Over on the post “Symantec scraps RSA tokens – Web/client – SC Magazine Australia – Secure Business Intelligence” contains this text:

“Symantec scraps RSA tokens By Darren Pauli on Jul 8, 2011 2:16 PM Filed under Web/client Managed Security Services? customers “encouraged” to dump RSA.

inShare Comment Now and 3 Reactions Symantec has begun to replace its global fleet of RSA SecurID tokens following its acquisition of VeriSign’s Authentication Services last year.

The swap comes in the wake of the high-profile breach of RSA tokens in March, although the company said it already had planned to “eat its own cookie” and  dump RSA for Versign’s Public Key Infrastructure platform.

The SecurID token system, used globally by Symantec, was compromised in a multi-pronged attack this year, forcing RSA to replace the keys for some affected customers and offer security services to others.

“There has been a long-running transition to Versign since the acqusition,” Symantec said.

Symantec reportedly kicked off the transition overnight by enabling support of VeriSign Identity Protection (VIP) and X.509 certificates for its Managed Security Services (MSS).

“… customers accessing the MSS portal will see these new capabilities. This release begins Symantec MSS’ migration away from using RSA SecurID tokens for portal access,” a unverified pastebin post said. Symantec spokeswoman Debbie Sassine could not immediately validate the information this morning.

“

The post Symantec scraps RSA tokens – Web/client – SC Magazine Australia – Secure Business Intelligence appeared first on Security Wandering.

bout airplane tickest a while ago…..great price
Day before try to get 2 seats together  online at check in….

That did not happen, normal not a big deal.
but this time the wife is in a walking boot for her ankle and the kid always flys next to the wife.

Security at the airport was a breeze for everyone including the wife in her ankle boot contraption.
security made sure that the kid did not go wondering off well mom got scanned.
I get to deal with the 10 little gray bins and getting them thru the xray thing
as odd as it sounds it was like they wanted to help….got to love that.

Get to the gate wait for the gate folks to get there.
Now the gate folks had always been very helpful  for me

So I know they could easily fix the seating issue for me…..

WRONG
“the flight is full figure it out yourself when you get on the plane” 
The message from the gate folks

it was like they were more concerned about themselves then helping me an mine.
no even an earl boarding invite….wife in a walking boot for her ankle injure and 7 year old boy….

so we wait and yet more self involved airline folks come and go.

they open the plane for boarding…

final yet another group of airline folks…
about half way thu boarding we get invited to board after the wife hobbles around in the waiting line.

I new face from airline….who had just helped a 13 year old traveling alone… was the yes please go bored voice of reason

we go down the empty gate ramp took like 5 minutes down hill walking slow….
get on the plane and there are people sitting in all of our seats….
kid starts crying… have i mentioned yet that the wife “does not like to fly “motion sickens””

get the tickets from the wife…
kick an old couple out of my seat and the 13 year old seat….
then the 13 year old says I’ll change with you..

So the the wife and the kids get 2 seats together…..finally
the 13 year old stranger gets a window seat beind me…

Oh yeah forgot to mention the flight crew losing it because we had stopped anyone from boarding  the plane.
that kind of happens on the small jets  when you are in row 3 waiting for some folks to move out of your seats….

longer story short..

flight was great 20 minutes early kind of great.

moral of the story you should always call the airplane phone support folks to fix seating issues and wait on hold for an hour to talk to 
SAM “shrewas”  who think that the yankees are a florida baseball team……

The post what happens when airlines merge…or why no ones cares once they get your cash appeared first on Security Wandering.

Over on the post “Facebook spam prevention scam spreading like wildfire • The Register” contains this text:

Facebook spam prevention scam spreading like wildfire Alert Print Post comment Retweet Facebook Social media worm d’jour By John Leyden • Get more from this author

Posted in Spam, 12th May 2011 10:22 GMT Free whitepaper – BitDefender Business Solutions v3.5 The growing prevalence of junk messages on Facebook is been used to bait a new scam doing the rounds on the social network.

Prospective marks in receipt of the fraudulent messages are invited to ‘verify’ their account in order to ‘prevent spam’. Recipients who respond to the message by clicking on a link end up sharing it on their wall as well as spreading highly obfuscated JavaScript.

‘With all the unexpected Sharing going on, this message has spread like wild-fire,’ warns net security firm Sophos. ‘Instead of preventing spam, this par”

The post Facebook spam prevention scam spreading like wildfire • The Register appeared first on Security Wandering.

Over on the post “The Spot Connect sends location data when there’s no wireless available” contains this text:

The Spot Connect sends location data when there’s no wireless available By Mark Gibbs, Network World May 11, 2011 09:56 AM ET

Comment Print

Do you need to boldly go where you haven’t gone before and where cellphone service may not be available? You might just need the Spot Connect, a waterproof (to 1 meter for 30 minutes) GPS receiver combined with a low earth orbit satellite messaging system that connects via Bluetooth to smartphones in a package that is just 3-inch-by-2.6-inch-by-1.2-inch and “

The post The Spot Connect sends location data when there’s no wireless available appeared first on Security Wandering.

Over on the post “What LastPass security issue means for RoboForm (Q&A) | Security – CNET News” contains this text:

Share After LastPass reported a possible security breach and potential theft of some of its users’ master passwords last week, we wondered what it meant for other password managers, such as RoboForm. Both LastPass and RoboForm help you create and manage strong passwords to log into the increasing array of secure Web sites that we all juggle these days. But is there an inherent vulnerability in relying on a single service to keep track of all your passwords? Should RoboForm users be concerned about the possibility of a similar ‘anomaly’ exposing any of their data?

Bill Carey, RoboForm’s vice president of marketing (Credit: RoboFor”

The post What LastPass security issue means for RoboForm (Q&A) | Security – CNET News appeared first on Security Wandering.

Over on the post “Enterprise Security Today | EC2 Outage Takes Out Multiple Sites, Including Foursquare” contains this text:

“EC2 Outage Takes Out Multiple Sites, Including Foursquare By Barry Levine April 21, 2011 1:54PM

Foursquare and other web sites were affected by problems at Amazon’s Elastic Compute Cloud data center. Amazon said additional capacity was added to support EC2’s ‘affected availability zone’ in Virginia. The outage is likely to add to the debate about reliability and security when using a vendor data center like Amazon’s EC2.   Related Topics Foursquare Amazon EC2 Outage Data Center Security Latest News EC2 Outage Takes Out Multiple Sites National Lab Needs Cybersecurity Your iPhone Knows Where You Were U.S. CIO Sets Ambitious Cloud Goals Windows 8: What’s in Store for OS?

Amazon’s cloud -based platform suffered outages Thursday. The company said the problems involved latency and other errors, and it brought down the web sites of Foursquare, Quora, HootSuite, Reddit and other companies. The problems hit the part of Amazon Elastic Compute Cloud (EC2) that supports start-ups. In a statement, Amazon said it is ‘now seeing significantly reduced failures and latency,’ and it continues to recover. It added that additional capacity has been brought online to support ‘the affected availability zone.'”

The post Enterprise Security Today | EC2 Outage Takes Out Multiple Sites, Including Foursquare appeared first on Security Wandering.

Over on the post “iSpy Conspiracy: Break Apple’s Secret Tracking with This App” contains this text:

“iSpy Conspiracy: Break Apple’s Secret Tracking with This App

 

Sam Biddle — Not entirely cool with the idea of your iPhone or iPad following your every move without your consent? Understandable! Luckily, only a day after the privacy revelation, a fix has been cooked up that switches off Apple’s covert tracking. The root of the tracking problem is a single file that logs your location. Untrackerd nukes the location logs from that database. Although it requires a jailbroken device, it’s a cinch to use—it simply runs in the background, erasing that dubious info: ‘A package installs a daemon (process that can run in the background) to clean consolidated.db file. No new icons are added to your homescreen. There are no options to configure.’

Sounds good to us! This is, however, only a bandaid—a fairly inconvenient bandaid. This is a problem that affects and potentially compromises the privacy of every single iPhone and iPad user. And most of these users aren’t ever going to consider jailbreaking.

So as much as Untrackerd is a laudable effort, it answers none of the underlying questions about why this data was being logged in the first place where normal—not just carriers and law enforcement—can get to it from our computers and handsets. The only real fix will be one that comes from Apple, allowing all users to opt-out of the tracking with a simple tap. Or hey, crazy idea—don’t have it enabled to begin with. [via TNW]”

The post iSpy Conspiracy: Break Apple’s Secret Tracking with This App appeared first on Security Wandering.

Over on the post “Facebook’s two-factor authentication announcement raises questions | Naked Security” contains this text:

“cebook’s two-factor authentication announcement raises questions Hi there! If you’re new here, you might want to subscribe to the RSS feed for updates. X

 

by Graham Cluley on April 21, 2011 | Comments (8) FILED UNDER: Data loss, Featured, Mobile, Social networks Amid mounting criticism of Facebook’s attitude to its users’ privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent unauthorised logins to accounts.

The idea is that if you log into your Facebook account from a computer or mobile device that Facebook doesn’t recognise as one that you have used before to access the website, then you’ll have to enter a code to confirm you are who you say you are.”

The post Facebook’s two-factor authentication announcement raises questions | Naked Security appeared first on Security Wandering.

Over on the post “Actually, iPhone sends your location to Apple twice a day – F-Secure Weblog : News from the Lab” contains this text:

“esterday, security researchers Pete Warden and Alasdair Allan released an application that can take such a file and show your movements on a map.

 

Now, this sounds bad from a privacy viewpoint. For example, authorities could gain a court order to do a forensic examination on your phone to figure out where you’ve been.

But why is Apple collecting this information to begin with? We don’t know for sure. But we’re guessing it’s likely related to Apple’s global location database.

Like Google, Apple maintains a global database of the locations of Wi-Fi networks. They use this to get an estimate of your location without using GPS. For example, if your handset sees three hotspots which have MAC addresses that Apple knows are within a certain city block in London, it’s a fair bet you’re in that city block.

We know how Google collected their location database: they recorded them world-wide while they had their Google Maps Street View cars driving around the globe.

Where did Apple get their location database? They used to license it from a company called Skyhook. How did Skyhook obtain this information? Well, they had their own cars drive around the world, just like Google.

However, the Skyhook database is expensive. So beginning with iPhone OS 3.2 released in April 2010, Apple started replacing the Skyhook location database with their own location database.

And the real question is: How did Apple create their own location database? They did not have cars driving around the world. They didn’t need to. They had existing iPhone owners around the world do the work for them.

If you run a modern iPhone, it will send your location history to Apple twice a day. This is the default operation of the device.

How can they do this? By asking for your permission first. There is an opt-in process during initial iTunes installation, but the prompt is highly misleading:

The iTunes prompt talks about helping Apple with Diagnostics information. It says nothing about recording your locations. If you take the time to read Apple’s Privacy Policy, it does explain what they are doing:

To provide location-based services on Apple products, Apple and our partners    and licensees may collect, use, and share precise location data, including the    real-time geographic location of your Apple computer or device.    This location data is collected anonymously in a form that does not personally    identify you and is used by Apple and our partners and licensees to provide and    improve location-based products and services.

We believe the new secret location database found on the devices is connected to this functionality. Apparently iPhones always collect your location information, even if it’s not getting sent to Apple. “

The post Actually, iPhone sends your location to Apple twice a day – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“Oracle to fix 73 security bugs next week
But Java SE and Java for Business are not set to be updated

By Robert McMillan | IDG News Service
Print|Add a comment

Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software.

All told, there will be 73 security vulnerabilities fixed across Oracle’s various product lines. Oracle releases patches for all of its software — except the Java virtual machine — quarterly, in a set of patches it calls the Critical Patch Update (CPU).

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld’s Insider Threat Deep Dive PDF special report. ]

Next week’s CPU is due on Tuesday. There are nine fixes set for Oracle Fusion middleware, 14 for the PeopleSoft Suite and eight for the JD Edwards Suite.

Two of the database flaws are considered critical, meaning they ‘may be exploited over a network without the need for a username and password,’ Oracle said in a statement posted to its website Thursday.”

The post Oracle to fix 73 security bugs next week | Security – InfoWorld appeared first on Security Wandering.