http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-09-26 18:51:41 - Optimal Security : Frequent readers of Optimal Security know I have very strong opinions on our nation s need to improve cyber security at all levels Information security professionals agree today s threat landscape pales in comparison to what existed only a few years ago Increasingly savvy hackers seek to disrupt business and quietly steal everything, from your financial transactions http://www.secuobs.com/revue/news/331107.shtmlhttp://www.secuobs.com/revue/news/331107.shtml Secuobs.com : 2011-09-13 23:07:36 - Optimal Security - VIDEO Paul Henry, Forensics and Security Analyst, provides his insights in this September 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/328662.shtmlhttp://www.secuobs.com/revue/news/328662.shtml Secuobs.com : 2011-09-13 22:07:33 - Optimal Security - September s Patch Tuesday from Microsoft is rather light with only 5 Bulletins none of which are critical MS11-070 Elevation of Privilege, Vulnerability in WINS MS11-070 Remote Code Execution, DLL Linking MS11-072 Arbitrary Code Execution, Microsoft Excel MS11-073 Code Execution, Microsoft Office MS11-074 Elevation of Privilege, Sharepoint Even with no vulnerabilities rated critical this period, the importance of quickly deploying these http://www.secuobs.com/revue/news/328647.shtmlhttp://www.secuobs.com/revue/news/328647.shtml Secuobs.com : 2011-09-09 18:44:41 - Optimal Security - Hackers never sleep as Citigroup can certainly attest to, having their consumer information twice hacked in a span of only three months While we are counting sheep, the bad guys are of course looking for a way in, lurking and waiting for a vulnerable minute to strike And all too often, this happens to organizations that http://www.secuobs.com/revue/news/328034.shtmlhttp://www.secuobs.com/revue/news/328034.shtml Secuobs.com : 2011-09-07 00:36:55 - Optimal Security - Microsoft, Google and Mozilla and have all now blocked SSL certificates from DigiNotar with complete revocation of trust simply put, all certificates issued by DigiNotar are no longer accepted as trusted by the Internet s primary browser vendors It s important to note that the certificate revocation from Microsoft includes Windows 7, Windows Vista and now http://www.secuobs.com/revue/news/327393.shtmlhttp://www.secuobs.com/revue/news/327393.shtml Secuobs.com : 2011-08-25 02:19:25 - Optimal Security - News today, courtesy of Brendon Tavelli at Proskauer s Privacy Law blog via the always excellent Office of Inadequate Security, of a new data breach notification bill just signed by Governor Pat Quinn of Illinois Interesting to me both personally Go Illini and professionally, this bill HB 3025 amends Illinois Public Act 097-0483 the Personal Information Protection http://www.secuobs.com/revue/news/325071.shtmlhttp://www.secuobs.com/revue/news/325071.shtml Secuobs.com : 2011-08-24 21:37:36 - Optimal Security - It was fellow blogger Paul Henry s number one prediction for this year And while I applaud Paul s spot-on prediction, I m not happy to admit he was right Cyber attacks are no longer coming from smalltime pranksters Today s attacks are too extensive and intelligent to come from a source of this type Rather, they are coming http://www.secuobs.com/revue/news/325026.shtmlhttp://www.secuobs.com/revue/news/325026.shtml Secuobs.com : 2011-08-19 23:02:50 - Optimal Security - The Responsibility of Data Ownership and the Care it Demands Anonymous data isn t always anonymous despite our intentions or best efforts Just this week, I received an startling reminder of this fact in an email Newsletter from TheLadders CEO, Marc Cenedella Through the contents of that email, TheLadders may be leaking the exact, personally-identifiable salaries of its http://www.secuobs.com/revue/news/324159.shtmlhttp://www.secuobs.com/revue/news/324159.shtml Secuobs.com : 2011-08-12 19:55:37 - Optimal Security - I always enjoy hearing about our venerable events in the popular press sometimes they re yuk-inducing, like this bit on Marketplace about their reporter asking about getting WiFi at Black Hat 2011 see here or listen here for the whole piece And although I did not attend, I ve been trying to catch up on some http://www.secuobs.com/revue/news/322794.shtmlhttp://www.secuobs.com/revue/news/322794.shtml Secuobs.com : 2011-08-09 23:14:32 - Optimal Security - Microsoft is making IT admins earn their Labor Day holiday with 12 bulletins across a broad range of Microsoft OS platforms, Office and developer tools Overall, this Patch Tuesday will result in several reboots, making it very disruptive for flaw mitigation teams 2 bulletins are critical These bulletins are the highest priority and require immediate attention MS11057 IE http://www.secuobs.com/revue/news/322093.shtmlhttp://www.secuobs.com/revue/news/322093.shtml Secuobs.com : 2011-08-09 23:14:32 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this August 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/322092.shtmlhttp://www.secuobs.com/revue/news/322092.shtml Secuobs.com : 2011-08-01 16:45:06 - Optimal Security - The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion The relatively short only two pages document from the Cyber Security Operation Centre CSOC part of the Defence Signals Directorate DSD is based on their experience in operational cyber security, including http://www.secuobs.com/revue/news/320327.shtmlhttp://www.secuobs.com/revue/news/320327.shtml Secuobs.com : 2011-07-28 18:29:47 - Optimal Security - After the explosive March hack that infiltrated over 24,000 key files, Pentagon officials are ready to change their strategies regarding US cyber security While the incursion was one of the worst single incidents the US Department of Defense has ever seen and may impact the design of the US weapons system, it s just one in http://www.secuobs.com/revue/news/319768.shtmlhttp://www.secuobs.com/revue/news/319768.shtml Secuobs.com : 2011-07-12 21:27:25 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this July 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/316579.shtmlhttp://www.secuobs.com/revue/news/316579.shtml Secuobs.com : 2011-07-12 20:34:28 - Optimal Security - While this Patch Tuesday may appear insignificant with just 4 patches a quarter of what we saw last month , the reality is that it will be rather disruptive All patches impact Windows and Office and require a restart Priorities for July The MS11-053 patch is critical and warrants immediate attention if your environment is Bluetooth enabled http://www.secuobs.com/revue/news/316560.shtmlhttp://www.secuobs.com/revue/news/316560.shtml Secuobs.com : 2011-06-29 17:39:39 - Optimal Security - In all my years in information security, I have never seen the volume of attacks targeted at high profile organizations that we are seeing right now We need to take this tumultuous new reality as a needed wake-up call to affect sweeping change I recently came across a great interview on the New York Times business http://www.secuobs.com/revue/news/314267.shtmlhttp://www.secuobs.com/revue/news/314267.shtml Secuobs.com : 2011-06-15 18:36:43 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this June 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/311418.shtmlhttp://www.secuobs.com/revue/news/311418.shtml Secuobs.com : 2011-06-15 00:17:13 - Optimal Security - With 16 bulletins issued from Microsoft today, this month isn t as big as April thankfully , but it is still sizable and certainly disruptive, as it affects applications across the board With 9 critical bulletins and the vast majority directly requiring a reboot, this marks the beginning of a long summer for IT professionals with no room http://www.secuobs.com/revue/news/311226.shtmlhttp://www.secuobs.com/revue/news/311226.shtml Secuobs.com : 2011-06-13 20:42:44 - Optimal Security - Ah, another day, another dollar marketing misstep in the unfortunate context of a crisis communications Actually, misstep for many companies in the age of social communications is far too lighthearted a term to use Consider the news headlines devoted to the Sony data breach of 100 million user records This seemingly never-ending saga is yet http://www.secuobs.com/revue/news/310887.shtmlhttp://www.secuobs.com/revue/news/310887.shtml Secuobs.com : 2011-06-02 21:51:15 - Optimal Security - MacDefender is fake security program that has been targeting Mac OS users Through a combination of SEO optimization and a socially engineered website, Mac users are tricked into installing the Mac Defender malware In this video, two members of the Lumension team, Russ Ernst, product management and Chris Merritt, solution marketing have prepared a step-by-step http://www.secuobs.com/revue/news/308817.shtmlhttp://www.secuobs.com/revue/news/308817.shtml Secuobs.com : 2011-05-18 21:53:05 - Optimal Security - My mother use to always say, actions speak louder than words and in reading the recent cybersecurity proposed plan, I can t help but think of that age-old phrase To date, there has been very little meaning behind our nation s efforts to secure the American people, industry and critical infrastructure from cyber criminals In fact, according http://www.secuobs.com/revue/news/305700.shtmlhttp://www.secuobs.com/revue/news/305700.shtml Secuobs.com : 2011-05-10 22:27:39 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this May 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/303908.shtmlhttp://www.secuobs.com/revue/news/303908.shtml Secuobs.com : 2011-05-10 20:39:56 - Optimal Security - Last month it poured when Microsoft released 17 security bulletins that addressed a total of 64 vulnerabilities For today s Patch Tuesday, we have a light load however, both patches address remote code execution and one is critical So both require immediate attention The critical patch MS11-035 Vulnerability in WINS addresses an issue with all supported http://www.secuobs.com/revue/news/303859.shtmlhttp://www.secuobs.com/revue/news/303859.shtml Secuobs.com : 2011-05-09 18:38:28 - Optimal Security - The growth in market share for the iMac and MacBook is what first got the attention of hackers then came the iPhone and shortly after that, the iPad Anyone that thinks they have a security by obscurity advantage is mistaken You are no longer safe simply because you use an Apple product The recent discovery of a DIY http://www.secuobs.com/revue/news/303561.shtmlhttp://www.secuobs.com/revue/news/303561.shtml Secuobs.com : 2011-05-03 19:12:26 - Optimal Security - The intensive and comprehensive nature of Sony s PlayStation Network PSN meltdown has made a strong impression on me Loss of massive amounts of sensitive customer data, long-term network unavailability, probable class-action law suits, and an unprecedented avalanche of bad PR this is not your normal our network got hacked situation It made me wonder, http://www.secuobs.com/revue/news/302295.shtmlhttp://www.secuobs.com/revue/news/302295.shtml Secuobs.com : 2011-04-27 17:49:48 - Optimal Security - The original attack against Sony was a massive Distributed Denial of Service Attack that quickly changed vectors and became a penetration of their environment The successful penetration of the PlayStation network allowed a tremendous amount of data for 77 million users to be harvested including Users names Home addresses Email addresses Birth dates PlayStation Network usernames PlayStation Network passwords Answers to password security http://www.secuobs.com/revue/news/301161.shtmlhttp://www.secuobs.com/revue/news/301161.shtml Secuobs.com : 2011-04-26 18:11:03 - Optimal Security - If your organization is anything like the companies we ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension Significantly, http://www.secuobs.com/revue/news/300862.shtmlhttp://www.secuobs.com/revue/news/300862.shtml Secuobs.com : 2011-04-20 19:08:03 - Optimal Security - If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011 According to the end of year report from IBM X-Force, at least 44pourcents of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year Not only do we have to http://www.secuobs.com/revue/news/299733.shtmlhttp://www.secuobs.com/revue/news/299733.shtml Secuobs.com : 2011-04-13 00:20:30 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this April 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/297984.shtmlhttp://www.secuobs.com/revue/news/297984.shtml Secuobs.com : 2011-04-12 21:09:13 - Optimal Security - No matter how you look at it, it s an ugly Patch Tuesday this month There are 17 bulletins this month and over half of them, 9, are critical and we are seeing 64 patches in total All but two provide for remote code execution We are well into a new year and things have not http://www.secuobs.com/revue/news/297923.shtmlhttp://www.secuobs.com/revue/news/297923.shtml Secuobs.com : 2011-04-12 20:19:29 - Optimal Security - This is Part III of the Innovation vs Spending series Also read Part I and Part II We have entered 2011 as a cautiously optimistic nation However, the economic turmoil in the first quarter of this year leaves us uncertain The federal budget for fiscal year 2012 has yet to be finalized Unrest in Egypt and http://www.secuobs.com/revue/news/297911.shtmlhttp://www.secuobs.com/revue/news/297911.shtml Secuobs.com : 2011-04-06 18:27:33 - Optimal Security - Total US tech R D spending is now below what it was in the 1960s, according to a recent research report by Mary Meeker of Kleiner Perkins According to Meeker, this decline can be attributed to the federal government s reduction in spending on technology research Remember, it was US government sponsored research and investment that gave http://www.secuobs.com/revue/news/296659.shtmlhttp://www.secuobs.com/revue/news/296659.shtml Secuobs.com : 2011-03-30 20:23:41 - Optimal Security - PART I Is the security industry content to stop innovating because businesses keep buying The Problem Research and development among technology vendors is on the decline Tech giants, such as HP and IBM, have made cuts to their R D programs This may be the case for the security industry as well At least that seemed to http://www.secuobs.com/revue/news/295191.shtmlhttp://www.secuobs.com/revue/news/295191.shtml Secuobs.com : 2011-03-10 19:32:56 - Optimal Security - As sure as night follows day, malware follows the meme And latest meme, apparently, is all Charlie Sheen, all the time I don t watch much TV read none , and don t read many celebrity gossip blogs read none , but even I am painfully aware of Charlie Sheen s seemingly wacked out 20 20 special and the sundry other interviews http://www.secuobs.com/revue/news/290784.shtmlhttp://www.secuobs.com/revue/news/290784.shtml Secuobs.com : 2011-03-08 22:10:13 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this March 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/290266.shtmlhttp://www.secuobs.com/revue/news/290266.shtml Secuobs.com : 2011-03-08 22:10:13 - Optimal Security - This Patch Tuesday wasn t very large, but it was serious Two of the patches we saw were in Windows, and the third in Office All patches addressed issues providing for remote code execution, which is top of mind for IT flaw remediation specialists If you re using the Remote Desktop Client, MS11-017 should be your top priority http://www.secuobs.com/revue/news/290265.shtmlhttp://www.secuobs.com/revue/news/290265.shtml Secuobs.com : 2011-03-02 22:32:50 - Optimal Security - For those that were unable to attend the March 1 podcast on 2011 Malware Trends, here are a few of the key points with additional depth for each By way of background, the market for stolen Internet information is saturated and things like credit card data and bank account credentials have become a cheap commodity on http://www.secuobs.com/revue/news/288957.shtmlhttp://www.secuobs.com/revue/news/288957.shtml Secuobs.com : 2011-02-21 19:02:15 - Optimal Security - The 2011 RSA Security Conference came to an end last week, and this year, the most memorable thing for me was the San Francisco dim sum I didn t see or hear anything ground breaking on the exhibit floor, but there were definitely a few notable shifts on the security buzzword scene From my perspective, compliance was http://www.secuobs.com/revue/news/286653.shtmlhttp://www.secuobs.com/revue/news/286653.shtml Secuobs.com : 2011-02-11 23:32:21 - Optimal Security - First let me apologize to the regular readers of Optimal Security as I interrupt the more typical flow of industry views and opinions with a marketing-oriented post As the title of the post indicates, we will not be taking up floor space at this year s RSA or Infosec UK shows It is the first time http://www.secuobs.com/revue/news/284732.shtmlhttp://www.secuobs.com/revue/news/284732.shtml Secuobs.com : 2011-02-09 00:42:05 - Optimal Security - This is a very disruptive Patch Tuesday with several updates impacting nearly the full operating system product line from Microsoft and requiring a reboot While a pair of Zero Day security issues have now been patched, we still have not received a patch for the MHTML issue that impacts all versions of Internet Explorer, meaning http://www.secuobs.com/revue/news/283791.shtmlhttp://www.secuobs.com/revue/news/283791.shtml Secuobs.com : 2011-02-09 00:42:05 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this February 2011 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/283790.shtmlhttp://www.secuobs.com/revue/news/283790.shtml Secuobs.com : 2011-01-27 20:28:30 - Optimal Security - You might have seen recent reports that Windows 7 Service Pack 1 SP1 has been sent to computer manufacturers Originating from Microsoft s Russian TechNet site, the news triggered speculation that Microsoft will move ahead with the release of Windows 7 SP1 soon which the company has previously promised will occur in the first half http://www.secuobs.com/revue/news/281220.shtmlhttp://www.secuobs.com/revue/news/281220.shtml Secuobs.com : 2011-01-25 00:26:59 - Optimal Security - January 28, 2011 is Data Privacy Day Analyst Eric Ogren from The Ogren Group sat down with Lumension CEO Pat Clawson to ask some key questions around what this day means for the industry and how it has made an impact since Congress implemented it two years ago Both Eric and Pat get down to http://www.secuobs.com/revue/news/280469.shtmlhttp://www.secuobs.com/revue/news/280469.shtml Secuobs.com : 2011-01-20 17:43:25 - Optimal Security - I have received a number of requests for more background on just how I arrived at my conclusion that it is game-over for traditional AV, so I thought I would share the numbers Everyone reading this should be familiar with the CSI FBI Crime reports They have been respected and widely read reports within the InfoSec community http://www.secuobs.com/revue/news/279610.shtmlhttp://www.secuobs.com/revue/news/279610.shtml Secuobs.com : 2011-01-12 00:50:51 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this November 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/277541.shtmlhttp://www.secuobs.com/revue/news/277541.shtml Secuobs.com : 2011-01-12 00:50:51 - Optimal Security - This first Patch Tuesday in 2011 addresses the following Microsoft issues Bulletin 1 critical addresses issues that are critical on Windows XP SP3, Vista and Windows 7 and issues that are important on Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 Bulletin 2 important addresses issues that are important on Windows Vista This Patch Tuesday http://www.secuobs.com/revue/news/277540.shtmlhttp://www.secuobs.com/revue/news/277540.shtml Secuobs.com : 2010-12-16 17:37:24 - Optimal Security - Much of the latter half of 2010 has had the cybersecurity community abuzz over congressional talks to give the executive branch the authority to shut down all or parts of Internet connectivity to public or private entities in the event that a major cybersecurity event threatens the nation s infrastructure This so-called Internet kill pill is http://www.secuobs.com/revue/news/272273.shtmlhttp://www.secuobs.com/revue/news/272273.shtml Secuobs.com : 2010-12-15 00:11:34 - Optimal Security - 2 Critical, 14 Important, 1 Moderate The December patch Tuesday is definitely giving IT security teams the feeling that the Grinch could have the upper hand on Santa this holiday season Microsoft released 17 updates amidst the backdrop of WikiLeaks-inspired hactivism that demonstrated how fast any company can unexpectedly become the target of a distributed, denial-of-service http://www.secuobs.com/revue/news/271745.shtmlhttp://www.secuobs.com/revue/news/271745.shtml Secuobs.com : 2010-12-15 00:11:34 - Optimal Security - IMAGE Don Leatham, Sr Director Solutions and Strategy, provides his insights in this December 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/271744.shtmlhttp://www.secuobs.com/revue/news/271744.shtml Secuobs.com : 2010-12-13 19:54:47 - Optimal Security - In 2011, the threat landscape will continue to evolve Here are 7 trends that have a high probability of happening 1 State-sponsored cyber crime will become a regular occurrence It all started with China and the Google hacks APT and reared its head again with Stuxnet It s no longer your disgruntled employee or even the opportunistic hacker http://www.secuobs.com/revue/news/271357.shtmlhttp://www.secuobs.com/revue/news/271357.shtml Secuobs.com : 2010-12-06 19:12:06 - Optimal Security - Chances are very high that some computers in your organization have been silently infected by malware and are now part of a botnet Chances are also high that you will never know it Stealth has become the ultimate high-ground in the modern malware battleground Undetectable communications and coordination between zombie computers has become the Holy http://www.secuobs.com/revue/news/269691.shtmlhttp://www.secuobs.com/revue/news/269691.shtml Secuobs.com : 2010-12-04 00:42:11 - Optimal Security - This week, we re distributing our findings from our annual State of Endpoint Risk security report we commission through The Ponemon Institute You will be surprised by some of the results To give you a brief preview, more than one-third of organizations surveyed are experiencing at least one intrusion per day, and nearly half noted a dramatic http://www.secuobs.com/revue/news/269310.shtmlhttp://www.secuobs.com/revue/news/269310.shtml Secuobs.com : 2010-11-24 21:02:17 - Optimal Security - Bogus warning messages are quickly spreading on Facebook about an application called Christmas Tree that contains a virus that will crash your computer and or steal your data This latest Virus Hoax has been recently reported on Snopescom as being False While there are several applications on Facebook that are related to the term Christmas Tree none http://www.secuobs.com/revue/news/267284.shtmlhttp://www.secuobs.com/revue/news/267284.shtml Secuobs.com : 2010-11-10 20:58:59 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this November 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/263993.shtmlhttp://www.secuobs.com/revue/news/263993.shtml Secuobs.com : 2010-11-09 23:22:20 - Optimal Security - 1 Critical, 2 Important Today Microsoft released three patches that address eleven vulnerabilities in Microsoft Office and Microsoft Forefront Unified Access Gateway This is a light load when compared with last month s record release, however this month s Critical bulletin addresses some very concerning vulnerabilities and IT teams must remain diligent in getting this patch fully deployed The http://www.secuobs.com/revue/news/263642.shtmlhttp://www.secuobs.com/revue/news/263642.shtml Secuobs.com : 2010-10-28 19:16:48 - Optimal Security - While Apple proudly proclaims the swelling number of iPhone sales, let me remind IT Security professionals that in the world of network security, popularity is not necessarily a good thing One of the most important lessons I have learned throughout my career is it is more often popularity - not necessarily insecurity - that drives the http://www.secuobs.com/revue/news/260701.shtmlhttp://www.secuobs.com/revue/news/260701.shtml Secuobs.com : 2010-10-19 17:50:27 - Optimal Security - IMAGE Recognizing October as National Cyber security Awareness Month, Lumension Chairman and CEO, Pat Clawson, invited a handful of IT security industry leaders for 30 minutes of frank conversation on what is being done at the government level to reign in national cyber security efforts in the US http://www.secuobs.com/revue/news/258248.shtmlhttp://www.secuobs.com/revue/news/258248.shtml Secuobs.com : 2010-10-18 23:26:59 - Optimal Security - The recent Wall Street Journal investigation on the Facebook privacy breach begs a fundamental question Can a social application be secure This is a question bigger than just Facebook Popular mobile communications platforms such as Apple s iOS and Google s Android have also struggled with this as of late Here is the core conundrum platform http://www.secuobs.com/revue/news/258001.shtmlhttp://www.secuobs.com/revue/news/258001.shtml Secuobs.com : 2010-10-13 01:38:06 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this October 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/256396.shtmlhttp://www.secuobs.com/revue/news/256396.shtml Secuobs.com : 2010-10-13 01:38:06 - Optimal Security - Forget ghouls and goblins The scariest thing about this month is the number of security vulnerabilities Today, Microsoft released one of the largest patch loads we've seen to date - with 16 patches for 49 flaws, 4 of which are critical http://www.secuobs.com/revue/news/256395.shtmlhttp://www.secuobs.com/revue/news/256395.shtml Secuobs.com : 2010-10-04 22:19:41 - Optimal Security - Remember when Toyota was taking a bad rap for some of their cars supposedly accelerating for no apparent reason Toyota ended up recalling millions of cars in an attempt to identify and correct the problem After countless studies and millions of dollars spent, there has been no conclusive evidence that the problem is anything more http://www.secuobs.com/revue/news/254158.shtmlhttp://www.secuobs.com/revue/news/254158.shtml Secuobs.com : 2010-09-30 21:52:35 - Optimal Security - IMAGE Part 3 of a three-part Q A podcast series with Pat Clawson, Chairman and CEO, Lumension and Patrick O Grady, Technology Writer, Phoenix Business Journal http://www.secuobs.com/revue/news/253253.shtmlhttp://www.secuobs.com/revue/news/253253.shtml Secuobs.com : 2010-09-28 20:06:51 - Optimal Security - IMAGE Part 2 of a three-part Q A podcast series with Pat Clawson, Chairman and CEO, Lumension and Patrick O'Grady, Technology Writer, Phoenix Business Journal http://www.secuobs.com/revue/news/252516.shtmlhttp://www.secuobs.com/revue/news/252516.shtml Secuobs.com : 2010-09-24 01:15:02 - Optimal Security - Bob Tarzey, Analyst and Director with Quocirca asks Alan Bentley, SVP International Sales, Lumension, about the difference between PCI compliance and a strong security posture Q PCI standards are designed to be a starting point to helping build a strong security posture Are retailers organisations aware that they need to do more than achieve PCI compliance to http://www.secuobs.com/revue/news/251219.shtmlhttp://www.secuobs.com/revue/news/251219.shtml Secuobs.com : 2010-09-22 18:24:20 - Optimal Security - This is outside my normal beat on data protection, but since we know that most cyber exploits these days are about getting to your data, I figure it s OK to stray a bit Two bits of news which popped up over the weekend which I found interesting the Microsoft ASPNet vulnerability and the out-of-band Adobe http://www.secuobs.com/revue/news/250700.shtmlhttp://www.secuobs.com/revue/news/250700.shtml Secuobs.com : 2010-09-21 20:52:13 - Optimal Security - Leverage in all forms is a powerful thing For both good and bad The popularity and speed of social websites provide an amazing degree of leverage for both businesses and hackers The Twitter OnMouseOver JavaScript flaw and the resulting flood of exploitive tweets is a great example of the latter In a matter of hours, thousands of Twitter users http://www.secuobs.com/revue/news/250376.shtmlhttp://www.secuobs.com/revue/news/250376.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - We in the security industry talk a lot about the risks of data theft and or loss, especially by an insider A quick look through the recent entries into the Open Security Foundation s DataLossDB makes that case more concrete, be it via an innocent mistake like losing a laptop or outright theft like the Countrywide case, http://www.secuobs.com/revue/news/249941.shtmlhttp://www.secuobs.com/revue/news/249941.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - So, the web is dead Or so says the latest cover of Wired Magazine I must admit, seeing this pronouncement in bright orange pop out of my mailbox caused me to stop in my tracks But the hot Arizona sun soon had me scrambling for the cover of my comfortably AC d house and I continued http://www.secuobs.com/revue/news/249940.shtmlhttp://www.secuobs.com/revue/news/249940.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - Ben Franklin dished out some pretty good security advice in his day In fact, he was one of the most well known security professionals of his time Many of you may realize it was Franklin that coined the saying An ounce of prevention is worth a pound of cure but what you might not know http://www.secuobs.com/revue/news/249939.shtmlhttp://www.secuobs.com/revue/news/249939.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - As noted in our July blog post Adjust Your Defense to the Changing Threat Vector, third party applications now pose the greatest risk to network security Simply turning on WSUS and patching the underlying OS and Microsoft applications leaves you woefully exposed The bad guys know they can improve the success of an attack by http://www.secuobs.com/revue/news/249938.shtmlhttp://www.secuobs.com/revue/news/249938.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - Apple took a great deal of heat early on by releasing the original iPhone with little consideration for enterprise security As a result, Apple has since built in a number of what many consider to be necessary enterprise security mechanisms into the iPad When it comes to security, the iPad with the right policies http://www.secuobs.com/revue/news/249937.shtmlhttp://www.secuobs.com/revue/news/249937.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - IMAGE A three-part Q A podcast series with Pat Clawson, Chairman and CEO, Lumension and Patrick O'Grady, Technology Writer, Phoenix Business Journal http://www.secuobs.com/revue/news/249936.shtmlhttp://www.secuobs.com/revue/news/249936.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - Following Labor Day, IT teams may have been hoping for a lighter patch load for the September Patch Tuesday, but such was not the case The Microsoft Security Bulletin Summary shows nine new bulletins that address a total of 13 vulnerabilities With Adobe, Mozilla, Cisco, and Apple all releasing security updates within the last seven http://www.secuobs.com/revue/news/249935.shtmlhttp://www.secuobs.com/revue/news/249935.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this September 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/249934.shtmlhttp://www.secuobs.com/revue/news/249934.shtml Secuobs.com : 2010-09-20 20:39:55 - Optimal Security - Last week, Forrester held its annual Security Forum 2010 and discussed, among other topics, the need for consistent controls on our endpoint devices to ensure continuous security and network protection In his keynote entitled What is the Most Significant Vulnerability We Face Today, Malcolm Harkins, Chief Information Security Officer at Intel Corporation cited an example http://www.secuobs.com/revue/news/249933.shtmlhttp://www.secuobs.com/revue/news/249933.shtml Secuobs.com : 2010-07-31 03:16:03 - Optimal Security - As more malware writers began to incorporate the Microsoft LNK issue CVE-2010-2568 in to their malicious code Microsoft last week published a workaround http supportmicrosoftcom kb 2286198 and is now rushing to address the issue with an out-of-band patch on Monday Aug 2nd Originally it was first reported that the issue was being actively exploited in the Stuxnet http://www.secuobs.com/revue/news/245553.shtmlhttp://www.secuobs.com/revue/news/245553.shtml Secuobs.com : 2010-07-30 22:24:18 - Optimal Security - While our budget-constrained defenses remain relatively static, the threat vector continues to change Historically in network security, attackers seem to regularly stay one step ahead of defenders I have watched the arms race unfold for more than two decades as attackers worked their way up the OSI stack from network layer attacks like the infamous http://www.secuobs.com/revue/news/245499.shtmlhttp://www.secuobs.com/revue/news/245499.shtml Secuobs.com : 2010-07-27 19:06:06 - Optimal Security - Before getting flamed as an Apple basher, first let me state that I like Apple products I am not foolishly going to disregard the risks of the environment we live work in today however In my business and personal life I own 3 Apple laptops, 4 Apple desktops, 2 iPads and 2 iPhones Along http://www.secuobs.com/revue/news/244293.shtmlhttp://www.secuobs.com/revue/news/244293.shtml Secuobs.com : 2010-07-19 20:01:03 - Optimal Security - News about a new attack via USB flash drive, known as StuxnetB, is surfacing The Belarusian antivirus company VirusBlokAda recently discovered it and published a report on it There are several points about this attack which make it both novel and unique, even though infection propagation via USB flash drives is very common To http://www.secuobs.com/revue/news/241786.shtmlhttp://www.secuobs.com/revue/news/241786.shtml Secuobs.com : 2010-07-14 20:35:28 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this July 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/240597.shtmlhttp://www.secuobs.com/revue/news/240597.shtml Secuobs.com : 2010-07-14 01:45:22 - Optimal Security - Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities Especially concerning this month is the fact that all three bulletins rated critical also rate a 1 on Microsoft s exploitability index with MS10-042 addressing a vulnerability that is actively being exploited Additionally, MS10-043 requires a reboot and affects Windows Server http://www.secuobs.com/revue/news/240266.shtmlhttp://www.secuobs.com/revue/news/240266.shtml Secuobs.com : 2010-07-12 23:14:01 - Optimal Security - I recently helped a friend set up her new Win7 box it was a breeze, especially when compared to or perhaps because of the Vista lappie I set up for her a couple of years back We had to do it because her old box was still running WinXP SP2 and we couldn t http://www.secuobs.com/revue/news/239797.shtmlhttp://www.secuobs.com/revue/news/239797.shtml Secuobs.com : 2010-07-09 02:20:22 - Optimal Security - Last week I participated in an interesting roundtable discussion with Michael Rasmussen from Corporate Integrity and my fellow blogger Paul Henry We were discussing how to secure the nation s critical infrastructure a topic which is relevant to organizations which own or operate critical infrastructure which, according to the 2009 National Infrastructure Protection Plan PDF , http://www.secuobs.com/revue/news/238905.shtmlhttp://www.secuobs.com/revue/news/238905.shtml Secuobs.com : 2010-07-06 19:11:30 - Optimal Security - I am told by a highly reliable source hi mom that, as a young un, I horrified my American grandfather by kicking the American football back to him after he threw it to me I m sure he was seriously concerned about what they were teaching me at those European schools And since I played a http://www.secuobs.com/revue/news/238070.shtmlhttp://www.secuobs.com/revue/news/238070.shtml Secuobs.com : 2010-07-02 03:21:08 - Optimal Security - Today, IBM announced plans to acquire BigFix and we have been asked several times today what this all means to Lumension So I thought I would weigh in with my thoughts both from an industry perspective and from Lumension s perspective, more specifically As it turns out, there has been increasing M A activity in the technology http://www.secuobs.com/revue/news/237055.shtmlhttp://www.secuobs.com/revue/news/237055.shtml Secuobs.com : 2010-06-23 22:53:40 - Optimal Security - As I mentioned in my last post, after quite a bit of overseas travel recently, I observed a few trends that apply globally at its core, what trends are driving technology trends in IT environments, today In addition to the platform-centric approach being firmly planted both here and overseas and the efficiency of agents on http://www.secuobs.com/revue/news/234305.shtmlhttp://www.secuobs.com/revue/news/234305.shtml Secuobs.com : 2010-06-23 00:09:19 - Optimal Security - Chris Andrew, VP of Security Technologies for Lumension, shares his thoughts on power management considerations What are some best practices to implementing PC power management in midsize and large enterprises The average computer is left on all the time in a business environment, and that consumes a tremendous amount of power According to the US Environmental Protection http://www.secuobs.com/revue/news/233968.shtmlhttp://www.secuobs.com/revue/news/233968.shtml Secuobs.com : 2010-06-22 20:08:18 - Optimal Security - As we ended 2009 and entered 2010, many predicted that 2010 was poised to go down in history as the year of insider threats It was not a risky prediction to make considering our economic peril and our industries continued unwavering albeit misplaced focus on the gateway rather then endpoint security The Worldwide State of the http://www.secuobs.com/revue/news/233914.shtmlhttp://www.secuobs.com/revue/news/233914.shtml Secuobs.com : 2010-06-17 01:04:29 - Optimal Security - A few things I learned while on the road in the past couple of weeks 1 The platform-centric approach is firmly planted both here and overseas 2 The efficiency of agents on the endpoint is increasingly under the microscope 3 Application whitelisting is truly hitting a global tipping point 4 Compliance costs continue to be an issue and 5 Never http://www.secuobs.com/revue/news/232264.shtmlhttp://www.secuobs.com/revue/news/232264.shtml Secuobs.com : 2010-06-15 18:57:45 - Optimal Security - Reflecting on recent headlines that Google was going to drop Windows usage for desktops and move to Linux or OS X Apple reminded me of advice I received very early on in my security career no operating system is the holy grail and you are always better off working with one you are more http://www.secuobs.com/revue/news/231693.shtmlhttp://www.secuobs.com/revue/news/231693.shtml Secuobs.com : 2010-06-10 23:09:28 - Optimal Security - It was reported yesterday that a group of hackers from Goatse Security compromised AT T s server through an open vulnerability to steal over 114,000 iPad 3G owners sensitive personal information which included email addresses and SIM card ICC-IDs The attack didn t effect the iPads themselves, but rather customer information housed on AT Ts network Luckily, no credit http://www.secuobs.com/revue/news/230512.shtmlhttp://www.secuobs.com/revue/news/230512.shtml Secuobs.com : 2010-06-10 03:09:23 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this June 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/230260.shtmlhttp://www.secuobs.com/revue/news/230260.shtml Secuobs.com : 2010-06-10 01:54:08 - Optimal Security - It might be the start of summer, but there was little sunshine from Microsoft on Tuesday, as the company warned users that they have released ten security bulletins three of which are critical, seven are rated important and all of which include an explicit or possible restart warning The impact will be felt enterprise-wide, http://www.secuobs.com/revue/news/230246.shtmlhttp://www.secuobs.com/revue/news/230246.shtml Secuobs.com : 2010-06-08 18:45:45 - Optimal Security - Over the last several months, I ve been wrestling over a few issues that I think are converging to create an inhospitable business environment Issues such as our company s heritage as a venture-backed company, where we sit as a nation from a data security perspective and my own view, that US intellectual property is at an http://www.secuobs.com/revue/news/229615.shtmlhttp://www.secuobs.com/revue/news/229615.shtml Secuobs.com : 2010-05-27 19:17:10 - Optimal Security - You ve probably heard about three recent security-related events that attracted lots of attention In January, Google announced that it suffered a highly sophisticated and targeted hacker attack originating from China against its corporate network In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines And a http://www.secuobs.com/revue/news/226329.shtmlhttp://www.secuobs.com/revue/news/226329.shtml Secuobs.com : 2010-05-27 00:33:47 - Optimal Security - The analogies comparing Android and iPhone OS to the PC and the Mac back in the 80s are everywhere on web The ground-breaking Mac established an early lead that was soon eclipsed by the comparatively open WinTel platform Will the iPhone s early lead in the smart phone market place similarly give way to the comparative http://www.secuobs.com/revue/news/226037.shtmlhttp://www.secuobs.com/revue/news/226037.shtml Secuobs.com : 2010-05-24 22:12:44 - Optimal Security - Ask any IT administrator where their greatest security risk lies and they will tell you it s at the endpoint The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network Data that once resided on secure centralized servers and http://www.secuobs.com/revue/news/225147.shtmlhttp://www.secuobs.com/revue/news/225147.shtml Secuobs.com : 2010-05-18 15:50:43 - Optimal Security - More than six years after President Bush signed the Fair and Accurate Credit Transactions Act of 2003 FACTA , it appears that the Federal Trade Commission FTC is finally ready to put the hammer down on the long-delayed Red Flags Rule provision of the law Designed to prompt businesses that extend credit to customers to pay http://www.secuobs.com/revue/news/223148.shtmlhttp://www.secuobs.com/revue/news/223148.shtml Secuobs.com : 2010-05-18 01:20:53 - Optimal Security - So, how are IT Security folks like Los Suns as they prepare for the NBA Conference Championships Because they re all racing around trying to figure out how to guard against K h obe Well, actually, it couldn t be further from the truth While Los Suns will probably have their hands full with Bryant, I suspect the tempest http://www.secuobs.com/revue/news/222970.shtmlhttp://www.secuobs.com/revue/news/222970.shtml Secuobs.com : 2010-05-13 16:33:26 - Optimal Security - Identity theft is not the only concern associated with the decline in privacy at Facebook The increased publicly available personal information on Facebook will undoubtedly fuel enterprise spear phishing attacks Why hack the enterprises perimeter security when you can simply trick an insider into opening a file that installs malware The erosion http://www.secuobs.com/revue/news/221835.shtmlhttp://www.secuobs.com/revue/news/221835.shtml Secuobs.com : 2010-05-12 19:06:34 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this May 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/221500.shtmlhttp://www.secuobs.com/revue/news/221500.shtml Secuobs.com : 2010-05-11 23:00:46 - Optimal Security - Microsoft has released two security bulletins this month, MS10-030 and MS10-031 to address two vulnerabilities in Microsoft Windows and Microsoft Office, both rated Critical As both bulletins are rated as critical, they will both demand a high priority in their deployment across the enterprise Details MS10-030 resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live http://www.secuobs.com/revue/news/221105.shtmlhttp://www.secuobs.com/revue/news/221105.shtml Secuobs.com : 2010-05-04 00:04:20 - Optimal Security - IMAGE Steve Antone, Vice President of Federal Solutions Group provides insights into the Federal Cyber Security Outlook for 2010 survey http://www.secuobs.com/revue/news/218378.shtmlhttp://www.secuobs.com/revue/news/218378.shtml Secuobs.com : 2010-04-22 21:55:48 - Optimal Security - Gosh that was fast Just a couple of weeks ago I wrote about the new data protection breach notification law in Washington state and bang here comes another one This time it s Mississippi that s finally passed one By my reckoning, that brings the count to 50 states and territories with data http://www.secuobs.com/revue/news/215078.shtmlhttp://www.secuobs.com/revue/news/215078.shtml Secuobs.com : 2010-04-14 19:17:58 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this April 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/212149.shtmlhttp://www.secuobs.com/revue/news/212149.shtml Secuobs.com : 2010-04-13 23:19:47 - Optimal Security - After last month s light load of patches, Microsoft today released a total of 11 patches to address 25 various vulnerabilities Of these 11, five of the patches are critical and involve remote code execution, and four require a restart The five critical bulletins affect all versions of Windows software that are widely being used and http://www.secuobs.com/revue/news/211716.shtmlhttp://www.secuobs.com/revue/news/211716.shtml Secuobs.com : 2010-04-08 19:57:36 - Optimal Security - By my count, 48 of the 55 US states and territories have state data protection data breach notification laws The state of Washington recently updated theirs, due to take effect on July 1, 2010 It impacts most businesses with customers in Washington Washington State House Bill 1149 was passed in early March, and signed by http://www.secuobs.com/revue/news/210246.shtmlhttp://www.secuobs.com/revue/news/210246.shtml Secuobs.com : 2010-04-06 21:27:15 - Optimal Security - IMAGE In this video interview, Matt Mosher, SVP of the Americas, Lumension, takes an in-depth look at how organizations can make compliance a continuous process by correlating compliance with security posture http://www.secuobs.com/revue/news/209433.shtmlhttp://www.secuobs.com/revue/news/209433.shtml Secuobs.com : 2010-04-05 22:42:01 - Optimal Security - We ve reported on the need for a non-toxic public sector private sector bridge to help counter cybersecurity threats, and it s encouraging to see signs we re finally moving away from all the chatter to actually put a structure in place The government needs to work with business to come up with effective strategies to keep information safe, http://www.secuobs.com/revue/news/209040.shtmlhttp://www.secuobs.com/revue/news/209040.shtml Secuobs.com : 2010-04-02 22:13:08 - Optimal Security - The Arizona State Senate recently approved SB 1334, designed to prohibit texting while driving Violators would face a 50 fine, which would be upped to 200 if they are involved in an accident while texting Texting including writing, sending or reading a written message on your cell phone or similar device while driving will be http://www.secuobs.com/revue/news/208526.shtmlhttp://www.secuobs.com/revue/news/208526.shtml Secuobs.com : 2010-04-01 19:17:43 - Optimal Security - With the introduction of the iPad, Apple is again hitting the consumer market with an innovative product that may have security implications for enterprise IT teams Although based on the iPhone OS, the use cases identified by Apple for the iPad especially as an electronic document reader portend a wide range of business uses that http://www.secuobs.com/revue/news/208061.shtmlhttp://www.secuobs.com/revue/news/208061.shtml Secuobs.com : 2010-03-31 21:24:15 - Optimal Security - The US Government last week proposed updating the Federal Information Security Management Act FISMA to include a clause about the continuation and monitoring of security threats based on government agency risk profiles The new amendments to the act would change FISMA compliance in the following ways Establish a national cyberspace division within the executive office of http://www.secuobs.com/revue/news/207531.shtmlhttp://www.secuobs.com/revue/news/207531.shtml Secuobs.com : 2010-03-30 22:34:47 - Optimal Security - Microsoft announced today they will be releasing a critical out-of-band patch MS10-018 From an impact perspective, this is a remote code execution and impacts Internet Explorer IE versions 6 and 7 The unscheduled release is in response to a reported upswing in attacks against Microsoft customers as detailed in Microsoft Security Advisory 981374 Beyond the http://www.secuobs.com/revue/news/207061.shtmlhttp://www.secuobs.com/revue/news/207061.shtml Secuobs.com : 2010-03-27 00:58:07 - Optimal Security - IMAGE Recent economic times have lead to increasing insider risk Learn about the latest best practices in how to reduce your insider risk without impacting productivity http://www.secuobs.com/revue/news/206007.shtmlhttp://www.secuobs.com/revue/news/206007.shtml Secuobs.com : 2010-03-27 00:58:07 - Optimal Security - IMAGE In this presentation, learn about the latest innovations that operationalize application whitelisting across dynamic business environments and deliver more effective endpoint security above and beyond stand-alone anti-malware http://www.secuobs.com/revue/news/206006.shtmlhttp://www.secuobs.com/revue/news/206006.shtml Secuobs.com : 2010-03-25 19:34:57 - Optimal Security - As both a guest speaker and attendee at the Security Innovation Network s fourth annual IT Security Entrepreneur s Forum, I found the conference provided a great deal of insight on important cybersecurity issues Two panels I found particularly relevant were An Industry and Government Perspective on the Emerging Cyber Threats, Risks and Vulnerabilities and Moving Forward http://www.secuobs.com/revue/news/205472.shtmlhttp://www.secuobs.com/revue/news/205472.shtml Secuobs.com : 2010-03-25 18:16:26 - Optimal Security - IMAGE 95 percent of companies use Twitter and Facebook Learn about the latest risks these web 20 applications bring into your organization and how to manage them http://www.secuobs.com/revue/news/205444.shtmlhttp://www.secuobs.com/revue/news/205444.shtml Secuobs.com : 2010-03-23 19:32:42 - Optimal Security - IMAGE Rich Mogull, founder of Securosis, provides his take on the predictions from the RSA show floor and how technology consolidation will impact endpoint landscape http://www.secuobs.com/revue/news/204579.shtmlhttp://www.secuobs.com/revue/news/204579.shtml Secuobs.com : 2010-03-23 19:32:42 - Optimal Security - It certainly seems that in 2010, a month doesn t go by without hearing about yet another zero-day threat affecting a popular browser software In the first quarter of 2010, we already have seen new zero-day issues in the most popular browsers in use today Microsoft reported yet another new zero-day issue with Internet Explorer, and within http://www.secuobs.com/revue/news/204578.shtmlhttp://www.secuobs.com/revue/news/204578.shtml Secuobs.com : 2010-03-22 23:24:34 - Optimal Security - IMAGE Ryan Naraine, Editor-in-Chief of Threat Post describes his view of the cybersecurity landscape, and immediate actions the cybersecurity czar should consider in regards to public-private partnerships to bridge the gaps and strengthen security http://www.secuobs.com/revue/news/204173.shtmlhttp://www.secuobs.com/revue/news/204173.shtml Secuobs.com : 2010-03-19 18:51:00 - Optimal Security - IMAGE Lumension talks security with Charles Kolodgy of IDC at RSA about the evolution in endpoint management and security and what role new and emerging technologies will play in managing risk Also, future predictions and trends http://www.secuobs.com/revue/news/203460.shtmlhttp://www.secuobs.com/revue/news/203460.shtml Secuobs.com : 2010-03-10 21:58:10 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this March 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/200398.shtmlhttp://www.secuobs.com/revue/news/200398.shtml Secuobs.com : 2010-03-09 23:20:13 - Optimal Security - Today s Patch Tuesday release is being overshadowed by a new zero-day vulnerability in Internet Explorer that can allow remote code execution The exploit reportedly is currently being used in targeted attacks in the wild It was reported today in an advisory by Microsoft - the same day they released the monthly patches for March 2010 From http://www.secuobs.com/revue/news/199951.shtmlhttp://www.secuobs.com/revue/news/199951.shtml Secuobs.com : 2010-03-09 18:30:10 - Optimal Security - I recently sat down with Anthony Sica, Executive Director of Information Technology at Shiseido America, to get his perspectives on the changing threat landscape and the evolving role of those in charge of Information Technology For the past six years, Tony has been in charge of infrastructure, end user computing, data centers, and compliance for http://www.secuobs.com/revue/news/199819.shtmlhttp://www.secuobs.com/revue/news/199819.shtml Secuobs.com : 2010-03-09 18:30:10 - Optimal Security - Last week, I attended two security-related events in San Francisco I spoke on the topic of the converging endpoint on a panel at America s Growth Capital s 6th Annual Information Security and West Coast Emerging Growth Conference And I walked the floor at the RSA Conference, where Lumensions exhibited Here are my thoughts on the key http://www.secuobs.com/revue/news/199818.shtmlhttp://www.secuobs.com/revue/news/199818.shtml Secuobs.com : 2010-03-01 20:44:29 - Optimal Security - As I ve discussed before, one of the requirements of the HITECH Act is for the Secretary of the Department of Health Human Services HHS to publish a list of all breaches of healthcare data covered by the HIPAA security rule on a yearly basis The first such publication has been made, covering the period http://www.secuobs.com/revue/news/196687.shtmlhttp://www.secuobs.com/revue/news/196687.shtml Secuobs.com : 2010-02-25 17:51:28 - Optimal Security - In light of all of the widely varying commentary on the Advanced Persistent Threat APT issue I have been reading about on the Internet, I wanted to weigh in with my opinion on the issue APT - the New Menace For the past 20 years, we have at best only reacted to the changing Internet threats http://www.secuobs.com/revue/news/195592.shtmlhttp://www.secuobs.com/revue/news/195592.shtml Secuobs.com : 2010-02-25 02:45:45 - Optimal Security - So, a couple of weeks ago we were all very concerned about the MS10-015 patch included in the February security update from Microsoft which seemed to cause the dreaded Blue Screen of Death BSOD on some machines As we went to press with our blog post, the news was just breaking that the underlying cause http://www.secuobs.com/revue/news/195349.shtmlhttp://www.secuobs.com/revue/news/195349.shtml Secuobs.com : 2010-02-19 01:10:27 - Optimal Security - Makes Us Wonder if Web 20 Social Apps are a Boon or a Bane http://www.secuobs.com/revue/news/193343.shtmlhttp://www.secuobs.com/revue/news/193343.shtml Secuobs.com : 2010-02-17 18:40:09 - Optimal Security - Today, Wednesday, February 17, 2010, marks one year since the HITECH Act of 2009 passed This means that most of the Act s provisions are now enforceable particularly, the breach notification and penalties aspect of the Act While most healthcare organizations are concerned about the meaningful use requirement, for us in the IT security space http://www.secuobs.com/revue/news/192801.shtmlhttp://www.secuobs.com/revue/news/192801.shtml Secuobs.com : 2010-02-12 23:46:32 - Optimal Security - So, another Patch Tuesday has passed and it was a big one But the news late Thursday 02 11 was a bit less nice it seems that one of the patches included causes that dreaded BSOD on certain Windows XP boxes Microsoft is aware of the problem, which involves the MS10-015 bulletin aka the 17-year-old Windows http://www.secuobs.com/revue/news/191511.shtmlhttp://www.secuobs.com/revue/news/191511.shtml Secuobs.com : 2010-02-10 18:11:45 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this February 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/190539.shtmlhttp://www.secuobs.com/revue/news/190539.shtml Secuobs.com : 2010-02-09 23:46:00 - Optimal Security - After a light start to the year in terms of patching, Microsoft is throwing out its heaviest patch load in four years for IT departments to tackle for the month of February with 13 patches in all - five of which have a maximum security rating of critical Three of the critical patches standout from the http://www.secuobs.com/revue/news/190228.shtmlhttp://www.secuobs.com/revue/news/190228.shtml Secuobs.com : 2010-02-08 20:14:47 - Optimal Security - Recently Dennis Blair, director of national intelligence, presented the Annual Threat Assessment of the US Intelligence Community to the Senate Select Committee on Intelligence and painted a much starker picture of the current state of cybersecurity in the country compared to his testimony last year According to Blair, the United States confronts a dangerous combination of http://www.secuobs.com/revue/news/189712.shtmlhttp://www.secuobs.com/revue/news/189712.shtml Secuobs.com : 2010-02-03 23:01:00 - Optimal Security - As businesses move at a rapid pace to integrate social media as part of their overall corporate strategy to engage, build brand awareness and drive thought leadership, unfortunately, security has taken a back seat leaving businesses wide open to these Web 20 threats The use of Web 20 has opened new risk channels for the http://www.secuobs.com/revue/news/188316.shtmlhttp://www.secuobs.com/revue/news/188316.shtml Secuobs.com : 2010-02-03 18:35:50 - Optimal Security - We recently sat down with Michael Rasmussen, President and Risk Compliance Advisor at Corporate Integrity, to discuss how public sector organizations can meet the requirements of FISMA in a cost-efficient but effective manner Q How are public sector organizations adapting to FISMA compliance and why is this critical A Federal agencies are trying to make the http://www.secuobs.com/revue/news/188222.shtmlhttp://www.secuobs.com/revue/news/188222.shtml Secuobs.com : 2010-02-01 20:34:58 - Optimal Security - The latest fifth annual US Cost of a Data Breach study by the Ponemon Institute and sponsored by PGP was released this week Disclosure Lumension has a relationship with the good folks at Ponemon The key findings of this report are well articulated in the Executive Summary US organizations continue to experience an increased cost http://www.secuobs.com/revue/news/187435.shtmlhttp://www.secuobs.com/revue/news/187435.shtml Secuobs.com : 2010-01-29 00:31:08 - Optimal Security - Education is still key to IT security Just look at users passwords The New York Times reported last week on a study that exposed the overwhelming simplicity of users password choices According to the study, which was conducted by Imperva, 20 percent of Web users choose a very simplistic password that can be easily guessed http://www.secuobs.com/revue/news/186423.shtmlhttp://www.secuobs.com/revue/news/186423.shtml Secuobs.com : 2010-01-25 18:34:53 - Optimal Security - About a hundred years ago in Internet terms so, a couple of years back , I learned about RealPlayer the hard way Despite the warnings from my friend and all-around knowledgeable good guy Tim, I installed it on my lappie so I could play some interesting bit of fluff from the Internet I then spent http://www.secuobs.com/revue/news/185111.shtmlhttp://www.secuobs.com/revue/news/185111.shtml Secuobs.com : 2010-01-22 19:02:31 - Optimal Security - Not sure this is entirely coincidental, but Mozilla released Firefox 36 on Jan 21 the same day that Microsoft announced their out-of-band patch to the so-called Google Attack Aurora exploit IE zero-day Perhaps fortuitous is a better way of putting it My colleagues Don Leatham and Paul Zimski have both weighed in on http://www.secuobs.com/revue/news/184534.shtmlhttp://www.secuobs.com/revue/news/184534.shtml Secuobs.com : 2010-01-21 23:13:49 - Optimal Security - Today, Microsoft released an out-of-band security patch Microsoft Security Bulletin MS10-002 Critical, Cumulative Security Update for Internet Explorer 978207 MS10-002 address the previously announced flaw in Internet Explorer that has been widely reported as the key attack vector in reported attacks against Google and other companies by entities based in China MS Security Advisory http://www.secuobs.com/revue/news/184219.shtmlhttp://www.secuobs.com/revue/news/184219.shtml Secuobs.com : 2010-01-21 23:13:49 - Optimal Security - There is a new Internet Explorer zero-day vulnerability this week that is at the center of in-the-wild attacks targeting large corporations including Google and Adobe As the research and vendor communities have been deconstructing the vulnerability, automated attack tools and various methodologies used to carry out the attack, a number of facts and mitigation steps http://www.secuobs.com/revue/news/184218.shtmlhttp://www.secuobs.com/revue/news/184218.shtml Secuobs.com : 2010-01-15 18:02:22 - Optimal Security - Having a security problem on the front page of the Wall Street Journal is never a good thing for the companies involved, but it can be instructive for everyone else Unfortunately, many will ignore the high-profile coverage of China s spear phishing attack on Google, Adobe and over thirty other businesses They will think that this http://www.secuobs.com/revue/news/182071.shtmlhttp://www.secuobs.com/revue/news/182071.shtml Secuobs.com : 2010-01-13 19:29:06 - Optimal Security - So, upon my return to the Valley of the Sun and after figuring out where our new offices let alone the coffee machine and bathrooms were Lumension has moved, in case you ve not heard 3rd floor with a seriously sweet view , I settled down to see what happened over the holidays First up http://www.secuobs.com/revue/news/181229.shtmlhttp://www.secuobs.com/revue/news/181229.shtml Secuobs.com : 2010-01-13 19:29:06 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this January 2010 Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/181228.shtmlhttp://www.secuobs.com/revue/news/181228.shtml Secuobs.com : 2010-01-05 21:07:09 - Optimal Security - The appointment of Howard Schmidt as the nation s new cybersecurity coordinator is good news Howard is one of the leading authorities on information security, and he has years of experience following security issues, threats and technologies I know Howard and I am certain he is qualified to head up the country s efforts to improve cybersecurity But http://www.secuobs.com/revue/news/178469.shtmlhttp://www.secuobs.com/revue/news/178469.shtml Secuobs.com : 2010-01-05 00:45:34 - Optimal Security - What s all the fuss about the latest changes on Facebook Simply put, the changes mean that nearly everything that you place on your Facebook page can now potentially be made available to anyone surfing the Internet The latest Facebook changes are purported to be an enhancement to make the social networking site easier for people who are looking for http://www.secuobs.com/revue/news/178107.shtmlhttp://www.secuobs.com/revue/news/178107.shtml Secuobs.com : 2009-12-23 18:04:57 - Optimal Security - When you begin to dig into the intricacies of accurately projecting what the threat landscape will look like in the next year, it is actually relatively easy in some respects Just look at failing defensive technologies and you ll have a good indication of what will transpire in our network environments Let me explain The best example http://www.secuobs.com/revue/news/175334.shtmlhttp://www.secuobs.com/revue/news/175334.shtml Secuobs.com : 2009-12-16 17:05:47 - Optimal Security - Last week, the House passed the Data Accountability and Trust Act bill that would provide a law for notifying potential victims of identity theft whenever their electronically stored personal information is exposed It s now on to the Senate for their review and vote If it does pass through the Senate, it will have implications across http://www.secuobs.com/revue/news/172848.shtmlhttp://www.secuobs.com/revue/news/172848.shtml Secuobs.com : 2009-12-16 00:29:56 - Optimal Security - The IT security community has been buzzing about a new zero-day exploit for Adobe that is reportedly in the wild It is now being investigated by Adobe and initial details are available on Adobe s blog The malicious PDF files are reportedly being used in targeted attacks with the PDF being sent as an email attachment and http://www.secuobs.com/revue/news/172464.shtmlhttp://www.secuobs.com/revue/news/172464.shtml Secuobs.com : 2009-12-10 21:23:55 - Optimal Security - We recently sat down with John Dunn, editor of Techworld, to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010 Q You were writing about whitelisting seven years ago, how close do you think whitelisting is to becoming a mainstream security technology A It won t happen quickly beyond http://www.secuobs.com/revue/news/170673.shtmlhttp://www.secuobs.com/revue/news/170673.shtml Secuobs.com : 2009-12-09 21:09:34 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this December Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/170302.shtmlhttp://www.secuobs.com/revue/news/170302.shtml Secuobs.com : 2009-12-07 23:46:30 - Optimal Security - We recently sat down with Nigel Stanley, Analyst at Bloor Research to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010 Q What role does whitelisting technology play in protecting a company s vital information and managing critical risk A Application whitelisting, which is the notion of only allowing pre-determined http://www.secuobs.com/revue/news/169396.shtmlhttp://www.secuobs.com/revue/news/169396.shtml Secuobs.com : 2009-12-01 18:08:26 - Optimal Security - Over the past week it has been interesting to see the cinema box office and IT security press both dominated by love triangles The cinematic version features incumbent, sparkling vampires verses upstart, over-sized werewolves - both vying for the affections of a morose damsel in distress The IT version Security sites and blogs are all http://www.secuobs.com/revue/news/167349.shtmlhttp://www.secuobs.com/revue/news/167349.shtml Secuobs.com : 2009-12-01 18:08:26 - Optimal Security - Much has been said over the past few years about the convergence of IT security and IT operations Most companies look at this convergence from an optimization standpoint hoping to increase security, achieve greater compliance, and reduce IT risk Many larger companies, however, still operate under a siloed approach, working primarily with point solutions for http://www.secuobs.com/revue/news/167348.shtmlhttp://www.secuobs.com/revue/news/167348.shtml Secuobs.com : 2009-12-01 04:15:10 - Optimal Security - So, last week I wrote something about Windows 7 adoption hope you found it interesting and useful Today, I want to focus on its sister release, Windows Server 7 Server 2008 R2 which I m call WS2K8 R2 WS2K8 R2 is the latest version of Server 2008, which was originally released in early 2008 As such, http://www.secuobs.com/revue/news/167013.shtmlhttp://www.secuobs.com/revue/news/167013.shtml Secuobs.com : 2009-11-24 22:54:16 - Optimal Security - In my post some time ago about the newly released Windows 7, I made mention of a Gartner report entitled Planning for the Security Features of Windows 7 I want to revisit this report in a little greater detail in particular, the statement Use the migration to Windows 7 as the catalyst to get http://www.secuobs.com/revue/news/164843.shtmlhttp://www.secuobs.com/revue/news/164843.shtml Secuobs.com : 2009-11-23 23:27:59 - Optimal Security - The latest Internet Explorer zero day threat will unfortunately catch many off guard and will have a significant impact on many organizations that are still relying on outdated defenses For the past decade or perhaps longer, our way of dealing with threats has been to try to filter our way out of trouble However, with our http://www.secuobs.com/revue/news/164235.shtmlhttp://www.secuobs.com/revue/news/164235.shtml Secuobs.com : 2009-11-19 01:03:47 - Optimal Security - So, the Federal Trade Commission FTC has, for the fourth time delayed enforcement of the so-called Red Flags rules, according to a statement posted on the agency s website Compliance enforcement is now scheduled for June 1, 2010 - in case you re keeping score at home, the previous dates were 01-Nov-08 original , 01-May-09 first delay , http://www.secuobs.com/revue/news/162762.shtmlhttp://www.secuobs.com/revue/news/162762.shtml Secuobs.com : 2009-11-17 19:03:50 - Optimal Security - We ve been discussing how unprepared organizations in the US are for cyber attacks, and now there s new research that backs up these concerns and illustrates the inherent weaknesses that must be addressed if we re to adequately safeguard our information and vital systems A new Ponemon-Lumension survey on the worldwide state of the endpoint shows that companies http://www.secuobs.com/revue/news/161699.shtmlhttp://www.secuobs.com/revue/news/161699.shtml Secuobs.com : 2009-11-17 03:19:32 - Optimal Security - So, no sooner do I get done writing about how Win7 is a much better OS, albeit not perfect, from a security perspective than the first zero-day threat is revealed And this after Microsoft triumphantly issued no Win7 security updates in last week s Patch Tuesday extravaganza, that included a fix MS09-065 to a Windows kernel http://www.secuobs.com/revue/news/161428.shtmlhttp://www.secuobs.com/revue/news/161428.shtml Secuobs.com : 2009-11-13 23:16:15 - Optimal Security - Windows 7 has arrived on the scene with much hoopla Understandably, many IT folks have greeted it with some trepidation Here are my thoughts on what you should consider before migrating to this new platform No 1 Windows 7 is better than XP, which is now already eight years old While Windows 7 may not be http://www.secuobs.com/revue/news/160693.shtmlhttp://www.secuobs.com/revue/news/160693.shtml Secuobs.com : 2009-11-12 00:58:58 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this November Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/159964.shtmlhttp://www.secuobs.com/revue/news/159964.shtml Secuobs.com : 2009-11-10 23:55:54 - Optimal Security - October was National Cybersecurity Awareness month What did this initiative accomplish Not much, I m afraid The fact that a lot of people in the private sector don t even know it was Cybersecurity Month speaks to the problems we face in ensuring that people take cybersecurity seriously We still don t really understand the value of cybersecurity and http://www.secuobs.com/revue/news/159559.shtmlhttp://www.secuobs.com/revue/news/159559.shtml Secuobs.com : 2009-11-10 23:55:54 - Optimal Security - Apple clearly seems to have taken a page from the Microsoft playbook and is now regularly delivering software patches almost monthly typically in the shadow of Microsoft Patch Tuesday However, this month s Apple patch release falls on the eve of Patch Tuesday as IT teams prepare to address tomorrow s Microsoft Patch Tuesday The nearly http://www.secuobs.com/revue/news/159558.shtmlhttp://www.secuobs.com/revue/news/159558.shtml Secuobs.com : 2009-10-31 00:48:29 - Optimal Security - It certainly seems that not a week goes by without hearing about yet another attack on Facebook users Last week it was a phishing scam driven by a botnet, and this week, we have two new and different phishing scams one cleverly tricking users into revealing their passwords and another installing malware that quietly http://www.secuobs.com/revue/news/155780.shtmlhttp://www.secuobs.com/revue/news/155780.shtml Secuobs.com : 2009-10-27 22:25:01 - Optimal Security - Over the past months it has been interesting to watch the furor over certain End-User License Agreements and the definition of data ownership Most draconian was the idea that once posted by a user, the data transferred ownership to the social networking site This of course has huge implications to an individual user, especially for http://www.secuobs.com/revue/news/154561.shtmlhttp://www.secuobs.com/revue/news/154561.shtml Secuobs.com : 2009-10-21 20:49:47 - Optimal Security - Gosh, my apologies dear readers Hi Mom , it s been a while since I ve written a post not for a lack of news, but my day job has kept me hoppin lately But the news out of California was enough to jolt me out of my lethargy Seems the Governator has vetoed SB 20, the widely http://www.secuobs.com/revue/news/152613.shtmlhttp://www.secuobs.com/revue/news/152613.shtml Secuobs.com : 2009-10-20 04:18:25 - Optimal Security - Almost everyone is a remote user these days Even if your staff works in the office most of the time, there are always situations where your employees will work from home or on the road Laptops are now the norm, making your risk of data loss significant even with the best of security intentions Therefore, it makes http://www.secuobs.com/revue/news/151995.shtmlhttp://www.secuobs.com/revue/news/151995.shtml Secuobs.com : 2009-10-20 04:18:25 - Optimal Security - There s been a lot of talk about what role whitelisting will play in the endpoint protection suites of the future Opinions dissent about what it will take for whitelisting to become easily implementable for users and whether it will replace or augment the traditional anti-virus approach Whatever the opinion, I think most folks can agree http://www.secuobs.com/revue/news/151994.shtmlhttp://www.secuobs.com/revue/news/151994.shtml Secuobs.com : 2009-10-19 22:06:57 - Optimal Security - As far back as a decade ago, attacks consisted of simultaneously launching strikes utilizing multiple vulnerabilities to gain a foothold in a target network and then following up with privilege escalation attacks to make it more worthwhile for the bad guys For many years, we simply referred to these attacks as blended threats While Chained http://www.secuobs.com/revue/news/151925.shtmlhttp://www.secuobs.com/revue/news/151925.shtml Secuobs.com : 2009-10-17 04:06:32 - Optimal Security - With Twitter expected to top 18 million users by the end of this year, users of the widely utilized social media tool are seeing first-hand the ugly side of this popular platform Another Twitter phishing scam reared its ugly head this week, aggressively sending out direct message spam, hoping to lure unsuspecting users to click http://www.secuobs.com/revue/news/151358.shtmlhttp://www.secuobs.com/revue/news/151358.shtml Secuobs.com : 2009-10-14 20:04:14 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this October Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/150458.shtmlhttp://www.secuobs.com/revue/news/150458.shtml Secuobs.com : 2009-10-09 21:22:00 - Optimal Security - This month s Microsoft Patch Tuesday update has reached an all time high with 13 bulletins, which surpasses the previous high of 12 released in October 2008 IT pros won t only have to deal with the large amount of patches, but the update also includes fixes for 34 security issues with zero-day issues continuing to be http://www.secuobs.com/revue/news/149088.shtmlhttp://www.secuobs.com/revue/news/149088.shtml Secuobs.com : 2009-10-08 21:12:52 - Optimal Security - We could all learn a thing or two about developing an effective cyber security strategy from the government of Singapore I was recently in Singapore to do a keynote for Singapore GovWare on the Changing State of the Endpoint and, while I was out there, I witnessed something interesting the Singapore government was doing to http://www.secuobs.com/revue/news/148693.shtmlhttp://www.secuobs.com/revue/news/148693.shtml Secuobs.com : 2009-09-28 23:47:44 - Optimal Security - Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr s bloom In some circles, this seems to have lead to a complacency or belief that botnet infections are not http://www.secuobs.com/revue/news/145261.shtmlhttp://www.secuobs.com/revue/news/145261.shtml Secuobs.com : 2009-09-24 22:34:09 - Optimal Security - Gartner recently released a report on operationalizing endpoint security on how signature-based anti-malware is losing effectiveness in the face of an overwhelming volume of threats I have a few thoughts about the report s findings and what organizations can do to better protect their endpoints As the Gartner report made clear, signature-based anti-malware is losing its http://www.secuobs.com/revue/news/144131.shtmlhttp://www.secuobs.com/revue/news/144131.shtml Secuobs.com : 2009-09-22 05:44:14 - Optimal Security - In general there are few Facts of Life that are accepted because there is an abundance of supporting data hence, they simply cannot be disputed Below are half a dozen Facts of Life I use in my own life that I m happy to share 1 If I smoke cigars or cigarettes it will have a http://www.secuobs.com/revue/news/143030.shtmlhttp://www.secuobs.com/revue/news/143030.shtml Secuobs.com : 2009-09-16 22:54:05 - Optimal Security - In May 2009, Aberdeen Group published a research report entitled IT GRC Managing Risk, Improving Visibility, and Reducing Operating Costs The study describes the policy, planning, process, and organizational elements that contribute to successful initiatives in the area of IT governance, risk management, and compliance IT GRC I recently sat down with Derek Brink, vice president http://www.secuobs.com/revue/news/141581.shtmlhttp://www.secuobs.com/revue/news/141581.shtml Secuobs.com : 2009-09-11 00:23:07 - Optimal Security - Whether you want to admit it or not, social networking is a fact of everyday corporate life In most companies, the number one social networking application used daily during work hours is Facebook This is not a fad as it took less than 9 months for Facebook to reach 100 million users and the Apple http://www.secuobs.com/revue/news/139762.shtmlhttp://www.secuobs.com/revue/news/139762.shtml Secuobs.com : 2009-09-10 01:53:46 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this September Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/139369.shtmlhttp://www.secuobs.com/revue/news/139369.shtml Secuobs.com : 2009-09-09 03:37:22 - Optimal Security - I recently sat down with Brandon Dunlap, Managing Director of Research at Brightfly, to get his perspectives on the biggest challenges around IT risk and how organizations can get better at managing risk Brightfly is an advisory services firm specializing in the collision between IT operations, information security, physical security, and auditing The firm conducts http://www.secuobs.com/revue/news/138877.shtmlhttp://www.secuobs.com/revue/news/138877.shtml Secuobs.com : 2009-09-04 22:52:00 - Optimal Security - With Microsoft Patch Tuesday right around the corner, life gets even more interesting for IT professionals with the release this morning of a new Zero Day DoS exploit impacting Microsoft FTP server This comes on the heels of a more serious issue Just days ago, an exploit was released that can allow a remote user to http://www.secuobs.com/revue/news/137994.shtmlhttp://www.secuobs.com/revue/news/137994.shtml Secuobs.com : 2009-09-02 03:17:14 - Optimal Security - Organizations continue to be plagued by increasing regulations coming from states and federal governments, industry regulations and internal compliance policies They are further challenged by the complexities and costs associated with demonstrating compliance while managing the right levels of risks I recently sat down with Rob Israel, the CIO of John C Lincoln Health Network, one of Lumension s customers to http://www.secuobs.com/revue/news/136703.shtmlhttp://www.secuobs.com/revue/news/136703.shtml Secuobs.com : 2009-08-27 20:27:40 - Optimal Security - The current Twitter cross-site-scripting vulnerability Twitter XSS vulnerability should not be a surprise to anyone given how new the Twitter platform is For millions of its users including myself, we have all seen our fair share of bugs and issues such as Twitter downtime for maintenance, lost profile pictures, misdelivered direct messages and publicly revealed http://www.secuobs.com/revue/news/135218.shtmlhttp://www.secuobs.com/revue/news/135218.shtml Secuobs.com : 2009-08-26 21:27:35 - Optimal Security - SQL Injection attacks are getting a great deal of coverage lately, and with good reason After all, it was recently revealed that SQL injection may have enabled the breach at Heartland Payment Systems Obviously, this issue is serious enough to warrant concern and action When considering ways to mitigate SQL injection attacks, it s easy to get http://www.secuobs.com/revue/news/134819.shtmlhttp://www.secuobs.com/revue/news/134819.shtml Secuobs.com : 2009-08-25 22:37:56 - Optimal Security - IMAGE To help facilitate a open dialogue, collaboration and co-innovation, we launched a new online customer community called Lumension Connect http://www.secuobs.com/revue/news/134337.shtmlhttp://www.secuobs.com/revue/news/134337.shtml Secuobs.com : 2009-08-17 23:30:54 - Optimal Security - One major complaint I hear from security veterans time and again is how compliance has needlessly complicated their day-to-day routines While many of security s fundamental principles and controls have remained the same over the past several years, compliance mandates from hither and yon have muddied the waters Disparate regulations call for their own set of controls, http://www.secuobs.com/revue/news/131630.shtmlhttp://www.secuobs.com/revue/news/131630.shtml Secuobs.com : 2009-08-15 01:35:00 - Optimal Security - By now, most of us have heard of the data breach that affected Heartland Payment Systems It s been front page news, and Heartland themselves went public with news of the breach in January 2009 What many people might not know is that Heartland s QSA Qualified Security Assessor had declared them as PCI compliant shortly before http://www.secuobs.com/revue/news/131047.shtmlhttp://www.secuobs.com/revue/news/131047.shtml Secuobs.com : 2009-08-12 17:18:37 - Optimal Security - IMAGE Paul Henry, Forensics and Security Analyst, provides his insights in this August Patch Tuesday Security Briefing http://www.secuobs.com/revue/news/130227.shtmlhttp://www.secuobs.com/revue/news/130227.shtml Secuobs.com : 2009-08-11 21:02:19 - Optimal Security - Microsoft, Apple and Adobe have all released out-of-band patches over the course of the summer and with the recent release of a free tool to hack Oracle databases, can Oracle resist and not address currently exposed issues as well with out-of-band fixes The regular patch cycles adopted by major software vendors has brought some level of http://www.secuobs.com/revue/news/129941.shtmlhttp://www.secuobs.com/revue/news/129941.shtml Secuobs.com : 2009-08-11 05:19:44 - Optimal Security - For the past two years, I have been closely watching the genesis and implementation of a very interesting program mandated by the Office of Management and Budget OMB of all US government agencies called the Federal Desktop Core Configuration FDCC The idea behind FDCC was simple through an OMB developed standard configuration set-up, organizations can manage endpoints http://www.secuobs.com/revue/news/129638.shtmlhttp://www.secuobs.com/revue/news/129638.shtml Secuobs.com : 2009-08-07 05:49:43 - Optimal Security - There was early speculation this morning that the Twitter outage was yet another case of growing pains with the Twitter infrastructure simply not being able to keep up with the load associated with their rapid growth However, today s outage is happening at the same time a new version of the Koobface malware was found in http://www.secuobs.com/revue/news/128611.shtmlhttp://www.secuobs.com/revue/news/128611.shtml Secuobs.com : 2009-08-07 05:49:43 - Optimal Security - Twitter has aggressively and successfully focused on developing features and building applications to drive user numbers, and it has grown in leaps and bounds internationally But, this DDoS attack should give business pause to consider how much effort they should continue to put into adopting and embracing Twitter Does Twitter have the security model to http://www.secuobs.com/revue/news/128610.shtmlhttp://www.secuobs.com/revue/news/128610.shtml Secuobs.com : 2009-08-04 21:33:56 - Optimal Security - The recent attacks on US and South Korean IT infrastructure has once again raised awareness around national cybersecurity issues here in the States While I certainly agree with my security colleagues that it is high time that President Obama finally appoint a cybersecurity czar to head up the overarching public-private initiatives that have been promised, http://www.secuobs.com/revue/news/127893.shtmlhttp://www.secuobs.com/revue/news/127893.shtml Secuobs.com : 2009-07-29 00:19:46 - Optimal Security - Today, Microsoft released two out-of-band patches MS09-034 and MS09-035 rated critical and moderate, respectively These patches address vulnerabilities found in Microsoft s Active Template Library, a set of software developer tools that are used in the creation of COM and ActiveX modules, both commonly used in a wide range of Windows-based applications ActiveX modules are commonly http://www.secuobs.com/revue/news/125922.shtmlhttp://www.secuobs.com/revue/news/125922.shtml Secuobs.com : 2009-07-27 23:08:10 - Optimal Security - IT pros are anxiously awaiting this Tuesday s out-of-band patches from Microsoft The patches are supposed to add an additional layer of security to the issues for Internet Explorer, which was patched just last Tuesday, as well as handle issues within Visual Studio The IE issues involve the ongoing Active X saga and hopefully will provide an http://www.secuobs.com/revue/news/125458.shtmlhttp://www.secuobs.com/revue/news/125458.shtml Secuobs.com : 2009-07-21 01:25:46 - Optimal Security - A new video is reportedly making the rounds on the Internet supposedly a keyhole camera was used to tape an unsuspecting ESPN Reporter Erin Andrews undressing in a hotel room While lawyers for Erin Andrews work to have sites posting the video immediately remove it, the bad guys are yet again taking advantage of http://www.secuobs.com/revue/news/122809.shtmlhttp://www.secuobs.com/revue/news/122809.shtml Secuobs.com : 2009-07-21 01:25:46 - Optimal Security - IMAGE Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability, filling in the gaps that anti-virus AV was never designed to cover http://www.secuobs.com/revue/news/122808.shtmlhttp://www.secuobs.com/revue/news/122808.shtml Secuobs.com : 2009-07-17 01:16:46 - Optimal Security - Not so long ago, if you wanted to quickly take control of a user s PC, you scanned the Internet looking for open ports for a vulnerable victim and hacked them with an OS vulnerability In the age of Web 20, OS vulnerabilities have been replaced with browser vulnerabilities as the keys to the kingdom and http://www.secuobs.com/revue/news/121619.shtmlhttp://www.secuobs.com/revue/news/121619.shtml