iPhone security Part 1; Google's Chrome was 'hackable' at Pwn2Own contest

Security Strategies Alert NetworkWorld.com | Security Research Center | Update Your Profile Sponsored by Splunk Demystifying Compliance Compliance is high on the IT agenda today, yet no one seems to have a clear picture of what it really involves. Inconsistent interpretation by different auditors, regulators and vendors means what worked in one year's audit could fail in the next. This whitepaper is designed to help Demystify Compliance as it relates to IT and give you some simple recipes for analyzing your own environment in the light of specific mandates. Download today. Spotlight Story iPhone security, Part 1 By M. E. Kabay My friend and colleague Adjunct Professor Richard Steinberger from the MSIA Program at Norwich University sent me an e-mail note recently about the interesting security model used by Apple for its mobile devices. I invited him to expand on his thoughts and am delighted to present his analysis today. Everything that follows is entirely Ric's work with minor edits. Read full story M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online. Related News: Google's Chrome was 'hackable' at Pwn2Own contest Although Google's Chrome was the only browser left standing after March's Pwn2Own hacking contest, it was vulnerable to the same bug that a German college student used to bring down Apple's Safari, Google acknowledged this week. Although Google patched the Chrome vulnerability May 7, it waited to reveal that the bug was the same WebKit flaw that Apple patched the day before. Web attacks routinely hosted by real Web sites The number of legitimate websites being hacked to host malware has hit startling highs in recent days, new figures from MessageLabs have revealed. Data taken from the days between the 4th to 8th of May showed that 84.6 percent of websites blocked by the company for hosting malicious content were 'well-established' domains that have been around for a year or more. McAfee buying Solidcore for whitelisting technologyMcAfee today announced it intends to acquire Solidcore Systems for about $33 million in cash and an additional $14 million if certain performance targets are met. McAfee indicated its interest in the acquisition centered on Solidcore’s whitelisting technology that can set controls on what applications are allowed to run on a computer. After the acquisition is completed, McAfee expects to bring Solidcore’s whitelisting and compliance enforcement mechanisms into the McAfee product line under the management umbrella of the McAfee ePolicy Orchestrator (ePO) management console. Evolution of Ethernet From 3Mbps over shared coax to 40/100Gbps over fiber…and beyond. Apple iPhoneys: The 4G edition iPhone enthusiasts from around the Web offer their visions for the next-gen iPhone. Sponsored by Splunk Demystifying Compliance Compliance is high on the IT agenda today, yet no one seems to have a clear picture of what it really involves. Inconsistent interpretation by different auditors, regulators and vendors means what worked in one year's audit could fail in the next. This whitepaper is designed to help Demystify Compliance as it relates to IT and give you some simple recipes for analyzing your own environment in the light of specific mandates. Download today. Metzler: 2009 Handbook of Application Delivery Successful IT organizations must know how to make the right application delivery decisions in these tough economic times. This handbook authored by WAN expert Jim Metzler will help guide you. Download now Everybody says "Do more with less!" But no one tells you how. We will and it costs nothing to find out at IT Roadmap Conference and Expo. Coming to 10 cities in 09. Register now, attend free   05/19/09 Today's most-read stories: Microsoft's software pipeline set to burst Nortel continues the enterprise fight NDC: Cloud computing Where the IT jobs are: 10 American cities Corporate espionage, e-mail break-in case zaps electronic industry Google ran out of bandwidth? VoIP, UC offerings announced Verizon shows off new rolling command center Inside a data leak audit Interop network all about redundancy Network World on Twitter: Get our tweets and stay plugged in to networking news DNS news and tips DNS is not secure and is extremely vulnerable. DNS is at the core of every connection we make on the Internet. While some servers are indeed vulnerable, because of inadequate management or knowledge, the real threat is from the protocol itself and how data is easily subverted or faked as it moves around the internet. Receive the latest DNS news and tips Compare products, get advice, and check out tests and reviews from the experts at Network World. Over 70 categories. Visit now   This email was sent to security.world@gmail.com Complimentary Subscriptions Available for newsletter subscribers. Receive 50 issues of Network World Magazines, in print or electronic format, free of charge, Apply here. Terms of Service/Privacy   Subscription Services Update your profile To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. Unsubscribe Network World, Inc., 492 Old Connecticut Path, Framingham, MA 01701 Copyright Network World, Inc., 2009 www.networkworld.com