VeriSign is to provide security and authentication for the cloud-based Windows Azure platform.

The security giant said that Microsoft would be using its Secure Sockets Layer (SSL) certificates, and Code Signing Certificates, to create a layer of security for its Azure platform of cloud based services and applications.

Doug Hauger, general manager of Windows Azure at Microsoft, said: "With VeriSign SSL and Code Signing Certificates, VeriSign is providing proven safeguards that help ensure a trusted experience on the Windows Azure platform."

VeriSign's security tools will be use to protect services and applications delivered over the cloud. Currently Azure comprises a mixture of services including an operating system and developer and deployment tools. Microsoft said that by adopting it firms could reduce their costs and system complexity.

November 18, 2009 | Permalink | Comments (0)

Researchers from security firm FireEye have been able to effectively take down the prolific Mega-D spamming botnet, causing inboxes everywhere to release a thankful sigh of relief.

The researchers apparently did what they do best, and studied Mega-D and its behaviour. By doing this they were able to to identify its control structure and other features, and the bot herders back where it hurts. Late last week they brushed some dirt off their white coats, starting ringing around ISPs, disabling control servers, de-registering any of the bots' used domains, and registering any unused fallback ones. In short they threw a whopping great spanner directly into Mega-D's works.

According to M86 Security labs Mega-D was responsible for almost a third of all spam last year, while over the weekend it slowed to just a trickle, and yesterday had stopped altogether. Current suggestions are that before it was taken down, Mega-D was pumping out some 15,000 messages per hour, which is a lot of junk emails

The actions also let them get a better understanding of the bots, such as the fact that they used hard-coded DNS servers, domain generation algorithms and fallover domains. Regardless of this, anyone with an inbox should be glad that it is over, at least for now.

November 10, 2009 | Permalink | Comments (0)

Sun Microsystems and BlackBerry maker Research in Motion both had to act yesterday to fix major security problems in their respective products which could have allowed hackers to run unauthorised software on a victim's PC.

Sun's was the larger of the two tasks, patching 12 flaws in its Java Runtime Environment, including one vulnerability which allows "an untrusted Java Web Start application to run as a trusted application and execute arbitrary code".

Java and other third party applications are increasingly being targeted by hackers thanks to large installed base and the fact that Microsoft is getting better at protecting its own software.

RIM, on the other hand, had just the one flaw to patch, releasing a fix for a flaw in the BlackBerry Desktop Manager which could allow remote code execution. The vulnerability was given a CVSS severity rating of 9.3 and applies to BlackBerry Desktop Software version 5.0 and earlier on all platforms, so it warrants immediate attention.

November 4, 2009 | Permalink | Comments (0)