Category: News

A new initiative to develop open-source security solutions was born Monday, with the announcement that six companies were jointly creating a new alliance called OpenSEA. The networking and security technology companies forming the new alliance are Symantec, Extreme Networks, Identity Engines, Infoblox, TippingPoint, and Trapeze Networks. The 802.1X supplicant is essentially the client side of a client/server authentication handshake.

The name OpenSEA refers not to a sailor’s vision of the beckoning ocean, but to Open Secure Edge Access. The group’s first project is to develop a cross-platform, open-source 802.1X supplicant using the Firefox Web browser as a model. The statement said that Xsupplicant uses a modular architecture to enable extensions, including new authentication types and integration with other security components.

The alliance is looking to help extend Xsupplicant with key functionality, including support for Windows XP, a robust GUI, and an API for extensibility. Based in the UK, JANET serves 18 million users as a network that connects education and research organizations in the UK to each other and to the rest of the planet. The United Kingdom Education and Research Networking Association, or UKERNA, manages JANET.

http://www.newsfactor.com/news/OpenSEA-Aims-To-Improve-Security/story.xhtml?story_id=101003AOKMV0

“Microsoft is entering a very competitive market and one that is new to them,” said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. “It will take some years, perhaps five, for Microsoft to be up to par,” said Andreas Clementi of AV Comparatives, an organization that tests antivirus products.

Microsoft started selling its Windows Live OneCare consumer antivirus product almost a year ago. The security research and response team at Microsoft, as at traditional antivirus providers, investigates and responds to threats. Turning irritation into opportunity Security used to be just something that Microsoft got hammered on, but five years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft now sees it as a market it had not previously tapped.

“Some of our customers view this a little controversially, in a sense that if we could solve these problems at the root, why is there a need for extra products,” Microsoft Chief Executive Officer Steve Ballmer said this week.

http://news.zdnet.com/2100-1009_22-6179582.html

Lurie said progress has been made in using technology to improve communications and pandemic surveillance but that more investment was needed.

As a step toward establishing methods to measure whether a community is ready for a large-scale health emergency, RAND recently convened an expert panel to come to a clear definition of public health preparedness.

http://govhealthit.com/article102525-04-20-07-Web

The exec explained that Six Flags, which owns 29 parks in the U.S. and Mexico, is in the middle of a major IT restructuring, which involves “segmenting” different parts of the business for security purposes.

“For example,” he said, “if we bring Kodak in to sell photos to our customers, they are on their segment and it can’t be hacked into.”

Encryption was also high on the agenda during the panel debate, prompted by the apparent ambivalence of many IT managers toward the technology. Just over a quarter of respondents confirmed that they encrypt laptop data, although only 8 percent lock down data on all devices, such as USB drives.

The biggest gripe from the panelists concerned the lack of security for portable media such as USB drives, which is something of an ongoing source of frustration for many IT managers.

http://www.darkreading.com/document.asp?doc_id=122196&WT.svl=news2_2

Lynette Copland, who works at Carmarthenshire College in west Wales, successfully sued her employer for breaching the Human Rights convention. Mrs Copland said there had been a “clash of personalities” with Mr Wrentmore, who left the college shortly after the episode for reasons of ill health and who died in January.

It was argued the monitoring was to determine whether Mrs Copland was using the college’s facilities for “personal purposes.” But the European Court of Human Rights ruled that the surveillance without her knowledge “amounted to an interference with her right to a private life”. At the time of the offences there was no general right to privacy in English law but the implementation of the Human Rights Act in 2000 legally protected privacy rights in domestic law.

Liberty said the ruling, on 3 April, meant employers would have to make employees aware if their communications could be monitored and there would have to be a good reason for such monitoring in every case.

http://news.bbc.co.uk/2/hi/uk_news/wales/6559873.stm

“They put in Windows with no intention of ever patching it, and then they are surprised when they get hit by a worm,” Graham says. Or they avoid patching and vulnerability testing because these processes pose risks of their own for SCADA systems –introducing other bugs to their highly sensitive and uptime-demanding systems, for instance. “They are managed by a Pearl Harbor-type mentality,” Graham says.

Attacks exploiting the latest OPC bugs could be avoided if logins were required in the app because the attacker needs login privileges to do his dirty work.

“Auditing is not as in-depth in my opinion or as transparent for SCADA” as it is for other industries. And some security experts say commercial IDS/IPS, antivirus, and SIM products don’t really fit for SCADA.

Mark Fabro, CEO of Lofty Perch, which makes SIM solutions for the water utility industry as well as other critical infrastructure companies, says commercial IDS/IPS and SIM systems don’t map well to industry control systems, where there are thousands of different protocols, many of them proprietary.

http://www.darkreading.com/document.asp?doc_id=121887