According to a new report from security  firm Sophos, the United States still retains its title as king of the spam scene, but China is now sharing in the shame as the nation that generated the most malicious code in 2006.Sophos’ annual Security Threat Report revealed that U.S.-based computers relayed 22 percent of the...
Read more »

A. Introduction — Audit Standards and “Professionalism” The conversational noise levels have been building slowly to the point where it is now hard to ignore the hubbub on the subject of public policy, standards, regulation, and professionalism. The latest development for me culminated in an audit standards panel session in which I participated at the...
Read more »

Click here to listen/download (10:23). Breach!! That’s the podcast topic of the week for our “Speaking of Security” bloggers Shannon Kellogg, direct of government and industry affairs, and Burt Kaliski, vice president of research and chief scientist of RSA Laboratories. Shannon talks about proposed breach notification legislation on Capitol Hill and Burt discusses what...
Read more »

I was intrigued to learn last week of a new distribution mechanism for computer viruses: RFID tags. A typical, passive RFID tag is basically just a memory device; there’s nothing to infect. So what does an RFID tag have to do with computer viruses? The answer is simple: The backend software system that...
Read more »

This week, the General Services Administration (GSA) in Washington, D.C. released the federal government’s first guidelines for establishing “government-wide rules and clarifying federal law on working away from the office.” The new guidance comes as a result of lingering “confusion over rules and terms that kept telework from expanding at federal agencies…” according to...
Read more »

Click here to listen/download (8:23). Meet our new “Speaking of Security” blogger, Derek Brink, vice president of corporate development, RSA Security Inc., hear from Scott Neuhaus of Metavante Corporation about how – and why – his organization is providing anti-phishing and anti-pharming solutions to its clients. Related Links: Derek Brink’s Blog Entries Metavante Introduces New Online...
Read more »

Last week, RSA Security released the results of its annual Online Fraud survey of consumers in the US. The results paint an interesting persona of the online American consumer: We want better security… 73% of account-holders believe that financial institutions should replace username-and-password log-in with stronger authentication for online banking. And of course the FFIEC...
Read more »

The notion of the “network” appears to be a theme that is central to our time. Of the many profound changes re-enforcing the need for identity, the “network” – with its many facets of availability, band-width, scale and complexity – is arguably one of the most significant, and the most underrated in its impact...
Read more »

Many schools, universities, offices, ISPs and countries like Saudi Arabia, China, Pakistan, Burma, Iran, North Korea, Vietnam ,Cuba, Syria, Tunisia ,Uzbekistan, Egypt, Belarus and Turkmenistan don’t allow their surfers to access some web sites which them deem inappropriate. Here is a list of 350+ proxy sites which let you surf any web site anonymously<br> 3 Proxy...
Read more »

Since attending the RSA Conference last month, I’ve been thinking about the implications of mobile devices on security… Here are three initial thoughts: (1) We want ‘em, we gotta have ‘em, we can’t live without ‘em! Give me the latest smart phone / PDA (as soon as my “New Every Two” eligibility renews, that is)!...
Read more »

Click here to listen/download (9:56). RSA Security announces the release of RSA® Federated Identity Manager 3.0; a Smart Redirection phishing attack is taken down by RSA Cyota’s Anti-Fraud Command Center; and Speaking of Security blogger John Madelin explores the "digital identity" as discussed in his most recent blog entries and in a special podcast on...
Read more »

The upgraded Proofpoint Secure Messaging software, slated for availability in June, adds Voltage’s identity-based encryption (IBE) technology to the existing content-filtering capabilities, according to company officials. With this addition, Proofpoint’s appliances will automatically encrypt email based on policies set by administrators as the messages leave the corporate network. This ability to encrypt at the gateway...
Read more »