The 2010 Computer Security Salary Survey
The 2010 Computer Security Salary Survey was launched this morning. Please complete it today or at least this week (takes 5 minutes). A valid survey is probably the most valuable tool security people have to have productive conversations with their employers about their salaries. You get the results if you participate.
It’s at http://www.surveymethods.com/EndUser.aspx?CDE9859FCC869F96CD
Run ArcSight Express on the Apple iPad
Now you can have total security intelligence at your fingertips – anywhere, anytime. ArcSight Express is so easy to deploy and simple to use, we are running it on an Apple iPad. In fact, we are having so much fun that we are offering an Apple iPad certificate with every purchase of ArcSight Express in August or September.* Learn more about this offer and how you can protect your business with ArcSight Express:
ArcSight Express combines the ArcSight award-winning, real-time, correlation capability with market-leading NetFlow collection, normalization and categorization and User Role information to deliver a SIEM solution capable of detecting misuse of internal resources to conduct sophisticated attacks. ArcSight Express brings together key ArcSight capabilities in an all-in-one, simple to use appliance, which includes:
• Universal data collection
• Accurate analysis and prioritization
• Cost-effective storage
• Rules-based response
• Regulation-specific compliance applications
In addition to these capabilities, ArcSight Express can link activity log information, user role data and network awareness using heuristic pattern-based correlation rules to detect the complex, modern and subtle attacks that organizations are now subject to. The result is drastically reduced false positives and false negatives, and an extremely accurate prioritized incident list.
ArcSight is the only SIEM vendor that can provide the correlation and context required to detect and defend against modern security threats, and ArcSight Express is the only product capable of serving as an organization’s simple, all-in-one SIEM solution.
Source: ArcSight Email
Top 10 Countries Sending Spam (Jul 19-Jul 25)
Interesting information from ISCALabs:
Though the top four positions remained the same last week compared to the week before, Brazil continues to slowly account for a larger percentage of the spam pie. Russia and the United States had larger than usual gains (up 1.2% and 1.4% respectively) according to data collected by ICSA Labs. The increase for the United States was enough to move that country into the 5th position among the Top 10 Countries Sending Spam. See who else rounds out the top 10. Also see the graphrepresenting spam percentages over the last several months for many of the top spam sending nations.
Microsoft Plans Emergency Windows Patch for Monday August 2nd
Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2. The patch is set to be released on Monday at around 10 a.m. California time. The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this vulnerability, Microsoft has taken an out-of-band approach to fix the problem. To date SecurityOrb.com has learned a few companies were comprimised by this bug.
Additional information on this subject can be found below:
Android Gets Hacked Again, Millions Affected Unknowingly, Advantage: Apple
A very interesting article from my friends at MacApper, they cover everything about Apple and Mac over. As the title stated, Google’s Android OS gets hacked again and it provides an advantage to Apple and its iPhone. Not sure if I feel the same way about that, but what is does say to me is that Apple’s AppStore vetting process does provide more security to the users than the more wide open style of Android. Enjoy Keri Facey’s full article here from MacApper.
Come to find out the story was false read the rebuttal by Antonio Wells in this article at Android Tapp.
Researcher Intercepts GSM Cell Phones During Defcon Demo
DEFCON18 — Las Vegas — A hardware hacking expert here at Defcon18 successfully faked several attendees’ cell phones into connecting to his phony GSM base station during a live demonstration that had initially raised concerns at the Federal Communications Commission (FCC). Read the full article – [Dark Reading]
