The UltraTech Zone

Yes, we know that information security in an interconnected world is not trivial.  We accept that configuration errors or malicious insiders or new, complex threats might conspire to provide opportunities for a breach.  But who says that it is acceptable that notification and disclosure of a breach be done months or years after the ...

Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc., I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have been an increasing number of attacks over the past 18-24 months, and even though the ...

Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc. , I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have...(read more)

On a number of fronts, April 2007 is turning out to be a very interesting month for me.  For this particular post, we'll just touch on Information Security again. A recent report from MessageLabs indicates very clearly that targeted security attacks are on the rise, and that email is still a common threat vector.  This morning, I ...

Does fulfilling your regulatory compliance requirements actually lead you to be more secure?  Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary, unconnected or mutually exclusive with the quest to be secure? This is the heart of a ...

On Tuesday, Apple Computer company had an issue where a Windows-based virus was shipped on a select number of iPods, and rather than accepting blame for a mistake in their manufacturing or QA processes, they blamed Microsoft for not producing a ''more robust OS''. Huh? Not only is that an absurd deflection of blame, but as ...

Otherwise known as Vista vs the EU and the World: Part Three... Here's a follow-up to my earlier Vista vs the World and Vista vs the Security Vendors posts, where I noted I greatly preferred a stronger, more secure base OS, even if that inhibited some functionality for third-party security tools. As seen in the following articles, Microsoft is ...

Or, perhaps I should say Microsoft vs Security providers in the Windows space? What I'm talking about eWeek's report that discloses McAfee's complaint that Microsoft has made it hard for them (and other security vendors) to integrate their products into Vista.  Presumably, this would be so that Microsoft can take advantage of the OS in ...

There is no universal standard of what the acceptable boundaries of privacy are.  The European Union tends to have a more stringent view of what constitutes personal privacy, while the United States seems to favor corporations vs people when it comes to control of user data. Now, the boundaries are being pushed even further by a company ...

Five years ago, I wrote an article on the challenges of implementing Information Security in an enterprise.  Sad to say, even in the post-911 era, not a whole lot has changed there.  Sometime in the next couple weeks, I'll write an updated document on what challenges I see today for an IT Security Professional.  Don't get me wrong ...

The folks from Digital eEye (of Retina fame) have announced a new website and the release of some previously internal-only security research tools. A summary of the announcement that Marc Maiffret posted to the Full Disclosure mailing list follows: I am happy to announce to the first incarnation ofhttp://research.eEye.com. On this site you can ...

RSA Security acquired by EMC for $2.1 billion http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1197226,00.html?track=NL-118&ad=557474 Following a slew of rumors, storage giant EMC Corp. confirmed late Thursday that it will acquire RSA Security Inc. for just under $2.1 billion in cash, or approximately $28.00 per share. ...

http://www.vnunet.com/vnunet/news/2159677/gartner-advises-avoiding Companies should avoid investing in Symantec's network security appliances, and should evaluate offerings from other vendors, Gartner has warned. The analyst firm said that it issued the warning because it believes that Symantec is moving away from selling network security ...