InfoSec News

Adobe repaired seven dangerous vulnerabilities in its latest Flash Player update and added sandboxing protection for Firefox and Mac users.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
One of the more surprising episodes in Hewlett-Packard and Oracle's ill-fated enterprise IT partnership was touched upon for only a few minutes during testimony in their breach-of-contract trial earlier this week. But that event -- fruitless talks aimed at a joint acquisition and breakup of Sun Microsystems -- may have been one of the sources of their current rancor.
The U.S. and Mexican governments have reached agreements on the sharing of wireless spectrum on the border of the two countries, opening up spectrum in the 800 MHz and 1.9 GHz bands to commercial services and public safety agencies, the U.S. Federal Communications Commission said Friday.
Is tech heading into another downturn? Market watchers see signs of hope for the end of the year but they are hedging their bets.
Voting on Facebook's proposed changes to its privacy policy concluded Friday morning Pacific time, with voters delivering a strong rebuke of the proposed changes but falling far short of the turnout the company required to consider the vote binding.
How many pre-paid buyers will pony up $650 for a new 16GB iPhone 4S to be able to get no-contract service starting at $30 a month? Some analysts believe there won't be very many.
Adobe today patched seven critical vulnerabilities in Flash Player -- the fifth security update so far in 2012 -- and released a sandboxed plug-in for Mozilla's Firefox.
By studying the cockroach, researchers at the at the University of California, Berkeley discovered that one of the ways the pests can quickly slip from sight is by deftly flipping themselves under a ledge.
Worldwide external disk storage systems factory revenues posted year-over-year growth of 7.1%, totaling just under $6 billion, in the first quarter of 2012, according to IDC.
Voting on Facebook's proposed changes to its privacy policy concluded Friday morning Pacific time, with voters delivering a strong rebuke of the proposed changes but falling far short of the turnout the company required to consider the vote binding.
Future scientists and technology professionals, not governments, will develop the innovations that most benefit society, online educator entrepreneur Sal Khan told MIT's 2012 graduates during his commencement speech Friday.
The Flame cyber-espionage malware makes use of a previously unknown cryptographic attack variant that required world-class cryptanalysis to develop, experts from the Dutch national research center for mathematics and computer science (CWI) said on Thursday.
Microsoft has added its Office suite to Windows 8's online store, a move that shows how Microsoft will promote traditional x86/64 desktop software through the e-mart.
Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS framework, according to a pre-release announcement on the company's website.
A new service called Fluent promises to revolutionize the way you use Gmail. We put it to the test to see what it's really all about.
Microsoft is moving to bulk up its Bing search engine by partnering with the Encyclopedia Britannica to add more data to its search results.
Re: Analysis: Vast IPv6 address space actually enables IPv6 attacks
Analysis: Vast IPv6 address space actually enables IPv6 attacks

Wednesday’s Cornerstones of Trust Conference featured an interesting CSO discussion of some of the hottest topics infosecurity pros are dealing with today, including the BYOD trend, cloud computing and big data security. The annual conference, held in Foster City, Calif., is sponsored by ISSA’s Silicon Valley and San Francisco chapters, and San Francisco Bay Area InfraGard.

Mobile, cloud and BYOD are all part of an overarching trend towards consumerization of IT that’s driving demand for convenient, easy access to corporate data, said Preston Wood, CSO at Zions Bancorporation, a Salt Lake City-based bank holding company. “We need to find a way to enable that and not be a roadblock,” he said.

At Cisco Systems, the mobile trend is far from new, said Steve Martino, a Cisco vice president in charge of information security for the networking giant. Thirty percent of the workforce has more than two mobile devices. “If we try to prevent it, they’ll find ways around it,” he said.

Instead, organizations should consider flexible mobile policies that permit network access based on the user, device and location, Martino said. For example, a user with a phone that doesn’t have mobile device management (MDM) software may get access to some services but not others.

With cloud computing, information security’s historic reliance on preventative controls won’t work so well, Wood said. The cloud trend presents the opportunity to focus more on detective controls of rapid response and risk mitigation. Each organization will have a different risk appetite and some aspects of the business will still require preventative controls. “There’s no one-size-fits-all,” Wood said. “You need to ask the business that risk question.”

On the topic of big data security - using big data techniques for security analytics — Wood suggested organizations can get started on that path by digging into data they already have on hand, such as firewall or IDS logs. Administrators often don’t look back to see if firewall policies are still working - that might be an area to explore, he said. The approach of mining data to obtain more security builds on itself.

“Start with what you already have,” Wood said. “And start by asking some innovative questions of that data.”

Earlier in the day, Wood presented a keynote on big data and security analytics, which unfortunately I missed, but I did cover his presentation at RSA Conference 2012, as did many other reporters. His RSA presentation was widely covered and justly so. He’s put into practice what others are only talking about at a conceptual level. At RSA, he and others from Zions detailed how the company harnessed information from its disparate security data sources by developing Hadoop-based security data warehouse. Using big data techniques enabled the company to speed forensics investigations, improve fraud detection and overall security, they said.

On Wednesday, Wood also offered some career advice to security pros: Don’t limit yourself to the “echo chamber of security.” Security pros should try to learn about other disciplines; big data security, for example, offers the opportunity to reach out to business units that have experience with analytics, he said.

At Cisco, employees are rotated, for example, from security to IT or from a business unit into security, Martino said. That practice helps the security organization understand the pain points throughout the business, he said. The company also has created security advocates in other parts of the business, which gets others involved in security.

Wood also urged attendees to spend more time on strategy. A lot of security organizations find themselves fighting fires all the time instead of looking at the big picture, he said. Security teams need people with the skills to deal with daily operations but who can also look ahead and strategize.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Premier 100 IT Leader Edward Martin also has advice on the indispensable skills and how to become a CIO.
[SECURITY] [DSA 2490-1] nss security update
Re: Mybb 1.6.8 Sql Injection Vulnerabilitiy
Re: Mybb 1.6.8 Sql Injection Vulnerabilitiy
CVE-2012-3287: md5crypt is no longer considered safe

GovInfoSecurity.com (blog)

5 Questions to Mull in Wake of Flame Attack
GovInfoSecurity.com (blog)
Recently retired CIA Chief Information Security Officer Robert Bigman, in a recent blog (see Open Letter to New Obama Infosec Adviser), points out that much of the government's IT security efforts have focused on how threats have adversely affect IT ...

and more »

The morning report
Crain's Cleveland Business (blog)
Over the last decade, the concept of Security Information and Event Management has been defined, argued about, and redefined by infosec professionals and vendors searching for the Holy Grail of information display. There are several companies whose ...

Forrester vice president Kyle McNabb advises CIOs to take a central role in improving customer experience and outlines what it takes to reclaim that role.
CIO magazine's editor in chief discusses our June 15 cover story on the CIO-CMO relationship and why, despite the potential for animosity, there is a big benefit in learning to get along.
Many in the US are concerned about the talent gap between American students and similarly-aged students overseas when it comes to math and science skills. This is a real problem for our economy and security. But CIOs can help by reaching out to guidance councelors and educating them about jobs in IT.
At the massive Computex exhibition in Taipei this week, hundreds of vendors hawk shiny new tablets, phones and computers.
Tech companies including Nokia and Hewlett-Packard and industry associations have backed a submission by the U.S. Federal Trade Commission, warning that exclusions based on standards-essential patents could stifle innovation and competition.
Kevin Young, a computer security expert who studies passwords, is nearly at a loss for words. Literally.
Google will soon release a preview of its Chrome browser capable of running in the Windows 8 Metro environment.
Revenue from server sales declined by about 12% year-on-year in Europe, the Middle East and Africa during the first quarter of 2012, as vendors continue to suffer from a slowdown in server spending, according to market research company IDC.
Intel's new Ivy Bridge processor is supposed to add high performance and long battery life to next-gen notebooks. We test Fujitsu's Lifebook U772 and Lenovo's ThinkPad X230 to see if it's true.
As the bring-your-own-device trend accelerates, companies are struggling to deal with employees who now use cloud storage services while at work.
A U.S. Judge canceled a trial scheduled to start Monday in a patent dispute between Apple and Motorola Mobility, and said he had tentatively decided that the case should be dismissed as neither side had established a right to relief.
Internet Storm Center Infocon Status