http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2008-07-06 05:21:25 - eWeek Security Watch : A pair of influential mobile consortiums are partnering to further mobiledevice securityIMAGEIMAGEhttp://www.secuobs.com/revue/news/36295.shtmlhttp://www.secuobs.com/revue/news/36295.shtml 2008-07-05 20:19:32 - Rootsecure.net : Search Security: Microsoft addresses XSS in Internet Explorerhttp://www.secuobs.com/revue/news/36261.shtmlhttp://www.secuobs.com/revue/news/36261.shtml 2008-07-05 06:47:43 - TaoSecurity : You all know how environmentally-conscience I am Actually, I don'tconsider myself to be all that "green," aside from the environmentalscience merit badge I earned as a Scout However, working for a globalcompany and especially the Air Force, in a prior life reinforces oneof my personal tenets: move data, not people In other words, I lookfor ways to acquire security data remotely, and move it to me I'drather not fly to a location where the information resides; datacenters are too distributed, cold, noisy, and cramped for me to wantto spend a lot of time thereSo, when Bill Brenner of CSO asked if I had thoughts on "Green IT," Ithink I surprised him by answering postively You can read some ofwhat I said in his article Cost-Cutting Through Green IT Security:Real or MythFor Richard Bejtlich, director of incident response at GeneralElectric, the biggest green security challenge is in how the companymoves people around Incident response investigations often requirepeople to fly to offices spread across the country But travel can beexpensive and the environment certainly doesn't benefit from the jetfuel that's burned in the processBejtlich's solution is to find more remote ways for employees toconduct incident response"Rather than have the carbon footprint of a plane trip, we can insteadfocus on moving the data we need for incident response instead ofmoving the people," he says Bejtlich says a lot of the work can getdone using virtual technology without reducing the quality of thesecurityTo achieve this at GE, Bejtlich has made use of F-Response, a vendorneutral, patent-pending software utility that allows an investigatorto conduct live forensics, data recovery, and e-discovery over an IPnetwork using the tools of their choice "For $5,000 we can use theF-Response enterprise product throughout the company," he says "It'sa very good deal"Bejtlich is also a believer in letting employees work from home Likethe reduction in air travel, working from home means fewer peopleburning gas on the way to the office"We encourage people to work from home so they don't waste energy ontravel The incident response team is all over the world anyway, so wereally don't need to be in an office," he says "Doing the jobvirtually makes budgetary sense, we spend more time getting the workdone, and the bonus is it lowers our carbon footprint"Virtual wondersBejtlich's success with virtual technology is music to the ears ofEvolutionary IT's Guarino, who sees virtualization as a key toconsolidating the IT environment and achieving green securityLet me make a few clarifications First, no one at GE uses F-ResponseI mentioned it to Bill as an example of the sort of tool one could useto do remote forensics I have a copy ready to test and I spent anhour on the phone speaking with Matt Shannon from F-Response, and Ihave high hopes for the product Please don't read this as anendorsement of any single product I mentioned F-Response to help getmy point across to BillSecond, I don't see the "virtual technology" angle here I didn't talkabout "virtualization," so maybe the term was just usedinappropriatelyOtherwise, I agree with my quotes on remote IR and working from homeoffices They are key initiatives I would encourage other companies toadoptIn fact, you could think of the home office as an example of movework, not people Keep the people in place and move the job to themIn an increasingly competitive market where people with true skillsare scarce, it's unreasonable to expect talent to uproot and migrateto an employer's locationCopyright 2003-2008 Richard Bejtlich andTaoSecurity taosecurityblogspotcom and wwwtaosecuritycomhttp://www.secuobs.com/revue/news/36214.shtmlhttp://www.secuobs.com/revue/news/36214.shtml 2008-07-05 00:50:14 - SecuMania.org Headlines News : A panel of experts in data protection was beaten yesterday by a simplequestion from the floor: "Can you give us an example of good datasecurity practice by the British Government" The meeting, aWestminster eForum event, was to discusshttp://www.secuobs.com/revue/news/36186.shtmlhttp://www.secuobs.com/revue/news/36186.shtml 2008-07-05 00:50:14 - SecuMania.org Headlines News : Apple has failed to keep software for the iPhone up to date with patchesavailable for its desktop PCs The latest version of the software forthe iPhone, 114, came out in February and is essentially apared-down version of Mac OS 105,http://www.secuobs.com/revue/news/36175.shtmlhttp://www.secuobs.com/revue/news/36175.shtml 2008-07-04 22:34:26 - Rootsecure.net : Heise Security: Several bugs fixed in the Wireshark and TShark networktoolshttp://www.secuobs.com/revue/news/36161.shtmlhttp://www.secuobs.com/revue/news/36161.shtml 2008-07-04 20:20:35 - Rootsecure.net : Heise Security: Buffer overflow in the PCRE regular expression libraryhttp://www.secuobs.com/revue/news/36137.shtmlhttp://www.secuobs.com/revue/news/36137.shtml 2008-07-04 20:20:35 - Rootsecure.net : Heise Security: heise SSL Guardianhttp://www.secuobs.com/revue/news/36136.shtmlhttp://www.secuobs.com/revue/news/36136.shtml 2008-07-04 20:17:15 - milw0rm.com : http://www.secuobs.com/revue/news/36125.shtmlhttp://www.secuobs.com/revue/news/36125.shtml 2008-07-04 12:03:49 - Global Security Mag Online : China Security et Surveillance Technology Inc CSST et Mobotix AG,spécialiste des caméras réseau haute résolution, ont conclu un accordde distribution Signé en avril 2008, il concède à la CSST les droitsde distribution des produits Mobotix pour la totalité de la Républiquepopulaire de ChineGrâce à ce partenariat, CSST pourra proposer des solutions adaptées aubesoin croissant en systèmes de surveillance performants et hauterésolution Ce type de solutions est en effet très demandé en Chinepar - Businesshttp://www.secuobs.com/revue/news/36029.shtmlhttp://www.secuobs.com/revue/news/36029.shtml