security

Phoenix To Integrate HyperSpace into NEC Notebooks

July 15, 2008 by Robin Wauters Leave a Comment

Phoenix Technologies announced that NEC will be among the first PC manufacturers to integrate Phoenix HyperSpace, a virtualized operating environment that enables instant-on applications running independently and alongside Windows. NEC has signed an agreement with Phoenix which will allow it to deliver “unprecedented levels of security” for its notebook customers, enabled by HyperCore, Phoenix’s firmware-based hypervisor.

The Phoenix HyperSpace environment includes ManageSpace, which enables security applications to operate before, during and after Windows Vista boots up and shuts down. As a result, NEC notebooks will be secured before malware gets downloaded by Windows applications. This is possible because virus definition files are updated in ManageSpace while preventing Windows access to the network.

Invisible Things Lab: Hypervisors Mucho Hackable

July 8, 2008 by Robin Wauters Leave a Comment

Security researchers from Invisible Things Lab claim will be demonstrating how easy it is to hack hypervisors at the next Black Hat conference in Las Vegas in August. More specifically, they’ll be discussing the (in)security of the Xen hypervisor, such as how to plant rootkits, how to bypass various hypervisor anti-subverting techniques, as well as how “Bluepills” (ah, that rang a bell) can be used in bare-metal hypervisor compromises. They plan on releasing proof-of-concept code.

From the Invisible Things blog:

The three presentations have been designed in such a way that they complement each other and create one bigger entirety, thus they can be referred as “Xen 0wning Trilogy” for brevity.

The three presentations that are mentioned, are the following:

Should be interesting!

On a sidenote, this caveat in the Invisible Things Lab blog post is an interesting statement on its own:

It’s worth noting that we chose Xen as the target not because we think it’s insecure and worthless. On the contrary, we believe Xen is the most secure bare-metal hypervisor out there (especially with all the goodies in the upcoming Xen 3.3). Still we believe that it needs some improvements when it comes to security. We hope that our presentations will help making Xen (and similar hypervisors) more secure.

Do you agree?

[Source: Information Week]

Fortinet Patents Four New Network Virtualization And Multi-Threat Security Related Inventions

June 20, 2008 by Robin Wauters Leave a Comment

Fortinet, a provider of unified threat management (UTM) solutions, has announced that the US Patent and Trademark Office has awarded the company four additional patents for network virtualization and security related inventions. These new patents strengthen Fortinet’s intellectual property portfolio, bringing Fortinet’s total awarded patents to 17.

Charles Cote, Fortinet Regional Director for Australia and New Zealand commented on ARN:

“Security consolidation and virtualisation are key business trends for enterprise networks. Fortinet is the clear technology pioneer in the unified threat management space, with a long track record of innovation. Our security consolidation solutions based on these new virtualisation patents will help our customers build more efficient and easier to manage security systems.”

The four new patents reflect Fortinet’s focus, on innovative methods for processing network data while applying various security-related filtration processes within a consolidated and accelerated platform. Three of the newly awarded patents are directed to the routing and processing of data in virtualized environments.

“These patents support Fortinet’s innovation and vision for an integrated, multi-threat and virtualised approach to network security – groundswell areas for the networking and security industries,” said Michael Xie, CTO and co-founder of Fortinet. “As we continue our strong research and development efforts, our growing patent portfolio provides momentum for accelerating the course of innovation we are undertaking.”

[Source: ARN]

VirtualLogix Hooks Up With Freescale Semiconductor To Secure Mobile Commerce

June 19, 2008 by Robin Wauters Leave a Comment

VirtualLogix today announced that it has entered into a collaboration agreement with Freescale Semiconductor to create a trusted environment for mobile devices and other terminals that can be used in particular to ensure security of mobile commerce (m-commerce) transactions.

VirtualLogix VLX for Mobile Handsets virtualization technology will be incorporated into the Freescale Semiconductor i.MX31 multimedia applications processor to create an isolated Trusted Execution Environment (TEE), independent of the main application open operating system (open OS), which protects mobile devices from m-commerce security threats.

By adding VLX realtime virtualization on the i.MX31 applications processor, the open OS is securely isolated from a closed TEE where m-commerce transactions safely occur on the mobile phone or device. These measures protect against m-commerce security threats such as keystroke logging and phishing attacks.

VMware Patches Security Vulnerabilities In Multiple Product Lines

June 1, 2008 by Robin Wauters Leave a Comment

Several critical security vulnerabilities have been addressed in the newest releases of VMware’s hosted product line. Relevant releases include VMware Workstation 6.0.3, VMware Player 2.0.3, VMware ACE 2.0.3, VMware Fusion 1.1.1 and earlier versions of the before-mentioned products.

Users of VMware hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x should note that although they are not vulnerable to these issues, they will reach their end of general support on 2008-11-09. Customers should plan to upgrade to the latest version of their respective products.

Some of the security issues:

VMware HGFS File System Heap Overflow
Windows based VMCI arbitrary code execution vulnerability

A full update on the VMware Security Advisories (VMSAs) can be found here.

[Source: VMBlog]

Alternative Technology Adds McAfee Security Solutions and Services

May 22, 2008 by Robin Wauters Leave a Comment

Alternative Technology, an Arrow Electronics company and specialty distributor of thin-client/server-based computing, edge infrastructure, virtualization, and security solutions, has announced it will distribute the full line of McAfee security software, appliances and managed security services for small to medium businesses and enterprises. Those offerings include: system/endpoint security, network security, data protection, and risk and compliance management.

Alternative Technology will offer McAfee’s complete line of security solutions which can protect consumers, small business, and all types of enterprises. McAfee Total Protection Suites offer security solutions for servers, networks, desktops and mobile devices.

McAfee solutions offered by Alternative Technology include the recently announced 10Gbs Network Security Platform and high-performance McAfee Content Security Blade Server. McAfee offers scalability for security and compliance management for networks, data and endpoints across large-scale physical and virtual environments as well as small-scale and mid-size networks.

“McAfee security solutions are a significant addition to our line card and will be well received by our North American channel partners,” said Tom Zorn, senior vice president, Alternative Technology. “They complement our other products and service offerings. In particular, McAfee’s recently announced Email and Web Security Virtual Appliance, in beta, built from the ground up for the VMware platform, McAfee’s new virtual infrastructure security assessment service, and their plans to embed VMware’s VMsafe security technology into future McAfee security solution offerings, tie in very well with our rapidly growing VMware business.”

Complementing Alternative Technology’s professional methodology for security assessment, remediation and management, is the McAfee Foundstone Professional Services offering. The Foundstone Virtual Infrastructure Security Assessment is the first security service dedicated to virtualization. McAfee security solutions will also be added to Alternative Technology’s PCI Compliance Solutions Program.