Cody Taylor

An anonymous reader writes “Microsoft’s long-awaited integrated security suite, codenamed Stirling, has been delayed by months and will now not be available until the fourth quarter 2009. According to Microsoft, the delay is due to the further development of the firm’s behaviour based technology, the Dynamic Signature Service “to help deliver more comprehensive endpoint protection for zero day attacks”, and efforts to add interoperability with third party solutions, as per customer requests. When completed, the suite will combine a number of tools such as the ISA Serever and multiple Forefront products.”

Read more of this story at Slashdot.

An anonymous reader writes “In late May, Data.gov will launch, in what US CIO Vivek Kundra calls an attempt to ensure that all government data ‘that is not restricted for national security reasons can be made public’ through data feeds. This appears to be a tremendous expansion on (and an official form of) third-party products like the Sunlight Labs API. Of course, it is still a far cry from ‘open sourcing’ the actual decision-making processes of government. Wired has launched a wiki for calling attention to datasets that should be shared as part of the Data.gov plan, and an article on O’Reilly discusses the importance of making this information easily accessible.”

Read more of this story at Slashdot.

We’ve pored through the enterprise security Twitter feeds to highlight those worth watching and while most don’t have very distinctive voices these 15 offer security tidbits, breach notifications, and commentary as well as press releases and blog postings.

On the surface, April 1 came and went without a peep from the dreaded Conficker megaworm. But security experts see a frightening reality, one where Conficker is now more powerful and more dangerous than ever.

The Cybersecurity Act of 2009 introduced in the Senate would allow the president to shut down private Internet networks. The legislation also calls for the government to have the authority to demand security data from private networks without regard to any provision of law, regulation, rule or policy restricting such access.

Nicolas Dawson points out coverage in Mother Jones of the early stages of a new cybersecurity bill that conveys sweeping powers on the President. Quoting: “The Cybersecurity Act of 2009 (PDF) gives the president the ability to ‘declare a cybersecurity emergency’ and shut down or limit Internet traffic in any ‘critical’ information network ‘in the interest of national security.’ The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president. The bill… also grants the Secretary of Commerce ‘access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access.’ This means he or she can monitor or access any data on private or public networks without regard to privacy laws.”

Read more of this story at Slashdot.

In the latest installment of Apple’s iPhone security-related patent filings, the Cupertino-based company describes the implementation of loss prevention software that would notify a security agency in the event the handset is lost or stolen, which could in turn lead to a police officer being dispatched to the current location of the device.

thomsomc writes “Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you’re more than likely Conficker-free. According to Honeynet, ‘This detection method should be more reliable than network scanning based tests. Happy scanning!'” Related: Tech Fragments notes in passing that nothing much seems to have come of conficker’s dreaded April 1 deadline.

Read more of this story at Slashdot.

Hugh Pickens writes “Senators Jay Rockefeller and Olympia J. Snowe are pushing to dramatically escalate US defenses against cyberattacks, crafting proposals, in Senate legislation that could be introduced as early as today, that would empower the government to set and enforce security standards for private industry for the first time. The legislation would broaden the focus of the government’s cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. “People say this is a military or intelligence concern, but it’s a lot more than that,” says Rockefeller, a former intelligence committee chairman. “It suddenly gets into the realm of traffic lights and rail networks and water and electricity.” The bill, containing many of the recommendations of the landmark study “Securing Cyberspace for the 44th Presidency” (pdf) by the Center for Strategic and International Studies, would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. The legislation calls for the appointment of a White House cybersecurity “czar” with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway. It would require the National Institute of Standards and Technology to establish “measurable and auditable cybersecurity standards” that would apply to private companies as well as the government. The legislation also would require licensing and certification of cybersecurity professionals.”

Read more of this story at Slashdot.

titus writes “Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be ‘indistinguishable from genuine chat messages.’ I’ve tested the proof of concept code which works very well. Time to panic?”

Read more of this story at Slashdot.