A recap of a week of IT security news that included talk of acquisitions by CA Technologies and 3M as well as security moves by Facebook and Twitter.
Acquisitions, social network security and Google privacy were among the top
items on the menu in IT security news this past week.
CA Technologies started
the week off
by announcing plans to purchase Arcot systems for its fraud
prevention technology. Arcot develops software-based digital signature and
identity tools for securing online transactions. According to CA, the plan is
to mix Arcot's capabilities with its identity and access management solutions,
specifically the CA SiteMinder portfolio.
Meanwhile, 3M made a big investment in biometrics security with an agreement
to purchase Cogent Systems for roughly $943 million.
"Adding Cogent Systems' products to our business strengthens our
product portfolio and services in high security credential issuance and
authentication systems and positions 3M's business in law enforcement
applications," said Mike Delkoski, vice president and general manager of
3M's Security Systems Division, in a statement. "It also expands our reach
into access control and other commercial ID and authentication
In the realm of social networking, Facebook added a remote log-out feature
to bolster security for users. Anyone who logs into the site from one device
and fails to log out will be able to use the feature to log out remotely from
another device. The capability builds on features the site added in May, and
will be rolled out to users gradually during the coming weeks.
"Facebook, in particular, has had problems keeping accounts secure,"
Forrester Research analyst Chenxi Wang told eWEEK. "So anything they can
provide to their users to make account breaches more difficult is a good thing
to do. I also like the fact that they are making it available (the new
functionality that is) by default, rather than an option that you have to
In addition, Twitter finished its migration to OAuth, meaning third-party
Twitter applications will now all use the technology for authentication.
OAuth differs from basic authentication in that it does not require
applications to store user credentials and send them over the Internet when the
application is used.
Security researchers were also busy during the week. Security vendor Zscaler
uncovered that it is possible to abuse
the WebScan functionality
in some Hewlett-Packard all-in-one printers for
corporate espionage. Microsoft also issued a new "Fixit" solution to
help administrators deal with DLL loading problems believed to impact scores of
applications running on Windows.
In a joint blog post, MSRC Group Manager Maarten Van Horenbeeck and Jonathan
Ness of the MSRC Engineering team noted that "to be exploited, a victim
would need to browse to a malicious WebDAV server or a malicious SMB server and
double-click a file in the Windows Explorer window that the malicious server
on attack patterns
we have seen in recent years, we believe it is no longer
safe to browse to a malicious, untrusted WebDAV server in the Internet Zone and
double-click on any type of files," they added.
Google also closed the week out with the declaration that it was
updating its privacy policies in the name of simplicity. The company is deleting 12
product-specific privacy policies as well as portions of its main policy that
have been judged to be redundant. The changes will go into effect in October,
and they come at a time when Google has taken its share of hits
regarding privacy issues
"Even taking into account that they're legal documents, most privacy
policies are still too hard to understand," blogged Mike Yang, associate
general counsel at Google. "So we're simplifying and updating Google's
privacy policies. To be clear, we aren't changing any of our privacy practices;
we want to make our policies more transparent and understandable."