Websense to buy PortAuthority

Websense Inc. will pay $90 million to acquire PortAuthority Technologies Inc., a provider of information-leak detection appliances. The acquisition, which is expected to be completed in January, will allow Websense to enhance its portfolio of enterprise Web filtering software and offer customers a way to gain control of confidential information. Computerworld

Microsoft shares draft of Vista security hooks

Microsoft has released a first draft of programming interfaces meant to help security firms create products that work with kernel protection features in Windows Vista. The new application programming interfaces, or APIs, will let software makers extend the functionality of the Windows kernel in 64-bit versions of Vista, Microsoft said on its Web site Tuesday. Security companies, including market leaders Symantec and McAfee, had complained that Microsoft locked them out of the kernel, a core part of Windows. http://news.zdnet.com/2100-1009_22-6145285.html

Westan systems hit by virus

Victorian distributor, Westan, is fighting a ‘low risk’ virus that almost forced it into an early Christmas closure. The accounts department were first to notice sluggish system performance yesterday afternoon when the w32/looked/bh virus hit. http://www.arnnet.com.au/index.php/id;61128033;fp;8;fpid;0

New book – How Safe Is Your Software?

New Book to Deliver Indispensable Strategies and Techniques for Anticipating, Identifying and Correcting Security Problems Drawing from more than a decade of experience, Chris Wysopal, founder  and CTO of Veracode, has teamed up with Lucas Nelson, Dino Dai Zovi and Elfriede Dustin to produce The Art of Software Security Testing:Identifying Software Security Flaws, a book that delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems. Book’s website:  http://www.softwaresecuritytesting.com/RSS: http://del.icio.us/Wysopal.TheArtofSoftwareSecurityTesting

NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

Affected Products: ESET NOD32 AntivirusVulnerability: Arbitrary Code Execution (remote) Risk: HIGH Vendor communication:2006/08/24 initial notification of ESET 2006/08/28 ESET Response2006/08/29 PGP keys exchange2006/08/29 PoC files sent to ESET2006/09/06 ESET initial feedback.2006/09/08 ESET confirmed the bug and fixed2006/09/08 ESET made available the updates Description:Multiple vulnerabilities have been found in the file parsing engine. In detail, the following flaw was determined: – Divide by Zero in .CHM file parsing.– Heap Overflow through Integer Overflow in .DOC File Parsing The .DOC problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerabilities.The vulnerabilities are … Continue reading NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

Affected Software: CA BrightStor Portal 11.xCA CleverPath Aion 10.xCA CleverPath Portal 4.xCA eTrust Security Command Center 1.xCA eTrust Security Command Center 8.xCA Unicenter Asset Portfolio Management 11.xCA Unicenter Database Command Center 11.xCA Unicenter Database Management Portal 11.xCA Unicenter Enterprise Job Manager 1.xCA Unicenter Management Portal 11.xCA Unicenter Management Portal 2.xCA Unicenter Management Portal 3.xCA Unicenter Workload Control Center 1.x A vulnerability has been reported in CA’s Portal technology, which potentially can be exploited by malicious users to bypass certain security restrictions. The problem is that when multiple Portal servers share a common data source, a malicious user may be be … Continue reading CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

Windows Vista and protection from malware – the facts

Jim Allchin of Microsoft & the Vista team checked the technical facts behind the reported Windows Vista’s vulnerability to malware threats by Sophos.  They confirmed that Windows Vista is not vulnerable to eight of the ten malware threats.  However, other malwares can run in Vista due to file format in use which is .ZIP in which some 3rd party email client does not block .zip file and this can only caused infection IF the user extracted and execute the infected file.  Note that Windows Mail in Vista and Microsoft Outlook will block running executables even if it’s in a .zip file. Read more … Continue reading Windows Vista and protection from malware – the facts

Dear Windows Vista team, what’s the deal with my score?

I have 3.4 as base score in Windows Vista Experience Index Score (I can run AERO and Windows Switcher BTW).  Windows Update released updated NVIDIA graphics driver v7.15.10.9746 so I grabbed it.  Windows Vista’s score turned grey which means I need to refresh it.  I did. You changed my score from 3.4 to 3.3 – what’s the deal? [8-)]  Screenshots at our discussion / survey on Index score at http://www.dozleng.com/updates/index.php?showtopic=12088 Update/Edit:  3.4 base-score returned after restarting and running the assessment again [:D]

Check Point to Buy Intrusion Detection Specialist

Check Point Software Technologies announced Dec. 19 that it has signed an agreement to acquire network intrusion detection analyst NFR Security for approximately $20 million. By adding Rockville, Md.-based NFR’s hybrid detection engine technology to its own remote access and network security products, Check Point said it would be able to arm customers with more sophisticated attack protection. Check Point officials said that the capabilities of NFR’s intrusion detection applications will complement its existing SmartDefense software to help better identify multi-faceted threats including so-called zero day exploits. http://www.eweek.com/article2/0,1759,2074591,00.asp

Sony BMG Settles Case Over Anti-piracy Software

Sony BMG will pay $750,000 in penalties and costs and reimburse California consumers whose computers were harmed by anti-piracy software on some CDs sold by the record company, California officials said on Tuesday. The agreement between Sony BMG and the attorneys general of Los Angeles County and the state of California settles a lawsuit charging that the company secretly embedded digital rights management software on CDs that potentially opened the door to hackers. The lawsuit alleges that Sony did not properly disclose information about the software aimed at limiting the number of copies consumers could make of their music. http://www.eweek.com/article2/0,1759,2074755,00.asp