Security News Desk

Web Security Journal: There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WebSocket (WS) protocol? John Fallows: When surfing the Web, our browsers may communicate with Web servers via HTTP proxies that deliver many benefits, such as providing previously cached Web content more efficiently than repeatedly contacting the target server. These proxies may be either explicitly configured at the browser or they may form part of the general network topology to intercept the communication path implicitly. Securely encrypted Web communication cannot be intercepted by such proxies. Members of the Hypertext Bidirectional (HyBi) IETF Working Group recently comp... (more)

Security Company Websense Nabs McAfee President

Gene Hodges (pictured) has left the president's post at McAfee to be come president of competitor Websense, where he takes over some of the responsibilities of John Carrington, who will remain chairman of the company. Founded in 1994, Websense calls itself  "the global leader of web filtering and a premier provider of web and desktop security software, and has been recognized as one of Forbes Magazine's Top 25 Technology Companies in 2004. It is on pace to report revenues of about $140 million in the year 2005, more than double the total of three years ago. Its market stands at aro... (more)

IT Security - "Sarbanes-Oxley Will Be a Huge Driver," Says Sun Exec

Speaking in the week that Sun announced that Wal-Mart will now sell hardware from Microtel Computer Systems Inc. preloaded with the Linux-based Java Desktop System, Sun's Jonathan Schwartz reminded reporters of the importance of the Sarbanes-Oxley Act. Officially called the Public Company Accounting Reform and Investor Protection Act, but more commonly know as "Sarbanes-Oxley," the Act makes it legally binding for a public company to funnel its data - accounting, financial management, and legal data - through information technology. This opens issues as to the completeness and a... (more)

IIS Vulnerability Update: Symantec Has (Maybe) Snagged Offending Code

On April 22 Microsoft became aware of code available on the Internet that seeks to exploit vulnerabilities already addressed as part of its April 13 security updates, code that attempts to use the IIS PCT/SSL vulnerability on servers running Internet Information Services with the Secure Socket Layer authentication enabled.  The vulnerability was addressed by bulletin MS04-011 (www.windowsupdate.com) and Microsoft urged all customers to immediately install the MS4-011 update as well as the other critical updates provided on April 13.  In addition, Microsoft published a knowledge b... (more)

McAfee Revenue Up 32 Percent

McAfee, Inc. announced revenue of $245 million in its second quarter, ending June 30, 2005.  Second quarter net earnings were $42 million. New McAfee revenue in the quarter grew by 32% year over year, with bookings increasing by 19% globally. For comparison purposes, new McAfee revenue excludes the Magic and Sniffer businesses sold in 2004 and the McAfee Research business sold in April 2005. McAfee demonstrated double-digit year over year growth across all regions, with revenue increasing by 28% in North America, 20% in Europe, Middle East and Africa (EMEA), 53% in APAC, 117% in Ja... (more)