Andrew Hay

• Security Thoughts: Do I live the first suburb in the world to be smurfed?
  Sounds like a script kiddie went wild in the neighborhood.
  (tags: smurf attack script)
• Anti-virus Moves to the Cloud
  Hmmm…a good idea or a bad marketing gimmick?
  (tags: cloud antivirus)
• System Scanner « SANS Computer Forensics, Investigation, and Response
  (tags: forensics windows)
• Tenable Network Security: Event Analysis Training – SSH Brute Forcing with Mixed Log Sources
  (tags: ssh brute force log lce)
• Zodiac Killer’s ‘Unmasking’ Lacks Cryptographic Proof | Threat Level
  Talk about 5 minutes of fame…
  (tags: crypto)

• Token Security Guy: RSA Conference – introducing the personalities
  At RSA…which personality type were you?
  (tags: rsac)
• Trend Micro to Acquire Third Brigade
  Wow, looks like Trend Micro is looking to go head to head with McAfee by expanding its offerings.
  (tags: ossec acquisition)
• Microsoft battles malware with Windows AutoRun changes | threatpost
  It's about time….
  (tags: microsoft autorun malware)

The Internet is all a flutter today with the news that Third Brigade, an Ottawa based network antivirus and Internet content security software and services company, has quietly been acquired by Japan based Trend Micro Inc. The Trend press release states that they are buying the business to “accelerate its dynamic data center security strategy, and to provide customers with access to critical security and compliance software and vulnerability response services.”

Since 2007, Third Brigade has licensed its technology to Trend Micro as part of their OEM relationship, resulting in products such as the Intrusion Defense Firewall (IDF) plug-in for OfficeScan™. This relationship inevitably paved the way for the Trend Micro acquisition. Trend Micro has plans to grow the Third Brigade business within its own data center security business.

This marks an interesting turn for Third Brigade who, in June 2008, was on the other side of the acquisition table when they picked up the OSSEC project. What does this purchase mean for users of the Open Source OSSEC HIDS? According to the press release on the OSSEC website they don’t anticipate there will be any impact on OSSEC users from this acquisition. The release states “like Third Brigade, Trend will help create broader awareness and further ensure the success of this thriving open source community through ongoing dedicated resources and extended support necessary for larger enterprise deployments.”

The Trend Micro Press release can be found here: http://trendmicro.mediaroom.com/index.php?s=43&item=714
The Third Brigade press release can be found here: http://www.thirdbrigade.com/WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=948
The OSSEC press release can be found here: http://www.ossec.net/main/trend-micro-to-acquire-third-brigade

• Another Adobe PDF Reader zero-day surfaces | threatpost
  (tags: adobe zeroday pdf)
• TweetYard – Sourcefire and Snort alerts to Twitter « An alchemists view from the bar
  Probably about as useful as tweeting your OSSEC alerts…but still kind of cool.
  (tags: security snort alerts twitter)
• Developing Security: Quorum Sensing Botnets
  (tags: botnet detection)
• Using HELIX LIVE for Windows « SANS Computer Forensics, Investigation, and Response
  (tags: forensic linux livecd helix)
• Tenable Network Security: Newsbites: Joint Strike Fighter Plan Compromise
  (tags: cyberspies leakage dlp)

If you’ve not heard of Mykonos before, expect to hear more about them in the future. They launched their corporate website this week during the 2009 RSA Conference and showed off their security-oriented AJAX development platform/framework. At the Mykonos booth, the staff was happy to show off a slick MSN Instant Messaging application that was written within 72 hours using their framework. The application provided end-to-end encryption and served to demonstrate how powerful the framework was.

The Mykonos development framework boasts immunity to cross-site scripting, cross-site request forgery and session hijacking, click-jacking, phishing, and brute force attacks. This is both a powerful and dangerous statement that will force the framework to be put through its paces – obviously by a developer and not a lowly security guy like myself.

For more information on Mykonos, please visit their website at http://www.mykonossoftware.com.