Drumss Site

At the 3GSM event in Barcelona, Digital infrastructure specialist VeriSign has showcased new technology designed to enable businesses to easily and securely deliver, manage and bill for mobile content. The firm`s Intelligent Portal Services will enable media firms to create their own customized storefronts to sell content through mobile devices. The Intelligent Content Delivery Network, meanwhile, is a customizable rich media delivery network tailored for media and entertainment companies. VeriSign also demonstrated a new end-to-end mobile payment solution that will allow service providers to roll out services enabling their customers to transfer funds between accounts and purchase from vending machines, according to the company. "The platform quickly integrates into operators` existing infrastructures, accommodating thousands of retailers and millions of transactions," explained VeriSign`s director of communication security services, Ajay Nigam. "It also enables retailers to launch targeted mobile campaigns based on individual consumer preferences." Finally, VeriSign`s Secure Mobile Device Management Service (SMDM) will enable firms to manage security on corporate mobiles with consumer and merchant authorization mechanisms, fraud detection, antiphising, on-device encryption, device locking and unlocking, secure over-the-air updates, network monitoring and virus protection, he added.

Microsoft has released its February round of security updates, complete with some long-awaited patches for its Office productivity suite of applications. This month`s Patch Tuesday addresses multiple critical fixes for vulnerabilities in both Office and Microsoft`s line of security products. Altogether, Microsoft patched 20 flaws with its current release. Eleven of the patches were labeled "critical," the highest ranking in Microsoft`s scoring system. Eight of the patches fix Office flaws, including six vulnerabilities in Word and one each for Excel and PowerPoint. While all of these patches are significant from a security standpoint, the patch called MS07-010 seems to be stealing the spotlight. MS07-010 fixes a critical bug in the malware-scanning engine used by Windows OneCare, Windows Defender, and Forefront Security and Antigen products. Hackers could exploit the flaw to take complete control of a victim`s PC by feeding malformed PDFs to the computer through e-mail. The flaw is of particular concern to analysts. "This continues the trend of malware authors targeting widely deployed Microsoft business applications and services," said Dave Marcus, security research and communications manager at McAfee`s Avert Labs. "Malware authors continue to find unknown or unpatched vulnerabilities in popular applications and services which are then used in zero-day attacks, putting both business and consumer data at risk." Security Focus The MS07-010 patch, which comes on the heels of last week`s RSA conference at which Microsoft Chairman Bill Gates delivered a keynote emphasizing the company`s focus on security, came as a surprise to some. "While this release does not contain any vulnerabilities that directly exploit the Vista core operating system, programs like Windows Defender, Antigen, and Windows Live OneCare are applications that can be installed on Windows operating systems including Vista," said Amol Sarwate, manager of the vulnerability research lab at Qualys. According to Minoo...

Researchers looking to root out computer attacks hope that speed kills. Penn State University scientists said they`ve devised new anti-worm technology that can identify and contain worms milliseconds after an attack by analyzing data packets` rate or frequency of connections, and their diversity of connections to other networks. That allows the technology they term "proactive worm containment" to react more quickly to security threats, university researchers said. "A lot of worms need to spread quickly in order to do the most damage, so our software looks for anomalies in the rate and diversity of connection requests going out of hosts," Peng Liu, a Penn State information sciences and technology professor and lead researcher on the project, said in a statement. Researchers say that many current security methods focus on "signature or pattern identification" and cannot respond fast enough to prevent worms from exploiting networks. Those approaches, they say, often miss worms that mutate automatically, bypassing the existing anti-worm controls. Penn State`s efforts, however, aren`t the only ones seeking alternatives to signatures or patterns, with varying degrees of success. Johannes Ullrich, chief research officer with the security research organization SANS Institute, cautioned that some home and small business networks might have too much innocent activity -- such as instant messaging or phone calls over the Internet -- that could be considered suspicious based on the speed of connections. And the Penn State technique won`t catch slower-spreading worms, although Liu said current technologies already pick those up.