Based on what’s reported in this Washington Post article, the U.S. Customs and Border Protection (CBP) agency thinks so.   Seems like there are cases of people being searched and forced to not only surrender their laptops and other electronic devices, but to provide passwords and instructions for accessing their systems as well, allowing the officials to create exact copies of all information in the device including documents, browsing history, calendars, email…..everything.

While this has obvious privacy concerns (the Electronic Frontier Foundation and Asian Law Caucus have filed suit to force the disclosure of CBP policies in this situation, including which rules govern the seizing and copying of the contents of electronic devices), it also has serious ramifications for us as security professionals.  What controls will we need to implement and enforce if this practice is found to be acceptable and becomes more common?

 - Andy Brinkhorst

This is a short post that will be followed by a longer post soon.  I am concerned that Google’s great revenue and success is based on botnet-based click fraud to a much greater degree than is commonly known.  I am getting a lot of anecdotal information that doesn’t add up and am looking into this more.  This could be the Enron of the Internet.  If you have click fraud stories send them to jim@reavis.org.

By Jim Reavis

This is only a rumor, if it were an actual event you would be instructed by the authorities where to redeem your SYMC stock.  Multiple Friends of Risk Bloggers have told me that Symantec has been in talks with investors over their strategic options, with the most likely outcome (if anything happens) being a move to go private!  Stepping out of the public markets would likely accelerate the massive industry shakeup we have been seeing, it may soon become pointless to have information security indices if we don’t have stocks to track.

I want to stress that the FoRBs (Friends of Risk Bloggers - of course) are not insiders with Symantec, I am certainly not an insider, my investments consist of a little dirt and contributing to my doctor’s 401k.  However, they are smart people who do pay attention.  Symantec’s stock has been up and down of late, I think John Thompson is a great CEO and has made some very smart moves to beef up their enterprise solutions, perhaps a couple of years sans SOX will allow the execs to focus more on the business and aligning their healthy security and storage product portfolio with market needs.

We can be certain that the megadeals we have seen in information security are not over.  I would certainly think that since Google bought Postini, MessageLabs will get picked up soon, I would assume their Star Technologies Services spinoff announcement in June was the necessary precursor to get a deal done.

I hope to see a bunch of you at BlackHat, with all the M&A going on, we can play musical nametags! 

By Kurt Seifried (kurt@seifried.org)

This is one of those things that we have all experienced, but like the back of our own knee we don’t have a specific word to call it.

Continue Reading »

As reported by chron.com:

SAN JOSE, Calif. — BT Group PLC, the former British telecom monopoly, said Wednesday it bought Silicon Valley-based Counterpane Internet Security Inc. to boost its computer security services for corporate customers.

Financial terms were not disclosed.

Continue Reading »

By the baltimoresun.com:

Sourcefire Inc., the Columbia network security company that started in its founder’s living room and has since grown to a 174-person business, said yesterday that it plans to go public.

Read the full article here.

Continue Reading »

Traditionally we have seen the majority of computer security research being aimed at remotely available network services, or at local vulnerabilities in privileged applications that allow for privilege escalation.

But like all things, times are changing. Recently there has been a serious spate of vulnerabilities found in various file formats, with Microsoft Office documents proving especially vulnerable to exploitation. Now there is a new kid on the block.

Continue Reading »