Feed aggregator

Wontok Introduces SafeCentral For Android At Gartner Security Summit

Security blogs - Mar, 06/11/2013 - 14:05
Company to introduce mobile security solution that protects personal and corporate data on Android devices(author unknown)
Categorías: Bundle Security blogs

DigitalPersona Announces U.are.U Software Development Kit (SDK) For Android Applications

Security blogs - Mar, 06/11/2013 - 14:02
DigitalPersona U.are.U SDK for Android uses uniform APIs allowing for easy cross-platform development(author unknown)
Categorías: Bundle Security blogs

PortSys Delivers OutSafe Outbound Isolation Capability To SafeRoom

Security blogs - Mar, 06/11/2013 - 13:55
OutSafe acts as "proxy protection" for outbound connections(author unknown)
Categorías: Bundle Security blogs

Trend Micro Launches Web App Security Offering Including Advanced Detection And Protection

Security blogs - Mar, 06/11/2013 - 13:51
New security as a service solution offers automated scanning and security testing, automatic application protection, and unlimited SSL certificates(author unknown)
Categorías: Bundle Security blogs

Bromium Rolls Out vSentry 2.0

Security blogs - Mar, 06/11/2013 - 13:49
Enhancements in vSentry 2.0 focus on three important requirements for enterprise deployments(author unknown)
Categorías: Bundle Security blogs

Visa And Ethoca Collaborate To Help E-Commerce Merchants Reduce Fraud

Security blogs - Mar, 06/11/2013 - 13:41
Service is intended to help merchants reduce fraud losses and associated chargeback costs(author unknown)
Categorías: Bundle Security blogs

Preparing for Success in the Federal Marketplace: 5 Part Webinar Series Featuring Jack Beecher

Security blogs - Mar, 06/11/2013 - 12:11
06/18/2013 - The U.S Federal Government is the world’s Fortune One buyer of services and products. In fiscal year 2012, agencies and the military awarded...(author unknown)
Categorías: Bundle Security blogs

FAQ: What we know so far about NSA surveillance

Security blogs - Mar, 06/11/2013 - 10:32

Recent news reports alleging broad surveillance efforts by the U.S. National Security Agency seem to have left more questions than answers. Whistleblower Edward Snowden has accused the NSA of collecting massive amounts of data from U.S. residents, but U.S. officials have largely denied his allegations.

Here's what we know so far, from reports in the U.K.'s Guardian, the Washington Post and other media sources, as well as our own reporting:

Tags: NSAPrivacyIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013

Security blogs - Mar, 06/11/2013 - 10:08
Three main trends shaping the security market moving forward(author unknown)
Categorías: Bundle Security blogs

Trust in IT

Security blogs - Mar, 06/11/2013 - 09:21

Ignore the sensationalist headline. This article is a good summary of the need for trust in IT, and provides some ideas for how to enable more of it.

Virtually everything we work with on a day-to-day basis is built by someone else. Avoiding insanity requires trusting those who designed, developed and manufactured the instruments of our daily existence.

All these other industries we rely on have evolved codes of conduct, regulations, and ultimately laws to ensure minimum quality, reliability and trust. In this light, I find the modern technosphere's complete disdain for obtaining and retaining trust baffling, arrogant and at times enraging.

schneier
Categorías: Bundle Security blogs

Sony PlayStation 4 - No need to be always online, supports used games and priced at only $399

Security blogs - Mar, 06/11/2013 - 00:59

Sony fired a direct shot across Microsoft’s bow at its E3 press conference on Monday evening, clearly positioning PlayStation 4 as the anti-Xbox One.

PlayStation 4 will fully support used games, said Sony Computer Entertainment America CEO Jack Tretton. You’ll be able to trade your games in at retail, but also sell them to another person or lend them to a friend. Xbox One, in contrast, will only let you sell games to “participating retail stores,” and lending and renting are not supported.

Tags: SonyHardwarePS4Industry NewsGamesl33tdawg
Categorías: Bundle Security blogs

Carga rápida y masiva de Memcache para Nginx

Noticias de Nuestros Miembros - Mar, 06/11/2013 - 00:58

Hace años escribí sobre como uso Nginx como proxy de Apache en algunas instalaciones. En esa arquitectura contemplo Memcache. La configuración es muy sencilla, basta agregar a la sección location que queramos cachear lo siguiente:

set $memcached_key $uri;
memcached_pass 127.0.0.1:11211;
error_page 404 @fallback;

Y agregar el location @fallback correspondiente:

location @fallback {
proxy_pass http://localhost:8000;
}

El único problema, como algunas personas que han usado Nginx con Memcache, es que alguien tiene que llenar Memcache con objetos para que Nginx pueda leerlos.

Usualmente, los desarrolladores de la aplicación usarán las librerías del lenguaje de programación para acceder a Memcache y cargar allí algunos objetos. Esto funciona, y es como la mayoría de la gente implementa este escenario. Sin embargo, si uno quiere cargar varios archivos de forma rápida a Memcache, no hay muchas herramientas sencillas y fácilmente disponibles.

Por ejemplo, hace dos meses en la wiki de Nginx alguien publicó un método para precargar memcache con Python. Es un enfoque interesante, pero complicado de mantener y decididamente experimental.

Sin embargo, memcache ya incluye un cliente llamado memccp que permite cargar archivos en Memcache. El problema es que este cliente no permite definir la llave con la que el objeto se almacena en Memcache. Esa llave es $uri, por ejemplo algo como /wp-content/plugins/akismet/akismet.gif.

Cuando Nginx encuentra un cliente que hace GET a este archivo, lo sirve desde Memcache, lo que en este escenario nos ahorra abrir una conexión TCP a localhost, que Apache atienda y responda una petición, y potencialmente I/O de disco.

Este parche a libmemcached permite que se defina una clave con –key, lo que facilita precargar archivos como imágenes o CSS en Memcache. Su uso es sencillo y se puede invocar desde un shell script (probado en dash)

#!/bin/sh
BASE=”/var/www/mysite”
for file in `\
find $BASE -type f \
-name ‘*.jpg’ -or \
-name ‘*.gif’ -or \
-name ‘*.png’ \
| sed “s#$BASE##”`
do
echo “Adding $file to memcached…”
sudo memccp –key=$file –servers=localhost $BASE$file
done

Entre otros escenarios que puedes activar en este caso, está el poder almacenar archivos para distintos hosts virtuales. En este caso sugiero que configures $memcached_key para usar $http_host y $uri, y añadas una variable de prefijo a tu script. También puedes correr otro memcache, si en realidad lo necesitas. memccp tiene otros problemas, por ejemplo no maneja la codificación de caracteres muy bien. Pero para archivos binarios, usualmente estáticos, ahorra bastante trabajo.

El repositorio en GitHub es un paquete fuente de Debian. Si tienes las dependencias (sudo apt-get build-dep libmemcached-tools) puedes construir el paquete (dpkg-buildpackage -b) e instalar libmemcached-tools que contiene memccp.

Este escenario es uno de los que describo en mi próximo libro rápido sobre Debian para aplicaciones Web, que está actualmente en fase de edición.


NSA slides explain the PRISM data-collection program

Security blogs - Lun, 06/10/2013 - 22:42
Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data. Documents describing the previously undisclosed program, obtained by The Washington Post, show the breadth of U.S. electronic surveillance capabilities noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

HITB Publishes Full Videos of All #HITB2013AMS Talks

Security blogs - Lun, 06/10/2013 - 21:44

The organizers of the Hack In The Box (HITB) security conference have managed to publish the complete videos of all the talks from #HITB2013AMS.

So, in case you haven’t made it to the conference, or if you want to take another look at one of the many interesting presentations, check out the official HITB YouTube channel.

Tags: HITB2013AMSHITBHITBSecConfAudio/Videol33tdawg
Categorías: Bundle Security blogs

Apple reveals overhauled iOS 7 with vibrant, more colorful design

Security blogs - Lun, 06/10/2013 - 21:17

Touting it as the biggest change to iOS since the launch of the first iPhone, Apple on Monday took the wraps off a drastically redesigned iOS 7 that marks a new direction for the company's mobile operating system.

Virtually everything about the look and feel of iOS has changed with version 7, including a refined typography, all new icons, and a dynamic color scheme. The new operating system was spearheaded by Apple's lead designer Jony Ive, and engineering head Craig Federighi.

Tags: iOS7AppleiOSl33tdawg
Categorías: Bundle Security blogs

Apple announces OS X Mavericks with Finder tabs, tags, and true multiple display support

Security blogs - Lun, 06/10/2013 - 21:13

Apple on Monday unveiled Mavericks, the start of the next 10 years of its Mac OS X operating system, with a naming switch from breeds of cat to California locales. It will launch this fall on the Mac App Store

Craig Federighi, head of OS X development for Apple, unveiled OS X 10.9 Mountain Lion at the Worldwide Developers Conference 2013 keynote. He highlighted three key features found in the forthcoming operating system update: new tabs in Finder, the ability to tag individual files, and enhanced support for multiple displays.

Tags: AppleOS Xl33tdawg
Categorías: Bundle Security blogs

LockPath Launches Auditing Tool, Announces New Integrations For Security Manager App & Enhancements To GRC Platform

Security blogs - Lun, 06/10/2013 - 19:36
Audit Manager is an integrated solution designed to help streamline internal audits(author unknown)
Categorías: Bundle Security blogs

File Integrity Monitoring for the Poor

Security blogs - Lun, 06/10/2013 - 18:36

For most organizations, security has a huge impact on budgets… except if you’re called the NSA and must deploy a massive surveillance program! Every time you need money, you have to fight with your boss or finance guys to get some bucks after explaining why a new piece of software, appliance or consultant will help you to improve the security of their data. But sometimes, you can use data generated by non-security related solutions and extract some added value from them. When I say “non-security related“, it’s not 100% true, let me explain…

Even if information security is difficult to explain to the business, C-level people generally understand and agree on the need of backup systems. Ok, still today not all organizations have a strong backup procedure (and even less have a strong restore procedure!) but let’s assume it. Basically (I’m not a backup expert), there are two major ways to perform a backup. At the beginning of the week, we make a full backup on Monday and:

  • Perform an incremental backup every day (based on the full backup)
  • Or perform a delta backup every day (based on the yesterday’s backup)

The next Monday, a new full backup is performed and close the loop. Another very interesting tool to track changes on a server is a FIM (“File Integrity Monitor“). Such solution is helpful to detect suspicious changes in directories on a server. Classic examples of directories being controlled on a UNIX server are: /etc (where reside configuration files), /usr/bin & /usr/sbin (where reside system binaries). Usually, they don’t change often. But deploying a commercial FIM solution can be expensive. Idea: which kind of tools also scan filesystems for changes? Backup tools of course!

In my case, I’ve servers backuped every night via rsync to a central storage, rsync writes down to a file all the modified files synce the last backup. Why not parse this file and search for suspicious modifications? You could also process this file via Splunk and do some correlation or alerting on the indexed data. Finding a reference to /etc/passwd in my nightly rsync backup could be very suspicious if no new user was created by myself or another admin!

Conclusion: if you don’t have money, have ideas! Any data or logfile can be valuable and help you to increase your overall security.

Categorías: Bundle Security blogs

Digital Defense Issued Patent-Pending Status For Technology

Security blogs - Lun, 06/10/2013 - 18:20
Patent is for scanning technology's host reconciliation process(author unknown)
Categorías: Bundle Security blogs

Iris Biometrics Vendor EyeLock Joins FIDO Alliance

Security blogs - Lun, 06/10/2013 - 18:18
EyeLock will collaborate with Alliance members to identify and set a strategy on how to eliminate consumers’ reliance on passwords(author unknown)
Categorías: Bundle Security blogs