TechJabber.com

Computer scientists at Carnegie Mellon University, the University of California at Berkeley and the University of Pittsburgh recent published a paper on creating attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch designed to fix the flaws. Essentially when Microsoft releases a patch, what they are saying — from a security standpoint — is, ‘Here is an exploit’.

Normally when we reverse engineer patches, particularly ones from Microsoft, we look for vulnerabilities fixed by the update. Exploits for the flaws are created manually. Within a few days, and sometimes hours, of Microsoft releasing its monthly patches, attack code for the many of the flaws are created.

Yet, the APEG research could turn an unfavorable situation into a much more threatening one. In their research paper, the APEG team demonstrate a method of automatically finding exploit candidates for flaws using a hybrid technique based on automatic test-case generation. The result: Given the differences between a patched and unpatched program, the APEG technique can generate exploit code in seconds or, at most, minutes, the researchers stated.

With this being tested, the team has urged Microsoft to redesign the way it distributes patches.

Microsoft declined to comment for this article, except to say that the company is reviewing the research.

nexTier Networks, the company that is revolutionizing information security and data leak prevention through its unique semantic analysis technology, today announced that it has appointed Dr. Ken Baylor, most recently the Chief Information Security Officer (CISO) of Symantec, as vice president of business development. Dr. Baylor brings more than 16 years of experience leading global IT and security teams with companies such as Symantec and McAfee, where he held executive positions over security initiatives along with functions including product development, internal security operations and alliances. In this new role, Dr. Baylor will concentrate on establishing and furthering strategic alliances that will expand the company’s worldwide market opportunities.

Ken is a recognized security expert, a highly seasoned Information Security executive, and an advisor on security issues to Fortune 500 Companies. Prior to joining nexTier Networks, Ken Baylor served as Symantec’s Vice President and Chief Information Security Officer (CISO). In this role, Dr. Baylor was responsible for developing and overseeing the Symantec’s global information systems security policies and safeguarding corporate electronic and digital assets. As CISO, Dr. Baylor headed up Symantec’s Information Security department and worked closely with Symantec business units and their internal product groups building out advanced security capabilities across the company’s product lines.

“It is a testament to nexTier’s technology and market promise that we are able to attract such an accomplished security expert as Ken Baylor to our executive team,” said nexTier Founder and CTO Tarique Mustafa. “His track record of success in Fortune 500 and high-growth environments aligns with our focus on helping large enterprise customers protect their data. Dr Baylor is highly respected in the industry and brings a wealth of experience in creating key alliances, developing major customer programs, and driving product development. Ken will make a significant contribution to meeting our goals.”

Silicon Valley-based nexTier Networks is vastly improving information security with the application of its unique semantic analysis technology. nexTier’s technology prevents data loss by discovering data wherever it is located across the enterprise, analyzing that data and determining that data’s security value to the business. Much in the way that DNA is used to identify humans, nexTier’s algorithms extract the unique security DNA sequence of data, correlate that DNA sequence to security policies at wire speed, and use that DNA sequence as a means of enforcing security policies against that data. Highly immune to evasion, nNexTier’s algorithms can determine the origin of information even if it has been retyped into a brand new document or rearranged and reworded in an deliberately evasive manner.

“Every day, thousands of enterprises across the USA accidently or through outright negligence leak billions of dollars worth of intellectual property and customer data. They expose themselves and their customers to unnecessary risk for everything from the very high costs of dealing with such leaks to genuine harm on a variety of levels. Existing Data Leak Protection (DLP) products are far too complex and don’t adequately protect the enterprise,” said Dr. Ken Baylor. “nexTier’s products are easy to deploy and they really work. It is as simple as that.”

Earlier in his career, Dr. Baylor led a number of strategic initiatives within McAfee, where he was recognized as an expert in Intrusion Prevention Systems and Risk Management. He led efforts in developing strategic alliances and creating the McAfee Service Provider program. Dr. Baylor holds bachelors’ and doctorate degrees in Science from Ireland, a law degree from the UK and an MBA from the University of Texas.

nexTIer Networks was founded in 2006 by Tarique Mustafa and has a team, board , and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify. nexTier Networks is funded by Archimedes Capital, Ecosystem Ventures, and prominent Silicon Valley angel investors.

About nexTier Networks

Headquartered in Santa Clara, CA, nexTier Networks created a whole new way to secure business information by firewalling data at what the company calls the “semantic layer” – the network communications layer at which the semantic meaning in data is communicated. Following years of research and development, nexTier delivers breakthrough semantically-aware security algorithms to identify, classify and protect information in real time across very large volumes of content with unprecedented accuracy. The company was founded by Silicon Valley security veteran Tarique Mustafa and is backed by a team, board and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify.

WinMagic® and UPEK® Partner to Provide Fingerprint Authentication for the SecureDoc End Point Data Protection Suite

Millions of UPEK-enabled notebook computer and peripheral users can now benefit from the security and convenience of fingerprint authentication within an enterprise-class data protection platform

San Francisco, CA, (RSA Conference 2008) April 7, 2008 – WinMagic, a leader in end point data protection, and UPEK, the global leader in enterprise and consumer biometric fingerprint solutions, announce that SecureDoc data protection software now supports UPEK fingerprint authentication. The companies’ integrated solution is being demonstrated – for the first time – at the RSA Conference 2008 (WinMagic’s booth #2425 and UPEK’s booth #2003).

Enterprise businesses and government organizations face significant risks and penalties when laptops or portable storage media, containing valuable data assets or personal identifiable information (PII), go missing.

SecureDoc’s comprehensive end point data protection suite safeguards proprietary information and PII stored on mobile computers and portable media. With added support for UPEK fingerprint authentication, SecureDoc raises the stakes for both security and end user convenience, while reducing IT support costs.

“Encryption and authentication are the primary controls for securing access to sensitive data,” said Thi Nguyen-Huu CEO of WinMagic. “However, we know from experience that users will circumvent these controls if they are intrusive or impede productivity,” Nguyen-Huu continued. “Our partnership with UPEK illustrates our commitment to provide enterprise customers with the most easy-to-use, easy-to-manage data protection solutions.”

SecureDoc supports the UPEK biometric authentication sensors that come standard in over 75 different notebook computer models, as well as UPEK’s award-winning Eikon® USB peripherals. Eikon peripherals come in two convenient form factors – one designed for desktop computers, and a second portable model designed for mobile computer users.

“The strong market need for end point data security solutions, and the widespread availability of fingerprint-enabled notebooks and peripherals, makes this integrated offering especially valuable to customers,” said Robert Blau, UPEK General Manager and Vice President. “With today’s announcement, the enterprise data that resides in millions of mobile computers can be securely and conveniently protected with the simple swipe of a finger.”

“Our newest benchmark report on user authentication confirms that enhancing security often has the unintended consequence of making logon less convenient for end users,” said Derek E. Brink, Vice President and Research Director for IT Security, Aberdeen Group. “By enabling users to authenticate using fingerprint technology before the operating system boots, and – if policy requires – any time they seek access to encrypted data, the integration between UPEK and SecureDoc is designed to address both convenience and security.”

About WinMagic

WinMagic, the innovative leader in end point data protection, provides the world’s most secure, manageable and easy-to-use data encryption solutions.

Compatible with all editions of Microsoft Windows Vista, XP, and 2000 as well as Mac and Linux platforms, WinMagic’s SecureDoc protects sensitive personal information and proprietary data stored on laptops, PDAs and portable media, such as USB drives and CD/DVDs. Enterprise and government organizations around the world depend on SecureDoc to minimize business risks, meet privacy and regulatory compliance requirements, and protect valuable information assets. With a full complement of professional and customer services, WinMagic supports over three million SecureDoc users in

43 countries. For more information, please visit www.winmagic.com, call

1-888-879-5879 or e-mail us at info@winmagic.com.

About UPEK

UPEK, Inc. is the global leader in enterprise and consumer fingerprint authentication solutions. UPEK authentication hardware and software are integrated into laptops from the world’s top five largest PC makers, as well as USB flash drives, external hard disk drives, and mobile phones from leading manufacturers. UPEK’s ecosystem of over 100 hardware and software partners enables strong authentication solutions for market verticals including healthcare, banking, education, and government. UPEK offers the only silicon-based fingerprint device that is FIPS 201 certified for authentication of over 10 million US government employees and contractors.

UPEK also provides consumer packaged goods including the CES award-winning Eikon Digital Privacy Manager, the only fingerprint reader on the market that supports PCs and Macs. UPEK products make your digital world safe and personal. For more info, visit www.upek.com.