Internet Security News

Senate Uncovers Online Credit Card Tricks

A report issued by a U.S. Senate committee only uses the word "scam" when quoting different consumers; the report's title employs the phrase "aggressive sales tactics," instead. Still, it looks like a number of big online companies have been caught profiting off people's confusion.

Senate Uncovers Online Credit Card Tricks

An investigation ordered by Senate Commerce Committee Chairman John D. Rockefeller IV discovered that Affinion, Vertrue, and Webloyalty "gain access to online consumers by entering into financial agreements with reputable online websites and retailers," according to the official report.

Then, "[T]he three companies insert their sales offers into the 'post-transaction' phase of an online purchase, after consumers have made a purchase but before they have completed the sale confirmation process. These offers generally promise cash back rewards and appear to be related to the transaction the consumer is in the process of completing. Misleading 'Yes' and 'Continue' buttons cause consumers to reasonably think they are completing the original transaction, rather than entering into a new, ongoing financial relationship with a membership club operated by Affinion, Vertrue, or Webloyalty."

So individuals wind up paying $9 a month, and companies make millions. Millions upon millions, really. 1-800-Flowers.com, Buy.com, Priceline, and US Airways (among many others) were all given more than $10 million by Affinion, Vertrue, and Webloyalty. Barnes & Noble, eHarmony, and Pizza Hut received between $1 million and $10 million.

It's a bit scary to see this sort of trickery employed by such mainstream organizations. Hopefully the committee's report will force them to clean up their act.

McAfee: Cyberwarfare A Big Threat

It might not be long before we return to the days of schoolchildren diving under their desks in warfare preparedness drills. Only now, instead of hiding from nukes, the kiddos may be unplugging their computers, since McAfee has indicated that a cyberarms race is taking place.

McAfee: Cyberwarfare A Big Threat

Dave DeWalt, the president and CEO of McAfee, said in a statement, "[S]everal nations around the world are actively engaged in cyberwar-like preparations and attacks." These include China, France, Israel, Russia, and the U.S., and it's no secret that the members of this group aren't all on great terms.

What's more, cyberwarfare's barrier to entry is so low in comparison to traditional hostilities (a roomful of computers vs. thousands of men, tanks, and airplanes) that lots of other countries are almost sure to pursue the idea.

Then, if and when the virtual bullets start flying, things could get really nasty. McAfee reported, "Attackers are not only building their cyberdefenses, but cyberoffenses, targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies, because damage can be done quickly and with little effort."

At least this state of affairs would create a good job market for security professionals. Everybody else might benefit in a physical manner from the dive-and-unplug exercises, too.

ICSA Labs Finds Flaws In New Security Products

It's sometimes fun to be an early adopter, as the long lines and waitlists for things like iPhones and the new Camaro have proven. But where security products are concerned, do yourself a favor and let other folks go first, since a fresh report indicates that it can take more than a single try to get things right.

ICSA Labs Finds Flaws In New Security Products

ICSA Labs, which is based in Pennsylvania and has been around for 20 years, tests and sometimes certifies products. Emphasis on "sometimes."

An ICSA Labs Product Assurance Report indicated that just 4 percent of security products attain certification following a first round of testing. Most have to try again between one and three times before making the cut.

And it's not guaranteed that a product will ever meet the necessary standards, either. According to ICSA Labs, only about 82 percent of products attain certification in the end, meaning about one-fifth of all applicants (and perhaps a much larger percentage of products) aren't up to snuff.

So leave the shakedown cruises to less cautious individuals. Just repeat "patience is a virtue" a few times and read reviews while you're waiting, and remember that things will be less likely to blow up in your face when you finally get onboard.

Nigeria Announces Early Results Of Anti-Scammer Initiative

No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.

Nigeria Announces Early Results Of Anti-Scammer Initiative

Nigeria's Economic and Financial Crimes Commission is the force behind Project Eagle Claw, and with Microsoft's help, has just started ramping it up. Waziri explained in a statement, "We expect that Eagle Claw as conceived will be 100% operational within six months and at full capacity, it will take Nigeria out of the top 10 list of countries with the highest incidence of fraudulent e-mails."

She then gave some very interesting details, continuing, "[U]pon full deployment, the capacity to take down fraudulent e-mails will increase to 5,000 monthly. Further it is projected that advisory mails to be sent to victims and potential victims will be about 230,000 monthly."

Anything Nigeria can do to address the problem of scammers operating from within its borders will of course be good for the country's image. More than that, it might help honest Nigerians become part of the online world (since some entities have just taken to blocking troubled regions as a whole).

Then there will be the benefit to the rest of the world, with maybe millions of dollars not getting lost. For that reason, Project Eagle Claw is likely to gain a lot of fans.

MessageLabs Names Most- (And Least-) Spammed States

When considering where to live, it's wise to look up stats about an area's climate, the cost of living, and its proximity to other important stuff in your life. Symantec's MessageLabs recently supplied some information about your odds of getting spammed, too.

MessageLabs Names Most- (And Least-) Spammed States

Somewhat surprisingly, the states you might imagine as being the "most wired" - California, New York, Washington - weren't at the top of the list. Instead, the state in which spam represents the highest percentage of all emails received is Idaho, with 93.8 percent.

In an email to SecurityProNews, a Symantec/MessageLabs representative then listed the other top states (in order) as Kentucky, New Jersey, Alabama, Illinois, Indiana, Massachusetts, Pennsylvania, Arizona, and Maryland.

The U.S. territory of Puerto Rico wound up on the opposite end of the list, followed by Montana, Alaska, Kansas, South Dakota, Tennessee, Vermont, Rhode Island, Wisconsin, and Florida.

We're not quite sure what to make of these findings; the states don't appear to be ordered according to Internet penetration rates, GDP per capita, overall population, physical size, or anything else. Still, if you're looking to move, now you have a better idea of how to decrease the odds of getting bombarded with spam at your new home.

Enormous Malware Archive Creates Stir

A Dutch company known as the Frame4 Group has created what's almost the computing equivalent of a Center for Disease Control lab. The Malware Distribution Project is, according to its own site, the "world's biggest private malware archive."

Enormous Malware Archive Creates Stir

Don't jump to the conclusion that the project's run by a bunch of supervillains; the malware samples are supposed to be "offered for the purposes of analysis, testing and malware research."

Also, customers are screened, and a monthly access fee of about $1,235 should act to keep out some of the riffraff.

It actually seems possible that the Malware Distribution Project could be of great help to the security community. When you consider that medical researchers don't have to wander from house to house, asking people if they have cancer, every time they want to start a new experiment, certain practices start to seem a little outdated.

There is a potential for problems, though. One nightmare scenario relates to the Malware Distribution Project's figurative walls failing and everything getting out. Having all of that malware run amuck at once - particularly if security researchers' computers were the first things it'd come across - would be bad.

Then there's the possibility that some unpleasant person would gain access to the Malware Distribution Project's archive and just sort of go on a shopping spree. This way, some relatively stupid hacker might be able to get his (or her) hands on the most sophisticated viruses in existence.

As you might imagine, the Malware Distribution Project is definitely proving divisive.

Anyway, at last count, the repository contained a whopping 3,336,503 files.

UPDATE (10-13-09): Anthony Aykut, the Managing Director of Frame4 Security Services, got in touch with SecurityProNews this morning to pass along some information. In an email, he wrote, "[T]he malware is neither downloadable via the web site or accessible in any other way via the www; in fact, the (secure) servers where the malware is stored (or analyzed/processed) is not even connected to the outside world."

Aykut also stressed that nothing is sold to the public, and added, "Largely due to the security measure(s) mentioned above, and also based on to the fact that the storage media are protected by biometric devices, getting access to the MD:Pro archive is, well, pretty impossible."

Avsim Hacker (Maybe) Brought Before Cops

Perhaps people who like to spend their spare time in the cockpits of imaginary F-16s should be left alone. The man in charge of a flight simulator site that was attacked claims to have identified the hacker and forwarded information to the authorities.

Avsim Hacker (Maybe) Brought Before Cops

Avsim is one of the best-known flight sim communities in existence. It's been around for a long time, too. Unfortunately, a hacker managed to wipe about a decade's worth of modification info and forum posts from the site's servers back in May.

Now, though, Tom Allensworth, the publisher and CEO of Avsim, has told the BBC, "We . . . have incontrovertible evidence of the individual that performed the hack. We have protected the forensic evidence and provided that evidence to the London police. We are committed to bringing justice to bear on this case."

Allensworth is confident in the outcome, too, adding, "We fully expect that the criminal complaint . . . will result in the perpetrator spending some time behind bars - under UK law." (Since Avsim's located in the US, this means he's not pushing for extradition or anything of that sort.)

Neither London's Metropolitan Police Service nor the accused individual (who hasn't been publicly named) has made any comment yet.

Email Password Hackers Present Real Threat

The next time you have something really important to tell someone, consider whether a drive over to his or her house wouldn't be a nice way of spending a few minutes. One reporter has found that it's quite easy (and perhaps all too common) for people to buy email accounts' passwords from hackers.

Email Password Hackers Present Real Threat

Tom Jackman wrote in an article for the Washington Post, "[S]ervices as YourHackerz.com are still active and plentiful, with clever names like 'piratecrackers.com' and 'hackmail.net.' They boast of having little trouble hacking into such Web-based e-mail systems as AOL, Yahoo, Gmail, Facebook and Hotmail, and they advertise openly."

Jackman found that prices for passwords range from around $30 to $100, which means that even the average ten-year-old can probably afford these hackers' services.

Plus, unless someone important is involved or things get rather serious, law enforcement isn't terribly likely to look into (or at least resolve) the matter, because accessing a computer without authorization is just a misdemeanor in most areas and tracking down a perpetrator can be difficult.

And it doesn't help, of course, that all of these facts have now been publicized in a widely-read newspaper.

So if you've got some nasty business rivals or psycho exes, at least try to play it safe by changing your password often for as long as you're in the person's sights. Then there's always the option of putting a few more miles on the odometer, too.

Laptops, CDs Alarm Governors, Credit Unions

Today's lesson - that stuff in the physical world can pose a security threat - is a simple one. It seems to be an important one, too, as governors and credit unions are receiving unsolicited and suspicious laptops and CDs.

Laptops, CDs Alarm Governors, Credit Unions

The laptops may represent the more interesting development. Robert McMillan reports, "The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. . . . According to sources familiar with the investigation, other states have been targeted too . . ."

New HP laptops are apparently just showing up, unsought but ready for use, at government offices. That's fine if some Bill Gates-like figure has decided to give small gifts to our country's political leaders, of course. It's less fine if someone's trying to steal all of their passwords and whatever sort of public and private info they'd use the laptops to view.

As for the CDs, the problem appears to be smaller. Indeed, the discs probably just exposed some lapses in judgment. Malware infected CDs that were sent to credit unions were "part of an authorized pen[etration] test," according to Johannes Ulrich, who spoke with a Microsolved representative.

It doesn't look like any damage has been done, then. Just try to keep in mind the old warnings about knowing where stuff's been and gifts being too good to be true.

Conficker Remains On The Threat Radar

The Conficker worm didn't bring about a virtual apocalypse on April 1st, and for that, the security community was thankful. Yet at the same time, Conficker didn't commit hara-kiri or disappear, and it's continued to spread and pose a threat to this day.

Conficker Remains On The Threat Radar

Conficker was first discovered in November of 2008. It managed to infect computers running Windows at a stunning rate, worming (pun intended) its way onto perhaps as many as 15 million of them at one point.

But since Conficker was scheduled to activate on April 1st of this year, even experts weren't quite sure whether to expect some sort of catastrophic attack or just the Internet's biggest April Fools' Day prank.

Now, although experts are still uncertain of Conficker's purpose, it remains quite large.

In fact, John Markoff writes, "With more than 5 million of these zombies now under its control--government, business and home computers in more than 200 countries--this shadowy computer has power that dwarfs that of the world's largest data centers."

Researchers are still attempting to address the matter, however. Innovative antivirus software has made older versions of Conficker less threatening, and a volunteer group that counts Microsoft, Symantec, and a number of other companies and universities as members still meets every so often.

The FBI's trying to determine who's responsible for Conficker, too, which adds a whole different dimension.

Hopefully the program's authors have decided to abandon the program. If something else is going on, the good guys have at least made some progress and gained a better understanding of the computer worm, which should lessen any negative effects.

Security Problems Found With Firefox Extensions

Firefox users should take a moment to reevaluate which of the extensions they use they can do without. Security consultants have determined that some extensions represent security risks insofar as their vulnerabilities can put entire systems in jeopardy.

Security Problems Found With Firefox Extensions

According to a Help Net Security article, Roberto Suggi Liverani and Nick Freeman, who work for Security-Assessment.com, noted at a recent conference that "Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions."

Furthermore, "There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension."

So Firefox users probably shouldn't go around trying interesting-sounding extensions willy-nilly. They may also want to take special care to avoid InfoRSS 1.1.4.2, Sage 1.4.3, and Yoono 6.1.1 (along with all previous versions of each extension), since those were singled out by researchers for being vulnerable.

On the bright side, it looks like Mozilla's aware of problems like this, since Firefox 3.6 is supposed to introduce a lockdown feature for add-ons. And since extensions' vulnerabilities shouldn't give hackers access to lots of people, perhaps they'll be left alone until some permanent fixes are in place.

Two Arrested Over ZeuS/Zbot Trojan

Computer users all over the world may owe a "thank you" to the Metropolitan Police's e-crimes unit. Officers based there have tracked down and arrested two individuals whom they believe are connected to the ZeuS or Zbot trojan.

Two Arrested Over ZeuS/Zbot Trojan

This particular type of malware tries to collect financial details from people - think bank account numbers and passwords, credit cards info, and so on - and so has the potential to cause quite a bit more damage than some viruses. An individual might lose his savings, not just have his computer slow down or die.

The ZeuS trojan is a bit aggressive in that it spreads through social networks like Facebook, too, and not just through sites and email attachments.

As for the suspects who were taken into custody in connection with the trojan, Adam Fresco and Murad Ahmed reported, "Officers at the Metropolitan Police's e-crime unit arrested the man and woman, both aged 20, in Manchester at the beginning of the month but the details of the investigation have just been released. Both are British and were found at the same address."

The pair then continued, "Detective Superintendent Charlie McMurdie, who heads the unit, said the suspects were the first people in Europe to be arrested in connection with the scam."

It's possible that this development represents a breakthrough that'll lead to other takedowns, then. Or at the least, it may make a few hackers think twice about messing around.

For better or for worse, we should note that the suspects aren't being treated like enemies of the state, though. They were both released on bail sometime after their arrest.

Tips For Safe Online Holiday Shopping

Cyber Monday, one of the busiest days of the year for online shopping, is quickly approaching (Nove.30), and a new survey from ISACS indicated employees plan to spend the equivalent of nearly two full work days shopping for the holidays using work computers, creating personal and business security risks.

Tips For Safe Online Holiday Shopping

"Online shopping can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data," said John Pironti, a member of ISACA's Certification Task Force and chief information risk strategist at Archer Technologies.

Tips for companies include:

1. Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade.
2. Get employees on board with learning by teaching them how to protect their work and home computers.
3. Reinforce what you teach by having employees sign an acceptable-use policy every year.
4. Offer a "safe zone" for holiday shopping-create a virtual sandbox that can be taken down after the holidays.
5. Don't wait until Cyber Monday to step up security. Many employees begin shopping much earlier.

Tips for online shoppers include:

1. Use your desktop PC, not your mobile device, because your desktop browser is likely to be more secure.
2. Protect sensitive information by password-protecting both your mobile device and its memory card.
3. Update your anti-virus and anti-malware programs continually.
4. Treat social networking sites with the same caution as other web sites-they are a growing target for fraudsters and virus writers.
5. Be cautious of special offers from unfamiliar sites. Fake online offers and coupons may lead to harmful sites, so be suspicious.

Scientists Studying Ways To Make Computer Passwords More Secure

Computer scientists at Rutgers University are working on ways to make online passwords more secure.

Scientists Studying Ways To Make Computer Passwords More Secure

The scientist say when users forget their password for accessing their email account or an online shopping site the security questions, such as "what is your mothers maiden name?" are too easy for cybercriminals to guess.

Rutgers computer scientists are testing a new tactic that could be both easier and more secure.

"We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask you, 'When was the last time you sent an e-mail?' Or, 'What did you do yesterday at noon?'"

Early studies suggest that questions about recent activities are easy for legitimate users to answer but harder for potential attackers to find or guess.

"We want the question to be dynamic," she said. "The questions you get today will be different from the ones you would get tomorrow."

Yao said she gave students in her lab a list of questions related to network activities, physical activities and opinion questions, and told them to "attack" each other.

"We found that questions related to time are more robust than others. Many guessed the answer to the question, 'Who was the last person you sent e-mail to?' But fewer were able to guess, 'What time did you send your last e-mail?'"

Yao says that it should not be difficult for an online service provider to formulate these kinds of security questions by looking at its users' e-mail, calendar activities or previous transactions. Computers would have to use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy.

Yao is proposing further studies to determine the practicality of the new approach and the best way to implement it.

McAfee Partners With TheFind To Offer Safe Search Results

Vertical search engine for shopping, TheFind, has partnered with McAfee to display the security firm's secure trustmark on products found in its search results.

McAfee Partners With TheFind To Offer Safe Search Results

Shoppers searching on TheFind this holiday season can now look for the McAfee Secure trustmark and decide which sites are secure to buy from without worrying about identity theft.

"Displaying the well known McAfee Secure trustmark prominently within shopping search results helps to bridge the trust gap between secure e-tailers and shoppers," said Todd Gebhart, executive vice president and general manager, McAfee Consumer, Mobile and Small Business at McAfee, Inc.

A recent survey by Harris and TheFind revealed that "safety and security of an online retailer" is the second most important concern overall of online shoppers, behind only the price of a purchase itself.

Online retailers that display a McAfee Secure trustmark must pass daily test for vulnerabilities that post a threat to sensitive customer information.

McAfee also does daily network perimeter scanning, testing for more than 10,000 network and Web application vulnerabilities, ongoing security testing to ensure protection against malware, and business practice review for Web site owners and online retailers. The McAfee Secure trustmark is used by more than 80,000 websites.

"TheFind's goal is to help shoppers find exactly what they want to buy at the very best price from a store that they trust," said Siva Kumar, CEO and Co-founder of TheFind.

"Online stores that display the McAfee Secure trustmark clearly demonstrate their trustworthiness by helping to protect their customers from identity theft, credit card fraud, spyware, spam and online scams."

Vulnerability Of Web Applications Increases

Web application security provider, Cenzic, has released its report detailing the most common types of Web application vulnerabilities for the first half of 2009.

Vulnerability Of Web Applications Increases

The report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008.

Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named. The most common published exploits on commercial applications were SQL Injection and Cross Site Scripting (XSS) vulnerabilities, which account for 25 percent and 17 percent of all Web attacks, respectively.

Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser.

Key findings of the report include:

78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year.

Of Web browser vulnerabilities, Firefox had the largest percentage, at 44 percent. Safari vulnerabilities came in at 35 percent, significantly higher than even Internet Explorer.

Sun Java, PHP, and Apache continue to be among the Top 10 vendors having the most severe vulnerabilities for the first half of 2009.

"The fact that hackers can have direct access to your data using such common outlets is staggering," said Mandeep Khera, chief marketing officer at Cenzic.

"The worst part is that once they get in, it's a free for all. Nothing is safe because there is no such thing as a minor data breach. The average data breach can cost more than $500,000, which can also put a business' livelihood and reputation on the line.

GFI Acquires Spam Blocklist SORBS

Control of the Spam and Open Relay Blocking System (SORBS) has officially changed hands. Security specialist GFI confirmed its acquisition of SORBS late yesterday, and also shared an idea or two about what it will do with the entity.

GFI Acquires Spam Blocklist SORBS

One of GFI's top priorities appears to be improving the reputation of SORBS. Maintaining a list of email servers that are responsible for sending spam is a fine idea, but SORBS has been accused of being far too quick to puts stuff on its list and being far too slow to comply with removal requests.

Presumably as a result, GFI told John Leyden in a statement, "GFI is now actively developing plans for the future of SORBS, including SORBS 2.0 and methods to improve SORBS data and responsiveness."

GFI then continued, "Having a reputation service within GFI will allow us to provide a better service to our customers and to greatly enhance our standing in the anti-spam community as well as give us opportunities to report on spam trends and analyze real-time feeds in ways we have not previously been able to. We are very excited about this acquisition and look forward to the benefits in the months and years to come."

SORBS's rumored price tag was $451,000, so for the sake of both GFI and unfairly blacklisted companies and individuals, hopefully everything will get sorted out soon.

Congress Interested In Having ISPs Block Scam Sites

American lawmakers may soon pass a bill that would attempt to make the Internet a little safer for everyone. A new report indicates that ISPs could be asked to block scam sites and emails (among other things) that invoke the name of the Securities Investor Protection Corporation (SIPC).

Congress Interested In Having ISPs Block Scam Sites

The SIPC is, as its name might well have led you to believe, a nonprofit organization that aims to protect investors. Specifically, it steps in when brokerages shut down and tries to return investors' money to them. So, especially once you take all of the recent bank closures into account, you can imagine how it benefits scammers to pretend to be associated with the SIPC.

Representative Paul Kanjorski would like to put a stop to that. He proposed a bill that in part reads, "Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation (of the SIPC) shall be liable for any damages caused thereby, including damages suffered by the SIPC, if the Internet service provider...is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation."

And that sounds reasonable enough at first listen. But of course, things aren't always as straightforward as they seem. The first detail that needs acknowledging is that many ISPs already try to block scam sites and spam email; it simply isn't good business to allow your customers to get robbed and/or bugged left and right. So, from a technical standpoint, it may be difficult or impossible to add additional layers of protection.

Then there's the classic slippery slope argument. Although protecting consumers from scammers is all fine and well, censorship of any sort leaves a bad taste in some people's mouths, and concerns exist about what the government might decide to block next.

Still, Declan McCullough reports that the language of Kanjorski's bill may yet be changed, and there's no guarantee that it'll be passed into law, anyway.

Yes, Windows 7 Needs Antivirus Software

More confirmation came yesterday that it is, quite simply, a terrible idea to leave a Windows 7 computer running without antivirus protection. Chester Wisniewski, a Senior Security Advisor at Sophos Canada, found that the operating system is vulnerable to all sorts of stuff.

Yes, Windows 7 Needs Antivirus Software

Wisniewski put Windows 7 and its User Account Control tech to the test by exposing a machine to ten viruses. Without UAC active, two of the ten were stopped. UAC (at its default settings) then just kept an additional one from wreaking havoc.

These results are, of course, not exemplary - no one would ever buy security software that lets 70 percent of the bad stuff through. Heck, something like that couldn't even be given away.

Still, since Windows 7's UAC isn't actually security software and hasn't been marketed as such, the results may not be much to worry about, either. Just about everyone, from tech experts to grandmas using AOL, understands that something extra is necessary to keep a computer safe.

Consider this an FYI, then, and, whether you're trying to spare an old computer the extra burden or simply feeling adventurous, continue to resist the urge to do ill-advised, no-protection experiments.

M86 Security Purchases Finjan

This morning, M86 Security became bigger and better than ever. Or, to be more explicit: M86, which is a company that specializes in Web and messaging security products, acquired Finjan, an organization focused on Web gateway solutions for the enterprise market.

M86 Security Purchases Finjan

John Vigouroux, the CEO of M86 Security, stated as a result, "We are very pleased to add Finjan's technology, products, customers and employees to the M86 team. With M86's complementary Email security and reporting products and worldwide distribution, we anticipate a broad opportunity for Finjan's enterprise-class Web security solutions to existing and new customers."

Gadi Maier, the CEO of Finjan Software, also said, "We are very excited to see Finjan become part of M86 Security. Finjan is well known for its advanced malware detection technology and leading secure Web gateway and hybrid SaaS solutions. Integrating it into M86's broader Web and messaging product lines and utilizing its worldwide distribution is a win-win for M86 Security and Finjan."

And indeed, it doesn't look like there's much reason for anybody to be upset about the deal. Granted, the financial terms remain unknown, so it's hard to guess how investors should feel, but on the security side of things, little besides a straightforward combination seems to be planned.

Vigouroux even hails from Finjan (he changed jobs about seven months ago) so he's in an especially good position to make sure that everything is integrated properly.