S.P.I. Dynamics, Inc. (ht tp://www.spidynamics.com/ ), the expert in Web application security, today announced the company's renowned R&D team, SPI Labs, has discovered a technique to scan a network, fingerprint all the Web-enabled devices found, and send attacks or commands to those devices.

S.P.I. Dynamics, Inc. (ht tp://www.spidynamics.com/ ), the expert in Web application security, today announced three of the company's leading researchers will highlight the latest hacking trends at the upcoming Black Hat 2006 in Las Vegas, Nevada, August 2 and 3, 2006. This year's Black Hat includes a significant number of talks focused on Web application security - a clear indicator of the impact Web applications are having on future trends in security.

The fight against spam just got easier today for ISPs, Web Hosts, Universities and anyone who manages multiple domains. Roaring Penguin Software Inc., makers of the acclaimed CanIt-PRO anti-spam solution, announced the release of CanIt-Domain-PRO an anti-spam solution designed specifically for organizations managing multiple domains.

Mobile phones around the world are taking on the role of a 'PC'- personal communicator- the task for which the traditional PC was initially developed. Applications originally restricted to high-end smartphones and multimedia phones are now becoming more pervasive in mid-tier feature phones.

Sun Microsystems has introduced three x64 (x86, 64-bit) products: the world's first 16-way x64 server in a single 4U chassis; the world's first hybrid data server; and the world's first no-compromise blade platform. The three new x64 servers, powered by AMD Opteron processors with Direct Connect Architecture, reinforce Sun's x64 systems leadership and further extend the company's reach into the $25.3B addressable market opportunity for volume and midrange servers.

'IT organizations need to ensure the availability and recoverability of email, database and other business applications across their storage infrastructure,' said Bob Davis, senior vice president and general manager of CA's Storage Management business unit. ?With this acquisition, CA is meeting customers' requirements for protecting, securing and quickly recovering critical applications and information from any location across the enterprise.'

db4objects, creator of the open source object database for Java and .NET has announced that Jerry Fiddler, founding CEO of the embedded software company Wind River, has joined the company's board of directors.

Findings from Sophos show that the most widespread threat from January to date is the Sober-Z worm, which at its peak, accounted for one in every 13 emails, even though it was programmed to stop spreading on January 6, 2006. New Trojans now outweigh viruses and worms by 4:1, compared to 2:1 in the first half of 2005, yet worms continue to dominate the mass email charts. Further reinforcing this, only one email in every 91 was viral to date, compared with one in every 35 for the same period in 2005.

A lawsuit filed in a U.S. District Court in Seattle by a Los Angeles resident allges that Microsoft has not adequately disclosed details of its WGA (Windows Genuine Advantage) feature when it was delivered to PC users through the company's Automatic Update system.

Information security, information storage. Two topics that often go together, but now taken to new levels by the breaking story about storage giant EMC buying security goliath RSA. One thing, neither of the two Boston-area companies will have to anyone very far, and perhaps their similar name forms indicate a sympatico mindset.

Security continues to be a key issue for organizations today. Nearly 60 percent of U.S. businesses believe that cybercrime is more costly to them than physical crime. In fact, the FBI estimates that cyber crime cost US organizations more than $62 billion in 2005. One of the most daunting challenges for organizations is that many software products contain security flaws in architecture, design, or implementation and organizations are constantly playing catch-up instead of 'locking the door' against security breaches.

Sun Microsystems has announced that it has withdrawn from the Aperi open source storage management initiative started by IBM in October 2005. Sun is a proponent of open source projects across its portfolio and has been a major supporter of this initiative in its formative phases. Given that Sun believes this initiative should be governed by the Storage Networking Industry Association (SNIA), Sun plans to participate in software projects under the auspices of that organization.

Credit Suisse downgraded Novell (NOVL) to neutral from outperform, noting the company's quarterly results for the second quarter. This comes several weeks after a more recent upgrading of the stock by analysts at Jefferies and Co.

Mark Canepa, who's been running storage over at Sun, is leaving the company - whether voluntarily or involuntarily is unclear - so Sun's new CEO Jonathan Schwartz is moving Sparc server boss David Yen in to replace him. Yen will report directly to Schwartz.

Storage giant EMC Corporation has acquired a privately held North American-based IT professional services firm, Interlink. The company will become a part of EMC's expanding Microsoft Practice within EMC Technology Solutions.

InfoParc has announced the release 4.54 of the absoluteBUSY web CRM software. The release includes a new sales module plus a new keyword/tagging feature. An unlimited, freely defineable set of markers/tags can be applied to companies, contact persons and projects.

'I'm for more women in technology, but against affirmative actions of any kind,' says Yakov Fain, Java Developer's Journal Enterprise Java Editor. His remark comes in a discussion thread triggered by a blog posting he wrote earlier this week in which he noted, while watching the live SYS-CON.TV coverage on Monday of the 'Real-World AJAX' seminar in San Jose, that none of the speakers was female.

'As part of Microsoft's routine, monthly security update cycle,' Microsoft announced yesterday, 'we released five new security updates.' One of the five addressed an unpatched bug in the Internet Explorer (IE) browser that hackers had been exploiting for several weeks.

Equifax Inc. announced that it has formed a joint venture with ATM Corp. to launch a national settlement services company. Equifax Settlement Services LLC will provide a complete set of mortgage settlement offerings, including title, closing and appraisal services.

'Digi-Data has a history of providing innovative technology,' said Dennis Cindrich, President and CEO of Digi-Data. 'bigVault's secure online services expand our product offering by helping customers cost-effectively store and access large amounts of digital content from anywhere in the world in a centralized repository. The market is limitless because photos, music and video along with email, text and spreadsheet documents are now a part of individual and company critical data.'

Bradmark's Surveillance DB for Sybase ASE simplifies database management by providing detailed statistics on session and process activity, locked sessions, batch contention, file I/O and much more, which can all be viewed simultaneously for multiple databases. It is shipped with a set of pre-defined rules that can be easily configured, and can utilize statistics available from Monitor Server, DBCC or the new MDA monitor views.

My purpose today is to examine the question about whether the hottest topics in software development right now--Open Source, Ajax, and Web 2.0--offer any relief. My attention was drawn to recent coverage of three classic Web 2.0 companies, flickr, myspace, and youtube.

An exploit has been published for a vulnerability found in Microsoft Internet Explorer which could be used by attackers to run arbitrary code on target systems. The flaw is due to an error when processing a 'createTextRange()' call related with control objects.

VeriSign has announced its new VeriSign Security Risk Profiling Service, which the company claims is the industry's first comprehensive solution to help enterprises identify, visualize and quantify information security risks.

Gauntlet's technology is designed to detect potential problems before they have a chance to impact other developers by automatically pre-screening all new code against a set of quality guidelines before it enters the build process. This reduces the number of broken builds that can impact team productivity and delay project delivery, according to Borland.

A technical paper delivered during a conference on 15 March, in Pisa, Italy, entitled 'Is Your Cat Infected with a Computer Virus?' has claimed that RFID tags can be used to corrupt databases and even potentially to spread computer viruses. However AIM Global, the trade association for automatic identification and mobility, is now questioning the validity of the methodology used by the researchers behind the report.

Fourteen years ago I warned MyBank (who is not one of my clients, I am one of theirs) about using social security numbers as solid identification. The Head of Security, three weeks retired from the Secret Service, said he would look into it. Nothing has changed except the security at MyBank has gotten worse.

Enterprises and government agencies are using smart card-based credentials more and more. Organizations around the globe are striving to protect corporate information assets, address regulatory compliance pressures, and achieve cost savings and increased security through the convergence of physical and logical access credentials.

In a move the companies say will bring unique management benefits to the broad number of users of Microsoft Systems Management Server 2003 (SMS) for the first time, Intel plans to connect its new Intel Active Management Technology (Intel AMT) with Microsoft SMS, substantially enhancing customers' ability to more thoroughly protect their computers from viruses and to help significantly lower maintenance costs.

Successful businesses execute simultaneously on three fronts: sustained revenue growth, continuous cost control, and comprehensive risk management. Driven by a significant rise in public awareness of information security breaches, the discipline of risk management is under increased pressure to protect the information assets of the business better. This pressure has resulted in a great deal of confusion about the best course of action, and more than a few ill-considered measures have been put in place. But businesses need not fret. The solution comes in a process they already understand, albeit with an intuitive reorientation of traditional thinking.

'The world virus map is an excellent resource for quickly understanding the virus situation at any given time,' said Mikko Hypponen, Chief Research Officer at F-Secure said, as his company introduced the concept of 'virus maps' - a visual representations of virus infections worldwide. 'For anybody interested in understanding the 'bigger picture' behind a virus in the news and charting its course, this is a good place to start.'

Storage is still one of the most costly and fastest-growing aspects of everyone's network and is likely to remain so for some time. Every network user is a storage user. We're all part of a community that shares the costs and the benefits of this expensive resource. Storage management can be a challenging task. There's so much hardware, so many alternatives, and so many issues that it's easy to get lost in the details and fail to see the forest for the trees.

ChoicePoint, CardSystems, LexIsNexIs, Polo Ralph Lauren. The headlines in 2005 were littered with cases of high-profile security breaches and customers, partners, and government are increasingly holding businesses accountable for the security of their applications. Poor application security can result in heavy downstream remediation and management costs, as well as productivity problems, hits on revenue, compliance issues, and damage to corporate reputations.

IT managers planning for possible security threats in 2006 might be tempted to look back at some of the big security debacles of 2005 for inspiration. A major security breach at CardSystems exposed the personal data of more than 40 million credit card holders to possible fraud. Marriott tried to explain how it misplaced personal data for some of its 200,000 customers. Other major companies including Bank of America, Citigroup, and DSW Shoe Warehouse had similar woes.

Typically when we think about security for a Web service, our focus is on how to protect it from unauthorized and malicious users. Thus, we tend to concentrate on such things as authentication of the requestor, checking to see that the requestor is authorized to access the service, validation of the request message, and so forth - all things that happen on the way in or during a request for the service. However, there is an equally important set of security functions that need to occur on the way out or after the service has finished processing the request.

A worm and a virus, both attacking Mac OS X, have been reported, the first instances of Apple's previously impervious operating system being attacked. OSX/Inqtana.A is a proof of concept worm for Mac OS X 10.4 (Tiger). It tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability CAN-2005-1333. Security company F-Secure told us, 'If you are using OS X 10.4 make sure that you have latest security patches installed and you are safe from Inqtana.A and any future worm that tries to use same exploit.'

I am pleased to announce that Software Tool & Die Inc. has just released a new version of the SQLXtract utility (10.2.1) that reverse engineers Sybase's proprietary SQL format (PBSELECT) into ANSI, PL/SQL or TransAct SQL from the 'DataWindow' object. The new version of the SQLXtract utility was mainly revised to allow it to reverse engineer the source code from a Unicode based library vs.. an ANSI format previously.

Symantec CEO James Thompson warns against an erosion in consumer confidence as the biggest threat to the continued growth of e-commerce, rather than a single hostile attack. Thompson made his remarks at a keynote speech at the RSA Security Conference in San Jose.

Nexaweb has been seeing rapid RIA adoption in Japan, particularly in the financial industry, and so has entered into a strategic alliance with Hitachi Systems and Services, Ltd. (Hitachi Systems), one of the largest providers of systems integration services in Japan.

McAfee has partnered with Sony Ericsson to provide mobile security solutions on the new P990i and M600i. McAfee VirusScan Mobile and McAfee Firewall Mobile will be included with the Sony Ericsson smartphones - both of which offer Internet access, e-mail, and video conferencing.