Apple releases Security Update 2010-005 for Mac OS X



Apple today released a security update for Mac OS X. Security Update 2010-005 weights 84 MB and it available through Software Update. Apple fixes the following with the update:

ATS:

CVE-ID: CVE-2010-1808: Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4.

Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

Symantec closes Verisign security deal

INSECURITY OUTFIT Symantec has closed its $1.28 billion acquisition of Verisign's identity and authentication business.

Now that it has bought Verisign, Symantec is close to doing some serious work in SSL Certificates, Public Key Infrastructure and other online trust and identity technologies.


However it should make a real killing flogging SSL certificates along with its security products, which will mean that customers will have a one stop shop for Internet security. This is particularly important for online transaction services.

Enrique Salem, president and CEO of Symantec said that enterprises and consumers expect simple and secure access to information from any device, protection from identity fraud, and online experiences that are user-friendly and hassle-free.

He said that the combination of Symantec's leading security solutions with Verisign's security products, services and recognition as the most trusted brand online puts Symantec in a strong position.

Symantec plans to integrate Verisign technologies with its array of endpoint security and data loss prevention products.

Symantec might weave Verisign SSL technology into its products like Critical System Protection and Protection Suite for Servers to bolster the security of customers' web servers and increase trust levels during financial and other sensitive transactions.

Symantec said it plans to incorporate Verisign technologies into its data loss prevention products to ensure that only authorised users can access certain types of information.

Symantec has been buying up companies like a mad thing this year, taking some key names like PGP and Guardianedge into its stable.

Credit: Original Source

Chrome extension forces secure Google searches


Google SSL Web Search adds encrypted Google search to Chrome's list of search engines.

Google now offers an extension for Chrome that automates the process of adding the secure Google search site as a search engine to the Chrome 6.x branch. Google SSL Web Search is an extension, still in beta, that works with Chrome 6.0.419.0 and later on Windows and Linux computers.

SSL Secures Website seal

This columnist absolution provides affluence of advice about defended your website allowance and account of SSL Certificates to assure your eCommerce website.

CLICKSSL.COM currently offers a chargeless Defended Website Allowance to all SSL Certificates Customers, which helps them to brainwash web visitors on the secures technology they apply to assure adjoin phishing attacks and eavesdropping. secures Website Allowance acutely shows that the affairs performed on the website are deeply encrypted by arch SSL technology. When aggregation bang on SSL website seal, it displays website secures information.

If you accept installed accurate amount SSL (Organization Absolute SSL Certificate) again you can appearance Accurate Website Seal. This shows organizations data such as area name, business name, abode and etc. This way you can accord your website visitors visible, real-time affirmation that the website is accurate and protected.

Visitors like alone user affable and arresting things to see on website. Now if you accept installed SSL Certificates on website and you do not affectation SSL secures Website Allowance again some visitors may jump out from your website. SSL secures Website is a cast image, abnormally for online arcade barrow websites.

You should be acquainted of SSL secures Website Allowance use and misuse. Following are few abetment on abusage of SSL secures Website Seal.

Who should affectation SSL secures Website Allowance on website?

1. If you accept installed absolute SSL Certificates on your website, again alone you can use SSL secures Website Seal.

Who should not affectation SSL secures Website Allowance on website?

1. If your website is not installed SSL Certificates and you affectation SSL Website allowance again it is diddle.

2. If you accept purchased SSL Certificates but did not install on website and you affectation Website Allowance again it is diddle.

3. If you accept already installed SSL Certificates but SSL Certificates authority is asleep and you affectation SSL secures website allowance again it is diddle.

4. If you accept SSL purchased for one of your aggregation website and you affectation SSL secures Website Allowance on all aggregation website, again it is diddle.

5. You can affectation SSL secures Website Allowance on SSL Certificates installed website.

Warning:

SSL secures Website Allowance abusage is diddle and anyone (SSL Provider /Reseller / Issuer / Customer / Visitor) can affirmation for this diddle. As they can accept that either you abundance claimed advice like Credit Card amount and protect code, username, password, credential information.

For added advice on the new website allowance service, amuse visit: ClickSSL.com

Attacking the edges of defended Internet traffic

Researchers accept baldheaded new means that abyss can spy on Internet users even if they're application defended admission to banks, online retailers or added acute Web sites.

The attacks approved at the Black Hat appointment actuality appearance how bent hackers can detect about the edges of encrypted Internet cartage to aces up clues about what their targets are up to.

It's like borer a blast chat and audition deadened choir that adumbration at the accent of the conversation.

The botheration lies in the way Web browsers handle Defended Sockets Layer, or SSL, encryption technology, according to Robert Hansen and Josh Sokol, who batten to a arranged allowance of several hundred aegis experts.


Encryption forms a affectionate of adit amid a browser and a website's servers. It scrambles abstracts so it's awkward to prying eyes.

SSL Certificate is broadly acclimated on sites trafficking in acute information, such as acclaim agenda numbers, and its attendance is apparent as a padlock in the browser's abode bar.

SSL is a broadly attacked technology, but the admission by Hansen and Sokol wasn't to breach it. They capital to see instead what they could apprentice from what are about the breadcrumbs from people's defended Internet surfing that browsers leave abaft and that accomplished hackers can follow.

Their attacks would crop all sorts of information. It could be almost minor, such as browser settings or the amount of Web pages visited. It could be absolutely substantial, including whether anyone is accessible to accepting the "cookies" that abundance usernames and passwords misappropriated by hackers to log into defended sites.

Hansen said all above browsers are afflicted by at atomic some of the issues.

"This credibility to a beyond botheration” we charge to amend how we do cyber banking commerce," he said in an account afore the conference, an anniversary acquisition adherent to advertisement the latest computer-security vulnerabilities.

For the boilerplate Internet user, the analysis reinforces the accent of accepting accurate on accessible Wi-Fi networks, area an antagonist could bulb himself in a position to attending at your traffic. For the attacks to work, the antagonist accept to aboriginal accept admission to the victim's network.

Hansen and Sokol categorical two dozen problems they found. They accustomed attacks application those weaknesses would be harder to cull off.

The vulnerabilities appear out of the actuality humans can cream the Internet with assorted tabs accessible in their browsers at the aforementioned time, and that apart cartage in one tab can affect defended cartage in addition tab, said Hansen, arch authoritative of consulting close SecTheory. Sokol is a aegis administrator at National Instruments Corp.

Their allocution isn't the aboriginal time advisers accept looked at means to abrade defended Internet cartage for clues about what's accident abaft the blind of encryption. It does aggrandize on absolute analysis in key ways, though.

"Nobody's accepting afraid with this tomorrow, but it's avant-garde research," said Jon Miller, an SSL able who wasn't complex in the research.

Miller, administrator of Accuvant Labs, accepted Hansen and Sokol for demography a altered admission to advancing SSL.

"Everybody's animadversion on the foreground door, and this is, 'let's yield a attending at the windows,'" he said. "I never would accept anticipation about accomplishing something like this in a actor years. I would accept anticipation it would be a decay of time. It's accurate because it's a little different."

Another accepted allocution at Black Hat anxious a new advance affecting potentially millions of home routers. The advance could be acclimated to barrage the kinds of attacks declared by Hansen and Sokol.

Researcher Craig Heffner advised 30 altered types of home routers from companies including Actiontec Electronics Inc. and Cisco Systems Inc.'s Linksys and begin that added than bisected of them were accessible to his attack.

He tricked Web browsers that use those routers into absolution him admission authoritative airheaded that alone the routers' owners should be able to see. Heffner said the vulnerability is in the browsers and illustrates a beyond aegis botheration involving how browsers actuate that the sites they appointment are trustworthy.

The admonition is he has to aboriginal ambush anyone into visiting a awful site, and it helps if the victim hasn't afflicted the router's absence password.

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites