Security Web Digest: Secure DNS Spec Close To Release ... and More

New Small And Medium-Business anti-spam/anti-virus products from Trend Lax system security at US Treasury Department Consultant warns of security flaws in PeopleSoft products


The Internet Engineering Task Force is close to releasing a security mechanism for authenticating data moving across the Internet. DNS-Sec, which stands for domain name system-security, places a digital signature on each domain name and corresponding IP (Internet protocol) address stored in a DNS server. A browser requesting the IP address of a domain name, such as, would need technology defined in the spec for verifying that its getting the right address for the domain name, making it difficult for spammers and virus distributors to use bogus address headings.

SMB Market

Trend Micro Inc. this week introduced three new security products designed to provide comprehensive virus and spam protection for small- and medium-sized businesses. The company said the software updates itself every hour, on the hour. When installing the Trend Micro software, any non-Trend Micro anti-virus programs will be removed from PCs.


The Internal Revenue Service (IRS), and other Department of Treasury agencies, continue to have "material weaknesses" in security controls designed to protect the confidentiality, integrity and availability of their systems, a new General Accounting Office (GAO) report concludes. The security weaknesses identified at Treasury include all six general control areas addressed in the GAOs information security audit methodology, including security program management, access controls, software development and change controls, segregation of duties, operating systems controls, and service continuity. Treasurys bureaus have 708 information systems supporting its operations with a centralized data communications network and management system interconnecting networks and systems at the bureaus and departmental offices.


A security consultancy warned PeopleSoft users last week of serious vulnerabilities in the ERP and CRM vendors PeopleTools development application. Corsaire Ltd. of Surrey, England, reported the flaws in the PeopleSoft iScript component of PeopleTools as well as the PeopleBooks Search CGI application. The flaws could lead to leaks of sensitive data and system crashes, and they could enable remote access of files.