Security Web Digest: FW-1: The Next Generation, Patent Suit Against Visa, Writing Down Passwords...

New web security appliance from Ositis... Vulnerability Assessment Tool From Symantec... E-mail management tool works with existing infrastructure... and more from around the web


Authentica upgraded its technology designed to provide secure e-mail and file delivery last week. Authentica SafeRoute 3.0 is designed to allow enterprises to centrally manage and control corporate e-mail without disrupting existing messaging infrastructure ore requiring cumbersome steps for users. The technology includes built-in rights management to allow enterprises to control documents after they have been received as e-mail.

A new generation of firewall technology from Check Point Software Technologies will protect against attacks directed at applications, the company announced Monday. Check Point Next Generation with Application Intelligence adds new capabilities to Check Points FireWall-1 product, enabling it to actively protect applications behind the firewall such as Web servers, e-mail servers and Domain Name System servers. The new features enable FireWall-1 to thwart attacks concealed in common application protocols such as HTTP, FTP and SMTP, the company said. Incoming traffic can be validated for compliance to protocol standards and typical usage, and traffic can be blocked from forbidden network programs such as instant messaging or peer-to-peer file-sharing systems.

Ositis recently introduced a security appliance combining anti-virus, anti-spam and web filtering in a single device. The eShield Network Security Appliance sits between the firewall and the company network, scanning all network traffic inbound and outbound, with virus scanning on major protocols including HTTP, FTP, SMTP, News, IMAP, Socks and POP3.

Symantec on Monday announced the release of Symantec Vulnerability Assessment, which provides greater control of the network infrastructure through the identification and prioritization of vulnerabilities and by providing extensive information on remediation actions, the company said in a statement. "Symantec documented more than 2,500 new vulnerabilities over the past year, an 81.5 percent increase over 2001," said Ronald Van Geijn, director of product management at Symantec. "Unfortunately, many organizations are unaware of the vulnerabilities in their systems and applications, and are unable to determine if the identified vulnerabilities have been resolved."


Visa USA and Visa International Service Association were sued by two technology companies who allege that the credit card companies stole their patented technology for authenticating credit card holders in online transactions. and VIMachine said they shared information on a patented payer authentication technology with Visa and that Visa subsequently filed its own application for a patent based on that information. The companies also said Visas payer authentication service, VPAS, infringes on their patented technology, according to a copy of the complaint filed Thursday in the U.S. District Court for the Northern District of Texas.

Two-thirds of corporate computer users admit to writing down IT access passwords at least once, according to a survey from "Once an end user writes down the password, the potential for a breach of business-critical data and applications jumps considerably," said Jeff Laubhan, senior product marketing manager at Rainbow Technologies. According to the study, 75 percent of all companies require end users to change passwords at least every 13 weeks.