Taher Elgamal on Encryption, SSL, The Cloud

In this wide ranging interview, cryptographer, Taher Elgamal, chief security officer of Axway Inc. and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. Read the full...

RSA 2010: How Cloud Security Is the Wild West

Economic pressures are driving more businesses and governments to nervously eye cloud computing, despite myriad unanswered questions that swirl around a single central concern: security. This was backdrop for a panel discussion between CISOs at this week’s RSA Conference. Read the full article...

What If Bill Gates Never Wrote the Trustworthy Computing Memo?

The security industry has undergone massive changes in the last 15 years, and in some cases it’s hard to imagine what things would be like had these events not taken place. Think of a world in which Google focuses on security and privacy and Microsoft never started Trustworthy Computing, and you...

IEEE and Cloud Security Alliance Form Partnership

The Cloud Security Alliance CSA and IEEE are joining forces to ensure that best practices and standards are developed and available to provide security assurance for cloud computing. As a result of this collaboration, CSA and IEEE have been conducting a survey to identify and define the most...

OCS Inventory NG Server Administration Console Detection

The remote web server is hosting the OCS Inventory NG Server Administration console, a PHP application for managing computing assets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid44392; scriptversion"1.11";...

Cloud Computing's Inconvenient Truth

Google may have threatened to leave China in order to keep us all from concluding that “the cloud” can’t be secured. But isn’t that precisely what we should conclude based on the fact that Google chose to leave China? Read the full article. Computerworld...

Cloud Security Alliance Gives New Guidance

Version 2.1 of the Cloud Security Alliance’s “Guidance for Critical Areas of Focus in Cloud Computing” provides more concise and actionable guidance across all domains, and encompasses knowledge gained from real world deployments over the past six months. Read the full article. Help Net Security...

Amazon Moves to Mitigate Threats to Cloud Service

Amazon said today that it has taken steps to mitigate a security issue in its cloud computing infrastructure that was identified recently by researchers from MIT and the University of California at San Diego. The report described how attackers could search for, locate and attack specific targets ...

DEBIAN-CVE-2009-3616

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then 1 disconnecting during data transfer, 2 sending a message using incorrect integ...

We Can't Afford Not to Secure the Cloud

There have been many disruptive innovations in the history of modern computing, each of them in some way impacting how we create, interact with, deliver, and consume information. The platforms and mechanisms used to process, transport, and store our information likewise endure change, some in...

Castle Rock Computing SNMPc Network Manager Community String Buffer Overflow (CVE-2008-2214)

SNMPc is a secure distributed network management system developed by Castle Rock Computing. SNMPc uses Simple Network Management Protocol SNMP to communicate with other network entities. A buffer overflow vulnerability exists in Castle Rock Computing SNMPc Network Manager. The vulnerability can b...

McAfee SmartFilter信息泄漏漏洞

Bugraq ID: 35756 CVE ID：CVE-2009-2312 CVE-2009-2429 CNCVE ID：CNCVE-20092312 CNCVE-20092429 McAfee SmartFilter是一款网站过滤解决方案。 McAfee SmartFilter存在设计问题，本地攻击者可以利用漏洞获得敏感信息。 用于proxy服务器验证的SmartFilter user ID的用户名和明文文本密码保存在c:\Program Files\Secure Computing\Smartfilter...

Five ways Apple can improve Mac and iPhone security

From TidBITS Rich Mogull With the impending release of the next versions of both Mac OS X and the iPhone operating system, it seems a good time to evaluate how Apple could improve their security program. Rather than focusing on narrow issues of specific vulnerabilities or incidents, or offering...

Adobe quarterly patch release should serve as an example

Adobe has become the third major software vendor to begin shipping its security updates on a regular schedule. Following the lead of Microsoft and Oracle, who have been releasing patches on a set schedule for many years, Adobe now will ship its patches once per quarter. It’s a move that’s overdue...

Cybercriminals in the cloud

From Forbes Charlotte Dunlap Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals. Recently, it was reported that foreign hackers broke into t...

Q&A: Chris Hoff on cloud computing

Chris Hoff, the former chief security architect at Unisys and the author of the consistently insightful and funny Rational Survivability blog, is among the most sought-after speakers in the security industry and an authority on cloud computing and virtualization security. In this interview, he...

RSA Cryptographer's Panel: Cloud Computing Takes Center Stage

Not so surprising, the state elders of cryptography had a few things to say about the security of cloud computing — but with little agreement. Whitfield Diffie, chief security officer at Sun Microsystems, kicked off the cloud security discussion, stating that while securing the cloud computing...

Charney plugs Microsoft end-to-end trust at RSA Conference

Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...

The Virus Safe Computing Initiative from HP

This Google Tech Talk features Dr. Alan Karp of HP Labs, who details the company’s Virus Safe Computing Initiative...

How the economy is hurting security

From Purdue University’s CERIAS The economic crisis has affected virtually every facet of society, and information security is no exception. In a new report titled Unsecured Economies: Protecting Vital Information, researchers from Purdue University’s CERIAS security center lay out the fairly ble...