A third cyber-attack is planned for Japanese media giant Sony as a response to its handling of the PlayStation Network breach, Internet chatter indicates.

This is about my employer.  It is an unusually corporate market-y sounding kind of post for me.  Feel free to skip this one if you aren’t interested, I will not be offended.

It is kinda big news for some of us.  The nice folks who pay me to do all kinds of cool things, Astaro, have agreed to be purchased by Sophos.  There are a lot of questions that I have seen and heard, and some utter nonsense has been said.

BUT FIRST: I am just an employee of Astaro.  I am not a founder, owner, or senior management team member.  What follows are my personal observations and opinions.  I have no “inside knowledge” to share, and even if I did, I couldn’t.

The official press release and FAQ have the basic info.  There are several blog posts and articles about it.  My new colleague Graham Cluley over at Sophos’ Naked Security Blog did a good summary post with links to several other articles and posts.  Mike Rothman’s analysis over at Securosis is a good one.  I’m sure you can find more.  You can also find some that are off the mark.  If you read something that doesn’t make sense, please apply a little skepticism.  (If you read this blog, that should be easy for you).

I have received several questions, and I will UNOFFICIALLY answer them based on my understanding of the situation:

Q: What about the free home version of Astaro?

A: Don’t worry it is not going away.  Astaro’s management team will continue to manage the Astaro line as part of Sophos.  The home version is important to them, and to most of us in the Astaro team.  It is a key part of Astaro’s success, and a key part of building the Astaro community.  It would be silly to discontinue it.

Q: You say that now, but will it change as the product evolves? 

A: I am sure it will, and have no idea what that will look like.  If I were psychic, I’d be a gambler, not a packet monkey.  But, see previous answer.

Q: What about X Open Source project?

A: Open Source provides great value to Astaro, and Astaro provides support back to Open Source projects.  That will continue.  And, any Open Source code will stay Open- as the licenses require.

Q: What about BSides and other community sponsorships and support?

A: Short term- nothing changes.  The awesome Astaro PR and Marketing team is committed to building communities.  It is a differentiator for Astaro, and it is the right thing to do.

Long term- it is a financial decision, as long as it makes sense, I expect it to continue.  And I expect that to make sense for a long time.

Now, a little strategy talk. 

This creates a combined company with a broad diversity of security and management products.  There is not a lot of overlap in product lines, so there is not much redundancy to reconcile, there will just be the challenges of integration where appropriate.  (On the Astaro gateway side, that’s pretty easy- it is a modular platform which has allowed adding and modifying components and features as the product and customer needs have evolved).

Some have said that the endpoint and network security channel partners are different, and the buyers are different, and this will cause difficulty for the combined company.  While that may be true in limited cases, most likely in larger environments, my experience brings me to quite the opposite conclusion.  I talk to our partners, as well as other VARs, MSPs and resellers regularly; most I speak with want a complete and diverse product line to offer their customers and prospects.  Likewise, the pressures of the economy and the never-ending push for increased efficiency are driving the consumer to look for efficiencies and cost savings.  This pressure on those in the IT trenches is why the UTM (Unified Threat Management) segment is gaining traction in ever larger environments- simplified, unified, cost-efficient products conserve scarce resources.  It only makes sense that a properly integrated, quality suite of products will be attractive to businesses.  And even in the cases where the desktop team doesn’t “play nice” with the firewall guys (or web filtering, or whatever), I have a couple of thoughts:

• It is about the company’s best interests, the pressure is on, and cooperation is happening, or will happen.  With the current teams, or those who replace them.
• More importantly, the budget authority is frequently above these levels, and good managers understand the value of efficiency.

Things will change. There will be opportunities, there will be missteps, and there will be successes. I believe this is a good move, but that is speculation: it is now up to us in the new, combined company to prove it.

And finally (for now): if you have questions, comments, or concerns- let us know.  If you do not know who to ask in the Astaro team, or at Sophos, ask me.

Drop a note to jdaniel at astaro dot com.  I am on the road a lot, especially for the next month, so my responses may not be immediate, but ask me, and I will answer as soon as I can, or I will connect you with the answer.

 

Jack

LiveScience.com

Experts: Osama Bin Laden Files May Be Impossible to Crack LiveScience.com "Correctly implemented encryption is very difficult to break," Steve Santorelli, director of global outreach at the Internet security research group Team Cymru, told SecurityNewsDaily. Santorelli, a former Scotland Yard police officer, ... Cracking Bin Laden's Hard DrivesInformationWeek Finding treasures in Bin Laden computersCBS News What They're Looking For Inside Osama's Thumb DrivesWired News (blog) all 10 news articles »

"Amid worldwide lobbying by IT companies to promote the harmonization of data protection laws for the sake of cloud computing, India last month quietly issued new privacy rules that impose significant limitations on how businesses can handle personal information. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, or "Privacy Rules," were issued in April to implement India's 2008 IT Security Act amendment...."

"Union Communications and Information Technology Minister Kapil Sibal held a roundtable conference on manufacturing and research and development in telecom and electronics sector with various stakeholders to deliberate upon the measures to promote indigenous manufacturing of telecom and electronic equipments...."

The worlds first advertisement pretending to be a security scanner targeting Apple Mac users has hit the scene. It has been a busy week for criminals targeting OS X computers as we have seen several large scale attacks. Multiple unique fake scanner samples, new promotions and even changes to their payment sites. Read more…

Sony CEO Howard Stringer apologized for the data breach impacting the PlayStation Network in his first comments since the service was taken offline two weeks ago.

Protect yourself from identity theft Orlando Sentinel --Don't provide personal information on the phone, through the mail or over the Internet unless you know who you're dealing with. --Never click on links in unsolicited emails, and use firewalls, anti-spyware, and anti-virus software to protect your ... and more »

Huawei Symantec has introduced the Huawei Symantec Secospace USG9300, a firewall and VPN gateway with support for four million new connections per second, 64 million concurrent connections, and 160Gbps of firewall throughput.

Sony defends speed of notification of data breach Reuters N) has defended its response to a massive Internet security breach in a letter to Connecticut Senator Richard Blumenthal, who has accused the company of dragging its feet in notifying consumers. Kazuo Kirai, the Japanese electronics company's group ... and more »

CTV.ca

Weekend Hot Topic, Part 1: The Sony Scandal Metro GameCentral readers give their reactions to the PlayStation Network security breach - are Sony to blame or the hackers? PlayStation Network – will you ever trust it again? It's probably going to end up as the biggest video game story of the year, ... Sony CEO apologises for data breach; offers $1m insurance to usersComputer Business Review Sony Sought Security Staff Shortly After ShutdownEscapist Magazine How safe is the internet?Yorkshire Evening Post (press release) Joystiq -Mirror.co.uk -ABC News all 6,190 news articles »

"Syrian Telecom Ministry has replaced Facebook's security certificate with a forged one that makes it easy to spy on users, record their passwords, and view their private content. The post notes that the browser would alert users to the untrusted certificate issue, but says that most people would allow an exception for the suspicious certificate because they might not really understand what's going on. This coincides with multiple Syrian users reporting inability to access the site at all suspecting it was blocked again...."

"Last week, the United States blacklisted the North Korean Bank of East Land, also known as Dongbang Bank, for facilitating weapons-related transactions and supporting a well-known arms manufacturer. This is the latest in a series of steps taken by the United States in recent years to pursue financial institutions that are operated by rogue regimes, including Iran, Syria, Sudan and Venezuela. South Korean banks are either wittingly or unknowingly assisting Iran, and to a lesser degree, North Korea, to circumvent international financial sanctions in their attempts to obtain weapons of mass destruction...."

"Reality TV hopefuls are prepared to bare all for a chance at insta-celebrity. But prospective contestants for the new Simon Cowell show X-Factor probably didn't expect that their names, e-mail addresses and phone numbers to be up for grabs. Alas, that's how it turned out after a network breach at Fox Broadcasting digorged data on 250,000 applicants...."

International Business Times

Sony Subpoenaed by New York Attorney General 411mania.com "According to a report published by Bloomberg, an anonymous source have revealed the latest entity to whom Sony Corp. must answer regarding last month's PlayStation Network security breach: New York Attorney General Eric Schneiderman. ... The Law questions Sony on PSN hacksTechnology Digital New York Attorney General Subpoenas SonyInternational Business Times Sony Falls as Company Said to Be Subpoenaed by New York for Data BreachesBloomberg Wager Run News all 25 news articles »

Hot Hardware

Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony eWeek The fact the attack was “so successful” indicates an “apparently lack of maturity” in the internal network and security controls, according to Heimerl. “How much hardening, encryption, and monitoring were in place?” he asked. “There are no consequences ... PSN servers were 'unpatched and had no firewall installed,' security expert ...Joystiq Sony Was Aware Its Software Was Obsolete Says Security ExpertGame Rant Sony Knew About Old, Unpatched Server Software for Months: ResearcherHot Hardware Computerandvideogames.com -VGChartz -Strategy Informer (press release) all 24 news articles »

Siliconrepublic.com

Sophos Partners Say Astaro Acquisition A Potential 'Win' CRN Sophos' is expanding its reach into the unified threat management arena with its planned acquisition of Astaro, a move that channel partners say will broaden its portfolio and create more competition in the SMB network security ... Sophos to Buy Firewall Maker AstaroPCWorld Sophos acquires Astaro for integrated network securitySearchSecurity.com IT security merger: Sophos acquires AstaroMass High Tech Boston Globe -SC Magazine UK -eSecurity Planet all 37 news articles »

By Travis Pinnick User Experience Designer | TRUSTe @xtratrav Browsers traditionally provide basic privacy protections, usually focused around cookie management, including third-party cookie blocking and cookie-based opt-out. New approaches to managing privacy in the browser include blocking tracker domains as well as the browser-based Do Not Track header request. Each approach has pros and cons [...]

CNET Editor Dong Ngo reviews Cisco's Linksys E3200 High Performance Dual-Band N Router.

This week's apps include a piano app that lets you play hit songs and a flying disc game that's both graphically beautiful and challenging.

Originally posted at The Download Blog

A defect in the LCD panels produced by LG caused Apple to shift a bulk of the production to Samsung, according to DigiTimes, which adds that LG has since fixed the problem.

There are live squids on the last Endeavor mission.

It literally blows holes in their heads:

In the study, led by Michel André of the Technical University of Catalonia in Barcelona, biologists exposed 87 individual cephalopods of four species -- Loligo vulgaris, Sepia officinalis, Octopus vulgaris and Illex coindeti -- to short sweeps of relatively low intensity, low frequency sound between 50 and 400 Hertz (Hz). Then they examined the animals' statocysts -- fluid-filled, balloon-like structures that help these invertebrates maintain balance and position in the water. André and his colleagues found that, immediately following exposure to low frequency sound, the cephalopods showed hair cell damage within the statocysts. Over time, nerve fibers became swollen and, eventually, large holes appeared.

A recent survey has shown that many Kiwis are in the dark when it comes to computer viruses and other internet nasties.

New York Daily News

With Budget Unveiling, Bloomberg Draws the Battle Lines WNYC "We are forced to do the best we can with what we've got. The state has shifted the burden from them to us." Following the unveiling of Mayor Michael Bloomberg's final budget, the battle lines are now drawn between the mayor and City ... Bloomberg to cut more than 6000 NYC teaching positionsCNN International Bloomberg's $65.7 Billion New York City Budget Proposes 6000 Teacher CutsBloomberg NYC Mayor's Budget Would Cut 1 Out Of 12 TeachersNPR Brooklyn Daily Eagle -Patch.com -The Associated Press all 331 news articles »

Microsoft will begin rolling out a security update to Windows Phone 7 that will prevent the device from accepting fraudulent digital certificates issued after Comodo had an intrusion. In terms of new InfoSec risk intelligence, that’s just about it for this week. No journeyman InfoSec professional should have been surprised when international events were used [...]

Apple this week issued an update to address rampant concerns that its iPhone and iPad devices are collecting and storing information about users' locations.

Sophos on Friday announced plans to acquire private network security firm Astaro for an undisclosed sum. Astaro, founded in 2000 and headquartered in Karlsruhe, Germany and Wilmington, Mass., is the world's fourth largest provider of unified threat management (UTM) solutions, Sophos said in a news release. Such technology offers multiple security functions, including network, web, mail and web application protection, through a single platform. Astaro's portfolio will bolster Sophos' existing endpoint, mobile, email, web and data protection capabilities, the company said.

FBI spyware continuously trolls suspects' surfing Nextgov A computer bug akin to spyware, developed by the FBI to trace the source of cyber crimes remains permanent on a suspect's machine, according to previously Secret documents recently released under the Freedom of ... New FBI Documents Provide Details on Government's Surveillance SpywareInformation Warfare Monitor all 2 news articles »

Windows Defender isn't in Control Panel's list of uninstallers. Spiritchaser asked the Answer Line forum how to remove it.

Earlier today United Way presented U.S. Bank with the 2011 Spirit of America award recognizing the company and its employees’ commitment to improving the financial stability of individuals, families and local communities.

Microsoft, along with Bank of America, Procter & Gamble and Dominion Resources received Summit awards for volunteerism and measurable community impact.

Brian Gallagher, President and CEO of United Way, presents Microsoft’s Kevin Espirito (on right) with the company’s Summit award earlier today.

You can find out more about the United Way’s Spirit of America awards here.

Symantec Introduces New Security Solutions To Counter Advanced Persistent Threats Business Solutions Magazine (blog) Threat Landscape: The sheer volume of sophisticated attacks targeting organizations of all sizes poses a daunting challenge for traditional signature-based security solutions that can't keep up. According to Symantec's Internet Security Threat Report, ... and more »

"The Office of Management and Budget has given agencies 90 days to develop or update policies on buying IT to enable and promote the federal governments continued adoption of telework. OMB Director Jacob Lew issued a memo April 28 that directs agency CIOs to coordinate with chief acquisition officers on implementing the Telework Enhancement Acts IT purchasing requirements...."

"U.K. journalist Kevin Townsend contacted me a little while ago asking my opinion on the CIPAV (computer and internet protocol address verifier) software planted, we're told, by the FBI to monitor the computing activities of suspected criminals. This has become an issue because of information released by the Electronic Frontier Foundation resulting from enquiries under the Freedom of Information Act. Anyway, Townsend's article FBI, CIPAV spyware, and the anti-virus companies is well worth a read for his take on the topic, and I won't talk here too much about the original email thread, as he quotes me at some length (and with his usual scrupulous accuracy)...."

"In the latest Unisys Security Index, which saw 953 people from the UK quizzed, 93% of respondents say they are worried about bank card fraud. This fear appears fairly well justified considering that there were over 102,500 cases of bank card fraud identified in 2010, according to Cifas, with many more instances not reported. The next biggest concern is ID theft, cited by 91%, compared to 85% for terrorism...."

"The National Credit Union Administration placed two federal credit unions into conservatorship on May 4. Two credit union failures raise the total number of 2011's failed institutions to 50 banks and credit unions that have been closed, acquired or conserved. Hmong American Federal Credit Union, St. Paul, Minn. The NCUA placed Hmong American Federal Credit Union of Saint Paul, Minn., into conservatorship...."

"Two South Florida companies entered guilty pleas this week in a case involving a scheme that authorities said resulted in the payment of more than $80 million in fraudulent Medicare claims. And last month, the leaders of the two companies, Marianella Valera, president of American Therapeutic Corp., and Lawrence Duran, president of Medlink Professional Management Group, also pleaded guilty to all counts against them, according to the Justice Department and the Department of Health and Human Services...."

"Building public confidence that electronic health records are secure and that their privacy rights are protected will prove essential to the successful implementation of EHRs and health information exchanges, Mostashari noted in the interview. One important goal of the HITECH Act's electronic health record incentive program , which his office administers, is to "make sure we do what steps are necessary ... to protect the privacy and security of information," Mostashari said...."

"In a speech on online privacy, Viviane Reding says that trust in an "information society" has been damaged by the recent Sony data breach and revelations about Apple's logging of customer location details. To help combat this, Reding is considering extending data protection regulations that already cover the telecommunications industry to other areas, forcing firm such as banks to notify customers and regulators as soon as breaches occur. The commissioner is also floating the possibility of a establishing an operational data protection office to ensure compliance with legislation...."

"Best Buy, which was among the 100 or so companies hit in the recent Epsilon breach, is responding to a second consecutive breach at the hands of one of its vendors. The big-box electronics retailer found on April 22 that email addresses of some of its customers had been "accessed without authorization" via one of its vendors, according to a Best Buy spokesman, who declined to name the vendor. Best Buy had already parted ways with that provider prior to the discovery of the breach, he said, due to a "strategic business decision."..."

International Business Times

The Law questions Sony on PSN hacks Technology Digital The NY Times suggests that Sony might have some explaining to do as underground hacker forums have claimed that Sony's server protection software was out of date and that its network security was thin. This led to over 77 million users having their ... New York Attorney General Subpoenas SonyInternational Business Times Sony Falls as Company Said to Be Subpoenaed by New York for Data BreachesBloomberg Sony Subpoenaed By New York Attorney GeneralWager Run News all 26 news articles »

Taking the fear, uncertainty and doubt out of security FierceCIO Insiders remain the top network security threat for IT leaders, but malicious attacks and end user downloads of non-approved applications come in a close second, according to an informal poll conducted this week at the National Association of State ... and more »

Siliconrepublic.com

Sophos to Buy Firewall Maker Astaro PCWorld Following the acquisition, Sophos plans to sell an integrated "endpoint and network security solution that can apply consistent security, web, and application policy controls regardless of whether a user is in the corporate network or roaming off the ... Sophos acquires Astaro for integrated network securitySearchSecurity.com IT security merger: Sophos acquires AstaroMass High Tech Sophos agrees to buy AstaroBoston Globe SC Magazine UK -eSecurity Planet -The H all 37 news articles »

A principal network analyst at a worldwide Fortune 100 company worries that people presume mobile devices are inherently more secure than they really are.

Two research studies have shown there is a direct correlation between firewall rule set complexity and the likelihood of configuration errors. One study shows most firewalls are badly configured and use "very lax rules that constitute gross mistakes." Could yours be among them?

The latest variants of the new Mac malware use particularly dirty tricks to catch out unsuspecting users. Read more…

Starting with the new Samsung Infuse 4G, AT&T; will allow users to install apps from outside the Android Market.

Originally posted at Android Atlas

Photos of the upcoming convertible indicate that it appears to have the same body proportions as its coupe sibling, sans gullwings and a fixed roof.

Originally posted at The Car Tech blog

Various sites are reporting that the stylus for the HTC Flyer will cost $80, but there's no official word from HTC.

Originally posted at Android Atlas

Data breaches and fraud present serious challenges to healthcare organizations worldwide.   The Speaking of Security podcast tackles this problem.