Group items tagged

Microsoft is finally getting serious about USB flash drive security. It recently disabled the AutoRun and AutoPlay features in Windows (all older versions plus Windows 7), meaning users will no longer have directory trees and execution options presented when they pop a flash drive into a PC. More significant, though, is Microsoft adding flash drive encryption to Windows 7. Through a few, albeit not so simple steps (see below), users can encrypt and manage the files on these small, portable storage devices.

The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.

Webmail in the educational market appears to be a three horse race between Zimbra, Gmail and Outlook/Microsoft Exchange. And today, Yahoo's Zimbra won out against the other two in a bid to provide for Stanford University.

It may not be possible after all to conceal the existence of a sensitive file on a machine. BT security expert Bruce Schneier and a group of researchers have hacked an ultra-paranoid feature in the TrueCrypt open-source disk encryption tool that lets users hide secret files from detection by attackers or others. This "deniability" feature is a sort of extreme file-protection function that first encrypts the file and then hides it within an encrypted area on the disk drive like an invisibility cloak. But Schneier, chief security technology officer with British Telecom and researchers from the University of Washington found that Microsoft Vista, Word, and Google Desktop each can blow the cover of files using this so-called "deniable file system" (DFS) feature. The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt's encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec '08 summit next week in San Jose, Calif.

I don't mean to pick on Nissan by any means but I am quite curious to know exactly what it takes to make an IT organization (or more explicitly, IT management) choose a blatantly inferior product over far more capable competing products for use in such a critical environment no matter how sweet the deal may seem.

ZZZzzz....

A panel of CIOs from state government, health care and the insurance sector told cloud providers from Microsoft (NSDQ:MSFT), Google (NSDQ:GOOG), Amazon (NSDQ:AMZN) and Joyent on Thursday that they no longer need to be sold on the benefits of cloud infrastructure -- they get them. But that doesn't mean they're ready to trust the cloud, either.