SAN FRANCISCO--It will likely come as no surprise to anyone familiar with virtual worlds and online games that they can be hacked. But what might come as a shock is the sheer breadth of types of exploits that are possible.
That was the broad message of a Thursday panel called, appropriately, "Exploiting Online Games" at the RSA 2009 security conference here.
Moderated by Gary McGraw, CTO of software security consulting firm Cigital and an author of several books, the panel took the audience on a deep dive into the diverse ways that hackers and others have figured out … Read more
A laptop's value is more than meets the eye. Intel says stolen laptops cost corporate owners more than $100,000 in some cases, in a study announced Wednesday.
The study on notebook security, commissioned by Intel and conducted by the Ponemon Institute, states that laptops lost or stolen in airports, taxis, and hotels around the world cost their corporate owners an average of $49,246 "reflecting the value of the enclosed data above the cost of the PC," Intel said.
Analyzing 138 instances of lost and stolen notebooks, the study based the $49,246 price tag on … Read more
In past years, I looked at the RSA security conference as a high-tech flea market staffed by the world's best security carnival barkers. Yes, important security topics were discussed, but the real focus of the show was selling products and doing deals.
This year's event has its share of tacky presentations and booth babes, but I'm hearing a lot of chatter about a far more important topic: the state of information security and its impact on us all. Finally, the combination of unending data breaches, sophisticated malware, and the very real cybersecurity threat has everyone paying attention. … Read more
A security hole in OAuth, the open-source protocol that acts as a "valet key" for users' log-in information, has led services like Twitter and Yahoo to temporarily pull their support, CNET News has learned.
Some developers were dismayed when Twitter pulled its support for OAuth, which it had only recently started to implement: blogger Jesse Stay wrote in a post about other restrictions to Twitter's developer API that its removal of OAuth is one of a number of recent examples of how the microblogging service has "pulled the rug out from under its developers."
In … Read more
Defense Secretary Robert Gates said Tuesday that the United States is "under cyberattack virtually all the time, every day" and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks.
In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation's cybersecurity after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information.
In a series of spy attacks, hackers stole information about the Pentagon's F-35 Joint Strike Fighter … Read more
SAN FRANCISCO--A group of pioneers in the security field, whose work in encryption is used to protect Internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference on Tuesday.
They tackled various questions about cyber security in general, but the topic that dominated was cloud computing.
"Cloud computing is a challenge to security, but one that can be overcome," said Whitfield Diffie, chief security officer at Sun Microsystems. "I believe cloud computing will get to (the point) where no real program...will be done anymore … Read more
SAN FRANCISCO--Microsoft is testing some of its new identity-based security technology in Washington state schools, where students and teachers will be able to securely access grades and class schedules, a Microsoft executive said in a keynote address Tuesday at the RSA 2009 security conference here.
The software company is working with the Lake Washington School District-- comprised of 50 schools and nearly 24,000 students in and around Microsoft's home town of Redmond--to deploy its Geneva claims-based identity platform, said Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group.
Students and parents will bring identification information into … Read more
SAN FRANCISCO--Cisco is set to make several cloud-related security announcements at the RSA conference on Tuesday, including the expansion of its hosted security services and the integration of security-as-a-service applications with corporate network infrastructures.
The new products include Cisco Security Cloud Services, Cisco IPS Sensor Software 7.0 for intrusion prevention, and Cisco Adaptive Security Appliance 5500 Series 8.2 software with a botnet traffic filter for identifying infected clients and remote access capabilities.
The company uses what it calls "SensorBase," a massive threat-monitoring network overseen by 500 workers in its Cisco Security Intelligence Operations center. The center … Read more
Updated 9:40 a.m. PDT April 21 with Symantec CEO comment from keynote.
SAN FRANCISCO--Symantec has acquired Web security firm Mi5 Networks and announced two new security suites at the RSA security conference on Tuesday.
Mi5 sells a Web security appliance that protects corporations against Web-based threats. Symantec will integrate the technology into its offerings later in 2009 and offer it as a stand-alone product, Joan Fazio, director of product marketing for Symantec Endpoint Security, said in an interview.
The all-cash transaction was completed in March, she said, declining to disclose the terms.
The company also is announcing Symantec … Read more