Acquisitions, Social Networking and Other Security News from the Week

 
 
By Brian Prince  |  Posted 2010-09-05
 
 
 

Acquisitions, social network security and Google privacy were among the top items on the menu in IT security news this past week.

CA Technologies started the week off by announcing plans to purchase Arcot systems for its fraud prevention technology. Arcot develops software-based digital signature and identity tools for securing online transactions. According to CA, the plan is to mix Arcot's capabilities with its identity and access management solutions, specifically the CA SiteMinder portfolio.

Meanwhile, 3M made a big investment in biometrics security with an agreement to purchase Cogent Systems for roughly $943 million.

"Adding Cogent Systems' products to our business strengthens our product portfolio and services in high security credential issuance and authentication systems and positions 3M's business in law enforcement applications," said Mike Delkoski, vice president and general manager of 3M's Security Systems Division, in a statement. "It also expands our reach into access control and other commercial ID and authentication applications."

In the realm of social networking, Facebook added a remote log-out feature to bolster security for users. Anyone who logs into the site from one device and fails to log out will be able to use the feature to log out remotely from another device. The capability builds on features the site added in May, and will be rolled out to users gradually during the coming weeks.

"Facebook, in particular, has had problems keeping accounts secure," Forrester Research analyst Chenxi Wang told eWEEK. "So anything they can provide to their users to make account breaches more difficult is a good thing to do. I also like the fact that they are making it available (the new functionality that is) by default, rather than an option that you have to enable."

In addition, Twitter finished its migration to OAuth, meaning third-party Twitter applications will now all use the technology for authentication. OAuth differs from basic authentication in that it does not require applications to store user credentials and send them over the Internet when the application is used.

Security researchers were also busy during the week. Security vendor Zscaler uncovered that it is possible to abuse the WebScan functionality in some Hewlett-Packard all-in-one printers for corporate espionage. Microsoft also issued a new "Fixit" solution to help administrators deal with DLL loading problems believed to impact scores of applications running on Windows.

In a joint blog post, MSRC Group Manager Maarten Van Horenbeeck and Jonathan Ness of the MSRC Engineering team noted that "to be exploited, a victim would need to browse to a malicious WebDAV server or a malicious SMB server and double-click a file in the Windows Explorer window that the malicious server displays."

"Unfortunately, based on attack patterns we have seen in recent years, we believe it is no longer safe to browse to a malicious, untrusted WebDAV server in the Internet Zone and double-click on any type of files," they added.

Google also closed the week out with the declaration that it was updating its privacy policies in the name of simplicity. The company is deleting 12 product-specific privacy policies as well as portions of its main policy that have been judged to be redundant. The changes will go into effect in October, and they come at a time when Google has taken its share of hits regarding privacy issues.

"Even taking into account that they're legal documents, most privacy policies are still too hard to understand," blogged Mike Yang, associate general counsel at Google. "So we're simplifying and updating Google's privacy policies. To be clear, we aren't changing any of our privacy practices; we want to make our policies more transparent and understandable."


Rocket Fuel