Computer Security, Network Security, telecom, internet, Mag Securs

Mag Securs

The European security magazine Information technology –Networks –Telecoms -Internet [read]

Security news from France

Calendar

September 2007

October 2007

November 2007

December 2007

January 2008

February 2008 [read]

January 2008

Next Issues
Subscriptions - Advertissements

Top Stories

Opinions
Michael Hayes CTO, CheckPhone: BlackHat USA – Voice Track - Overview

During Back Hat in Las Vegas at the beginning of the month, there was a complete security track on Voice Services. This track covered five major topic areas; Voice over Internet Protocols (VoIP) Protocols, Voice Encryption, Security Methodology, Inherent weaknesses of VoIP and vulnerabilities in WiFI dual mode phones. What is significant is that this is only the second time there is a complete track dedicated to this topic during BlackHat. Additionally each of these topic areas highlighted vulnerabilities in Voice Services and the need to increase Information Security (InfoSec) on this application and network implementation. [read]

Opinions
Michael Hayes CTO, CheckPhone: BlackHat USA -Who else is listening?

Looking through the rear view mirror:
Special applications of encrypted Voice Services were rare in the 80’s and 90’s. Typically, these applications were one to one or one to a small group of encryption devices made by specialized manufactures. Users of these encryption devices encompassed the banking and the financial industry, also Government agencies or defense department related industries with a more sensitive information nature. The prevailing wisdom was the voice network was secure. In fact, this was a myth; to listen into a conversation all you needed was access to twisted pairs and a $95.00 Buttset, which anybody who can clip two alligator clips could use. The security risk was, predominantly, physical access to the wires or wiring room. [read]

Opinions
Michael Hayes CTO CheckPhone: BlackHat USA – What? Voice Security?

Looking through the rear view mirror:
As the Data and Voice environments converge, becoming more prevalent in our corporate and personal life we need to look at security in a multi-dimension and multi-discipline manner. Barrie Dempster stated: “Convergence of Voice and Data networks goes against current network best practices, with firewalls, VPNs, VLANs focused on separation of data, with voice traffic on the data network now open to attacks using tools and techniques that have in the past been on data networks only” [read]

Opinions
Michael Hayes CTO CheckPhone: BlackHat USA - Who cares about H.323 and IAX?

Looking through the rear view mirror:
As enterprises across the world focused on VoIP as a cost reduction method to reduce the cost of inter-company long distance calls H.323 was introduced. This protocol was widely implemented to connect multiple Private Automatic Branch Exchanges (PABXs) in large and medium sized businesses across the globe. The attraction of this protocol was it allowed the connection between PABXs to share the same facilities as Data Networks and reduce facilities costs. [read]

Attacks & vulnerabilities
RSA, The Security Division of EMC, Monthly Online Fraud Report – July 2007

Online fraud is evolving. Phishing and pharming represent one of the most sophisticated, organized and innovative technological crime waves faced by online businesses. Fraudsters have new tools at their disposal; and are able to adapt more rapidly than ever. [read]

Opinions
Michael Hayes CTO CheckPhone: BlackHat USA – Let’s open more doors!!

Looking through the rear view mirror:
As more and more mobile devices are introduced to the network, a number of interesting new attack vectors appear. The classes of devices discussed focus on a dual mode environment that encompasses both cellular technologies and WiFI derivatives of 802.11. The cellular technologies typically include GSM and CDMA with the co-habitation of both radio and protocols with on 802.11 and its derivatives. [read]

On Air

Contracts Wednesday 19 September
Sagem Sécurité: delivery of first electronic driver’s licenses and vehicle registrations for Morocco

Morocco’s Ministry of Equipment and Transportation issued the first electronic driver’s licenses and registrations produced by the Rabat motor vehicle registry. The documents contain a microchip that will be able to secure recorded data and update them. The program, which aims to reinforce road safety and modernize services for the Kingdom of Morocco’s citizens, is set to produce more than 12 million licenses and registrations over a period of seven years. With encrypted components, the (...) [read]

Studies Tuesday 18 September
Social networking sites: Almost two thirds of users enter false information to protect identity

Nearly two thirds (62%) of networking sites users say they are worried about the safety of their personal data held on these sites, reveals a survey conducted by email research specialists, emedia, using its RapidResearch service. The concern is so high that almost one third of users (31%) have already entered false information about themselves to protect their identity.
Andrea Simmons, Consultant Security Forum Manager at British Computer Society comments, “As we become citizens of (...) [read]

Attacks & vulnerabilities Tuesday 18 September
Arbor Networks’ third-annual worldwide infrastructure security report highlights botnets and increased size of DDoS attacks as growing threat to ISPs

Arbor Networks, a provider of network security and operational performance for global business networks, released its third-annual Worldwide Infrastructure Security Report today in cooperation with the network security and operations communities. For the first time, botnets surpassed distributed denial of service attacks as the top threat identified by service providers.
Arbor Networks has long-standing customer relationships with more than 70% of the global service provider community, (...) [read]

Attacks & vulnerabilities Friday 7 September
Panda Security’s weekly report on viruses and intruders

According to data gathered at the Infected or Not website (http://www.infectedornot.com) this week, over 30 percent of computers with protection installed, and scanned by NanoScan or TotalScan (the online tools from Panda Security available on that website) were infected by some kind of malicious code.
“This doesn’t mean that current antivirus protection is not valid, but that it should be complemented by in-depth scanning with online tools such as NanoScan or TotalScan, which are able to (...) [read]

Products Thursday 6 September
TriCipher Slashes VPN Authentication Costs by 85 Percent,Offers Alternative to Expensive One-Time Password Tokens

TriCipher today unveiled strong authentication for SSL VPNs, giving enterprises the alternative to one-time password (OTP) tokens, and saving 85 percent or more off of their total up front and operational costs.
TriCipher’s Armored VPN, its newest offering for authenticating virtual private network (VPN) users, is ideal for employees and partners accessing corporate networks via a secure socket layer (SSL).
It’s the only product on the market that dramatically cuts both the up-front costs (...) [read]

Business Thursday 6 September
Atempo secures $22 Million in Expansion Capital

Atempo, Inc., announced that it has raised $22 million in Series B funding to drive the company’s continued global expansion. New investors Intel Capital, who led the round, Steelpoint Capital Partners, and Ridgewood Capital all participated in the funding.
Atempo will use the investment capital to accelerate development of its cross-platform product suite and leverage its award-winning storage management solutions to address the backup, archiving and data storage management needs of (...) [read]

Opinions Wednesday 5 September
Julia DaehneIron Mountain UK: Active solutions – building a bridge between the physical and the digital

The one-size-fits-all approach to document management is nothing more than a production line, where customers can be left feeling like pre-processed packages: off the shelf the ‘solutions’ fail to address specific needs and businesses should not have to adapt to accommodate them. Excellent document management is an active process – not a passive one – where the solution is informed by and adapts to the business it is integrating with. By actively exploring each business and what its unique (...) [read]

Products Wednesday 5 September
SurfControl Launches E-mail Filter 6.0, Delivering Unified Protection

SurfControl announced significant product enhancements to its e-mail filter with the release of SurfControl E-mail Filter 6.0. Product enhancements include the new SurfControl Reputation Service, a fully integrated anti-virus scanning engine, zero-hour virus protection, and extended compliance features.
SurfControl E-mail Filter provides continuous, multilayered protection against increasingly complex blended e-mail threats such as spam, phishing, viruses and malicious code, as well as (...) [read]

Products Tuesday 4 September
iPass announces Online Service That Unifies the Connection, Protection and Management of Remote and Mobile Devices

iPass, Inc., announces iPass Device Protection Online, a service that mitigates the risks related to use of the Internet, USB ports and rogue applications, without requiring the up-front and ongoing investment in new enterprise infrastructure. When combined with the iPass mobility platform, iPass Device Protection Online can unify the connection, protection and management of remote and mobile devices into a single offering.
Organizations must keep their remote and mobile workforce (...) [read]

Products Tuesday 4 September
Yoggie Security Systems™ upgrades global customer care with 24/7 phone lines

Yoggie Security Systems™ has announced its new Tech Support Programme which includes 24/7 telephone support lines, toll-free support numbers and an online knowledge base.
The company has grown its support team in recent weeks to cover any incoming phone or email enquiries whatever time of day they are received.
Toll-free support calls can be made from the US and UK, Germany and France.
Yoggie Security Systems also provides an online Knowledge Base which is accessible from its home page (...) [read]

Products Tuesday 4 September
EMC unveils most comprehensive solutions for IP Telephony management

EMC Corporation unveiled the market’s most comprehensive solutions for managing Voice-Over-IP (VoIP) and IP telephony environments. With EMC Smarts VoIP Performance Manager and EMC Smarts VoIP Performance Reporter, customers can maximize the availability and performance of business-critical VoIP services through comprehensive monitoring, alerting, diagnosis and reporting on all aspects of a system that may impact IP telephony services.
Smarts VoIP Performance Manager and Smarts VoIP (...) [read]

Attacks & vulnerabilities Tuesday 4 September
Top Ten Sophos for August 2007: fraudsters step up their attempts to infect PC users

Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during August 2007.
The figures, compiled by Sophos’s global network of monitoring stations, show a dramatic drop in malware spreading in the form of email attachments, with just one infected message in every 1,000 emails in August, compared to one in 322 during the first six months of 2007.
Spam, however, has continued to be a problem - much of it linking to malicious websites (...) [read]

Studies Tuesday 4 September
Newest IT Services Management Survey by EMC Corporation demonstrates Blind Spots in Enterprise IT Infrastructures

More than 50% of IT managers in Western Europe currently do not have a reliable, real-time view of their IT infrastructures, according to a new IT services management survey conducted by EMC Corporation. The survey was conducted among 240 IT managers across Benelux, France, Germany, Scandinavia, Spain, Switzerland and the UK.
“Lack of visibility into the core IT infrastructure poses significant risks to data centre consolidation or migration projects, as companies are faced with the manual (...) [read]

Products Monday 3 September
Symantec launches Norton Internet Security 2008, Norton Antivirus 2008

Symantec Corp. announced the launch of Norton Internet Security 2008 and Norton AntiVirus 2008 including disguised attacks used by drive-by downloads. In addition, Norton Internet Security 2008 will also feature Norton Identity Safe to protect users’ identities when they buy, bank or browse online. The company has also optimized each product for greater performance, improved technical support and reduced user interruption. With Norton 2008 products, users have powerful solutions that (...) [read]

Business Monday 3 September
Sagem Orga receives Common Criteria (CC) certification for its eHealth platform MICARDO

Sagem Orga receives a vital certification for the new telematics infrastructure of the German electronic health card: The BSI, the German Office for Security in Information Technology, has now given the smart card expert official certification of the fact that Version 3 of its operating system MICARDO fulfills all security criteria.
The MICARDO operating system is a powerful platform and the basis for the development of the various versions of the health cards. It supports the new patient (...) [read]