Category: News

“The function of the [directory] is merely a foundation for how OSVDB intends to revolutionize the way vulnerabilities are disclosed to the vendor,” Brandon Shilling, a member of the OSVDB development team, said in a statement.

“[It’s] the first phase for additional upcoming services including assisting researchers with ethically disclosing vulnerabilities, helping to verify vulnerabilities and the OSVDB vulnerability portal.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1003346,00.html

The law gives such signatures the legal status of handwritten signatures and allows the creation of companies to verify the identity of participants in an online transaction, the official Xinhua News Agency reported.

In China, 87 million people use the Internet. But E-commerce has grown slowly, held back by a low rate of credit-card use and a lack of other online payment options and legal structures.

http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=46200171

The Wi-Fi Alliance says WPA2 is a big improvement on earlier wireless security standards, such as Wired Equivalent Privacy (WEP), which hackers have found easy to circumvent. Because WPA2 is compatible with WPA, companies that have already implemented WPA can upgrade to the new standard in stages.

“WPA2 is ideally suited for enterprises in both the public and private sectors,” said Frank Hanzlik, Wi-Fi Alliance managing director. “Products that are certified for WPA2 give IT managers the assurance that the technology meets interoperability standards and in turn helps them manage support and deployment costs.”

Components of WPA2 are included in the 802.11i standard, which was developed by the Institute for Electrical and Electronics Engineers (IEEE) and received final approval earlier this summer.

Security, or the lack of it, is thought to have inhibited the implementation of wireless networks by businesses.

Analysts predict that 802.11i could be what is needed to boost the enterprise Wi-Fi market.

As is often the case with new standards, some vendors were keen to steal a march on their rivals. Wireless equipment using prestandard versions of 802.11i has been available for most of this year, but buyers had no guarantee of interoperability.

A Wi-Fi Alliance spokesman said on Wednesday that WPA2 would be “the core from which other security measures emanate” in the future.

Companies obtaining WPA2 certification from the Wi-Fi Alliance on Sept. 1 include Atheros Communications, Broadcom, Cisco Systems, Intel and Realtek.

http://zdnet.com.com/2100-1105_2-5342824.html?part=rss&tag=feed&subj=zdnet

Just want to see an even briefer summary… Well now, we have the summary page: Summary Page Same content… Just faster to scan. Hope you enjoy and any comments feedback is really appreciated.

MSBlast hit the Net August 11, 2003, just 26 days after Microsoft released a fix for the vulnerability the worm exploited.

Even though users had nearly a month to get ready — and were warned ahead of time by security experts to expect a major attack — MSBlast found plenty of victims.

“MSBlast was definitely a wake-up call,” said Michael Cherry, an analyst with Directions On Microsoft, a research firm that specializes in topics concerning the Redmond, Wash.-based developer. Oliver Friedrichs, the senior manager of Symantec’s security response teams, agreed with Cherry that MSBlast was a Big Deal, but for a different reason. “MSBlast was unique in that it targeted both consumer and enterprise computers connected to the Internet, and didn’t need human interaction to infect machines,” said Friedrichs. “MSBlast continued this real sea change where worms search out vulnerabilities, find one to use to attack, and spread.”

The wake-up call that MSBlast gave everyone is behind a whole host of changes in how enterprises approach security, and what Microsoft itself has put on the front burner. While some analysts denied that there was a direct correlation between MSBlast and the appearance last week of Windows XP Service Pack 2, a long-touted security upgrade to Microsoft’s flagship OS, Pescatore had no such hesitation. To stymie this kind of infection vector, enterprises have demanded, and vendors have crafted, technologies that check systems before they’re allowed to access the network.

http://www.techweb.com/wire/story/TWB20040813S0009

The summit was requested by the E-mail Service Provider Coalition (ESPC), an industry group formed primarily of e-mail marketing firms who are trying to get ahead of the spam curve.

“The biggest thing is the groundswell of support for the Sender ID framework,” said Craig Spiezle, the director of industry and partner relations for Microsoft’s Safety Technology and Strategy Team, in a statement.

Tumbleweed, for instance, which already supports both Caller ID and SPF, said Thursday it would add support for Sender ID to its Email Firewall when it revs to 6.1 in the near future.

Sender authentication schemes could also put a stop to most phishing attacks, the e-mail generated scams that purport to be messages from legitimate companies, but are actually attempts to trick consumers into divulging confidential information such as bank and credit card account numbers.

http://www.techweb.com/wire/story/TWB20040812S0004