Optimal Security : the Lumension Blog

What happens to biometric and personal information when companies bite the dust? For those of you that are frequent business travelers, you have probably noticed “Clear screening lines” that promised to speed passengers through airport security checkpoints for an annual fee.  The concept was sound and there were many loyal members that enjoyed expeditious movement [...]

Over the past couple of months I’ve been looking at the “Critical Security Controls” (CSC) guidelines (previously known as the “Consensus Audit Guidelines,” or CAG). With this post, I want to explore what the Critical Security Controls are, and how they might impact organizations beyond just US governmental agencies.
The Critical Security Controls were released in [...]

Security researchers have long used dedicated reporting websites to highlight the need to secure specific applications or services by hosting hacking challenges for members of the research and hacking communities to publicly post discovered vulnerabilities. The latest challenge called “Twitpwn” will highlight newly discovered vulnerabilities and proof of concept code that involve Twitter, a micro-blogging site, but will [...]

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …
Cyberczar. Lots of discussion about the “Cyber Czar” appointment in the US (apparently the EU is contemplating something similar) … who is it going to be? [some are suggesting Scott Charney, head of Microsoft's cybersecurity division] what [...]

The iPhone community has been impatiently waiting for the release of iPhone 3.0 software since Apple’s WWDC event in early June.  Now that it is here, they should upgrade ASAP!  Along with the upgrade comes an Apple security announcement that there are 38 separate vulnerabilities in the previous versions of iPhone OS for iPhones and [...]

According to a recent advertisement posted to the user comment areas of multiple blog sites across the Internet, the cost to rent a botnet to launch a Distributed Denial of Service attacks (DDos) has fallen dramatically. One has to wonder if it is the current state of the economy or simply the expansion of the [...]

This Patch Tuesday “week” has been yet another busy period for IT administrators for flaw remediation in the IT departments.

Google Chrome released patches including a memory issues rated severity: High
Apple released patches for 50 flaws in Safari
Apple releases 10 critical QuickTime patches
Apple releases iTunes 8.2 corrects 1 vulnerability
Adobe released fixes for 13 security holes
Microsoft released [...]

As a marketer for a security software provider in this industry for a few years now, I’ve seen lots of FUD around preventing the next threat. Every vendor does it and every vendor tells you how their solution can help prevent XYZ from stealing your data or disrupting your business. In times like these where [...]

Video Blog discussing Patch Tuesday June 2009.
Read the June 2009 - Patch Tuesday Security Blog.

With all eyes turned to Apple’s Worldwide Developers Conference in anticipation of the iPhone 3G S announcement, many will miss the release of Safari 4 for Mac OS and Windows.  The headlines for Safari 4 include: “Browsing made beautiful. And smart.” “See the Web in a Whole New Way!” and “The World’s Fastest Browser” (a [...]