Category: News

“We as an industry must look into trust threats,” said Melih Abdulhayoglu, chief executive of Comodo, a certification authority based in Jersey City, N.J., that set up the first CA Forum meeting.

The lock icon was designed to assure consumers that online transactions, such as banking and shopping, are protected. As such, it’s key to Web commerce, a big business: Forrester Research predicts online retail sales in the United States will grow from $172 billion this year to $329 billion in 2010. Initially, all certificate providers performed thorough checks of applicants before they issued a security certificate for a Web site.

Several years ago, however, some providers relaxed their background checks in order to offer cheaper certificates, and the rest of the market followed, industry members said. All sites with an SSL certificate get the same padlock display. “Web browsers have not been able to deal with the different kinds of certificates, which meant that it did not matter how strong the verification was by the certification authority, and some took advantage of that,” Gartner analyst John Pescatore said. That changed when some certification authorities started lowering their verification standards and discounting certificates, said Judy Shapiro, vice president of marketing at Comodo. “Browsers were unprepared to display high assurance and low assurance certificates in a different way.”

But that is set to change next year, with Microsoft planning to release Internet Explorer 7 and makers of other Web browsers also contemplating changes in the way their applications handle SSL certificates. The move by browser makers is partly why certification authorities such as VeriSign, Comodo, GeoTrust and Cybertrust are banding together in the CA Forum to come up with an industry wide agreement on a new, highly verified certificate. The certificate authorities are working to make the vetting process for the new high-assurance certificates objective and consistent across the industry.

Developers for Firefox, Opera and Konqueror are also considering adding new display mechanisms to the padlock to call out the strongly encrypted and strongly validated certificates.

http://news.com.com/2102-1029_3-5989633.html?tag=st.util.print

IPv6 is a new communications paradigm that requires a different approach.

It is also recommended that agencies look at IPv6 as a convergence technology as much as a networking technology.

In terms of infrastructure for IPv6, the deployment of IPv6-capable DNS (define) services is noted to be one of the first infrastructure components that should be undertaken as part of a deployment plan. “The technology challenge was not really as great as the planning,” Dale Geesey, one of the authors of the report, told internetnews.com.

Lou Ann Brossman, director of federal marketing for Juniper Networks said that there are no surprises in the report. “The value that it brings is that it was designed to serve as a guide for federal agencies transitioning to IPv6. It’s also valuable because it is based on global interviews, surveys and public presentations on the transition,” Brossman told internetnews.com.

Alex Lightman, chairman of the IPv6 Summit, told internetnews.com that among the items left undone is defining who will be in charge and who can devote undivided attention to the transition to IPv6.

http://www.internetnews.com/infra/article.php/3570211

“Six years ago attackers targeted operating systems and the operating system vendors didn’t do automated patching. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. ” During a press conference, Paller added, “These applications, other than AV, don’t have automated patching.”

In recent years, the institute said a majority of attacks targeted operating systems like UNIX and Windows and Internet services like Web servers and mail systems.

“The most noticeable set of applications targeted by attackers are the backup and recovery tools as well as antivirus and other security tools that most organizations think are keeping them safe from attacks and from loss of data,” the institute said. These include backup software, antivirus software, database software and even media players.

During the Tuesday morning press conference, Dhamankar said the threats that worry him the most are those targeting the Web browsers and media players — including Microsoft Media Player and Macromedia Flash. “The US-CERT received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products,” he said.

SANS said another worrying trend this year has been the fresh attention given to critical security holes in network devices like the routers and switches that keep traffic moving across the Internet.

http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1148491,00.html

The temptation for IT departments to become digital detectives and deal with a breach of security in house is understandable, says Tobias, as companies worry about investor confidence, company reputation and business in general.

CY4OR’s guide to crime scene investigations Treat the matter seriously.
– Tell your legal team not your colleagues about your suspicions.
– Do not inform your IT department. Instead, hire computer forensic experts.

Professional analysts from reputable companies adhere to ACPO (Association of Chief Police Officer) guidelines, can identify digital evidence quickly and ensure that it will stand up in court by following the correct procedures. They can even image your computers at night, to avoid inevitable discussions by the water cooler.

The principle of forensics which says that “every contact leaves a trace” cannot be emphasised enough, says Tobias.

http://www.theregister.co.uk/2005/11/18/csi_forensics_gaffe/

Combining CMP’s current portfolio of Computer Security Institute (CSI), Secure Enterprise magazine and the Security Pipeline website with Black Hat, will position CMP Media as the strongest platform in the computer security media market.

Black Hat was launched in 1997 by Jeff Moss to provide advanced education to security professionals within global corporations and federal agencies.

“This move will enable Black Hat to take advantage of growth opportunities we couldn’t pursue as a small company, such as international expansion, while enabling me to keep doing what I love the most — working with speakers and building the conference programs,” Jeff Moss added.

About CMP Media Through its market-leading portfolio of trusted information brands in the technology, healthcare and entertainment industries, CMP Media has earned the confidence of more professionals and enthusiasts in these fields than any other media company.

http://www.americanventuremagazine.com/news.php?newsid=525

Results also show that nearly half (48 percent) say they have sent or received joke e-mails, funny pictures/movies, funny stories of a questionable tone.

While 73 percent of the respondents indicated that they are aware of corporate e-mail policies, less than half (46 percent) claimed they always adhere to the policy.

41 percent indicated they would prefer to keep important e-mails indefinitely, most businesses place limits on the amount of e-mail that can be stored. And such limitations may be leading to practices that could jeopardize security.

The survey reported that half the respondents have saved e-mail outside the corporate network.

http://www.securitypipeline.com/news/174300713