Automatic Patch-Based Exploit Generation April 26, 2008
Posted by SuperDave in News.add a comment
Computer scientists at Carnegie Mellon University, the University of California at Berkeley and the University of Pittsburgh recent published a paper on creating attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch designed to fix the flaws. Essentially when Microsoft releases a patch, what they are saying — from a security standpoint — is, ‘Here is an exploit’.
Normally when we reverse engineer patches, particularly ones from Microsoft, we look for vulnerabilities fixed by the update. Exploits for the flaws are created manually. Within a few days, and sometimes hours, of Microsoft releasing its monthly patches, attack code for the many of the flaws are created.
Yet, the APEG research could turn an unfavorable situation into a much more threatening one. In their research paper, the APEG team demonstrate a method of automatically finding exploit candidates for flaws using a hybrid technique based on automatic test-case generation. The result: Given the differences between a patched and unpatched program, the APEG technique can generate exploit code in seconds or, at most, minutes, the researchers stated.
With this being tested, the team has urged Microsoft to redesign the way it distributes patches.
Microsoft declined to comment for this article, except to say that the company is reviewing the research.
nexTier Networks Names Former Symantec CISO Dr. Ken Baylor To Executive Team April 25, 2008
Posted by SuperDave in News.1 comment so far
nexTier Networks, the company that is revolutionizing information security and data leak prevention through its unique semantic analysis technology, today announced that it has appointed Dr. Ken Baylor, most recently the Chief Information Security Officer (CISO) of Symantec, as vice president of business development. Dr. Baylor brings more than 16 years of experience leading global IT and security teams with companies such as Symantec and McAfee, where he held executive positions over security initiatives along with functions including product development, internal security operations and alliances. In this new role, Dr. Baylor will concentrate on establishing and furthering strategic alliances that will expand the company’s worldwide market opportunities.
Ken is a recognized security expert, a highly seasoned Information Security executive, and an advisor on security issues to Fortune 500 Companies. Prior to joining nexTier Networks, Ken Baylor served as Symantec’s Vice President and Chief Information Security Officer (CISO). In this role, Dr. Baylor was responsible for developing and overseeing the Symantec’s global information systems security policies and safeguarding corporate electronic and digital assets. As CISO, Dr. Baylor headed up Symantec’s Information Security department and worked closely with Symantec business units and their internal product groups building out advanced security capabilities across the company’s product lines.
“It is a testament to nexTier’s technology and market promise that we are able to attract such an accomplished security expert as Ken Baylor to our executive team,” said nexTier Founder and CTO Tarique Mustafa. “His track record of success in Fortune 500 and high-growth environments aligns with our focus on helping large enterprise customers protect their data. Dr Baylor is highly respected in the industry and brings a wealth of experience in creating key alliances, developing major customer programs, and driving product development. Ken will make a significant contribution to meeting our goals.”
Silicon Valley-based nexTier Networks is vastly improving information security with the application of its unique semantic analysis technology. nexTier’s technology prevents data loss by discovering data wherever it is located across the enterprise, analyzing that data and determining that data’s security value to the business. Much in the way that DNA is used to identify humans, nexTier’s algorithms extract the unique security DNA sequence of data, correlate that DNA sequence to security policies at wire speed, and use that DNA sequence as a means of enforcing security policies against that data. Highly immune to evasion, nNexTier’s algorithms can determine the origin of information even if it has been retyped into a brand new document or rearranged and reworded in an deliberately evasive manner.
“Every day, thousands of enterprises across the USA accidently or through outright negligence leak billions of dollars worth of intellectual property and customer data. They expose themselves and their customers to unnecessary risk for everything from the very high costs of dealing with such leaks to genuine harm on a variety of levels. Existing Data Leak Protection (DLP) products are far too complex and don’t adequately protect the enterprise,” said Dr. Ken Baylor. “nexTier’s products are easy to deploy and they really work. It is as simple as that.”
Earlier in his career, Dr. Baylor led a number of strategic initiatives within McAfee, where he was recognized as an expert in Intrusion Prevention Systems and Risk Management. He led efforts in developing strategic alliances and creating the McAfee Service Provider program. Dr. Baylor holds bachelors’ and doctorate degrees in Science from Ireland, a law degree from the UK and an MBA from the University of Texas.
nexTIer Networks was founded in 2006 by Tarique Mustafa and has a team, board , and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify. nexTier Networks is funded by Archimedes Capital, Ecosystem Ventures, and prominent Silicon Valley angel investors.
About nexTier Networks
Headquartered in Santa Clara, CA, nexTier Networks created a whole new way to secure business information by firewalling data at what the company calls the “semantic layer” – the network communications layer at which the semantic meaning in data is communicated. Following years of research and development, nexTier delivers breakthrough semantically-aware security algorithms to identify, classify and protect information in real time across very large volumes of content with unprecedented accuracy. The company was founded by Silicon Valley security veteran Tarique Mustafa and is backed by a team, board and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify.
Capcom’s Devil May Cry 4 – release this summer April 23, 2008
Posted by SuperDave in Gaming.add a comment
Capcom®, a leading worldwide developer and publisher of video games, today announced that the highly anticipated PC version of Devil May Cry® 4 is locked and loaded for release this summer. Devil May Cry 4 is already a certifiable hit in the console world, having shipped over 2 million units world wide since its release in North America in February. A demo of the game will be released for PC players before the retail version ships, allowing PC gamers to try the game ahead of time, as well as testing their system’s prowess with the included benchmark mode. The PC version of Devil May Cry 4 will feature new modes, enhanced graphics options and some additional content. Devil May Cry 4 has been rated M for Mature by the Entertainment Software Ratings Board.
Good things come to those who wait as PC owners will benefit from having more modes and more visual customization options to help enhance their demon-slaying action. Turbo mode will turn-up the action to insane speeds, while Legendary Dark Knight Mode will harness advanced PC processing power and fill the screen with an unbelievable number of enemies for extra difficulty. Moreover, familiar enemies from the console versions will show-up in new locations in the PC version. The high resolution screen settings allow the cut scenes of the game to run at up to 120 frames per second (up from 30 frames per second in the console version of the game). Slider options are available to manage various visual effects seen throughout the game. Devil May Cry 4 for the PC will have both DirectX® 9 and DirectX® 10 modes, and will also be compliant with the Games For Windows® program.
From the producer of the original Devil May Cry® and Resident Evil® 4 comes the next installment in the hugely successful stylized action series that has so far achieved global sales of nearly seven million units. Devil May Cry 4 immerses gamers in a gothic supernatural world, where a new protagonist clashes with a familiar hero. As the new leading man, Nero, players will unleash incredible attacks and non-stop combos using a unique new gameplay mechanic: the powerful “Devil Bringer” on his right arm.
ABOUT CAPCOM
Capcom is a leading worldwide developer, publisher and distributor of interactive entertainment for game consoles, PCs, handheld and wireless devices. Founded in 1983, the company has created hundreds of games, including best-selling franchises Resident Evil®, Street Fighter®, Mega Man® and Devil May Cry® Capcom maintains operations in the U.S., U.K., Germany, Tokyo, Hong Kong and Korea, with corporate headquarters located in Osaka, Japan. More information about Capcom can be found on the company web site, www.capcom.com.
Capcom, the Capcom logo, Resident Evil, Mega Man and Devil May Cry are either registered trademarks or trademarks of Capcom Co., Ltd., in the U.S. or other countries. Street Fighter is a registered trademark of Capcom U.S.A., Inc. DirectX is a registered trademark of Microsoft Corporation in the United States and/or other countries. All rights reserved. All other marks are the property of their respective holders.
Yoggie Firestick Pico April 10, 2008
Posted by SuperDave in Uncategorized.add a comment
WHAT: This year’s hottest new security innovation for laptops and PCs makes its appearance at the RSA Conference 2008 in San Francisco. Yoggie Security SystemsTM (exhibiting at booth #857) introduced a unique, ultra-portable mini computer that is a firewall solution to protect PCs from malicious attacks.
DETAILS: Yoggie Security SystemsTM (www.yoggie.com) is the first company to offload 12+ security applications onto an innovative USB key-size Linux-based 520 MHz security mini-computer with the company’s award-winning Gatekeeper Pico product. In addition to receiving the Best of Innovations award at CES, Yoggie has also received various awards from the RSA.
WHEN /
WHERE: April 9-10, 2008, Booth #857 in the Moscone Center
RSA Update – Michael Xie to present on network security trends April 8, 2008
Posted by SuperDave in Uncategorized.add a comment
Michael Xie, founder and CTO, will present the trends and evolution in network security on April 9 at RSA Conference 2008. Attendees will come away from this session with a better understanding of the evolving network infrastructure and trend in security consolidation, threat research and defenses that anticipate future risks – and what it takes to protect today’s complex network environments.
Who: Michael Xie, founder and CTO, Fortinet
What: Discussion entitled “From Gopher to Google: Seven Security Trends in the Internet Age”
Session highlights include:
• An explanation of how network infrastructure is changing • An overview of the trends in network security • A checklist on how to securely move forward
When: Wednesday, April 9, 3:30 p.m., PDT
Where: RSA Conference 2008, Moscone Center, San Francisco, Calif., Executive Briefing Center in the Exposition Hall, booth 2603 (lower right corner of the show floor).
GO-Trust Inc. Launches Smart Card Solution for Mobile Phones and PDA’s April 8, 2008
Posted by SuperDave in Uncategorized.add a comment
GO-Trust Inc. providing trusted security solutions for people on the go, launches new technology that enables manufacturers and developers of smart cards and smart card based security solutions to offer their applications on any mobile device that accepts a SD standard, mini or micro memory card, without any modification of the mobile device. Suddenly the mobile community and beyond are potential clients for chip based security solutions. The potential users include: Cell Phones, PDAs, Note Book PCs, Tablet PCs, Mobile TVs, Portable Ultrasound Units, Digital Cameras, Digital Camcorders, MP3/MP4 Players, Digital Picture Frames, GPS, Graphing Calculators, Wii Game System and much more.
Using the GO-Trust proprietary security/flash controller, firmware and a specially developed multi-platform SDK, existing applications can run unchanged in a mobile device and call the security module embedded in the SD memory just as if it was a regular sized smart card inserted in a USB card reader attached to a PC. In many cases the application can reside in the flash memory and be auto loaded as soon as the SD memory is inserted, making the operation totally transparent to the user.
The GO-Trust SD Solution is ready to ship today, so existing applications can be deployed to new clients immediately.
The launch of the GO-Trust SD Solution is taking place during the RSA Conference at 11:15am on Wednesday April 9th, 2008 in room 112 of Moscone Center North. Journalists, Analysts and technology watchers are all welcome.
About GO-Trust, Inc.
GO-Trust Inc. is a multi-national organization headquartered in Taichung, Taiwan and with subsidiaries in California, Hong Kong and Beijing. The company specializes in facilitating hardware based security solutions so manufacturers and developers can offer their products on new and diverse clients.
The management team have many years of experience in the development and marketing of security, components, hardware, middleware and software for major corporations including Honeywell, Connexant, SafeNet and Samsung.
Most recently the company has developed IC’s, firmware and drivers that enable smart card manufacturers to embed their technology in SD memory chips and operate seamlessly on a wide range of mobile devices. For additional company information, visit http://www.go-trust.com or call (714)-658-4445.
SafeNet celebrates 24 years in the information security industry April 7, 2008
Posted by SuperDave in Uncategorized.add a comment
On April 7, 1983, SafeNet, Inc. was founded by two security engineers in Timonium, Maryland. Today, the Company celebrates its 25th anniversary as an information security leader.
“Twenty five years in the information security industry is an amazing achievement. We have succeeded through all kinds of economic environments, in a business that demands continuous improvement,” said Chris Fedde, SafeNet’s president and chief operating officer. “To make it this far the professionals at SafeNet have consistently delivered quality and innovation, and have always set industry and government standards for high grade security. We are grateful to our customers and partners for their support as we reach this milestone.”
As the demand for security advances, more industry experts, regulators and customers view encryption as one of the core elements needed to address demands for compliance and privacy. SafeNet’s most recent acquisition, Ingrian Networks, is in recognition of this need and adds award-winning database application protection to SafeNet’s information security suite. With this acquisition, SafeNet becomes the first vendor to offer a comprehensive Enterprise Data Protection Solution that secures sensitive data across devices, applications, networks, and databases.
Originally established as Industrial Resource Engineering (IRE), the Company made a name for itself selling enterprise network security solutions to protect the public and private networks of financial institutions. IRE expanded into the federal government sector and became a fast-rising star in the information security industry.
The Company was officially renamed SafeNet in 2001 after its award-winning VPN product line. Combining strong organic growth with a series of strategic acquisitions from 2001 to 2005, SafeNet increased its revenue by a multiple of fifteen and became the world’s seventh largest information security company.
In March of 2007, SafeNet was acquired for $634 million by Vector Capital, a private equity firm based in San Francisco, Calif. Today, the Company has more than 1,100 employees across 100 countries, including a technology base of 500 security professionals. Serving more than 10,000 customers, SafeNet is a top security provider to the financial community, government community, the high-value software industry and global corporations. SafeNet’s revenue for 2007 exceeded $300 million.
About SafeNet, Inc.
SafeNet is a global leader in information security. Founded 25 years ago, the company provides complete security utilizing its encryption technologies to protect communications, intellectual property and digital identities, and offers a full spectrum of products including hardware, software, and chips. UBS, Nokia, Fujitsu, Hitachi, Bank of America, Adobe, Cisco Systems, Microsoft, Samsung, Texas Instruments, the U.S. Departments of Defense and Homeland Security, the U.S. Internal Revenue Service and scores of other customers entrust their security needs to SafeNet. In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the technology sector. For more information, visit www.safenet-inc.com.
Hitachi Acquires M-Tech to Broaden Security Offering April 7, 2008
Posted by SuperDave in Uncategorized.add a comment
Hitachi has acquired M-Tech Systems, Inc. as part of a strategy to broaden its overall security portfolio. The new company will be called Hitachi ID Systems, Inc. (Hitachi ID).
This marks the second acquisition in as many months (in March, IBM bought Encentuate) in an area called Identity and Access Management (IAM), a very “hot” market that Forrester predicts will grow from $2.6 billion in 2006 to more than $12.3 billion in 2014. In addition to IBM, Hitachi will face competition from Sun and others as they enters this new space.
Hitachi believes that M-Tech’s identity management technology will be an integral component of Hitachi’s complete portfolio of information security solutions. Hitachi has a variety of advanced security technologies. Its unique and interesting “finger vein” biometric authentication is already used for ATM authentication in about 80% of Japanese financial institutions that have adopted biometric authentication technologies. Hitachi has several other subsidiaries with deep expertise in security, ranging from RFID technology to hard disk drive encryption to system-level storage to IT consulting and beyond.
While consumer identity theft continues to make huge headlines, the issue often originates from a deeper problem: corporate information theft (whether inadvertent “accidents” or planned and malicious attacks). Identity and access management solutions, when implemented throughout an organization or government institution, can help to prevent both consumer ID theft and corporate information theft.
As background, Hitachi is an $86 billion dollar global entity that employees more than 300,000 people within 74 subsidiaries worldwide. Many think of them as the “GE of Japan” and since Japan is the world’s second largest economy, Hitachi is a company many are watching these days.
Pitchfork.tv premiers with exclusive Radiohead performance April 7, 2008
Posted by SuperDave in Music.Tags: radiohead, arcade fire, in rainbows, pitchfork, pitchfork.tv, prohibition, francis ford coppola, Godrich, Juan's Basement, Fred Armisen, Les Savy Fav, Tim Harrington, Mudhoney, Dinosaur Jr., Sleater-Kinney, Kraftwerk, Aphex Twin, Madvillian, Spoon, Beta Band, Wolf Parade, Band of Horses, Prefuse 73, Liars, M83
add a comment
It’s the final countdown. Monday, April 7 sees the much anticipated launch of Pitchfork.tv, Pitchfork’s rebuttal to the age-old complaint, “There’s nothing on.” Launching with hours of on-demand music content by the artists we love, we should recall two important facts about April 7. The day marks the birth date of Francis Ford Coppola and the end of prohibition. A day destined for the launch of a new way to view music and indie films and worthy of a toast, so grab some bubbly and hook up the speakers.
Earlier this week we gave you a rough idea of what you can expect to find at Pitchfork.tv, and we’ve got even more goodies up our sleeves. Today, we’re overcome with happiness to announce that Radiohead– yes, Radiohead– will be joining the new site’s Monday lineup with a special performance of In Rainbows [CD2] banger “Bangers & Mash,” which the band recorded exclusively for the launch of Pitchfork.tv. Shot on Wednesday (as in two days ago!) in Nigel Godrich’s basement studio, this utterly kick-ass performance will serve as the site’s first-ever music video.
Monday will also see Pitchfork.tv hosting the world premiere of M83’s new “Graveyard Girl” music video– the first from their forthcoming Saturdays = Youth LP.
When you’re done with the pretty, mosey over to one of the sweatiest, grimiest, hellbent-for-destruction shows we’ve seen in a while with Jay Reatard on “Pitchfork Live,” as he rips through his whole set in Cake Shop’s NYC basement at breakneck speed. For more basement action, Juan Pieczanski cordially invited Liars to come play some tunes (including the third ever live performance of “The Other Side of Mt. Heart Attack”) for our series “Juan’s Basement,” and have a chat in his back yard.
For more good time story telling, we trekked to Philly to film “Daytripping” and some noise making, bike riding and firework popping with the men of Man Man. And for an even deeper look into the world behind the music, we present the first full-length film in our “One Week Only” series, loudQUIETloud, the behind-the-scenes documentary of the Pixies 2004 reunion tour. Go grab a snack, pop the player over to fullscreen mode, and get ready for some seriously smooth entertainment.
On the flip side of “One Week Only,” Monday also sees the launch of the Pitchfork.tv music video library. It’s eventually where that M83 video will end up, along with an archive of the videos we love from the likes of Kraftwerk, Aphex Twin, Sleater-Kinney, Panda Bear, Battles, Dinosaur Jr., Ted Leo and the Pharmacists, Hot Chip, Grizzly Bear, Arcade Fire, !!!, Madvillain, Spoon, Beta Band, Wolf Parade, Air, Mudhoney, Band of Horses, Prefuse 73… you get the idea.
And if you can’t wait until Monday, stay tuned to Forkcast today, because right around 6pm CST, we’ll post an extra something special we cooked up (starring SNL’s Fred Armisen and Les Savy Fav front/wildman Tim Harrington) to give you an advance taste of Pitchfork.tv’s embeddable player.
Happy viewing. We can’t wait for Monday.
WinMagic and UPEK Partnership April 7, 2008
Posted by SuperDave in News.add a comment
WinMagic® and UPEK® Partner to Provide Fingerprint Authentication for the SecureDoc End Point Data Protection Suite
Millions of UPEK-enabled notebook computer and peripheral users can now benefit from the security and convenience of fingerprint authentication within an enterprise-class data protection platform
San Francisco, CA, (RSA Conference 2008) April 7, 2008 – WinMagic, a leader in end point data protection, and UPEK, the global leader in enterprise and consumer biometric fingerprint solutions, announce that SecureDoc data protection software now supports UPEK fingerprint authentication. The companies’ integrated solution is being demonstrated – for the first time – at the RSA Conference 2008 (WinMagic’s booth #2425 and UPEK’s booth #2003).
Enterprise businesses and government organizations face significant risks and penalties when laptops or portable storage media, containing valuable data assets or personal identifiable information (PII), go missing.
SecureDoc’s comprehensive end point data protection suite safeguards proprietary information and PII stored on mobile computers and portable media. With added support for UPEK fingerprint authentication, SecureDoc raises the stakes for both security and end user convenience, while reducing IT support costs.
“Encryption and authentication are the primary controls for securing access to sensitive data,” said Thi Nguyen-Huu CEO of WinMagic. “However, we know from experience that users will circumvent these controls if they are intrusive or impede productivity,” Nguyen-Huu continued. “Our partnership with UPEK illustrates our commitment to provide enterprise customers with the most easy-to-use, easy-to-manage data protection solutions.”
SecureDoc supports the UPEK biometric authentication sensors that come standard in over 75 different notebook computer models, as well as UPEK’s award-winning Eikon® USB peripherals. Eikon peripherals come in two convenient form factors – one designed for desktop computers, and a second portable model designed for mobile computer users.
“The strong market need for end point data security solutions, and the widespread availability of fingerprint-enabled notebooks and peripherals, makes this integrated offering especially valuable to customers,” said Robert Blau, UPEK General Manager and Vice President. “With today’s announcement, the enterprise data that resides in millions of mobile computers can be securely and conveniently protected with the simple swipe of a finger.”
“Our newest benchmark report on user authentication confirms that enhancing security often has the unintended consequence of making logon less convenient for end users,” said Derek E. Brink, Vice President and Research Director for IT Security, Aberdeen Group. “By enabling users to authenticate using fingerprint technology before the operating system boots, and – if policy requires – any time they seek access to encrypted data, the integration between UPEK and SecureDoc is designed to address both convenience and security.”
About WinMagic
WinMagic, the innovative leader in end point data protection, provides the world’s most secure, manageable and easy-to-use data encryption solutions.
Compatible with all editions of Microsoft Windows Vista, XP, and 2000 as well as Mac and Linux platforms, WinMagic’s SecureDoc protects sensitive personal information and proprietary data stored on laptops, PDAs and portable media, such as USB drives and CD/DVDs. Enterprise and government organizations around the world depend on SecureDoc to minimize business risks, meet privacy and regulatory compliance requirements, and protect valuable information assets. With a full complement of professional and customer services, WinMagic supports over three million SecureDoc users in
43 countries. For more information, please visit www.winmagic.com, call
1-888-879-5879 or e-mail us at info@winmagic.com.
About UPEK
UPEK, Inc. is the global leader in enterprise and consumer fingerprint authentication solutions. UPEK authentication hardware and software are integrated into laptops from the world’s top five largest PC makers, as well as USB flash drives, external hard disk drives, and mobile phones from leading manufacturers. UPEK’s ecosystem of over 100 hardware and software partners enables strong authentication solutions for market verticals including healthcare, banking, education, and government. UPEK offers the only silicon-based fingerprint device that is FIPS 201 certified for authentication of over 10 million US government employees and contractors.
UPEK also provides consumer packaged goods including the CES award-winning Eikon Digital Privacy Manager, the only fingerprint reader on the market that supports PCs and Macs. UPEK products make your digital world safe and personal. For more info, visit www.upek.com.
