Virtualization is making it more difficult to patch and upgrade applications on virtual machines as well complicate network access controls.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=301232&source
=rss_topic17
[Editor's Note (Valle): We know that virtualization can be used for sand-boxing applications to test for malware and also create safe web browsing environments. Here is the flip-side of that technology.]
A great article at Searchsecurity.com from Ed Scoudis on programs every security analyst should have in their tool kit.
http://searchsecurity.techtarget.com/tip/0,289483,
sid14_gci1270735,00.html?track=sy320&asrc=RSS_RSS-10_320
[Editor's Note: (Valle): I am seeing an interesting trend when I do my weekly research for articles on my RSS reader of 90+ security feeds. I see that Searchsecurity.com's feed usually has only 1 or 2 articles (where the other feeds usually average about 20 posts a week) but I invariable pick one of their articles to post to this blog. Keep up the great work searchsecurity and especially Ed Scoudis!]
Here is a good presentation that shows some of the vulnerabilities that were exposed at the Black Hat conference.
http://www.eweek.com/slideshow/0,1206,a=213412,00.asp
Editor’s Note (Valle): We continue to see how the Internet’s beneficial attributes (distributed, redundant, open architecture, etc) are turned into critical vulnerabilities that have even the best security minds perplexed.
This is a great article on how some strong authentication techniques can actually make it easier for cybercriminals to rip you off if they are able to get an in-line proxy between you and your financial institution (aka man-in-the-middle attack)
http://www.darkreading.com/document.asp?doc_id=131191
Editor’s Note (Valle): Ever since I saw a company named TriCipher at a local ISSA meeting use a man-in-the-middle attack against a Charles Schwab account that was using two-factor authentication I have been wary of financial institution’s “secure” solutions.
