Making Xen virtualization safer with XenAccess

I just came across this post by Rich Miller, pointing to the XenAccess, a potentially valuable open-source project that aims to bring VMsafe-esque capabilities to the Xen project.

Hatched at Georgia Tech in 2007, the project hasn't been moving very fast, but perhaps its time has come? That depends on the importance of VMsafe, to some extent. As for VMsafe:

VMware VMsafe is a new security technology for virtualized environments that can help to protect your virtual infrastructure in ways previously not possible with physical machines.

VMsafe provides a unique capability for virtualized environments through an application program … Read more

Russia and Georgia continue attacks--online

Researchers studying botnets have reported an increase in attacks on Georgian Web sites, including that of the country's president, within the last two weeks. While the attacks--Web site defacement and denial-of-service packet floods--are reminiscent of the Internet attacks waged against Estonia in May 2007, Jose Nazario, security researcher for Arbor Networks, told CNET News that he's seeing evidence that Georgia is apparently fighting back, attacking at least one Moscow-based newspaper site.

As to the source, Nazario said that "almost all of the attacks are broadly and globally sourced. One attack appears to be very narrowly focused, possibly … Read more

Microsoft fixes 26 flaws with 11 patches; six are critical

Microsoft on Tuesday released its August 2008 security bulletin. Bulletins rated "critical" concern Microsoft Access 2003 and earlier; Microsoft Word 2002 and 2003; Microsoft Excel; and Microsoft Office 2000, Microsoft Office XP and Microsoft Office 2003. A cumulative patch for Internet Explorer also is rated critical.

"Important" bulletins affect Windows Internet Protocol Security (IPsec); Outlook Express and Windows Mail; Microsoft Windows Event System; Windows Messenger; and Microsoft PowerPoint. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-041: Critical

Titled "Vulnerability in … Read more

Practice safe browsing with ZoneAlarm ForceField, and get it free (today only)

ZoneAlarm ForceField is a new security utility that promises bulletproof protection against browser-related threats. It normally sells for $29.95, but Check Point Software is offering it absolutely free, today only, as part of a Patch Tuesday promotion.

The software relies on a technique called "virtual browsing" to protect your PC against unauthorized downloads, malware installations, phishers, keyloggers, and the like. It also promises total privacy by erasing the (virtual) browser's cache, cookies, history, and passwords. According to Check Point, the program won't interfere with any existing security software you might already have.

I haven't … Read more

Google's Keyczar designed to make cryptography easier

Google on Tuesday announced Keyczar, an open-source project to help developers select and use safe cryptography in their applications.

Built on OpenSSL, PyCrypto, and the Java JCE libraries, Keyczar supports authentication and encryption with both symmetric and asymmetric keys. It simplifies some of the details by choosing safe defaults and automatically tagging outputs with key version information. Keyczar also provides a simple interface.

The project provides developers with a simple API, key rotation and versioning, and safe default algorithms, modes, and key lengths.

A "nongoals" page proclaims what Keyczar is not. For example, Keyczar is not designed to … Read more

Buzz Out Loud 785: Don't cross the Olympic streams

We tried to give NBC the benefit of the doubt when it comes to Olympic streaming, but then we tried it. And it's ridiculous. Also, we wonder if the iPhone makes you fat, even as it fattens Steve Jobs' wallet. We also discuss the technicalities of invisibility cloaks, and opt-out of Obama's aggressively hip Internet outreach campaign.

Listen now: Download today's podcast EPISODE 785

Defcon ends with researchers muzzled, viruses written

Judge orders halt to Defcon speech on subway card hacking

Apple hits 3 million … Read more

Thwart laptop theft

This simple executable will sound an alarm through your laptop's speakers when certain activities occur, helping to thwart laptop theft. Laptop Alarm's four-check-box interface takes seconds to set. An option pop-up is as easily set to control mouse sensitivity and set a program password.

Operating Laptop Alarm is a snap. Users merely run the executable and set the alarm to sound if the laptop loses power, the system is shut down or logged off, if the USB mouse is unplugged, or if the mouse moved. Testers found the program accurate with no false alarms. There's no method … Read more

CNET News Daily Podcast: Journalist-on-journalist hacking at Black Hat

In what's being regarded as a total breach of professional ethics, three reporters from Global Security Mag were removed from the Black Hat security conference in Las Vegas on Thursday after attempting to expose the username and passwords of two reporters in attendance, including a CNET News employee. The magazine was a co-sponsor of the event, but the three parties responsible were asked to leave and barred from all future events, including this weekend's DefCon. For more detail, see the accounts from CNET News' Elinor Mills and Robert Vamosi who are in Vegas now.

Listen now: Download today's podcastRead more

Column: Raising Cain at Black Hat

LAS VEGAS--On the second day of the Black Hat security conference, a trio of journalists turned on other journalists within the press room.

This was my ninth Black Hat in nine years, and I have lived in dread year after year that such a headline would affect me. On Thursday, CNET News was named as one of the two organizations "hacked," but I disagree that any such hack occurred.

Just before noon on Thursday, a trio of reporters from Global Security Mag sat in one of the two press rooms at Black Hat. Both rooms have a wired … Read more

Facebook's new worm turns your friends into enemies

Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.

This particular worm on Facebook is highly insidious:

The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a … Read more