With so much going on in the world of Information Security it is difficult to encompass all that is developing so quickly in this technological landscape.   It makes sense then to review the best of the week, the most significant items that have the most impact to the world of Information Security.  Here are some of this week’s most significant developments:

Consumer security front
Kit Dotson’s post on Sony’s updated EULA reports on the designed attempt to avoid future security breach responsibility; it was an interesting look into the legal framework that Sony has developed since their initial wave of breaches.

On the desktop, Windows 8 will reportedly delivery native Antivirus capabilities, as an official part of the operating system, and not the optional little-known add-on it once was.

Symantec’s Norton product stepped up its game with an expanded protection suite, touting features that protect users across a multitude of devices.

“Norton One is a personalized service that will protect all users and consumers across multiple devices. This will allow the consumers to have an option to choose a combination of solutions which they think is the most effective for them and to ensure a more protected connected household.”

Cyberterrorism/Hacktivism
NBC’s Twitter account was hacked and used to report fake terror strikes on the tenth anniversary of the attack on the World Trade Center.

 NBC was pretty snappy in their response and immediately repudiated the first three fake tweets. “Ignore tweets from @nbcnews till further notice. We’ve been hacked. Do not retweet,”

Cloud security
Maria Deutscher reported on cloud security matters, touching on the Windows 8 announcement and the prospect of that on the enterprise.

“The enterprise is also realizing the value, and more importantly the neccesity in security. C-rank execs from major tech companies gathered in the closed-door Advanced Persistent Threats meeting held in Washington by TechAmerica and EMC’s RSA, and discussed the security breaches their individual companies have experienced from an insider’s perspective. “

Enterprise Security
Certificate Authorities came under fire this week  with a focus on DigiNotar, for security compromises.  Undermining the very business they live in, a series of compromise events have hurt the company in a very visible way.

So far, nobody trusts them anymore. Multiple large scale corporations who deal with credit-card transactions, many users, and giant communities have blacklisted them. DigiNotar as a Certificate Authority is done for. Apple, Microsoft, Google, Mozilla, and others have removed DigiNotar from the trusted list and that essentially rings the death knell for the CA. Possibly soon Apple, Microsoft, and RIM will likely release updates to their mobile devices that will also revoke those certificates and that will be the last nail in their coffin.

Virtualization Security
VMWare released a compliance checker tool, helping with their security configurations on their platforms. This comes on the heels of various discussions at VMWorld 2011, and as itwas reported:

Together with John Furrier in The Cube during VMworld 2011, Wikibon.org founder Dave Vellante noted a big area that VMware still needs to develop—security.

“What a difference between last year and this year with VDI do-over. Security is the big area for me. The ecosystem is over-stating capabilities and VMware has a lot more work to do. This is VMware’s problem and they need to solve this. Yes, they need help from the ecosystem, but they need to build it into their architecture.”

Global Cybersecurity
A mutual defense treaty was reached between two major countries, the U.S. and Australia.   Adding to the rising global reaction to CyberSecurity threats, the report touches on the alliances and history of the current state of response.

“The United States and Australia have been close partners for almost 60 years when it comes to warfare since the day they signed into a mutual defense alliance, which now will be extended to include cyberspace as well.

The treaty from 60 years ago, known as the AZNUS military alliance treaty, describes a mutual defense condition where if one country is attacked the other will respond by declaring war against the attacker. “

Monthly Security reports were mandated by the Federal Information Security Management Act this week by means of a compliance tool known as Cyberscope, designed to help federal agencies monitor cybersecurity.

“Indeed, CyberScope represents a major shift in the way federal agencies report FISMA compliance in that it replaces once-a-year compliance reporting with a more operational, consistent approach.”

It was also reported that the Department of Homeland Security (DHS) has been working with financial institutions to thwart cyber attacks. It also plans to step things up in the future. This was revealed in Congressional testimony.

In a very good report this week, news came out of India this week on a complete and utter national CyberSecurity compromise, with ties to ShadyRat, and rife with elements of cyberespionage, negligence, and all the ramifications thereafter. More will likely come out of this story in weeks to come.

“It is inexplicable that India – a country so rich in technical expertise – has had its IT systems so thoroughly compromised. Cyber attacks are the new norm globally, and most countries have faced humiliating losses of data, but India seems to have been particularly slow to react to this new everyday reality. This must be primarily a failure of leadership rather than a shortage of technical ability.”

Services
HP emerged with newly announced enterprise security business line.   Retracing its efforts in the past, and previewing some future efforts, including acquisitions, and strategies, the article by Kristen Nicole highlights some of the potentially important steps to rebuilding HP’s offerings as a viable company.

“as HP makes a series of quiet acquisitions, including intelligence firm ArcSight last year for $1.5 billion, and preps for more software services in the coming months, the Enterprise Security release is just one part of HP’s transition away from hardware and PCs. According to Lawson, ArcSight has become a particularly integral part of HP’s enterprise goals, as the basis for HP’s Security Intelligence and Risk Management platform. It’s to be integrated into HP’s IT management software, where it can automatically detect information and pass it along to management systems for remediation. All of these efforts combine to give HP the prowess it needs to make a stand in the securities sector.”

Privacy
Hacked nude images reportedly stolen from celebrities Scarlett Johansson and Mila Kunis  were big news this week. Reports are that authorities are very close to finding these hackers. It’s good to see the authorities breaking such a serious case. (Warning: the above line contains sarcasm and a mellow bit of humor)
Have a good Friday everyone.