Security

Unified threat management vendor, Fortinet, is on a reseller recruitment drive to expand its local presence.

A former Microsoft security manager has published a tool designed to detect and fix PCs that may be susceptible to "endless reboots" if updated to Windows XP Service Pack 3 (SP3).

One week after hiding Internet Explorer attack code on his Web site, security researcher Aviv Raff has posted details on how to launch the attack.

Microsoft touted Windows Vista's lower patch count this week, saying it required about 20 percent fewer fixes in 2007 than the four-year-old Windows XP Service Pack 2.

A server problem at the US National Security Agency has knocked the secretive intelligence agency off the Internet.

Intrusion prevention systems (IPS) have been touted for a couple of years now as a way of stopping organisations getting hit. However, although there have been some major deployments in Australia to date, they are still far from ubiquitous.

Late last year, the Computer Security Institute asked almost 500 security professionals what percentage of their IT security functions were outsourced - more than 60 per cent answered "none". So why are many organisations still reluctant to take that route?

Privileged IT staffers literally holds the keys to the castle. Access to those keys that open the doors to critical operating system and application resources must be carefully managed and legally audited. Enter the class of products referred to as privilege account management wares.

A quick highlight of products from CyberArk, eDMZ Security, Quest and Symark.

e-DMZ's Password Auto Repository (PAR) is delivered as a hardware appliance with all the services necessary for it to act as a privileged account password manager. All privileged account passwords are issued based on administratively designed rules. The passwords may be deemed valid for an indefinite life, for finite periods of time or for single purpose activities such as installations, upgrades or configuration changes.

Symantec chairman and CEO John Thompson last week delivered a keynote speech to thousands of security professionals at the RSA Conference 2008 in the US. Ellen Messmer caught up with Thompson at the RSA event, where he expanded on a range of topics including vendor alliances, Symantec's competition and the importance of data-loss prevention technology.

Ever more computers are carrying ever more confidential data -- trade secrets, personal information of clients and constituents, and national security information. Encrypted hard disks requiring hardware keys or passwords are supposedly the way to keep that information safe.

It's the front lines in the online fraud war: eBay and its PayPal subsidiary are the most-spoofed brands by fraudsters engineering phishing scams, according to research firm Gartner.

Art Coviello, President of RSA and Executive Vice President of EMC Corporation, talks to Computerworld's Siobhan Chapman about enterprise threats, IT security spend and the rising threat posed by social networks.

If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

Many Information Security practices have outcomes that are difficult to quantify. How do you prove that your measure is effective at preventing whatever malicious activity is out there from being effective against your system?

Unintentional exposure of sensitive data through Word files is a has caused problems for companies in the past, especially when people forget that Track Changes can easily allow document recipients to view information that has been deleted or sanitised for release.

I had to go to the bank recently for the first time in months and, although it was the day before a public holiday, I was still amazed to see how many people were queuing up to talk to a teller. It felt like I'd stepped into a time warp.

Corporate IT executives need to beware the seven dirty secrets of the security industry that can undermine the safety of business networks, a security expert told attendees at Interop Las Vegas.

The latest version of Norton Internet Security brings some much-needed updates and improvements to a first-rate product that was groaning under its weight of features.

ARN reviews the latest products for the week commencing 3 October 2007

Symantec Network Access Control (SNAC) evolved from endpoint-security technology the company picked up from its 2005 acquisition of Sygate. In our evaluation, there was no silver bullet that put Symantec on the top of the heap. Rather it edged out the competition for its breadth of coverage in the areas of deployment options, endpoint assessments and flexible policy creation.

ARN looks at the latest security products for the week commencing July 11, 2007

Many dangers threaten us on the Internet - even when we're just browsing the Web. McAfee's SiteAdvisor Plus, the fee-based sibling of the security software firm's free Site Advisor product, and Symantec's Norton Confidential, focus on protecting users as they interact with websites. Both apps work only with Internet Explorer 6 and later.