Anti-Santy worm fizzles
Malware that installs a patch for the Santy worm exploit appears to have run its course. Anti-Santy, as labeled by antivirus vendors, had been defacing Web sites with flawed PHP Bulletin Board software. The same hole was targeted by the Santy worm, which targeted Internet forums around the Christmas holiday. That worm scanned Google, AOL and Yahoo search engines to infect more than 40,000 sites within a couple of days. Its infection rate slowed after Google began blocking queries generated by the worm. By Monday, AV companies were reporting the Argentinean-based Anti-Santy's infection rate, though never intense, had died down. Infected sites were defaced with a message that included "Your site is a bit safer, but upgrade to >= 2.0.11." Finland-based F-Secure Inc. said network administrators also saw a spike in site traffic due to the vigilante worm.
Microsoft stops pushing Passport; acknowledges rival's gain
Microsoft won't push Web services to adopt its federated identity technology, Passport, after losing high-profile customers eBay and Monster Worldwide Inc. in the last three months. Online auction site and early Passport adopter eBay announced on its site last week that it was dropping the service, given low customer participation for three years. Monster stopped using Passport on its jobs Web site in October. A Microsoft MSN Internet spokesman told The Los Angeles Times that Passport hasn't been embraced as hoped and faced increasing competition from rival Liberty Alliance, a consortium of companies led by Sun Microsystems Corp., HP Co. and Sony. The company would continue using Passport for its own Web services.
Funk Software offers free certificate authority
Cambridge, Mass.-based Funk Software is providing enterprise customers a free tool that lets network managers create a self-signed root certificate or install an intermediate certificate from an external authority. This essentially enables admins to issue X.509 server certificates to any Funk Software Odyssey or Steal-Belted Radius servers. The Odyssey Certificate Authority lets the network admin run companion program Odyssey Certificate Requester from Funk's RADIUS server to request a certificate from the certificate authority. The company said it was providing the free download to its customers to improve wireless security among enterprises.
Latest IDS tool requires paintbrush and ladder
Companies that worry about leaking wireless transmissions beyond their building walls may want to paint the town -- or at least their office -- to improve their security posture. Sunnyvale, Calif.-based Force Field Wireless LLC is marketing its DefendAir Radio Shield latex paint as an anti-intrusion tool. Containing copper and aluminum, the $89-gallon paint (on sale for $69) reportedly reflects radio signals, including wireless transmissions from laptops. Force Field also sells a copper-aluminum additive that can be mixed with paint and window film for further security. The paint's co-developer told Information Week the company sold out of paint last quarter. It does acknowledge a downside that could deter widespread enterprise adoption: In addition to radio frequencies, such as those emanating from WiFi and RFID tags, it also blocks mobile device wireless signals, such as cell phones and PDAs.