According to a Google security blog post by developer Michal Zalewski, Google’s new, free Skipfish scanner is designed to be fast and easy to use while incorporating the latest in cutting-edge security logic. Felix ‘FX’ Lindner examines Skipfish to see how well it compares to other tools used to check web site integrity.
More about Skipfish on Google’s Online Security Blog
Source: The H Security
A survey by security services provider Sophos has found that 60 percent of respondents are considering quitting Facebook over privacy concerns.
Sophos findings suggest that almost two thirds of Facebook users are considering leaving, with 16% of those polled claiming to have already stopped using Facebook as a result of inadequate control over their data.
These results come amidst growing criticism that Facebook is facing over changes to the way that the social network can share user data across its site and with other websites. Concerns have centred on the complexity and ‘opt-out’ approach to sharing member information with wider networks. Media reports suggest that Facebook is planning to announce changes to its privacy settings within the next few days, but it is unclear as to whether any changes will be substantial enough to address user concerns.
Source: Sophos
US security software vendor Symantec has reached an agreement to acquire VeriSign’s web security business for nearly $1.3 billion
MOUNTAIN VIEW, Calif. – May 19, 2010 – Symantec Corp. (Nasdaq: SYMC) today announced that it has signed a definitive agreement to acquire VeriSign’s (Nasdaq: VRSN) identity and authentication business, which includes the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. The combination of VeriSign’s security products, services and recognition as the most trusted brand online and Symantec’s leading security solutions and widespread distribution will enable Symantec to deliver on its vision of a world where people have simple and secure access to their information from anywhere.
“With the anonymity of the Internet and the evolving threat landscape, people and organizations are struggling to maintain confidence in the security of their interactions, information and identities online. At the same time, people’s personal and professional lives have converged and they want to use their various digital devices to access information wherever they are without jeopardizing their privacy,” said Enrique Salem, president and CEO, Symantec. “At the same time, IT is faced with the challenge of giving users the appropriate access, while ensuring that corporate data is not at risk. We believe the solution to this dilemma lies in the ubiquity of identity-based security. With the combined products and reach from Symantec and VeriSign, we are poised to drive the adoption of identity security as the means to provide simple and secure access to anything from anywhere, to prevent identity fraud and to make online experiences more user-friendly and hassle-free.”
Under the terms of the agreement, Symantec will purchase the specific assets from VeriSign, including the majority stake in VeriSign Japan, for a purchase price of approximately $1.28 billion in cash. Symantec expects the transaction to be 9 cents dilutive to non-GAAP earnings per share in fiscal year 2011, due to the purchase price accounting write down of deferred revenue, and accretive to non-GAAP earnings per share in the September 2011 quarter. The agreement is subject to customary closing conditions, including regulatory approvals, and is expected to close in the September quarter.
Enabling a New Vision of Computing
Through this acquisition, Symantec can help businesses incorporate identity security into a comprehensive framework so that IT can confidently and securely adopt new computing models, from cloud computing to social networking and mobile computing to user-owned devices, that promise operational efficiencies and freedom of choice for their employees and customers. That framework is based on five imperatives that Symantec is enabling as part of its new vision of computing and includes:
- Identity security: proving that people and sites are who they say they are
- Mobile and other device security: securing mobile and other devices and the information on them
- Information protection: protecting information from loss, attack, theft and misuse and ensuring the ability to recover that information
- Context and relevance: delivering information that is relevant to people in both their personal and professional roles
- Cloud security: ensuring the secure delivery of applications and information from both public and private clouds
Ease-of-use, speed-of-delivery and user-driven preferences are the new imperatives in today’s workplace. People whose personal and professional lives have converged onto their digital devices increasingly expect the freedom to work from anywhere using their own devices, to use any application and to collaborate with anybody in their social network to effectively get their jobs done and simultaneously live their network-enriched lives.
IT departments struggle to meet user expectations with simple, secure and cost-effective solutions. Cloud computing can provide instantaneous scale and delivery of applications and desktops by enabling businesses to leverage services from the cloud instead of deploying applications on premise. Identity-based security gives IT the assurance that as information moves in and out of the cloud it is always protected — across any device and between the network and devices they control and those that they don’t. The user’s identity drives what information they can access and how it can be used and shared, independent of the device or application.
Creating Mutually Trusted Interactions Online
VeriSign’s SSL Certificate Services provide users with assurance that the websites they are interacting with are legitimate and secure and that their information will be safe when they share it with that site. The VeriSign check mark signifies the authenticity of the websites that users visit and assures them that any sensitive information they share with that site will be encrypted during online transactions. With more than one million web servers using VeriSign SSL certificates, and an infrastructure that processes more than two billion certificate checks daily, VeriSign has the leading share of the SSL market. The addressable market for the server and user authentication segment is estimated to reach $1.6 billion by 2013.
Symantec’s current portfolio and along with assets from VeriSign provide the depth and breadth of technologies to make identity-based security of information more universal and part of a comprehensive security solution. By combining VeriSign’s SSL Certificate Services with Symantec Critical System Protection or Protection Suite for Servers, Symantec will help organizations ensure a higher level of security on their web servers as well as verify that security, providing users with the trust and confidence necessary to do business online.
VeriSign helps organizations validate the identity of users through its VeriSign Identity Protection (VIP) user authentication service that complements the existing Identity Safe capabilities within the Norton products. The cloud-based VIP service helps organizations doing business online confirm the identities of their customers, employees and partners through user-owned digital certificates that reside on a card, token or other device such as a mobile phone, ensuring that they are giving only legitimate users access to their information. VeriSign has already issued more than two million VIP credentials to individuals and has a network of hundreds of merchants.
Through Symantec’s worldwide distribution network and footprint on more than one billion systems – including end-user devices such as laptops, desktops and smart devices, as well as servers – Symantec can facilitate the ubiquity of identity security through digital certificates for both individuals and companies. This is critical to creating mutually trusted interactions online. Merchants have added incentive to join the VIP network if user certificates are widely distributed. More merchants in the VIP network means a more secure and convenient experience for customers moving among member sites. Merchants benefit as well from knowing their customers are also trusted and secure.
Symantec can expand the VIP ecosystem by incorporating user certificates into its Norton-branded consumer products providing a channel through which consumers can easily create secure identities that can be authenticated when they do business online. In addition, the combination of the information classification capabilities of Symantec’s Data Loss Prevention solutions and Data Insight technology along with VeriSign’s identity security services, will allow us to help customers ensure that only authorized users have access to specific information.
Signifying Trust Online
The VeriSign check mark is the most recognized symbol of trust online with more than 175 million impressions every day on more than 90,000 websites in 160 countries. Symantec’s security solutions and the company’s Norton-branded suites protect more than one billion systems and users around the world. With the addition of VeriSign’s security assets, Symantec will become the leading source of trust online. Following the close of the transaction, Symantec plans to incorporate the VeriSign check mark into a new Symantec logo to convey to users that it is safe to communicate, transact commerce and exchange information online.
For more information on how VeriSign’s services will augment Symantec’s portfolio please visit: http://go.symantec.com/verisign.
About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Critical vulnerabilities have been identified in Photoshop CS4 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIFF file must be opened in Photoshop CS4 by the user for an attacker to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1, which resolves these issues.
Note: These issues do not affect Photoshop CS5.
More than half (61%) of IT decision makers in the UK see the security threat of staff use of social media as their biggest concern, according to new research by LANDesk Software, a global leader in PC lifecycle management, endpoint protection and IT service management.
The study found that IT departments are facing an uphill struggle to regain control of the way they enforce policy and practice within their organisations as they face a power struggle against increasingly digital-savvy employees.
“Platforms such as Facebook, Twitter and LinkedIn have changed the way we communicate with one another,” says Andy Baldin, VP EMEA, LANDesk.
“Today more end-users than ever are able to easily download software and manage the way they use IT.
“As a result, many employees see themselves as their ‘own IT Manager’, which has the potential to cause a number of problems for organisations.
“As applications evolve, end-users increasingly download new software add-ons, which can expose businesses to new security threats.”
Despite the fact that the majority of firms do have strict policies around the use of social media (73%) and internet downloads (89%) in place, the study showed that one in three were unsure that these were being adhered to.
Indeed, 55% of employees surveyed admitted to downloading software from the internet to a corporate computer.
A PDF attachment in spam e-mails purports to be instructions for reconfiguring the recipient’s e-mail account, but instead installs a worm and rootkit
Source: The H Security
Symantec has announced that it has reached an agreement to acquire PGP Corporation for $300 million and GuardianEdge Technologies for $70 million
Source: The H Security
After declining in number for the last few years, a new wave of security breaches is hitting UK organisations, costing them billions of pounds, despite the fact that security remains high on management’s agenda and the recession has not dampened spending on security, according to a survey released today by PricewaterhouseCoopers LLP (PwC) at Infosecurity Europe.
Technology has continued to evolve rapidly through greater use of cloud computing and social networks, and public and private sector organisations appear to have a greater understanding of security risks and the need for assurance over them.
PC World – A malicious advertisement has been found within an application for Facebook that redirects users to fake antivirus software, according to a security researcher.
The banner advertisement for greeting cards is intermittently displayed with an application called Farm Town, which has more than 9 million monthly users according to information published on Facebook.
If the bad Shockwave Flash advertisement is displayed, the user is redirected from Facebook through several domains and ends up on a Web site selling fake antivirus software, said Sandi Hardmeier, who studies malicious advertisements and blogged about the issue.(See also “How to Remove Fake AV Software.“)
Source: Yahoo! News: Software News
Version 3.6.2, which so far is only available as a beta, fixes a critical security hole in Firefox 3.6 for Windows that was discovered some time ago
Source: The H Security
