This morning customers that use the Sophos products weren’t able to get updates for a short spell. This was thanks to a “whoops” by one of the company’s ISPs.
From The Register:
Domain name system problems left some users of Sophos unable to get security updates on Friday. The same issue, blamed on a mistake by one of the security firm’s service providers rather than hostile action, left many surfers unable to access its main sophos.com website.
Graham Cluley, senior technology consultant at Sophos, explained that an error by one of its service providers in updating DNS settings for the Sophos.com site has permeated across the internet, and will take a little while to untangle. “Some users have experienced problems getting updates because of these incorrect settings,” he explained. “No kind of DNS cache poisoning or any kind of hacking attack was involved.”
I can well imagine that people were speculating about the possibility of a DNS attack. But, sometimes the correct answer really is the simplest one.
From Market Watch:
“Cyber-Ark is excited to be a part of the McAfee Security Innovation Alliance program,” said Udi Mokady, president and chief executive officer of Cyber-Ark Software. “McAfee is a dynamic leader in this industry and has a clear understanding of the value of integrating valuable partner technology into the overall enterprise solution to achieve a more complete security offering for customers.”
No word on whether or not they will get matching spandex as a part of the “alliance”.
Yes, its early and the coffee hasn’t kicked in yet. Let me have my fun. In all fairness the Cyber Ark folks have a good product offering for managing passwords in an enterprise.
Ah, Bill. I love my Pats but, he committed the unforgivable sin in sports. He got caught trying to swipe the other team playbook.
Now, you can get your own Playbook from the good people at Matasano. No, not a sports playbook. It’s been a while since I trotted out a sports reference.
Humour me.
What I am eventually working my way around to is that Matasano has launched their new product offering called Playbook. So, what is it exactly? Well, from their site we have the explanation.
From Matasano:
Playbook helps organizations with multiple network firewalls to better manage their policies by providing a centralized and version controlled repository of rulesets, which can be easily browsed or searched via the web. Network operators can review all recent rule changes affecting the London branch, document a recently provisioned firewall at corporate offices, and rollback to the last known version of rules for the North-East group after an update gone wrong with only a couple of clicks and without having to log into 50 different devices.
Um, that’s cool. Quite cool in fact.
Read the write up on their blog.
To throw more fuel on Myrcurial’s “cyber” fire I figured I would point folks to this article from the Arizona Star. I have to admit that I completely agree with him on the gratuitous use of the word “cyber” by talking heads and mainstream media.
From azstarnet:
Raytheon Co., which bought data-protection company Oakley Networks last year, created an information security unit to insulate federal government computers from attack and commercial customers from fraud or theft.
The new unit will seek to expand revenue in the federal and commercial data-security markets with combined total annual sales of $8 billion, Steve Hawkins, vice president of information security solutions, said in an interview Tuesday.
The $7 billion government information-security market will grow 20 percent annually over the next five years, Hawkins said. The $1 billion commercial market is increasing 40 percent annually. The new division will combine the assets acquired from Oakley with Waltham, Mass.-based Raytheon’s 25 years of experience in information security.
Yet another defense contractor jumps into the “me too” infosec pool.
Tags: Raytheon, Defense Contractor, Information Security
Now, Veracode is a company that I see as an excellent growth company. I’ve been a fan of theirs since I first met them at RSA 2007. The long and the short of it is that this is a company that does binary analysis of your in-house code. For a fee of course. I had some trepidation at first due to the Patriot Act but, they now have agreements with Canadian firms to help assuage these fears.
Gartner has released a list of five companies that they rate as…well, no easy way to put this but, “cool”. The report from Gartner entitled “Cool Vendors in Application Security and Authentication” has given Veracode the Arthur Fonzarelli seal of approval.
From the press release:
Gartner’s listing does not constitute an exhaustive list of vendors in any given technology area, but rather is designed to highlight interesting, new and innovative vendors, products and services. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness of a particular purpose.
Gartner defines a cool vendor as a company that offers technologies or solutions that are: Innovative, enable users to do things they couldn’t do before; Impactful, have, or will have, business impact (not just technology for the sake of technology); Intriguing, have caught Gartner’s interest or curiosity in approximately the past six months.
OK, phew. Just as long as they don’t try to jump the shark tank on their motorbike.
Oops.
From Yahoo Finance:
IBM Corp. has been temporarily banned from new federal contracts as prosecutors examine interactions between employees of the company and the Environmental Protection Agency.
The suspension went into effect last Thursday “while the agency reviews concerns raised about potential activities involving an EPA procurement,” the agency said Monday in an e-mailed statement. Under a reciprocal agreement among federal agencies, when one issues a ban, the others follow it.
EPA said it will not comment further on the matter.
IBM said it was cooperating with the U.S. Attorney’s Office for the Eastern District of Virginia, which served grand jury subpoenas seeking documents and testimony relating to the EPA contract.
This will most likely get worked out in short order. Bad press though. Ouch.
From ZDNet UK:
Mozilla chief executive John Lilly has hit out at Apple, accusing the company of doing a disservice to Windows users everywhere by including its Safari browser as a default add-on installation in the latest iTunes update, likening the practice to the way malware is distributed.
In a recent blog post, the head of the foundation behind the Firefox browser and Thunderbird email client attacked Apple for including the option to install the browser as a pre-selected default, saying it compromises the security of all users and the entire web.
“Apple has made it incredibly easy — the default, even — for users to install ride-along software that they didn’t ask for and maybe didn’t want. This is wrong, and borders on malware distribution practices,” said Lilly in the post.
“It undermines the trust relationship great companies have with their customers, and that’s bad not just for Apple but for the security of the whole web.”
Yesterday’s Safari Vulnaerabilities.
Cenzic, the web application testing firm who brought us such hits as patenting fault injection (despite years of previous art) is getting more funding. The VC top heavy operation has reached 60% of their current funding goals apparently.
From Mashable:
The market in which Cenzic operates is a large one. More and more Web applications are being produced every week, and a good portion are targeted at enterprise customers. Yet Web security is a still a sensitive, porous area. Cenzic claims that some 90% of such applications are vulnerable to infiltration and the compromise of data. Therefore its field of play, as it were, is an expansive one, and will only increase in size and activity. Because businesses will continue to take advantage of the convenience and efficiency for internal and external communications in using Web-based software, the prospects for Cenzic are far reaching.
Hopefully they will spend more time on their product development and less in court.
Green you say?
From Silicon dot com:
Microsoft chief executive Steve Ballmer has claimed that more efficient use of IT is one of the company’s main priorities for the future, despite the fact the company has been widely criticised for producing processor-hungry software.
Speaking at the CeBit technology show in Hanover, the Microsoft boss described how the software maker is collaborating with German nuclear power provider Yello Strom. Yello Strom’s managing director Martin Vesper demonstrated a “Yello-saving counter” – a Vista widget that lets consumers monitor their home power via a PC.
Ballmer explained PCs and other technology still consume far too much electricity. He said: “The lowering of energy consumption is as important for us as new uses of software and IT for the environment.”
And a great deal of this is due to the requirements that are needed to run Vista in the first place. Throwing a can of paint on Vista will not make it green.
With a headline like that you can’t help but, to shake your head.
From Electronics Talk:
The Padded Cell Secure Hypervisor and its EAL6+ compliant security policies enable breakthroughs for many of the world’s long unresolved security problems
Green Hills Software has released the world’s first secure hypervisor. The Padded Cell Secure Hypervisor supports the widest range of computing platforms, from embedded devices to enterprise desktop and server systems. It runs on top of Green Hills Software’s Integrity separation kernel. ‘Many people believe that hypervisors are the solution to security problems’.
‘But existing hypervisors actually make security problems worse by providing another avenue for attack’, said Dan O’Dowd, founder and Chief Executive Officer, Green Hills Software.
‘Everybody has become accustomed to the fail-first, patch-later mentality adopted by the world’s largest software organisations and products’.
‘The fact is that it is possible to build totally secure, hacker-proof software upon which critical computing assets and resources can depend’.
‘Our introduction of Padded Cell Secure Hypervisor continues to demonstrate this by pushing the envelope of applications that can benefit from our proven approach to safety, security and reliability’.
You know, I wish them well in this endeavour. I really do. I just can’t forget the Oracle “unhackable” campaign or Microsoft’s “more secure than the popemobile” billboards when Windows 2000 came out. It’s like they’re taunting the hackers. And, they will invariably rise to the challenge and smite them.
Tags: Virtualization, Hypervisor, Hacker, Hacker Proof
