• Πως μοιάζει το νέο Κέντρο Διαχείρισης;
• Ποια λειτουργικά συστήματα υποστηρίζονται και ποιοι clients είναι διαθέσιμοι;
• Ποια είναι η διαφορά μεταξύ των UEFI και BIOS και γιατί χρειάζεται να το ξέρετε αυτό όταν πουλάτε ή εγκαθιστάτε το SGN;
• Μπορούμε να υποθέσουμε ότι η Native (Γηγενή) Κρυπτογράφηση είναι ίδια με το SafeGuard Enterprise Device Encryption;
• Μπορούν οι υπολογιστές Mac της Apple να διαχειρίζονται κεντρικά;
• Τι είναι και γιατί το FileVault 2 ενδέχεται να είναι απαραίτητο;
• Τι περιλαμβάνει η άδεια χρήσης SGN;

Σήμερα, ευαίσθητα δεδομένα βρίσκονται παντού, στο cloud, σε φορητές συσκευές και προσωπικούς υπολογιστές. Ο στόχος είναι η προστασία τους, χωρίς θυσίες στην απόδοση και η Sophos έχει τη λύση με το SafeGuard Enterprise 6.1, το οποίο προσφέρει κρυπτογράφηση, οπουδήποτε και αν βρίσκονται τα δεδομένα –σε υπολογιστές Windows, Mac, σε αφαιρούμενα μέσα αποθήκευσης, σε δίσκους στο δίκτυο, σε φορητές συσκευές ή στο cloud, χωρίς καμία επίπτωση στην απόδοση.

Με το SafeGuard Enterprise 6.1, η Sophos διευθετεί τα δύο μεγαλύτερα ζητήματα στην κρυπτογράφηση -την απόδοση και τη χρηστικότητα- εκμεταλλευόμενη την ενσωματωμένη κρυπτογράφηση του λειτουργικού συστήματος (Bitlocker στα Windows, FileVault 2 για Mac) για καλύτερη απόδοση και προσφέροντας multi-platform διαχείριση για όλες τις συσκευές και τα περιβάλλοντα cloud.

Θέλετε να μάθετε περισσότερα;
Σας περιμένουμε στο 4o Infocom Security όπου απαντάμε στις προκλήσεις του μέλλοντος.
Ώρα 12:30 – 14:15 στην 2η ενότητα «Ευφυείς Λύσεις για την Προστασία των Πληροφοριών»

There’s definitely an update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven’t already. The details of what will be fixed aren’t a matter of public record yet, so we can’t spell them out for you in detail. Nevertheless, Oracle has published a very brief pre-announcement to remind us of the importance of this month’s fixes. The good news is that lots of security vulnerabilities have been repaired – 40 in total, of which all but three are RCEs, or remote code execution holes.

That’s where untrusted content sent over the network might be able to trick Java into performing operations that really ought to be limited to already-installed, trusted code. In short, an RCE means that you could get infected by malware simply by looking around online, without explicitly downloading, authorising or even noticing the malware being installed.

There are two handy ways to reduce this RCE risk:

·    Apply Oracle’s patches as soon as practicable. You can turn on fully-automatic updating if you like.
·    Turn off Java in your browser, so that web-based Java applets can’t run at all.

Click here to see the original article.

Στο διάγραμμα που δημοσιοποιήθηκε από ανεξάρτητη εταιρεία ερευνών, και περιλαμβάνει τους Δείκτες Υπόσχεσης και Εκπλήρωσης, μπορείτε να δείτε και να συγκρίνετε την αποτελεσματικότητα ορισμένων από τις σπουδαιότερες εταιρείες της βιομηχανίας των υπολογιστών στο marketing αλλά και στην εκτέλεση.

Ένας κατασκευαστής, που βρίσκεται στο πάνω δεξί τεταρτημόριο του διαγράμματος, έχει βαθμολογηθεί με υψηλή βαθμολογία τόσο στο τομέα της υπόσχεσης όσο και στο τομέα της εκπλήρωσης αυτής της υπόσχεσης. Με βάση τα ίδια κριτήρια, μία εταιρεία στο κάτω αριστερό τεταρτημόριο, δεν τα καταφέρνει ούτε στο επίπεδο της υπόσχεσης, ούτε στο επίπεδο εκτέλεσης.

O “Δείκτης Εταιρικής Υπόσχεσης” (Vendor Promise Index) σχεδιάστηκε κατά τέτοιο τρόπο ώστε να μετράει την αποτελεσματικότητα του marketing. Χρησιμοποιεί τέσσερα από τα δεκατέσσερα σημεία αξιολόγησης πελατών (Θέση ανταγωνιστικότητας, Τεχνολογική Καινοτομία, το Στρατηγικό Όραμα του management της εταιρείας καθώς και η Μάρκα/ Φήμη) που σχετίζονται με ιδέες και concepts που μεταφέρονται σε πιθανούς πελάτες σε παγκόσμιο επίπεδο πριν το πραγματικό προϊόν ή κάποια υπηρεσία παραδοθεί προς χρήση.

Ο “Δείκτης Εταιρικής Ικανοποίησης” (Vendor Fulfillment Index) σχεδιάστηκε ως μέτρο για την εκτελεστική αποτελεσματικότητα. Χρησιμοποιούνται και σε αυτή τη περίπτωση τέσσερα από τα δεκατέσσερα κριτήρια  βαθμολόγησης πελατών  (Απόδοση/ Τιμή, Ποιότητα προϊόντος, Παράδοση σύμφωνα με την Υπόσχεση και Ποιότητα τεχνικής υποστήριξης) τα οποία σχετίζονται με το φυσικό προϊόν και την υπηρεσία που έχει παραδοθεί και την εμπειρία που είχε ο πελάτης από τη χρήση του συγκεκριμένου προϊόντος ή της υπηρεσίας.

Το μέγεθος του κύκλου που βλέπετε στο διάγραμμα επίσης δείχνει τη σχετικότητα μεταξύ των βαθμολογιών που έλαβε κάποια εταιρεία. Οι γραμμές που τέμνονται δείχνουν το μέσο όρο βαθμολογίας που έλαβε κάθε εταιρεία, συμπεριλαμβανομένων και εταιρειών που δεν βρίσκονται στο διάγραμμα. Όπως μπορείτε να δείτε, η Sophos έχει αποσπάσει εξαιρετική βαθμολογία, τόσο στο τομέα του marketing, όσο και στο τομέα του να κάνει πραγματικότητα όλα όσα υπόσχεται για τους πελάτες της.

Our poll offered readers the chance to vote for one of the six most popular web browsers – Chrome, Firefox, Internet Explorer, Opera, Safari and Chromium – and asked which you trusted the most. Mozilla’s Firefox, the linear descendant of both Netscape Navigator and the original ‘graphical web browser’ the NCSA Mosaic, was a runaway winner. Firefox accrued almost double the number of votes of its nearest rival, Google Chrome, and more than six times the votes awarded to perennial rival and fellow ‘browser wars’ veteran Internet Explorer.

The results are even more emphatic when you consider how many people actually use each browser. Below is a table that compares the number of votes each browser received in the poll against the number of unique article pageviews from each of those browsers over the same period.

Results are ranked in order of conversion rate – the rate at which page views by a given browser correlate with votes for that browser (Chrome and Chromium identify themselves in the same way and we can’t separate their unique page views so their results are combined in this table).

Top of the table is Opera which was the only browser that scored more votes for trustworthiness than it had users, although it did so with much smaller totals than its competitors. You could probably sum up the entire history of the Opera browser with the phrase “small but loyal following” and despite the regard in which its users hold it Opera seems destined to remain the perennial bridesmaid of the browser world. The poor showing of Internet Explorer is notable but perhaps not surprising given that it is often imposed on users as a matter of corporate policy. What stands out at me is the difference between the Mozilla and Google products. Both browsers are well established and well known open source projects, they both run on Windows, Mac and Linux and unlike Explorer or Safari neither come bundled with an operating system.

Perhaps Chrome users are more cynical or more realistic about where they place their trust. Or perhaps people who choose Chrome are also people who don’t vote in internet polls. We don’t know but I suspect, as the comments on our poll seem to suggest, that the reason for Chrome’s poor showing is that Google’s claim to Do No Evil is simply no longer convincing. The untrustworthiness of Google is a consistent theme across the most highly rated comments on the poll:

    “frankly I trust Google the least, as they have too many data points for comparison.

    I don’t trust Google as far as I could throw ’em. As a company, it’s entirely uninterested in my security or privacy, especially if it can make money by selling my personal information.

    Trusting any software completely is a bit foolish, but anyone who actively trusts Chrome is a good subject for psychological study.”

You get the idea. Of course this is only an online poll and and not a scientific experiment so my conclusions should be taken with a liberal pinch of salt.

You can read the original article, here.

Syrian Eagle told Mashable that Microsoft deserves what it got because it’s hawking data to US snoops and multiple governments. The SEA will publish proof of the allegations, Syrian Eagle said: “Microsoft is monitoring emails accounts and selling the data for the American intelligence and other governments. And we will publish more details and documents that prove it. Microsoft is not our enemy but what they are doing affected the SEA.”

On Saturday, the pro-Assad group took over the @MSFTnews and @XboxSupport Twitter accounts and posted various messages hashtagged “SEA”, according to Mashable. One read: “Don’t use Microsoft emails (Hotmail, outlook), They are monitoring your accounts and selling the data to the governments.” The takeovers appear to have been brief: the messages are no longer live, and a Microsoft spokesperson sent this statement to The Register: “Microsoft is aware of targeted cyberattacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.”

The attackers also Tweeted a screenshot of what appears to be a takeover of The Official Microsoft Blog at blogs.technet.com. Microsoft didn’t put out a statement about the alleged attack, but Mashable says its reporters saw it in action and confirmed that it lasted about an hour. Mashable also posted a screenshot showing multiple “Syrian Army Was Here” messages on the defaced site.

Others reported that the blog was either forcing a redirect to the SEA’s site or displaying the defaced blog. At any rate, the blog is now under the company’s control. Microsoft responded to the SEA charges about monitoring email by sending this statement to Mashable: “We’re actively investigating issues and are focused on protecting our employees and corporate network. Microsoft is sometimes obligated to comply with legal orders from governments around the world and provides customer data only in response to specific, targeted, legal demands”.

You can read the original article here.

The current total of 650,000+ pieces of Android malware is up by approximately 600% from last January. Check out our mobile malware timeline below for our picks for the most important developments of the past decade, from the birth of mobile malware to today.

Mobile Security Threat Report

It’s been 10 years since the first mobile malware appeared. To mark this dubious anniversary, we’ve produced our first Mobile Security Threat Report. Download the report at sophos.com/mobilethreatreport to see how mobile threats have evolved, and to learn how best to protect yourself and your organization.

Get the free app: Sophos Mobile Security for Android

Sophos Mobile Security is a robust yet lightweight app that protects your Android devices without compromising performance or battery life. Using up-to-the-minute intelligence from SophosLabs, it automatically scans apps as you install them. Other features include a privacy advisor, encryption, and per-app password protection that you can set up for sensitive apps like your email. We’ve received several awards and many great reviews for Sophos Mobile Security, which has been downloaded more than 100,000 times from Google Play.

You can read the original article here.

We also found out that the Heartbleed bug is in a version of the OpenSSL software that’s two years old — so this vulnerability could have been attacked for a very long time by someone with the resources to exploit it. 

Sophos security experts helped us to understand Heartbleed and what it means, how to protect yourself, and why we should all be thankful for open source software, even if it’s not perfect.

Chester Wisniewski, Sophos senior security advisor, let us in on what Heartbleed is and why it’s so important for security on the Internet. Chet explained that OpenSSL sends a small packet of data back and forth between web servers to make sure the connection is still working, what’s called a TLS Heartbeat.

Only now it turns out that web servers could be tricked into sending huge amounts of system-stored data in response to a Heartbeat ping — data which could include passwords and encryption keys. In an opinion column published on CNN.com, Chet described how two-thirds of all websites were vulnerable to Heartbleed. Fortunately, most major Web services have already applied fixes to the affected Web servers and services. The bad news is that smaller websites as well as many companies’ products that rely on OpenSSL may linger for many more years without a fix.

Chet told BuzzFeed that an even bigger concern is who might have known about the Heartbleed bug before the rest of us caught on — and the most likely organization to know would be the U.S. National Security Agency (NSA), which has the means and an interest in finding such vulnerabilities.

“That’s exactly what the leaked NSA programs are supposed to do: Find the flaws, exploit them and never tell anyone,” Chet said. According to Chet, the “open” part of OpenSSL means this vital security software is maintained by volunteer researchers, not commercial interests. And that means we should be focusing our attention on supporting the open parts of the Internet that we rely on for freedom of communication.

All of us have come to rely on the Internet socially, politically and economically. The billions of dollars a year being made by the tech giants would not be possible without the millions of donated hours that maintain free and open software like OpenSSL, Linux, Apache Web server, and Postfix mail server.

You can read the original article here.

Here are the Top 10 reasons to choose Array’s APV Series Application Delivery Controllers (ADCs). Today, many industries and enterprises are looking to simplify and optimize business operations. Array’s high-performance technology is the first step towards achieving that goal. Designed to solve real-world business and organization problems, Array’s solutions can dramatically increase employee productivity and business agility while streamlining network management and delivering dramatic cost savings. With the advent of virtualization, public and private clouds, the explosion in mobile traffic and the move towards new standards including IPv6 and 2048-bit encryption, modern application delivery controllers must provide performance and scalability in line with the demands of mobile and cloud computing and the agility to extract maximum efficiency and ROI from application infrastructure.

Array APV Series application delivery controllers address the challenges faced by enterprise, service provider and public sector organizations in the areas of application and cloud service delivery. Available as purpose-built appliances or software engineered for virtual environments, Array ADCs combine cutting-edge performance and scalability with transformative features at industry-leading price points, creating unmatched value and ROI as compared to brand name alternatives.

Top 10 Reasons to Choose APV Series Application Delivery Controllers (ADCs)

1) Superior Performance
Delivers 99.999% application availability, up to 5x application acceleration and provides a first line of defense for Web-enabled applications and cloud services.

2) Management Integration
Array’s eCloud™ API provides a script-level interface for cloud management systems.OpenStack integration allows rapid integration and control of Array technology.

3) Lowest Cost per SSL TPS
Typically 30 – 70% lower cost than similar models for 2048-bit SSL across the complete APV Series product line.

4) IPv6 Migration
Array’s DNS64/NAT64 allows organizations running IPv6 networks to access IPv4 networks, servers and content. Array’s SLBPT allows organizations with an IPv4 Web presence to support access from IPv6 clients.

5) Easy Traffic Management
Advanced Layer 7 policy engine, SpeedPolicy, offers point-and-click WebUI configuration executed at the system level for agility and performance.

6) High-Performance Features
Since features are executed at the system level, APV appliances maintain unmatched levels of performance with multiple, concurrent features enabled.

7) Multi-Layer Security
WebWall provides the first line of defense for Web-based cloud apps and shields Web Application Firewalls from brute force attacks and unauthorized requests.

8) Great Support
Array’s pre- and post-sales engineers and customer support are committed to strive for excellence and continual improvement in quality.

9) Flexible Platform Options
Physical, virtual or multi-tenant – APV Series offers all three options. And AVX10650 is a true multi-tenant ADC, with dedicated SSL, I/O and compute resources for up to 8 instances.

10) Established Company
With a 10-year record and proven at thousands of worldwide customers, Array application delivery networking solutions are recognized for industry-leading performance and value.

The research evaluated thousands of website URLs of organizations that utilized the GlobalSign SSL Configuration Checker; many of these organizations were looking to assess the strength and quality of their SSL configurations. Statistics revealed that in the first quarter of 2013 over 6,000 sites used the tool to evaluate the effectiveness of their SSL, and 269 of those sites used the remediation guidance provided by GlobalSign to improve and, in some cases, strengthen the security of their sites within a matter of minutes.

Upon visiting GlobalSign’s SSL Configuration Checker, powered by Qualys SSL Labs, organizations enter their website addresses and instantly receive a letter grade for their configuration. The grading system has three steps. First, the site’s SSL certificate is examined to confirm that it is trusted and valid. If a server fails this step it is automatically given a zero. Next, the server configuration is tested in three categories:

1) protocol support,
2) key exchange support and
3) cipher support.

Finally, a score between 0 and 100 is assigned to the site. The grading scale is as follows:

• score ≥ 80 A
• 65 ≤ score ≤ 79 B
• 50 ≤ score ≤ 64 C
• 35 ≤ score ≤ 49 D
• 20 ≤ score ≤ 34 E
• score

The research revealed that 50 percent of 269 websites that used the GlobalSign SSL Configuration Checker strengthened the effectiveness of their SSL configuration grades in 30 minutes or less. Fifteen percent improved from a B, C, D or F to an A grade in less than two hours.
Notable statistics for the 269 improved websites:

• 172 organizations improved their grade to an A overall – 63%
• 13 organizations improved their F grade to an A, B, or C – 42%
• 95 organizations improved their B grade to an A – 35%

“The improvement in website security is certainly encouraging for us to see, but this is the absolute tip of a very big, fast-moving and dangerous iceberg,” said Ryan Hurst, chief technology officer of GlobalSign. “Administrators can use the SSL Configuration Checker to greatly improve and remediate the security of poorly configured sites, but it is the awareness of this free and easy tool that we are trying to drive. Both small and large organizations with websites must adopt best practices, but first they have to identify the strengths and weaknesses of their sites’ SSL configuration.”
Alexa 100 Sites Evaluated:

In addition to the findings derived from inbound SSL Configuration Checker use, GlobalSign evaluated the SSL effectiveness of the Alexa Top 100 websites. The research revealed the following:

• Over half (51%) of the websites received an A.
• Twenty-five percent received a B and 5 percent scored a C.

These grades are proof that while just over half of the world’s top sites, and the enterprises behind them, are providing effective security, there is ample room for improvement.

Overall SSL Configuration Checker Evaluation results of the Alexa Top 100:

Click here to see the original article.

James Lyne, Global Head of Security Research, Sophos, said: “Sophos has partnered with Government to support Cyber Streetwise because we believe it’s imperative for both consumers and small businesses to take action to protect themselves online.”

“Consumers and SMEs alike are finding new ways to interact online, including via a greater range of devices, but with this enhanced technology comes risk. SophosLabs finds over 30,000 new infected websites distributing malware every day and, contrary to popular belief, the majority – around 80% – are legitimate small business websites that have been hacked. It’s therefore vital that small businesses in particular get the basics of security right – from installing antivirus to regularly updating and patching software, using complex passwords and protecting data.”

The Cyber Streetwise website – www.cyberstreetwise.com – offers a range of interactive resources for SMEs and consumers to gain impartial advice on how to protect themselves online. Sophos, which has provided security expertise and content for the Cyberstreetwise site, is also pushing visitors from its own dedicated web page – www.sophos.com/cyber-street – to the Cyber Streetwise website.

James Lyne continued: “Those who don’t put basic security measures in place are leaving themselves exposed to attackers capable of silently installing malicious code on their systems without permission. We are proud to have been asked to support and to provide content for Cyber Streetwise, which will play a vital role in encouraging businesses and consumers to adopt safer behaviours online and to take the fight to cyber criminals by improving their online security.”

Cyber Streetwise is urging people to take five actions in order to protect themselves and others from cyber crime:

1. use strong, memorable passwords
2. install anti-virus software on new devices
3. check privacy settings on social media
4. shop safely online – always ensuring to check online retail sites are secure
5. download software and application patches when prompted

You can read the original article at here.

Authorities have apparently taken control of the Gameover bots and seized its command servers over the weekend, effectively freeing 300,000 of the 500,000 to 1 million infected Windows computers. Even better, they’ve found the crime ring behind the botnet and have charged alleged Russian mastermind Evgeniy Mikhailovich Bogachev with hacking, different types of fraud, money laundering and conspiracy.

Gameover Zeus, for those who’ve never heard of it in the past, is a P2P malware that pilfers banking information and initiates wire transfers to overseas bank accounts. It’s typically propagated through spam emails disguised as bills or invoices embedded with malicious links — the kind you tell your grandparents to never click. Once Gameover worms its way into a system, that computer becomes part of the extortion ring’s global network of infected machines, which funnel ill-gotten info back to the criminals. The perpetrators would sometimes also install compromised PCs with Cryptolocker, a “ransomware” that takes users’ files hostage until they pay up. According to the FBI’s estimates, the criminals have stolen over $100 million using both Gameover and Cryptolocker. But whether that’s enough for Bogachev to stand trial in the US (home to 25 percent of the affected machines) remains to be seen, as Russia does not extradite accused criminals. For now, all the authorities can do is spread word about the botnet and help people remove it from their computers.

The next stage – the part of the operation that is the duty of all of us – is to dismantle the rest of the botnet, by progressively disinfecting all the zombie-infected computers that made the Gameover and Cryptolocker “business empires” possible in the first place. US-CERT has come up with a whole list of free tools so you can do just that, and (if you are the go-to person for IT problems amongst your friends and family) so that you can help others, too. The Sophos Virus Removal Tool is amongst the recommended cleanup utilties. It’s a free download; you don’t have to uninstall your existing anti-virus first; and it detects and cleans the same malware, including rootkits, that Sophos Anti-Virus knows about, not just CryptoLocker.

You can read the original article here and here.