Alert: New HIPAA Rules Could Affect Your Organization
On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus on the three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given the widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and the growing demand for secure email solutions, email security has never been more important to the healthcare industry than it is right now.
read more:

Wordpress 2.5.1 security release
Wordpress just released its first update on wordpress 2.5 series. This is a security release for wordpress. Some of my wordpress blog are now updated with this release.Some features added and fixes.According to the wordpress development blog.It includes a number of bug fixes, performance enhancements, and one very important security fix.* Performance improvements for the [...]
read more:

Move Over Twain, Faulkner; The South has Done it Again
Why is Homeland Security concerned about horses? In 'That's No Miracle...Nettles, Thistles, Humor, and Stories by a Scotch American', R.K. Ferguson provides comic relief in the story 'Hay Would Eat It' for those who are overly security minded... or sends them over the edge. [PRWEB Nov 10, 2005]
read more:

Firms offered free advice on net security
EDINBURGH Chamber of Commerce is hosting a free seminar next week where experts will provide advice about improving internet security.
read more:

How HIPAA Security Policies Affect Corporate E-mail Systems
Collaboration between healthcare professionals, their colleagues, their patients, and employers has grown progressively more digital, and e-mail has played an ever-increasing role in this communication. Although many consider HIPAA security policies to be the sole concern of health care providers, they also affect corporate email systems as Human Resources departments become increasingly involved in transmitting employee information electronically. This article explains what you need to know to bring your email security programs into compliance with HIPAA regulations.
read more:

Comparing Java and .NET security
O'Reilly's DevCenter has posted three articles comparing Java and .NET security, with a fourth one coming in February. We'll update this story when the fourth article is available.Securit...
read more:

Maximizing E-mail Security ROI - Part IV  The Digital Monsters under Your Bed: E-Mail Intruders
There are very real dangers posed by network intrusions. Keep these monsters from stealing the digital lifeblood of your enterprise and ensure that your investment in network security is handsomely rewarded.
read more:

Maximizing E-mail Security ROI - Part V  A New Twist to an Old Problem: Email Encryption
While email has become a mission-critical application, it also raises important privacy and security concerns. Sensitive personal and business communications are vulnerable to the prying eyes of hackers, industrial spies and others who would love to have access to information not intended for them. Learn what you need to know about Email Encryption.
read more:

Google has Postini Yahoo have DomainKeys
A close deal on acquisition of Google to Postini finally made into public and work around of implementing to Google Apps including gmail in terms of security has been made. This will surely increase Google App users security on accessing and using service provided by Google. More on press release here.But competition is there so [...]
read more:

MessageLabs upgrades hosted security services
MessageLabs Ltd. has launched a new version of Web Security Services, its hosted Web security services, with an emphasis on speed and improved threat detection.

Immunizing the Internet

jonny4001 writes "The Harvard Law Review has published a student-written article that argues that hackers, worms, and viruses are good for network security and that the law and public policy should encourage 'beneficial' hacking. From the article: 'Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack -- one that would threaten national or even global security [...] Current federal law, however, does not properly value such strategic goals.'"

The story is sent by Babysitters Toronto and attached here for your comfort by Ecommerce Website Design. Nanny, Affordable Web Design, and much more utilities also available from the sponsors.

[Via Slashdot]

Big Medium 1.3.5 Security Update
December 1, 2004: Big Medium 1.3.5 is an important security update that is recommended for all customers of the Big Medium web content management system. This update addresses a flaw that could allow authorized users (people with Big Medium accounts) to upload malicious scripts to the web directory. The software also addresses a handful of minor bug fixes.
read more:

How Is The FairUse4WM Patch Being Delivered?
Bruce Schneier suggested that it was folded into Patch Tuesday security patches, but he didn't cite a source. I have a Windows XP box, and these are the updates I was sent this week. None of them appear to be Windows Media related. Are the updates coming through Windows Media Player, and not the normal Windows Update process itself? Perhaps my version of Windows Media Player is one of the versions they couldn't patch for? Are systems like Napster 2.0 pushing out the patch (Rhapsody didn't push me an update)? Or is there something else going on here? Or is the patch being sneaked in with these unrelated security updates?

If anyone has determined exactly how the patch is being pushed out (and why FairUseWM 1.2 could apparently get around it), I would be interested to know.

read more:

Wordpress 2.3.3 Security release
Wordpress 2.3.3 security release is out to public addressing issues and minor fixes. A vulnerability that will allow users to edit post of any other users of a wordpress blog. According to Wordpress Development Blog.A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit [...]
read more:

Maximizing Email Security ROI: Part II - Stop Viruses Before They Stop You
Across the spectrum of information security risks, most casual users understand the dangers posed by viruses and worms. Network administrators have even more reason to fear a virus attack, as a successful assault can cripple corporate networks for days. This article details the hard and soft costs associated with virus attacks on an organization's network.
read more:

WCF and Security solutions
I mentioned previously I worked on some security work with WCF. In March, I worked with Sam's teamto put together a first prototype of a WCF secure solution using ActiveDirectory as well as research into WSFederationHttpBinding and ActiveDirectory Federation Services (ADFS). Sam and crew have extended thoseinitial ideas into a set of great solutions as he describes here , here, and here (Aaron's post). You owe yourself a look to see the great work they have done.

Keith Brown also announced the launch of the Identity and Access Management developer center on MSDNrecently. His recent paper on 'The .NET Developer's Guide to Identity'is extremely good and I have already recommended it to a few people atTechEd this year. Keith presented a session on WCF Security yesterdaymorning which I unfortunately had to miss, but I did get a chance toread the slide deck yesterday afternoon and it looks great -- if youget a chance (i.e. have access), take a look.

There are a lot of great resources starting to show up. I am hoping toadd some original items as I come across them, but in the meantimethese are a few places to check for information.

Share this post: Email it!
read more:

Pacific Security Capital ? Commercial Real Estate Investment Bank - Discusses Corporate Hiring Strategies at NYC Executive Summit
Mike Myatt, Executive Managing Director of Pacific Security Capital, speaks about ?Recruitment & Retention Strategies? at the Commercial Property News Executive Summit in New York City. [PRWEB Nov 10, 2005]
read more:

Pacific Security Capital Addresses Future of Capital Markets at RealShare NetLease West Conference
Steve Otos, Senior Director of commercial real estate investment bank, Pacific Security Capital, has been invited to participate in a panel on ?Capital Markets: Will The Bounty Continue?? at RealShare NetLease West in Los Angeles. [PRWEB Nov 8, 2005]
read more:

PHP Security Expert Resigns

juct writes "PHP security holes have a name — quite often it was Stefan Esser who found and reported them. Now Esser has quit the PHP security team. He feels that his attempt to make PHP safer "from the inside" is futile. Basic security issues are not addressed sufficiently by the developers. Zeev Suraski, Zend's CTO of course disagrees and points his finger at inexperienced programmers. But given the number of remote code execution holes in PHP apps this year, Esser might have a point. And he plans to continue his quest for security holes in PHP. Only that from now on, he will publish them after reasonable time — regardless if a patch is available or not."

This report is transported by Home Cleaning Ladies and attached here for your comfort by Elegant Web Site Design. Home Cleaning Ladies, Web Design And Development, and other first-class services can be found at these websites.

[Via Slashdot]

Tracking someones moves covertly
GPS Tracking Device http://www.thinkgeek.com/gadgets/security/8212/?cpg=cj

With this device you can track someones every move covertly. Is this a good thing? How many of you think that the benifits of these things out weigh the negatives? Would you use it on someone? What situations warrant such an invasion of privacy? Personally I think we need countermeasures.

read more:

Windows More Secure?
Via Joe Mayo, “Reported by CNET, of all the CERT security vulnerabilities of the year 2005, 218 belonged to the Windows OS. But get this - ther were 2,328 CERT security vulnerabilities for UNIX/Linux systems.”
read more:

Email Security Governance: Email Encryption and Authentication
While recent government regulations vary in scope and purpose, the need to protect and ensure the integrity of information is universal. Much of the information germane to business today is assimilated and communicated over messaging platforms such as email. As a result, the need for a comprehensive approach to the secure delivery of email affects almost all organizations, regardless of industry or size. As with many management challenges, the unknown is the most significant cause for concern. In the case of email and messaging security, the most ominous threat is often the lack of ability to measure information flowing in and out of the corporate email network.
read more:

Commercial Real Estate Investment Bank ? Pacific Security Capital - Opens Seattle Office
Commercial Real Estate Investment Bank, Pacific Security Capital is expanding its commitment to the Seattle marketplace with the opening of a Washington office. [PRWEB Nov 14, 2005]
read more:

Device Security Manager Powertoy for Windows Mobile 5.0 Released!

This test tool helps developers of Windows Mobile applications test various security policies for Windows Mobile devices.

Overview: It is designed as a desktop application that ships with a preset list of “security configurations”. A security configuration can be thought of as a template, which contains a collection of individual policies and settings. For example, a security configuration could define policies such as whether unsigned applications are allowed to execute, whether RAPI is disabled etc. Using this tool, the developer can provision a Windows Mobile device with different configurations, and then test the application’s behavior under these configurations. This tool can be used either on an emulator or an unlocked Windows Mobile device.

Check it out here

Security: SARA Secuity Scanner by Anthony Lawrence

SARA Secuity Scanner

I installed and tested SARA on Linux and Mac OS X. It compiled easily and cleanly on both platforms:./configure;make; sudo make install.

Security Development Lifecycle book and Threat Tree Patterns
I bought Michael Howard's and Steve Lipner's book The Security Development Lifecycle here at TechEd 2006 today. Michael has a description and purpose of the book as well as a table of contents on his blog.

One thing I noticed immediately is the list of Threat Tree Patterns in its own chapter. I remember I had a question about these at one of my talks on Threat Modeling as I included a slide from one of Michael's decks that mentioned this concept. Threat Tree Patterns really help in the modeling process as these are well known and common types of threat scenarios to look for in your application. Previously, with the DREAD style, you had to think of these yourself, and if you weren't a security expert you might miss several things. So, it helps to look at the patterns. Unfortunately, these patterns weren't readily available at the time, but now they are finally added to this book. Great!

I have read several SDL papers over the last couple of years and watched how Microsoft has fine-tuned the process. I think this will be a great read for every developer as they think through applying secure development at every stage of the software development lifecycle.

Share this post: Email it!
read more:

Wireless Security System
How to install a wireless security system:
Go to a second-hand store, buy a pair of men's used work boots ... a really big pair.
Put them outside your front door on top of a copy of Guns and Ammo magazine. Put a dog dish beside it ... a really big dish.

Leave a note on your front door that says something like this:
"Bubba, Big Mike and I have gone to get more ammunition - back in 30 minutes. Don't disturb the pit bulls, they've just been wormed."

read more:

Futurex Announce the First Fully Universal Interface to Host Security Software
Futurex Announce the First Fully Universal Interface to Host Security Software [PRWEB Nov 11, 2005]
read more:

No quick fix for government data security
ZDNet Jul 14 2006 10:48PM GMT
read more:

GLBA: Raising Email Security Awareness
Just a few weeks ago, one of the world’s largest banks announced that it had lost computer data containing the personal information of an estimated 1.2 million federal employees, including some members of the U.S. Senate. The missing information includes Social Security numbers and account data for government employees who use the bank’s charge cards for travel and expenses. In the aftermath of these revelations, the ability of banks and other financial institutions to safeguard our personal information has been called into question by consumers and government alike. Predictably, we are beginning to hear the rumblings of additional legislation, but there have been laws protecting consumer financial information on the books for years – laws such as the Gramm-Leach-Bliley Act (GLBA).
read more:

PINs and security codes

I like this one!

Windows Mobile Team Blog : WM Geek Fun (PM+SDE/T match wits with a smart SDE)

Reseller Program Debuts Between Security Firm, C-MI, ZyXEL Broadband

Bracknell, United Kingdom - (The Hosting News) - June 5, 2008 - Distributor of intelligent IT security products, C-MI Labs Plc, (C-MI), has entered into an agreement with broadband access solutions firm, ZyXEL Communications UK Ltd (ZyXEL).

With the 'Security Elite Reseller Programme,' ZyXel will be in a position to increase channels in order to market and offer resellers a tailored security service when it comes to networking and communication solutions.

Phil Croxford, Distribution Sales Manager at ZyXEL noted, 'Working with a dedicated security distributor means that with C-MI's experience, ZyXEL will be able to test and develop security products and offer a more tailored service to resellers through our new 'Security Elite Reseller Programme.' C-MI and ZyXEL compliment each other. ZyXEL is an established networking vendor wanting to grow its security business and C-MI is an experienced distributor within security, who can work on a personal, but also activity-driven level.'

The new programme is aimed at resellers with a security focus, who are looking to establish a relationship with a proven network provider. Once selected, resellers will benefit from technical and security sales and solution courses, along with preferential pricing, full account management, and dedicated partner and pre-sales network support. This is matched by ZyXEL's cost-competitive solutions and proven feature-rich products. ZyXEL will also be introducing a finance package to help resellers via a credit programme.

Neil Patmore, CTO at C-MI added, 'We are excited by this opportunity to offer ZyXEL's security products to our customers, as we believe they provide us with extremely cost effective leading edge firewall and UTM solutions that will address and fill a growing gap in the current market for unified network security.'

ZyXEL provides an entire security hardware range, covering firewalls and Unified Threat Management (UTM) devices. This includes the new and advanced 'Unified Security Gateway' (USG) products, the USG300 and USG1000USG, along with SSL-VPN solutions and one-time password tokens. These products offer a complete hardware and software security solution to C-MI's resellers.

Mr. Croxford continued, 'The growth in the use of distributed networks and Internet-based applications at the SMB level has meant that security threats and concerns are growing. SMBs now have to face the challenges that enterprises face, but with less resource. This creates a substantial opportunity for resellers. The partnership between C-MI and ZyXEL will help both companies increase new business in this expanding market. C-MI is an intelligent security distributor. It can focus on ZyXEL's security product portfolio and use its experience and strong security reseller relationships to take ZyXEL's security products into new markets with new resellers.'

ZyXEL Communications UK Ltd is the UK subsidiary of a market leading end-to-end designer and manufacturer of xDSL, Security, VoIP, IP DSLAMS, Wireless, routing and IP switching equipment. The company offers comprehensive technical support and customer service to the ISP, Telco and business and consumer channel.

ZyXEL was founded in 1989 as a modem developer with the mission to create Internet access solutions that accelerate information exchange and improve effectiveness of people and organisations.

ZyXEL is one of the world's leading broadband access solutions specialists. With headquarters located in Taiwan, ZyXEL maintains offices in the United States, Europe and Asia, ZyXEL has more than 2000 employees globally, with distributors in more than seventy countries, and products marketed in more than 150 countries on five continents.

C-MI Labs Plc is a UK based distributor of intelligent IT security products and emerging technologies to the UK IT channel. Through their strategic partnerships, they provide world leading solutions and award winning products that are delivered in a variety of packages, dependant upon customers' needs. C-MI's range of enterprise solutions include intelligent remote anti-virus management for desktops, gateways and servers. Anti-spam and email filtering at the server and internet gateway level. Multi-platform robust corporate security. Web server and hosted application security. Firewall and UTM appliances. Advanced end-point monitoring and protection. Data-theft prevention and advanced application control.

To learn more about ZyXEL, please visit: www.zyxel.co.uk.

For more information about C-MI Labs Plc, please visit: www.cmilabsplc.com.

read more:

Ian Turner found and well
Ian lost his passport, was arrested in Atlanta, Homeland security, etc... brrr Great that all went fine! full story here more comments...
read more:

Security: Fake blacklists? by Anthony Lawrence

Fake blacklists?

A customer had momentary trouble sending mail to someone. The first attempt failed, but the second went through. An examination of the logs revealed a couple of interesting things.

Hell trip to Tokyo
Remind me never to go to Heathrow when there is a security scare on. It took about 4 hours of chaos and queueing to get to the departure gate, then another hour to get through the takng off of shoes and the patting down of clothes.
read more:

InternetPerils? John S. Quarterman to Address Royal Society of New Zealand
Topic: Internet security as risk management: beyond firewalls to crime and force majeure [PRWEB Nov 14, 2005]
read more:

Preventing Buffer Overflows
C and C++ do not perform array-bounds checking, which turns out to be a security-critical issue, particularly in handling strings. The risks increase even more dramatically when user-controlle...
read more:

Fighting the Evil-Doers: A Database Security Workshop on Tuesday, July 11
3 horror stories and how to be victorious in the battle to protect your customer database and your network. (PRWEB Jul 9, 2006)
read more:

McAfee Launches Total Protection Beta
McAfee has launched the beta version of a new all-in-one security platform that is designed to compete with Microsoft's recently introduced Windows Live OneCare.
read more:

Uniform Resource Identifier: Generic Syntax
This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet.
read more:

Occupational Health and Safety Laws Today
The state and the government, as we understand, are responsible for the safety security of the citizens. Honnecker, Matthias
read more:

find -perm 777 your first ssh security stop
Want to get hacked? It's easy, just 'chmod 777' everything the next time you install a bbs or photo gallery application. Don't want to get hacked? Read on and 'find' how hackers see, and exploit the unsecured areas of your system.
read more:

PayPal Fixes URL Used for Fraud
According to Internet-monitoring company Netcraft, a security flaw on PayPal's site allowed hackers to steal credit card information from PayPal users. But the flaw has reportedly been fixed.
read more:

Upgrade to Leading Student Information System Solution Now Available
KEYSTONE 4.0 features flexible grade reporting, teacher access module, broadcast email integration and enhanced security. (PRWEB Jul 17, 2006) Trackback URL: http://www.prweb.com/chachingpr.php/U3VtbS1Ib3JyLVRoaXItU3F1YS1JbnNlLVplcm8=
read more:

You Searched for

webcam security