EPimentl: Security

Identity-Theft Scam Puts ChoicePoint in Hot Seat

Sun, 06 Mar 2005 17:43:13 GMT

Identity-Theft Scam Puts ChoicePoint in Hot Seat. Company announced in government filings that two senior executives are under investigation by the SEC for stock trades that took place after they learned about the scheme last fall but before they made it public.
-The Washington Post By Robert O'Harrow Jr.. [washingtonpost.com - Technology]

Liberty Focuses on Mobile Web Services

Thu, 03 Mar 2005 20:17:44 GMT

Liberty Focuses on Mobile Web Services
February 14, 2005
By Clint Boulton

The Liberty Alliance Project released Mobile Business Guidelines 2.0, a document for describing how service providers can deploy secure mobile Web services.

The Mobile Business Guidelines document addresses issues such as quality standards, risk management, liability/dispute and resolution policies for those offering single sign-on and Web services via handheld computers, smart phones and laptops.

The publication of the schema was made in time for 3GSM World Congress in Cannes, France, where the notion of being able to access Web services safely via will be a major topic.

Software makers such as Microsoft, IBM, BEA Systems, and others are intent on expanding the adoption of Web services, application-to-application communication that enables users to purchase goods securely via the Internet.

But the software needs some service providers and wireless operators to use the Web services infrastructure and applications written by the software companies, enabling them on mobile gadgets to spur Web-based purchases for mobile commerce.

This is a step in the right direction. Those operator wishing to accelerate their Liberty/SAML deployment should look at http://dv3.agileco.net/eTRUST

Tue, 01 Mar 2005 02:12:01 GMT

Security Alerts: Trouble in the Kernel, VMware, and PostgreSQL. Noel Davis looks at problems in the Linux kernel, VMware, PostgreSQL, Squid, MySQL, mailman, Apple OSX HFS+, movemail with GNU Emacs or XEmancs, KStars, typespeed, awstats, and synaesthesia. [O'Reilly Network Articles]

Mon, 14 Feb 2005 01:54:08 GMT

Infocus: Penetration Testing IPsec VPNs. This article discusses a methodology to assess the security posture of an organization's IPsec based VPN architecture. [SecurityFocus News]