I discovered FileInsight a very good file editor (either text or hexadecimal) which was released by Secure Computing before McAfee took over all SC intelectual property. 

FileInsight is described best by it’s authors : 

Secure Computing’s FileInsight helps to inspect and edit files of various formats. It is specifically designed to aid in analysis of potentially malicious files.

Some other features are :

• Navigating trough C/C++ data structure declarations
• Showing disassembled code
• Built-in JavaScript support

Here is a quick screenshot :

Read more and get a free copy of FileInsight  before McAfee pulls the plug on this good tool !

CRISIS ? What Crisis ?

This could have been the alternative title to the 2008 Salary & Certification Survey released by SANS today.

There are plenty of reasons not to be afraid of security job cuts or market slowdown in the year ahead according to SANS respondents. Information security will continue to be a critical business concern, if just for compliance reasons alone.

The SANS  report is structured in 5 sections : Demographics, Salary, Certifications, Continuing Education and a Twelve-month Outlook .

The 12 months planned technology deployments I found very useful as it confirms me that 2009 a year of consolidation more than expansion, not to mention that more than 25% of the respondents intend to implement SIEM (Security Information and Event Management) and of course I’m happy for ArcSight
 

Here are a few highlights of the report :

• Salaries for information security professionals are high. Over 38% of respondents earn US $100,000 or more per year.

• 41% of the respondents said their organizations use certifications as a factor when determining salary increases.

• The overall mean funding for training was US $2,854 per year with a median of US $2,000 per year.

• Digital forensics, intrusion detection, and penetration testing are the technical topics respondents are most interested in learning in 2009.

• As of late November 2008, just over 79% of respondents forecast no information security personnel reductions in the next 12 months.

• Over 25% of respondents plan to deploy the following technologies in 2009:

  • Configuration Management
  • SIEM (Security Information and Event Management)
  • Storage Security
  • Wireless Security Solutions

• The best places to find an information security position are in the metro areas of Las Vegas, Nevada; Dallas, Texas; and Washington, DC.

What more can I say : Viva las Vegas! and let’s all hope that things will get better soon!

Download the report here (PDF)
 

More than a month I drove 400 miles to Iasi to deliver a presentation on McAfee Vulnerability Management within a security roadshow which was put together in a terrible hurry by my employer.

I got lost in some strange woods in a nearby village after driving 4 hours trough one of the thickest fog I’ve ever seen. .. what more can I say .. long drive, beautiful city, crappy weather, dazzled crowd, cheap conference lunch. Anyway, here is the presentation I delivered :

It might not be the most "corporate" slideshow about McAfee , but it served it’s purpose: draw attention of a bored crowd

In the new threatening landscape of information security, Gemalto succeeds to deliver end-to-end security by developing technology around real life processes. In this article I will be briefly looking at a few representative products and services of this post’ sponsor.

Gemalto added value to the security industry consists in a new an innovative technology portfolio which includes: developing complete strong authentication systems using a PKI infrastructure, smart cards, SIMs, e-passports and tokens.

Gemplus SIM cards have been developed to be compliant with any mobile phone and network so that both the customer and the network operator can benefit of new features such as :

• Broad management of a fleet of SIM cards from one single SIM card
• Call completion and automatic handset configuration

E-passport and digital ID security has become a must in many countries through the world due to higher illegal immigration and terrorism attacks. Gemalto epassport solutions have been implemented successfully in over 16 countries and there are plans to extend the public-private partnerships.

One more link of the end-to-end security is represented by the two-factor authentication systems. Usernames and passwords are not enough anymore and the answer resides in combining the knowledge ("something you know") with possession of a smart card ("something you have"). Gemalto delivers complete solutions to address the need for increased authentication and authorization including:

• Authentication and PKI Tokens
• OTP devices (e.g. EZIO Pocket Reader)
• PC Link readers
• Contactless / Embedded contact solutions
• Stand-alone terminals

These were just a few of the security products and services offered by Gemalto and I’m sure we will hear more of this company as their goal is to become the World Leader in Digital Security. For more details, please visit Gemalto’s website.