ArcSight Up For Sale

Very unusual, security software company ArcSight has put itself up for sale with a $1.5 billion price tag.  The tactic of ‘asking’ for bids is possibly a sign that ArcSight believes it can get better offers with a little publicity.  In fact, many companies tout themselves as open to bids before being sold.

The report comes form TechWorld via the Wall Street Journal.  To put this into perspective, as recently as 25 August the company’s share price was trading at around $28, and this pricetag places its value at about $36.  The Journal speculates that HP, EMC, Oracle and CA are possible bidders.  There are only a handful of companies that could come close to meeting the price tag.  Security companies are suddenly popular buys, appearing relatively cheap to larger companies coming to the realization that security is one set of technologies that enterprise vendors can no longer be without.



Microsoft “DLL Preloading” Security Advisory Released

Microsoft has released Security Advisory 2269637.  This advisory is different from most others as it’s not directly related to specific vulnerabilities in Microsoft products.   This is their official guidance in response to recently released security research that outlined a new, remote vector for a well-known class of vulnerabilities known as DLL preloading or “binary planting” attacks, as well as a mitigation strategy against exploitation of this vulnerability in the form of a tool that can be configured to disable the loading of libraries from network shares.  Microsoft is also currently conducting a thorough investigation into how this new vector may affect their products.

Microsoft TechNet Blog

FREE Microsoft Security Compliance Manager Updated

Microsoft has issued an update of its Security Compliance Manager tool, which helps IT pros set security policies for Microsoft software.  The update improves over the initial April release by including documentation and guidance materials within the tool.  Security Compliance Manager is a free Microsoft “solution accelerator” that works with Microsoft’s System Center Configuration Manager 2007 management product.  It’s considered to be the next evolution of the Microsoft Security Compliance Management Toolkit series.

IT pros can use the tool to download recommended security baseline configuration settings for a number of key Microsoft products, including Windows 7,  XP, Vista, Server 2003, Server 2008, Internet Explorer 8 and Office 2007.  The desired configuration management (DCM) feature monitors server or client computers against a single or multiple security baselines, the Guide states. 

In addition to enabling custom security settings, the tool can be used to check how closely an organization’s existing security settings match up with Microsoft’s best-practice recommendations.  The tool runs on Windows 7 and Windows Vista Service Pack 2.  It’s FREE, and I like free tools…

Microsoft Downloads

Intel Buying McAfee for $7.68 Billion

It came as a surprise to me to learn today that Intel has laid out plans to acquire security firm McAfee.  It makes perfect sense, yet it makes absolutely no sense at all…

I have to agree with Juan Santana CEO of Panda Security; “It is an unexpected move that highlights the importance of IT security and underscores the health of the industry going forward.  In a world where most appliances and gadgets that consumers use have some kind of Internet connectivity, security becomes a differentiator.”

John Hering, Lookout CEO:  “Intel’s acquisition of McAfee signals to the industry that smartphones and other connected devices are joining the web of devices we trust with critical data and that these devices need to be protected.  We have seen threats rising across the major mobile platforms and expect this trend to increase as mobile devices continue to become the dominant computing platform.”

Andrews Storms, nCircle Director of Security Operations:  “Security needs to move away from software and into hardware, so this move makes perfect sense.  Other hardware vendors, including HP, have been buying security companies lately; watch out Cisco!”

To me it makes less sense, historically.  Intel has done well serving its roots as a dominant player in the processor development sector.  It has not in my opinion, done so well in previous software offerings.  Is LANdesk still around?  Anybody actually using it?  [Wikipedia says “LANDesk software is used to manage over 250 million desktops, servers and mobile devices.” but also notes that it is expected to be sold off “sometime in 2010”]

Intel has been getting more involved in the mobile device market, though.  It is working on “Meego” with Nokia, an OS for netbooks, tablets, and smartphones.  I guess this will solidify their secure offering in this space.  McAfee did recently pick up a few nice acquisitions of their own recently, like  Trust Digital and TenCube, both of which deal in mobile security.   Trust Digital provides enterprise protection for iPhones and such, and TenCube makes WaveSecure, consumer targeted security software for Android, Blackberry, Symbian, and Windows Mobile phones. 

The press release states: “The acquisition reflects that security is now a fundamental component of online computing. Today’s security approach does not fully address the billions of new Internet-ready devices connecting, including mobile and wireless devices, TVs, cars, medical devices and ATM machines as well as the accompanying surge in cyber threats. Providing protection to a diverse online world requires a fundamentally new approach involving software, hardware and services.  Inside Intel, the company has elevated the priority of security to be on par with its strategic focus areas in energy-efficient performance and Internet connectivity.”

with any luck at all, Intel will begin integrating security mechanisms into hardware at the chip level, introducing a series of checks and balances on processes and threads as they are passed through the computer systems, and tilt the playing field in favour of the GOOD GUYS for a change!  I just hope that Intel doesn’t destroy ePO.  This is definitiely the one thing that McAfee did well, integrate their product offerings to be managed from a single point.  Sweet dreams, little security-boy, sweet sweet dreams…

Intel Announcement

NetworkWorld Article

2010 Banking Incident Count

There have been 41 data breaches involving financial institutions so far in 2010.  In contrast, there were 62 such incidents in all of 2009, according to Bank Info Security.

It isn’t the number of incidents that concerns Linda Foley, head of the Identity Theft Resource Center, which tracks these breaches. It’s the trend of corporate account takeover resulting from ACH and wire fraud.  “There hasn’t been a lot of outreach to the business community on this threat.  They need a list of ‘What to do to protect your business account, now” Foley says.

Another area of concern to Foley is the pattern of retail merchants and restaurants being hit by fraudsters.  “There may be a pattern or common cause here, thus the Secret Service is following the trail,” she says.

For a complete look at the year’s financial services-related breaches, view this timeline of incidents, breaking them down by month and type of breach.

Adobe ColdFusion Vulnerability Worse Than Expected

The recently patched vulnerability in Adobe’s ColdFusion application server may be more serious than previously thought following the public release of exploit code and blog posts claiming it can be used to take full control of systems running the software.

Last week’s bulletin published by Adobe rated the directory traversal vulnerability “important,” stating that the directory traversal vulnerability “could lead to information disclosure”.  At least 2 researchers have said the security vulnerability should have been rated critical because it allows attackers to seize control of servers.  The vulnerability provides the ability to download files, extending to the ColdFusion server’s password file, giving an attacker the ability to take control of the server and potentially infect visitors with malicious software, according to the post on the GnuCitizen blog.  Attackers can employ simple web searches to find administrators who have carelessly exposed ColdFusion files that make the attacks much easier to carry out. 

An attack using this vulnerability can lead to a full system compromise.   It is not just that you can poke around the system files of the machine you’ve attacked, it also offers the ability to upload scripts that can compromise the system, or even poke around the database natively.   The flaw affects version 9.0.1 and earlier of ColdFusion for machines running Windows, Mac OS X, and Unix operating systems.  

More than 12,000 companies still use the Web application platform on more than 125,000 servers, including BMW, Bank of America, and AT&T.

Adobe Patch

5M? Network Solutions Hosted Malware Sites

Between 500,000 and 5 million websites hosted by Network Solutions are believed to have been compromised, presenting a widget designed to help small business to build websites, and in fact, serving up malware to visitors.  The widget was installed by default on all “parked sites”, which are sites that have been registered to reserve the site name, but lacking owner-provided content.   The widget allowed each infected domain to be turned into a drive-by attack site.  In addition, the Network Solutions domain “” was compromised with a shell script.

Network Solutions disabled the “Small Business Success Index” widget in parked domains and offered this:  “… The number of impacted pages that have reported publicly over the weekend are not accurate. We’re still investigating the number of web pages affected.  If you have downloaded the GrowSmartBusiness widget to your website, we recommend you delete that widget and scan your site for malware.”  Application security firm Armorize, which was the first to warn of the attack, traced the flaw back through a series of compromises involving DNS manipulation and WordPress hacking, dating back to January.;title