News to know: WGA for Office; RSA; Apple; Adobe   09 Apr 2008 09:00 GMT
Notable headlines: Mary Jo Foley: Microsoft to add the Genuine Advantage 'nag' to Office Dennis Howlett: Secure coding: the invisible elephant RSA wrap: Larry Dignan: How will Microsoft's trusted stack work? Trusted Internet initiative aims for security...
Source: ZDNet

Assessing the risks and cost of encryption   09 Apr 2008 08:50 GMT
That liquid-nitrogen hardware hack that allowed researchers to lift an encryption key from a switch-ed-off machine was cool stuff... but now it's making your CEO ask if any encryption's worth the bother. CIO's Charlie Martin does a back-of-envelope run of the relevant risk-management numbers.

Source: Computerworld

Chertoff promises cybersecurity Manhattan Project   09 Apr 2008 07:01 GMT
Seven and a half years after 9/11, the Bush Administration is ready to take cybersecurty seriously. So says Michael Chertoff, head of the Department of Homeland Security. Speaking at the RSA Conference, Chertoff said the government's newfound interest in cybersecurity is massive – "almost like a Manhattan Project," Cox News...
Source: ZDNet

Adobe Flash Pwn2Own details released by ZDI...   09 Apr 2008 01:40 GMT
... and unfortunately leaves much to be desired.  I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there.  In fact, after reading it, I think I have more...
Source: ZDNet

Microsoft releases public Beta 1 of Stirling security bundle   08 Apr 2008 21:18 GMT
On April 8, Microsoft made available to any and all interested testers a public beta of "Stirling," a bundle of several of next-generation versions of its security and management wares. The elements of Stirling include Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint...
Source: ZDNet

HSBC loses data on 370,000 customers; violates security standards   08 Apr 2008 20:39 GMT
HSBC, the UK's largest bank, lost an unencrypted data disc containing the names and insurance information of 370,000 customers. HSBC sent the disc via unregistered postal mail because its usual method of secure electronic data transmission "wasn't working." Network World reports the bank's...
Source: ZDNet

Microsoft patches Vista; Windows Server 2008; IE   08 Apr 2008 18:15 GMT
Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the  CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability exists...
Source: ZDNet

Microsoft's End to End trust vision: Can this identity, trusted stack thing work?   08 Apr 2008 16:46 GMT
Microsoft unveiled its "End to End Trust" security vision and now the real work begins: Will anyone buy into it? At RSA, Microsoft rolled out a whitepaper that at the very least is quite the conversation piece. Reading through the whitepaper--something I encourage everyone...
Source: ZDNet

RSA: Microsoft launches trusted Internet initiative; Aims for security dialogue   08 Apr 2008 16:45 GMT
Microsoft said Tuesday at the RSA security conference that it is launching a trustworthy Internet initiative much like its Trustworthy Computing plan launched in 2002. And like Microsoft's Trustworthy Computing initiative it all started with a whitepaper. That fact is what makes Microsoft's strategy and research chief's...
Source: ZDNet

Secure coding: the invisible elephant   08 Apr 2008 16:11 GMT
The last couple of weeks, I've been trying to vaguely connect the dots between social computing, cloud computing and traditional process based systems. There are multiple legs to the story but one that had pretty much escaped my attention was the security angle. I will not claim any special expertise...
Source: ZDNet