Europe gets ready for tighter security and telco regulations

Last week saw the European parliament debate the content of a new regulatory telecommunications package that will have far reaching implications for security and risk professionals on both sides of the Atlantic the 785 members of the parliament’s plenary were supposed to vote on the reform package – but six of the most pressuring issues are still open and largely undecided (see: http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/08/551&format=HTML&aged=0&language=DE&guiLanguage=nl).

In a nutshell, this new telco package mirrors the ongoing struggle between forces that call for stronger independence of the respective national telecoms authorities in the EU member states (e.g., supported by the EU parliament) and those seeking more direct control over politically sensitive areas such as security (e.g., represented by the EU council).

Read more

What is "clickjacking" and should you be concerned about it?

Chenxi Wang

I am at the first national OWASP conference in New York this week, giving a talk on Web 2.0, consumerization, and application security. There is much discussion at the conference about "clickjacking," partially because the researchers weren’t given permission to do an open session, which of course further fanned the interest.

Earlier today, CERT issued a statement on clickjacking, warning that multiple browsers, including IE, Firefox, Safari, Opera, and Chrome, are all vulnerable to the attack.

Read more

McAfee's acquisition of Secure Computing

Chenxi Wang

McAfee announced today it is acquiring Secure Computing, at the price of $465 million. Does this acquisition make sense?

Secure Computing has a market cap of $380 million, with 2007 revenues of about $250 million and $21 million cash on hand. This acquisition price, which represents a 22.69% over its market cap and less than 2x revenues, is relatively modest. So for McAfee, it's a good deal. In addition, although McAfee is a strong player in the endpoint market, is not a market leader in its network security play. The addition of Secure Computing, plus the recent acquisition of Reconnex, will clearly energize that part of the house.

For Secure, this brings some much needed help in terms of marketing and external communication. Secure Computing has solid technology in Web and email security, but after many years in the business, is still not as much a household name as some of its competitors. Secure Computing's other product line, its Sidewinder firewall business, may seem disparate at first glance, but can put McAfee in a nice position to enter the unified threat management (UTM) market.

Read more