second beta to improve performance. Meanwhile, Mozilla improved some of the security features in Firefox 3 Beta 3. Among the...

Source: http://blogs.zdnet.com/security/?p=878

Date: 02/13/08 (Open Source)    Keywords: browser, asp, security

Firefox 3 beta 3 was released as expected on Tuesday with more than 1300 improvements since beta 2. Most of the changes are improvements and enhancements to the user interface, ease-of-use, performance and security aspects of the browser, the Mozilla foundation announced on Tuesday night. As promised, beta 3 sports a more Vista-like look-and feel [...]

Source: http://feeds.feedburner.com/~r/zdnet/open-source/~3/234382490/

Date: 02/13/08 (Security)    Keywords: security

Ryan Naraine has cooked up a list of the most influential people in security. Here's the list packaged in a slideshow, which is annoyingly set on fast forward. For instance, I viewed two slides, went to bathroom and by time came back the gallery was over (and...

Source: http://blogs.zdnet.com/security/?p=880

Date: 02/13/08 (Security)    Keywords: software, security

Bain Capital, the private equity firm trying to engineer a takeover of 3Com with Huawei Technologies, is reportedly offering to divest security software firm TippingPoint to win U.S. approval. According to Reuters, Bain offered up TippingPoint and other proposals to safeguard national security interests. ...

Source: http://blogs.zdnet.com/security/?p=879

Date: 02/15/08 (Security)    Keywords: security, web

In a blog posted yesterday on Opera's website, blogger Claudio Santambrogio tells us that he isn't happy about the way Mozilla handled an Opera security disclosure.  Here's what Claudio had to say: Mozilla notified us of one security issue ( ) the day before they published their public...

Source: http://blogs.zdnet.com/security/?p=884

Date: 02/15/08 (Security)    Keywords: security

Hard to believe that a SIM (Security Information Management) company has made it "out".  Arcsight went public yesterday at $9/share. Pure play security company IPO's are few and far between.   Managing  alerts  and looking for abnormal behavior has been a difficult market to crack.  But, based on their S-1, Arcsight...

Source: http://blogs.zdnet.com/threatchaos/?p=539

Date: 02/16/08 (Java Web)    Keywords: technology, java, security

JPC is a pure Java emulation of an x86 PC with fully virtual peripherals. It runs anywhere you have a JVM, whether x86, RISC, mobile phone, set-top box, possibly even your refrigerator! All this on top of security and stability of Java technology and cross-platform capability. JPC creates a virtual computer upon which you can install [...]

Source: http://blog.taragana.com/index.php/archive/pure-java-emulation-of-x86-with-fully-virtual-peripherals/

Date: 02/19/08 (Security)    Keywords: technology, security, virus, spyware, spam

D-Link generated a lot of buzz when it unveiled the SecureSpot Internet Security Device at CES in 2007. The unit sits between your broadband modem and router, acting as a hardware shield against spam, viruses, and spyware. Now D-Link has integrated an updated version of the SecureSpot technology into its...

Source: http://blogs.zdnet.com/soho-networking/?p=145

Date: 02/19/08 (Security)    Keywords: security, web

Gene Hodges, CEO of Websense, has had a busy year. The company has integrated the acquisition of SurfControl, built out its security suite and delivered strong financial results. "Last year was one of rapid change," said Hodges, referring to the integration of SurfControl and removing 50 percent...

Source: http://blogs.zdnet.com/security/?p=890

Date: 02/21/08 (Security)    Keywords: security

Security conscious businesses and organizations who implemented 802.1x/EAP enterprise-grade authentication are at risk with certain implementations of wireless LAN VoIP handsets.  I have verified that Vocera Communications is one of the vulnerable vendors and I have heard from other security researchers that Cisco's wireless VoIP handsets have this design flaw...

Source: http://blogs.zdnet.com/security/?p=896

Date: 02/23/08 (Security)    Keywords: security

Two days after news of the Vocera Wi-Fi VoIP communicator PEAP security bypass vulnerability, I received confirmation from Cisco that their model 7921 Wi-Fi VoIP phone is also vulnerable to the same issue where digital certificates aren't cryptographically verified.  Both Cisco and Vocera have told me that they intend to...

Source: http://blogs.zdnet.com/security/?p=901

Date: 02/25/08 (Security)    Keywords: software, security

Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system. The discovery is notable given that virtualization security is largely uncharted territory. However,...

Source: http://blogs.zdnet.com/security/?p=902

Date: 02/25/08 (Security)    Keywords: security

The demands of regulatory compliance are among the factors driving corporate IT and security managers to improve their access governance processes, but that's not the whole story, says Aveska CEO Deepak Taneja. Commentary--The stakes involved in access-related risk have risen dramatically...

Source: http://news.zdnet.com/2424-9595_22-189544.html

Date: 02/26/08 (Security)    Keywords: security

But you have to ask the right questions.  Two senators have sent a letter to 24 US agencies asking them to report on their progress in data protection. This article at Federal Computer Week highlights the woeful state of security compliance at most US agencies. This is...

Source: http://blogs.zdnet.com/threatchaos/?p=549

Date: 02/26/08 (Security)    Keywords: security

McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page. According McAfee's Avert Labs blog, the Trojan has been discovered in China. Here's how it works according to researcher Jimmy Shah: ...

Source: http://blogs.zdnet.com/security/?p=904

Date: 02/27/08 (Security)    Keywords: database, security

Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service. In a report released Wednesday, Finjan said the list of stolen accounts includes many Fortune 500 type...

Source: http://blogs.zdnet.com/security/?p=908

Date: 02/27/08 (Security)    Keywords: software, technology, security

It didn't take long for VMware to answer the security bell. The company on Wednesday announced a technology called VMsafe that aims to integrate security software with the hypervisor--the linchpin of virtualization software. With VMsafe VMware will provide APIs to allow security application vendors to develop products...

Source: http://blogs.zdnet.com/security/?p=905