Yesterday I published a quick TidBITS article on the QuickTime RTSP vulnerability. It’s a true 0day, with exploit code in the wild and no patch available. At the time, the proof of concept code was only for Windows, but over at Milw0rm it’s been updated to include Macs. The original CERT advisory is here.
Iron Mountain has lost their fair share of backup tapes over the years. Enough to end up in the headlines more than once, but it hasn’t seemed to affect their business. Heck, they even issued a press release calling for their clients (and everyone else) to encrypt their tapes.
I’ve been a little slow on blogging due to a couple of killer deadlines, but things should be getting back to normal here over the next few days. Much to my surprise, this independent consulting thing is actually working out!
Author’s Note: This was originally posted last year, but nothing ever changes:
Backup
Backup
Backup
Did I say backup yet?
Based on the comments in my last post on DAM, especially the one from Mike Spiers, I want to make it clear that if you are performing Database Activity Monitoring it should be owned and managed by security.
I’m heading out to San Mateo and possibly Palo Alto next week, with a couple openings Thursday afternoon if anyone is around.
Uh Oh.
According to this article in CRN, encryption vendor Neoscale is insolvent and no longer selling maintenance contracts.
NeoScale has stopped selling maintenance contracts for its data encryption appliance, effectively killing the line, while exploring “strategic alternatives” in the wake of the bankruptcy of storage VAR MTI, one of its largest solution providers. That “strategic alternative” could be an acquisition of all or part of the company by storage and security giant EMC…
Back in the comments to one of my posts on Database Activity Monitoring, Rani asked the question of who should own DAM? I’m going to expand the question to cover all of database security.
As most of you have probably figured out by now I tend to expend a lot of hot air trying to define DLP/CMF/CMP (Data Loss Prevention, Content Monitoring and Filtering, or Content Monitoring and Protection). I often take vendors to task for abusing the terms, since they are just increasing market confusion.
Apple just released an update to Leopard, version 10.5.1.
The support document says the following:
Addresses a code signing issue; third-party applications can now run when included in the Application Firewall or when whitelisted in Parental Controls. In Security preferences’ Firewall tab, the “Block All” option is now called “Allow Only essential services”