Security Bullet In
Communiques from the security front, sir
Friday 22 June 2007, 2:53 PM
Orange has wrist slapped over Data Protection breach
The communications giant has had a tongue-lashing from the Information Commissioner's Office (ICO) over a breach of the Data Protection Act (DPA).
It seems that Orange customer service representatives that had recently been employed had been allowed to share usernames and passwords to access confidential customer information.
Ooops!
Out-Law.com was one of the news sites to report on this -- in its article it also reports that Littlewoods has also had a telling off by the ICO for breaching the DPA.
Friday 22 June 2007, 11:10 AM
Pentagon hacked
According to various news reports, including the BBC and Time, the Penatgon was hacked on Wednesday, resulting in Pentagon email being suspended.
"Elements of the... unclassified email system were taken offline yesterday afternoon due to a detected penetration," said US Defence Secretary Robert Gates.
What's more worrying is that Gates appears not to use email. When asked if his email had been affected, he said:
"I don't do e-mail. I'm a low-tech person."
How on earth does he communicate? There's only a limited amount of stuff you can do over the phone...
Thursday 14 June 2007, 12:32 AM
Symantec to open SOC
According to Jeffrey Hausman, senior director of product management for Symantec said the company will open a Security Operations Centre on its Green Park campus in Reading next week.
Over a lunch at the cavernous press room in The Ventian Resort in Las Vegas, Hausman told ZDNet UK that the centre would complement other Symantec SOCs around the globe.
Symantec's OC used to be in a decomissioned nuclear bunker near Winchester, in the south downs.
I'm hoping to go and take a look at the new one -- with some photos -- watch this space.
Meanwhile, the ceilings in the Venetian Resort seem to defy physics. There are no supporting walls under a flat ceiling with an area the size of three football fields, in the Keynote Hall. Above the ceiling there is a massive hotel that contains, among other things, a canal. With gondoliers. Who sing "O Sole Mio" every five minutes.
Las Vegas is just crazy.
Tuesday 12 June 2007, 6:56 PM
Symantec reveals Endpoint Protection
At the massive Symantec Vision Conference 2007 in the Venetian Resort in Las Vegas on Tuesday, Symantec unveiled Endpoint Protection -- previously codenamed "Hamlet".
At this Symantec fest, in what is quite possibly the most insane city on the planet, the security company's chief executive officer announced Endpoint Protection version 1.0, which combines traditional av, IPS and IDS with a security management console, to a background of thudding music and massive back-projections. Thompson was (unsurprisingly) upbeat.
"It gets the job done," Thompson told the crowd of journalists, analysts, and the Symantec faithful.
The Endpoint Protection box has "preset network access control capabilities", and protects against zero-day threats by using behavioural analysis, according to Thompson.
Symantec also announced Storage United, a software product which Symantec claims will enable storage professionals not only to gain a comprehensive overview of what they have in their systems, but also manage storage through a centralised console.
"Many enterprises have no idea how much storage they're using," said Thompson.
In what quickly become a raft of new product anouncements, Symantec also announced Veritas NetBackup 6.5 -- the latest version of its data management product.
According to a Symantec press release, "NetBackup 6.5 introduces a host of features and enhancements including native disk-based backup, data deduplication, integration with backup appliances and VTLs, heterogeneous snapshot management, granular recovery for critical applications and virtual machines, and new licensing and pricing programs."
I'm hoping to talk to Symantec here in Las Vegas to decipher some of the language in this release (what exactly is "heterogeneous snapshot management" for example?), and hopefully I'll avoid calling Symantec United "Symantec Untied".
Thursday 7 June 2007, 5:10 PM
Kaspersky, Grisoft, F-Secure fail VB100 security test
Three big names have failed to receive certification in the latest Virus Bulletin anti-malware test, the VB100.
Kaspersky, Grisoft, and F-Secure all had products which failed to detect 100 percent of the in-the-wild malware signatures in Virus Bulletin's database. The platform each product was tested on is XP.
Kaspersky Anti-Virus 6.0.2.621 failed to detect a network worm called allaple. According to Kaspersky senior technology consultant David Emm, Kaspersky first added a signature for the worm in February. At the time of the test, Kaspersky was "optimising" its allaple signature. For one day, the signature wasn't in the Kaspersky database.
"That happened to be the day of the test," Emm told ZDNet UK.
Kaspersky is confident that no customer running its full security suite was affected at the time of the test, as this has a firewall, behavioural analysis and heuristics.
Grisoft AVG 7.5 Professional Edition also failed the VB100. AVG is a popular free anti-malware application, which has widespread consumer use. F-Secure Protection Service for Customers (7.00 build 387) also failed to gain certification.
Click here for the updated news story.
Previous
