Keep an eye on what those providers' men doing

According to a news from com.com, an auditor of McAfee from Deloitte Touche USA losed the information CD where contains much of privacy information of McAfee's employees. It's a security incident happening outside of cyber space security.

Another news reported that an engineer from UTstarcom intruded into the deposit card system of Beijing Mobile, which is the baby company of China Mobile. The intruder stole cards and numbers with value of up to millions of RMB for personal reason. That's a security incident happening at the cyber space security.

Both of them are done by the employees from the providers, which we should pay more attention. In order to magnify their core value and competitiveness, the telco companies are outsourcing more and more business to the partners, for product implementation, optimization, maintenance, auditing and etc. That means more and more 3rd part engineers are working tegather with their own employees, sharing the same internal networks and some other resources. It must be becoming a great challenge for security management in the recent years. The IT managers should keep an eye on what those providers' men are doing at your territory.

Netclarity's VQS and FirewallBooster

Auditor is a vulnerability management product by Netclarity. It helps security administrators manage vulnerabilities based on its database which is synchonized with CVE remotely. VQS and Firewallbooster are highlights of this product.
/>VQS(Vulnerability Quarantine System) is a sort of clientless (agentless) vulnerability management tech. It uses technology-mapping to identify the OS and applications of the target of protection. If some vulnerabilities of higher priority are found with a host, then it can notify the firewalls (or routers, swithces) to filter out the corresponding networking communication related to those vulnerabilities or even the whole host. Netclarity calls it "Firewallbooster" technology. Although "Firewallbooster" is policy based, I am afraid it will scare the administrators away by high "false positive", especially for those mission critical back-end servers.

Compared with CA's eTrust Vulnerability Manager, Auditor doesn't provide any advantages to the customer, while it lackes auto inventory and built-in risk model.



Pasted from Telecom,Security and P2P.

Wordpress.com blocked at China ！

At these two weeks, I found I could not access my blog at wordpress.com from the network at China, neither from the access of CNC and CMCC. If I configure my browser to use anonymous proxies at abroad, then it’s ok. So I believe wordpress.com is blocked at China just as other blog service site.

Currently, most of the free or commercial blog sites are blocked at China, e.g, typepad, blogger and others. Due to the good relationship between Microsoft and Chinese government, MSN spaces are operating well and acquiring booming blogger users.

I wish WP would be opened as soon as possible.

My photos

Welcome to my album at flickr.com, most of them are scenes where i was feeling well. Currently, I use a digital camera of Kodak v550:

http://www.flickr.com/photos/zhaol

See my comments and articles, please visit: http://blog.zhaol.cn.