Dennis Fisher

Google has a reputation for being open and transparent with many of its initiatives and internal workings, but one of the things that the company hasn’t talked much about publicly until recently is security. In this interview with SearchSecurity.com, the director of security for Google Apps, Eran Feigenbaum, discusses the company’s plans for security around cloud computing and how the model affects compliance efforts.

One of the more widely anticipated keynotes at the RSA Conference this week is the talk by Melissa Hathaway, who was in charge of the Obama administration’s recently completed review of the country’s information security standing. However it now looks unlikely that Hathaway will actually reveal any of the key findings or recommendations in the review during her talk on Wednesday afternoon at the conference.

Dennis Fisher talks with Mike Mimoso, editor of Information Security magazine, about the story lines we’re likely to see at the RSA Conference, including virtualization and cloud security, as well as the effect of the economy on security budgets.

The FBI has been using an in-house spyware program for several years to monitor the activities of suspected online criminals and hackers, according to recently released documents. The documents, obtained by Wired.com, show that the FBI was able to plant the program on target machines by encouraging their subjects to click on a link that silently installed the software.

From Computerworld (Jeremy Kirk)
Apple security whiz Charlie Miller has discovered a method that may enable attackers to run shellcode on the latest version of the Apple iPhone, something that researchers previously thought to be impossible. In a presentation at Black Hat Europe this week, Miller discussed his findings, but said that in order to get the shellcode working, an attacker would still need an exploit.

An analysis of the Conficker peer-to-peer network set up by the latest variant of the worm shows that the size of the network is far smaller than originally thought. Estimates of the size of the botnet have run far into the millions, but analysts at Kaspersky Lab have been observing the network and found that includes about 200,000 machines.

Microsoft on Wednesday plans to launch a new research effort to determine the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch. The end result of the project, which will be completely open and transparent to outsiders, will be a full metrics model that the company plans to make freely available.