The biggest story of the RSA Conference 2008 meeting of security professionals yesterday (opening day) was Department of Homeland Security Secretary Michael Chertoff's keynote address. He said that enhancing cybersecurity is a major focus for this year. He talked about a national cybersecurity initiative "that would be almost like a Manhattan Project to defend our cybernetworks." He promoted a partnership between the federal government and businesses to fight cybercrime. He encouraged private enterprises to take advantage of what government has learned in its fight against cybercriminals and to send their "best and brightest" to work in government cybersecurity efforts. You can view this and any of the other keynote addresses here.
The liveliest presenter award goes to Dan Kaminsky for his talk "Black Ops of Web 2.0: DNS Rebinding Attacks." He introduced his grandmother, who was in the audience and had brought some baked goods for attendees to enjoy, thus enabling Dan to inform the audience that he had "session cookies." Here's the essence of the talk, as described in the session abstract: "At the root of web security is the same origin policy, which allows most resources to communicate with each other only if they come from the same host name. But one name can be mapped via DNS to many IP addresses, some local and others not. The effect? You come to my page, I VPN onto your LAN. And that's only the beginning." If you want to learn more about this vulnerability, keep an eye out at Dan's Web site, where he said he'd post the session slides.
The most passionate security educator prize goes to Paul Ducklin of Sophos. We scoured the Moscone Center in San Francisco for a quiet spot with an electrical outlet for Paul's laptop so he could demo a couple pieces of malware for me. (Note that he did not connect wired or wirelessly to the Internet--he created a self-contained network on his machine--to avoid inadvertently spreading the bad stuff to others.) I came away convinced of how easy it is to become the victim of a malicious Web site--for example, to be duped into providing authentication credentials to a fake banking site. Sophos recently announced Sophos Endpoint Security and Control 8.0, which added Network Access Control (NAC) technology to the product's antivirus, antispyware, host intrusion prevention, application control, and firewall capabilities.
In a meeting on the RSA Expo floor, Larry Bridwell and Karel Obluk of AVG Technologies reinforced how prevalent infected Web sites are becoming by showing me the results of a Google search (I forget the search topic, but it was pretty innocuous) on a computer protected by AVG Internet Security 8.0. Red flags marked multiple sites containing suspicious content. Scary! AVG announced the availability of AVG Internet Security 8.0 Network Edition yesterday at the conference. The 8.0 versions of the standalone and network AVG Internet Security products incorporate the LinkScanner technology that AVG acquired in its Exploit Prevention Labs purchase late last year.
Microsoft 's keynote speech featured Craig Mundie engaging in a "fireside chat" with Chris Leahy about end to end trust. Microsoft also released a white paper on that topic. And Microsoft's Ryan Hamlin and Josue Fontanez briefed me about yesterday's release of the first public beta of Microsoft Forefront "Stirling," the code name that encompasses new versions of Forefront Client Security, Forefront Security for Exchange, Forefront Security for SharePoint, and Forefront Threat Management Gateway (formerly Internet Security and Acceleration (ISA) Server) and a management console that will be used for all the Forefront products. Ryan emphasized that the console is intended to differentiate Stirling from other security products on the market, integrating the different components and bringing down the cost of ownership by making them easier to manage. Josue demonstrated Stirling's "dynamic response" capabilities, which let an administrator define any specific security policy's response plan (including the taking of an immediate action). A beta "refresh" should occur by the end of the year, and the general availability of the Stirling console and components is targeted for mid-2009.
And finally, CrossTec's Jeff Richards brought me up to date on the Activeworx product line. CrossTec announced the release of Activeworx 5.0 yesterday, which adds the Activeworx Log Center standalone log storage solution to the Activeworx line. The other products in this line are the Activeworx Enterprise unified security incident and event management (SIEM)/log management solution and the Activeworx Security Center standalone SIEM tool. When I looked this morning, information about Activeworkx 5.0 wasn't on the CrossTec Web site yet, but I’m sure it will show up there soon
