security

It's not even turkey day and Cisco Systems has already acquired a dozen companies this year. Some of these get lots of ink while others remain less glamorous and fall through the PR cracks. Case in point, on November 1, Cisco acquired a company named Securent, a company that claims to be, "the leader in entitlements management." Since this news involved Cisco, the announcement was picked up by a number of media outlets but little detail appeared.

ESG believes that this seemingly minor deal may have far more impact than the industry anticipates. Why? Cisco is always … Read more

Microsoft today released the latest version of its all-in-one security product, Windows Live OneCare. In beta since July, version 2.0 offers many enhancements of existing tools and offers several new tools, particularly in the area of networking and backup storage.

Installation from the Windows Live OneCare site requires signing with a Windows Live account. Microsoft says you can use your current Live ID or create a new one for OneCare and, if you wish, use one Live ID for Windows Live OneCare and another Live ID for Windows Live Messenger on the same machine. The Live ID you use … Read more

Most of Facebook's reported 50 million users might be mostly ordinary people, but the site's latest legal issue involves celebrity law.

Earlier this month, shortly after the social networking site announced its Social Ads initiative, University of Minnesota law professor William McGeveran argued in a blog post that the new program might violate a number of privacy laws.

Social Ads, which have already begun to appear on the site, are designed to boost Facebook's lukewarm revenues by targeting ads directly toward the members in question. They allow Facebook members to sign up as "fans" of an advertiser and then have their names and profile photos displayed alongside the marketer's ads on their friends' Facebook pages. Problem is, that potentially violates a New York privacy law that protects peoples' names and likenesses from being used without written permission, according to McGeveran.

"It's not just a New York law. Most states have statutes that protect this. Sometimes it's called a right of publicity, sometimes it's called commercial appropriation, sometimes it's a right to privacy," said Brian Murphy, a partner at Frankfurt Kurnit Klein & Selz, a New York-based media and entertainment law firm. "It's essentially that area of law that protects all of us, but in particular celebrities, from having their likenesses used without their permission."

The real problem facing Facebook, however, isn't that Social Ads are illegal. Social media, including Facebook, is an uncharted territory for the American legal system, and old laws are being applied to a new concept. The New York privacy law that McGeveran cited, indeed, has its roots "more than a hundred years years ago by some bigwigs back in the late 1890s who were tired of having their private lives splashed across the equivalent of Page Six," said Murphy.

… Read more

Apple is taking Tiger to 11.

The company released a major update to Mac OS X 10.4 on Wednesday that delivers several improvements, fixes some bugs, and patches several security holes identified in recent months. Mac OS X 10.4.11 is immediately available through Software Update, or it can be downloaded from Apple's Web site.

Listing every feature contained in the new update would probably set a record for wordiness in this blog, so I'm not going to do that, and instead will point you here to an informational document on Apple's site. A couple … Read more

Flash drives have already become the media of choice when one needs to transfer files in a hurry. However, its small size also means the chances of one being lost or stolen is high.

While some USB drives have gone down the password route and others opt for a fingerprint sensor, Elecom's solution is a little more drastic. Its latest flash drives come with the Password Authentication Security System (PASS), which allows only authorized machines to read the contents. We do hope that there is a workaround if the only PC it's paired with goes bonkers.

Storage capacities … Read more

Requirement 3.4 in the Payment Card Industry Data Security Standard mandates that financial service and retail companies, "render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored." While the PCI standard provides a number of ways to do this, most large companies equate the term "unreadable" with encryption.

So here is the rub. PAN data is stored in a bunch of places but everyone stores it in databases. I'm talking about massive databases here--think hundreds of gigabytes to terabytes of data in many cases. Now when your database gets this big, you … Read more

Microsoft today released its November 2007 security bulletin, which includes only two updates. One is designated as Critical by the software giant and affects how Windows XP and Windows Server 2003 handle Windows URIs. The other bulletin is deemed Important and affects how Windows Server 2000 and Windows Server 2003 handle spoofing attacks. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-061: Critical

Entitled "Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)," this bulletin affects users of Microsoft Windows XP SP2 and … Read more

Apple on Monday released a patch for the iPhone and iPod Touch. The TIFF vulnerabilities associated with the patch are serious. However, in fixing the security flaws, users will no longer be able to apply Jailbreak, software that allows for third-party applications on the iPhone. Further, Apple says the update is only available through iTunes, and will not appear in the Mac OS software update application, or on the Apple downloads site, and requires the latest version of iTunes to receive this update.

Image IO This patch affects users of iPhone v1.0 through v1.1.1, iPod Touch v1.… Read more

Keeping data is crucial, there's no doubt about this. Data backing up has evolved from as painful as copying files onto a floppy disk to an eye candy with Apple's recent invention of the Time Machine.

However, on the other hand, completely losing data is equally important, when you decide to let go your old hard drive. Trashing files from within the operating system generally doesn't make the information completely go way. And you don't want it to be retrieved by people with ill intention.

Today, Wiebetech introduced the first standalone, consumer-friendly hard drive wiping device … Read more