Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term "SSL" as used here applies to both protocols unless clarified by context./p>
Blue Coat ProxySG 8100 Series represent the next generation in high-end proxy appliance platforms. These purpose-built proxy appliances provide total visibility, control and acceleration of Web communications with wire-speed performance.
The RA510 Series of rack-mountable proxy appliances provides small to mid-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
The Blue Coat AV510 Series is a purpose-built solution designed for simple integration with Blue Coat SG810 and SG510 series solutions for medium enterprise or distributed environments providing scalable performance with a choice of antivirus engines.
The RA8100 Series of rack-mountable proxy appliances provides large-sized sites with the power to extend remote access to employees, partners, and customers while delivering on demand endpoint security and information protection features.
VPN-1 UTM consolidates proven security functions including firewall, intrusion prevention, antivirus, antispyware, Web application firewall, and both IPSec and SSL VPN, within a single integrated solution.
Vital Security Web Appliance NG-5100 is Finjan’s real-time web security solution for small and medium-sized businesses. This all-in-one appliance offers the most comprehensive and advanced web security solution on the market, protecting your users from Spyware, Trojans and other types of web-borne threats. Featuring Finjan’s patented real-time content inspection technology, NG-5100 provides zero-hour protection from new vulnerabilities and emerging threats that often bypass signature-based anti-virus, URL filtering and heuristics-based solutions.
Vital Security Web Appliance NG-6100 is Finjan's real-time enterprise web security solution for organizations with high availability requirements. This appliance achieves the highest level of protection against malicious code, securing corporate networks and users from Spyware, Trojans and other types of web-borne threats.
Vital Security Web Appliance NG-8100 is Finjan's realtime web security solution for large enterprises and organizations. This appliance achieves the highest level of protection against malicious code, securing corporate networks and users from today's sophisticated and dangerous web-borne threats.
Intelligent Application Gateway (IAG) is a remote access gateway that boosts productivity by giving mobile and remote workers, partners, and customers easy, flexible, and secure access to virtually any application from a broad range of devices and locations. Using a combination of SSL VPN (secure socket layer virtual private network), a Web application firewall, and endpoint security management, IAG provides employees, partners, vendors, and customers with secure and easy access from a broad range of devices and locations including kiosks, PCs, and mobile devices.
As part of the industry's leading high-performance networking solution, the Juniper Networks DX application acceleration platform delivers a complete data center acceleration solution for Web-enabled and IP-based business applications.
At the heart of Juniper's Unified Access Control (UAC) solution is the Infranet Controller, a hardened policy management server that leverages Juniper's proven, best-in-class security and access control products. The Infranet Controller can push the UAC Agent down to the endpoint to collect user authentication, endpoint security state and device location information; or, alternatively, can gather that same information in agent-less mode.
Passcode OnDemand delivers simple, quick and cost effective ‘two factor’ authentication without having to carry a new device. It is ideal for anyone who needs occasional secure access to your SSL VPN, Extranet or Web Portal.
Used in combination with RSA SecurID authenticators, the RSA SecurID Appliance is designed to validate the identities of users by requiring the user to present a PIN (something they know) along with their token code (something they have) before granting access to valuable network resources.
It is essential that organisations put in place effective policies and controls, which complement new business challenges, whilst addressing legislative and regulatory requirements. In a growing litigious society, policies and procedures must to be available, kept up-to-date, clearly communicated and identifiable for compliance reporting. Agreement to each and every policy needs to be tracked, so that organisations can prove compliance and demonstrate sound governance.
The Juniper Networks Secure Access 700 (SA 700) SSL VPN appliance provides small to medium enterprises a secure, cost-effective way to deploy remote access to the corporate network. Because the SA 700 uses Secure Sockets Layer (SSL) to provide encrypted transport, it enables instant remote access from just a Web browser. This clientless architecture eliminates the high cost of installing, configuring, and maintaining client software on every device, significantly reducing the total cost of ownership versus traditional VPN solutions. SSL delivery also eliminates the Network Address Translation (NAT) and firewall traversal issues encountered with traditional remote access products, allowing your remote users reliable and ubiquitous access from external networks such as home or hotels.
The Juniper Networks Secure Access 2000 (SA 2000) SSL VPN enables small- to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security. Users can access the corporate network and applications from any standard Web browser. The SA 2000 uses SSL, the security protocol found in all standard Web browsers, as a secure access transport mechanism. The use of SSL eliminates the need for client-software deployment, changes to internal servers, and costly ongoing maintenance.
The Juniper Networks Secure Access 4000 (SA 4000) SSL VPNs enable mid-to-large-sized organizations to provide cost-effective remote and partner extranet access from any standard Web browers. Based on the award-winning IVE platform, the SA 4000 appliances feature rich access-privilege management functionality, that can be used to create secure customer/partner extranets with no infrastructure changes, no DMZ deployments, and no software agents. This functionality also allows the enterprise to secure access to the corporate intranet, so that different employee and visitor populations can utilize exactly the resources they need, while adhering to enterprise-security policies. Built-in compression for all traffic types speeds performance, and SSL acceleration is available via a software license for more demanding environments.
The Juniper Networks Secure Access 6000 (SA 6000) SSL VPN appliances is designed for medium to large enterprises and features best-in-class performance, scalability, and redundancy for organizations with high-volume secure access and authorization requirements. The SA 6000 hardware platform is designed to scale to the largest enterprise deployments and to optimize application delivery, with available options that include redundant hot swappable hard disks, power supplies and fans, as well as GBIC-based multiple Ethernet ports for redundant or meshed configurations. The SA 6000 appliance also features a state-of-the-art SSL acceleration chipset to speed CPU-intensive encrypt/decrypt processes, as well as built in compression for all traffic.
The Juniper Networks Secure Access 6000 SP is the industry's first SSL VPN platform with comprehensive virtualization designed to enable Service Providers (SPs) to deliver network-based SSL VPN services to multiple enterprises of any size from a single appliance/cluster. Combining Juniper Networks expertise in working with Service Providers with the industry-leading Instant Virtual Extranet (IVE) platform, the Secure Access 6000 SP platform provides SPs with a sophisticated, end-to-end virtualization framework that is optimized for highly available and highly scalable network-based SSL VPN managed services.
Radware award winning DefensePro™ is a real-time Intrusion Prevention System (IPS) and DoS protection device that protects your application infrastructure against known attacks and emerging zero-minute and non-vulnerability network attacks that cannot be detected by static signature IPS using behavioral based real-time signatures.
Intelligent application delivery controller for data center optimisation delivering advanced Layer 4-7 policies, application acceleration services, integrated security and bandwidth management to eliminate traffic surges, server bottlenecks, connectivity disconnects and downtime for ensured business continuity.
The Blue Coat ProxySG 210 provides an affordable appliance solution for remote offices where direct Internet access requires accelerated performance of business applications and granular control of web communications. At the edge of an organization’s application delivery infrastructure, the ProxySG 210 provides controlled acceleration of business applications across the globally-distributed enterprise.
Websense Web Security Gateway allows organisations to secure Web traffic effectively while still enabling the latest Web-based tools and applications. Through a multi-vector traffic scanning engine, Websense Web Security Gateway analyzes Web traffic in real-time, instantly categorising new sites and dynamic content, proactively discovering security risks, and blocking dangerous malware.
The WebDefend web application firewall appliance goes beyond vulnerability scanning efforts, secure coding initiatives, and network security solutions by providing organisations with continuous, real-time web application-specific security.
The WSA secure access solution enables remote access from diverse endpoints through a single point of entry to almost any business application and file share, while enforcing user authentication and authorisation over a policy-defined application-layer connection.
Palo Alto Networks' next-generation firewalls enable enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID.
The Websense V10000 Web security gateway appliance platform is the industry's most accurate and effective solution for Web 2.0 content control and threat protection, enabling organisations to accelerate business without having to worry about security, productivity and liability threats such as malicious/inappropriate content and data loss.
AEP Networks, the specialist in network and application access security, delivers infrastructure security solutions that are easy to use and manage while offering exceptional value and mission-critical reliability.
Is the most important DNS software vulnerable? It's nothing less than the software that runs the net (at a certain level). Confusion is rife about potential vulnerabilities in BIND, the most commonly used domain name server on the internet, and experts are calling on the makers of the software to clarify the issue.
Domain name servers are used to match domain names to numerical IP addresses, with the vast majority of these running BIND; the software essentially runs the internet.
The Int...... [more]
Mobility at the cost of security? The ability to log on to the Internet in a cafe or on a train has obvious benefits for workers on the road - but just how secure is it? The mass media has had a lot of fun with wireless security: war driving, virus insertion and bandwidth stealing have all had their day in the sun. Public hot spots are more vulnerable to attack than private networks, where individual users can have their hardware authenticated as permanent network members. This means when you lo...... [more]
Through the security looking glass The annual RSA Conference, which just concluded in San Francisco, is the technology industry's premier security event. After covering a half-dozen RSA conferences in the 1990s (including several for CNET News.com), I returned this year for the first time since 1999. Talk about a time warp.
As cybersecurity has become an ever larger concern, the data security industry has mushroomed. But although the lingo has changed from the prespam days, you can divide th...... [more]
CyberGuard Corporation Acquires Webwasher AG CyberGuard Corporation, the technology leader in network security, today announced that it is acquiring German high-end content security vendor Webwasher AG. Under the terms of the agreement, which was signed yesterday, CyberGuard will pay $40 million in cash and CyberGuard shares and up to an additional $10 million on a contingent basis for all of the shares of Webwasher. Webwasher will operate as a wholly owned division of CyberGuard.
"Adding t...... [more]
F5 Networks Makes $29M Security Splash With eyes fixed on the red-hot application security market, Seattle-based F5 Networks (Quote, Chart) will shell out $29 million in cash to acquire firewall specialist MagniFire WebSystems and fold it into a newly created security business unit.
F5 Networks, which markets server appliances to handle load balancing, said the new business unit will handle research and development, marketing, sales and services in the application security market.
The M...... [more]
The Wi-Fi explosion: a virus writer's dream With the consumer Wi-Fi explosion, launching a virus into the wild has never been easier and more anonymous than it is today. Like a sneeze in a crowded subway, it's hard to find the human source of the latest viral infection. On the Internet it's not much different. The people who write these nasty little programs and release them into the wild almost never get caught. Why? The answer is easy, but it's also a sort of technical nemesis: there's simply...... [more]
VPN and Firewall Sales Rocket Worldwide Virtual Private Network (VPN) and firewall hardware and software sales jumped 11 per cent to $733m in the first quarter of this year over the last quarter of 2003.
And the market is expected to grow 12 per cent, to $823m, by the first quarter of 2005, according to calculations by Infonetics Research.
The market researcher found that while most VPN vendors reported single-digit growth this quarter, one market leading manufacturer enjoyed a "phenome...... [more]
Web servers still doling out Scob code No high-profile sites are affected More than 100 Web servers are still distributing the "Scob" malicious code, first identified two weeks ago as code used in a widespread attack to plant Trojan horse programs on vulnerable computers, according to one computer security company. That attack used compromised Microsoft Corp. Internet Information Services (IIS) Web servers to distribute the Trojan horse programs.
Enterprise security software maker Websense In...... [more]
SSL VPNs energise security sales Secure Sockets Layer catches up with IPSec for virtual private networks While IPSec remains the dominant technology used to implement Virtual Private Networks (VPNs), Secure Sockets Layer (SSL) is rapidly gaining mainstream acceptance, with its use nearly doubling in the US between 2004 and 2006, research has claimed.
According to Infonetics Research, VPN adoption in the US will rocket over the next two years.
"By 2006, nearly 70 per cent of respondents' mobile...... [more]
Banks skewered by new Web scam Major companies, including several banks, have left themselves wide open to an online scam that could see malicious hackers get hold of thousands of people's personal and confidential details, including their bank account and credit card details.
Those affected include Barclaycard, Mastercard, NatWest, WorldPay, Reuters, Sky, even the UK's government listening post, GCHQ. Many hundreds of other sites are likely to be similarly affected.
UK security researc...... [more]
SSL making strides against IPSec VPNs Secure Sockets Layer remote-access gear is winning out over IPSec in some businesses because use of browser-based SSL technology can lead to cost savings, simpler administration and easier connections with partners.
Assent, a national equities-trading firm in Hoboken, N.J., lost potential business because it connects customers to Assent servers via IPSec VPNs, says Pankaj Chandhok, director of networking. The security policies of many potential customers...... [more]
Security incidents and cybercrime on the up Security events recorded between July and September this year are up 150 per cent on those recorded by security company VeriSign in the same period last year. VeriSign's Internet Security Intelligence Briefing, published today, concludes that increased financial rewards and the greater sophistication of the computer underworld and making the internet a more dangerous environment. In particular the firm warns on the growth of hybrid attacks - such as co...... [more]
The potential security danger of Google's Desktop Search Google Desktop Search is a great tool for finding stuff on a PC, but it can also be a threat to SSL remote access security.
The search tool doesn't have any known exploitable vulnerabilities, but it creates a separate database of material that PCs gather during SSL remote access sessions. Conventional cache-cleaning agents used by many SSL remote access vendors can't purge this data without purging the entire Google Desktop Search indexe...... [more]
U.S. Universities Struggling with SSL-Busting Spyware Experts call Marketscore software a privacy threat. U.S. universities are struggling with a flare-up of dangerous spyware that can snoop on information encrypted using SSL (Secure Sockets Layer). Experts are warning that the stealthy software, called Marketscore, could be used to intercept a wide range of sensitive information, including passwords and health and financial data.
In recent weeks, information technology departments at a number...... [more]
Access all areas Doubts about security have long discouraged many firms from deploying mobile computing. But wireless technology has moved on When many companies find it hard enough to control the IT use of office-based employees, how do you convince them that giving staff remote access is a good idea?
This is the dilemma that faces all notebook, wireless networking and remote-management software manufacturers and resellers. There are a lot of variables to consider. The process of providing a m...... [more]
CyberGuard Provides Ten Tips for Corporations to Protect Customer Information from Identity Theft In the wake of the increasing cases of identity theft, Paul Henry, a leading security industry expert and Senior Vice President with CyberGuard Corporation, has developed ten recommended tips for corporate IT managers and Security Officers to protect customer information from identity theft. Mr. Henry has served as an expert commentator for a variety of media outlets, including NBC Nightly News, CN...... [more]
The Web, not email, poses the biggest security threat to systems To most companies, the perception is that the biggest threat to their users’ security continues to come from email and Spam. In today’s world, corporate communications systems are totally reliant on giving their employees Web access and email to conduct their business. Take away access to email and the Web for most employees, and they’d claim their productivity would fall. So the focus today of most IT security vendors and corpora...... [more]
Caught in a Web of Viruses, Spyware, Hoaxes, Spam, Phishers, Pharmers and Every Other Scam? Online Shopping Still Beats Going to the Mall Research shows that eCommerce trends are moving upward. With so many good security products available and better security awareness, people are taking charge of their online shopping experiences and coming back for more. Consider this scenario for a moment: You are at the mall and standing in line to purchase a few items. As you mindlessly wait your turn and f...... [more]
Remote management is essential in order to deliver improved efficiency at lower costs Organisations are constantly looking for ways to reduce the overheads from cost of service and repair to equipment downtime, and improve the cost efficiency of their IT assets. Desktops are one of the most expensive areas.
There is a raft of tools that enable the IT department to manage desktops more efficiently, from roll-out to maintenance. But just how practical is this, and how much do these management p...... [more]
Global Banking Leader Selects CyberGuard to Secure Worldwide Operations Financial Institution Selects Webwasher Content Security Management Suite for Comprehensive Anti-Virus Protection CyberGuard Corporation, a global provider of security solutions that protect the business-critical information assets of Global 2000 enterprises and government organizations, today announced that one of the world's leading financial firms will standardize its global content security operations on CyberGuard's Web...... [more]
New Phish Deceives With Phony Certificates A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday.
SurfControl, a Scotts Valley, Calif.-based Internet security vendor, said that it's seen one instance of such an attack, and expects more.
"This can fool the average user for sure," said Susan Larson, SurfControl's vice president of its global threat ana...... [more]
Vernier Networks Extends NAM to Remote Users and VoIP Phones Vernier Networks today announced the addition of the EdgeWall Rx network access management appliance to its EdgeWall product family. EdgeWall Rx extends network access management to remote users, significantly reducing the risk of security threats and intrusions from external devices and limiting access to sensitive assets.
The company also strengthened the entire EdgeWall line by adding support for VoIP phones and bolstering existi...... [more]
Microsoft Beefs Up IE 7 Security Microsoft will dump SSL 2.0 encryption in the upcoming Internet Explorer 7 for a stronger security protocol, TLS 1.0, the IE 7 development team has revealed.
The default settings for the HTTPS protocol in IE 7 will be for TLS (Transport Layer Security) 1.0. In the current Internet Explorer, TLS must be enabled by the user, via the Tools/Internet Options/Advanced menu.
IE 7 will also block access to Web sites that offer up a problematical digital certificate....... [more]
Microsoft outlines Explorer 7 security changes Microsoft has revealed some of the security changes to the upcoming Internet Explorer 7 and Windows Vista -- changes that could cause trouble for some Web sites.
One key change is that Explorer will disable SSLv2, an older version of the SSL (Secure Sockets Layer) protocol. SSL is used to carry out secure Web transactions. In its place, Explorer 7 will continue to support SSLv3 and will enable Transport Layer Security (TLS) v1, a newer protocol....... [more]
Blue Coat to cleanse encrypted traffic Encrypting Web traffic can protect privacy and secure transactions, but it can also provide a cover for viruses, spyware and other pests trying to get into a corporate network, according to Blue Coat Systems. Secure Sockets Layer, or SSL, has many legitimate uses, but also provides an "encrypted tunnel" that lets malicious code and phishing sites bypass most network security methods, Blue Coat said. The company announced Tuesday that it is updating its pro...... [more]
IPsec dead by 2008, says Gartner The IPsec protocol that has served remote access so well for the last decade is now in its death throes, Gartner has prophesised.
In a new report, it predicted that by 2008, the use of IPsec will have been swept away by its younger technological rival, SSL, for much of the market. By that year, two-thirds of teleworking remote access employees - and 90 percent of casual access users - will have adopted SSL.
In the last three years, SSL has attracted three mill...... [more]
Blue Coat enables organisations to control Skype BlueCoat ProxySG Appliances Protects Skype Users Against Information Leakage, Malware and Unauthorised Bandwidth UseCoat® Systems has announced that its ProxySGTM appliances have the ability to control Skype to protect against information leakage and unauthorised ‘back channel' communications as well as potential future malware. Using ProxySG appliances, organisations can allow or deny access to Skype in total or based on network user n...... [more]
SSL tunnels create ‘invisible’ backdoors into corporate networks Encrypted Secure Socket Layer (SSL) communications between internal corporate employees and external internet applications is "invisible" to companies and so comprises a "risk to the enterprise," new research has claimed. According to a poll of over 300 enterprise security and networking professionals recently questioned by security vendor Blue Coat, 90 percent of respondents identified SSL traffic as a security worry. Nearly 64 pe...... [more]
F-Secure: Man-in-the-middle PayPal attack in the works Researchers at F-Secure are warning about a potential man-in-the-middle attack targeting PayPal users. According to the security firm's blog today, F-Secure was alerted about a phishing site that is identical to the real PayPal log-in page. The bogus site, which communicates with both the user and the legitimate PayPal site, is designed to steal usernames, passwords and credit card information."Luckily, we were alerted to this before it...... [more]
Macdonald Group Boosts Operational Efficiency With Network Security Solution From AppGate Expanding hotel group deploys secure remote access solution for mobile workers and improves IT efficiency Macdonald Hotels and Resorts, the UK's largest privately owned hotel group, has implemented a secure remote access solution from AppGate to enable staff and managers to use laptops to access the corporate network securely from any location.As a result of continued growth, the company, which operates ove...... [more]
Prepare for Internet Explorer 7 After one of the most widely tested beta products in Microsoft's history and trial downloads by millions of users, Internet Explorer 7 Version 1.0 is finally ready. The tentative release date is Oct. 18, followed by Windows Update and Automatic Updates availability on Nov. 2So come that day, IE 7 will start appearing in a large percentage of the world's auto-patching inboxes. Although users and administrators will not be forced to install it (there are several wa...... [more]
Webwasher 6.0 Delivers Industry's Most Advanced, Proactive IT Security Web Gateway Security Solution Integrates TrustedSource Global Reputation System; Introduces Proactive Anti-Malware Protection Secure Computing Corporation, a leading enterprise gateway security company, today announced Webwasher 6.0, a new and enhanced version of its award-winning Web Security Gateway, protecting enterprises from inbound and outbound security threats. Webwasher 6.0 marks the initial integration of CipherTrus...... [more]
Most surfers still ignoring IT security Most web surfers are at risk of potentially devastating hack attacks because they have failed to take basic IT security precautions. About three in four US online adults (74 percent) have not installed a hardware firewall, and about half (53 per cent) have neglected to install a software firewall, research conducted by Harris Interactive on behalf of Check Point claimed today.The report found that less than one in four (22 per cent) have installed a secur...... [more]
Phishers using Flash to evade filters Cutting-edge phishers are creating websites in Flash to evade detection by toolbars, security experts said this week. Instead of using HTML, cybercrooks are building pages using graphic animation technology so they are not flagged by most anti-phishing tools, said Mikko Hypponen, chief research officer of F-Secure. His firm viewed two examples, both targeting PayPal, which have since been taken offline."It's no longer an HTML page with 20 different imag...... [more]
NorthSeas E-mail Archiving Appliances Now Offer SAN Support, Stand-in Mail Services and much more NorthSeas AMT (NorthSeas), pioneer of the e-mail archiving appliance, today announced that firmware Version 3.0 (V3) is now available for its new NorthSeas Guard E/N product line. The two most noteworthy V3 features are the option to archive to an IP SAN, and messaging functionality that offers users access to e-mail and mail services, even when their mail-server is unavailable. iSCSI support means...... [more]
Microsoft develops new tunneling protocol Microsoft is working on a new tunneling protocol for Vista and Longhorn that will provide secure network access from anywhere on the Net. The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NA...... [more]
Microsoft to push new anti-phishing technology New certification process is designed to make it harder for phishers to spoof Web sites Microsoft and industry partners are pushing ahead with plans to make the Web a little safer with a new technology to combat phishing. At next month's RSA Conference in San Francisco, the software giant plans to announce that a number of Web sites have gone through a new certification process designed to make it harder for phishers to spoof them. The process gives...... [more]
PayPal to deploy tokens to fight phishing attacks PayPal will offer a public beta in the Unites States next week for a new security token designed to combat phishing attacks on its customers, a company executive told SCMagazine.com on Thursday. The online payment company has been working with VeriSign for some time to develop the PayPal Security Key as an option for its 133 million customers, said PayPal CISO Michael Barrett at RSA Conference 2007. PayPal plans to offer the device for free to al...... [more]
SSL traffic clogging WANs, says vendor An increasing percentage of WAN traffic is now SSL-encrypted, which is posing problems for WAN optimisation systems, according to a survey of over 1,300 IT professionals. According to the survey, sponsored by Blue Coat Systems, 53 percent of enterprises have SSL-enabled applications now, 45 percent plan to use them over the next year, and for 35 percent, SSL already represents at least a quarter of their WAN traffic. Almost two-thirds of those surveyed sai...... [more]
Many Web application security vulnerabilities are not as serious as they seem When interpreting the results of a vulnerability assessment, you need to focus on what's important in your Web application security testing. There are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you're using a commercial or open source scanner, you're undoubtedly going to glean a lot of information and come acro...... [more]
UK's 2nd Largest Clothing Retailer Selects Secure Computing to Provide Digital Defense Arcadia Chooses Webwasher to Provide Web Gateway Security to Protect Against Internet-based Exposure and Risk Secure Computing, a leading enterprise gateway security company, today announced that Arcadia Group, Britain's largest clothing retailer, operating more than 2,500 high-fashion outlets and expanding into the United States this year, has selected Secure Computing's Webwasher solution. The web security a...... [more]
Wireless security: Balancing act Organisations need to weigh the convenience of wireless networking against the risks to the integrity of their IT systems. Steve Gold reports.A quick glance around any high-street IT store will reveal that wireless networking - commonly referred to as WiFi - has taken off in a big way. It's now possible to buy a data-accelerated 802.11g WiFi-enabled broadband router for around £50.Suddenly it's possible for an employee of even smaller firms to go out and b...... [more]
Microsoft patches Windows Vista, IE 7 Microsoft released six security bulletins to fix 15 flaws across its product line Tuesday, including Windows XP, Vista and Internet Explorer 7. Attackers could exploit the most serious flaws remotely to run malicious code on victims' machines.Patch management experts said IT administrators should put top priority on deploying the patches for Internet Explorer and Windows, particularly those included in MS07-031, 032 and 033.Don Leatham, director of solution...... [more]
Online bank security worsens Banks' online security is getting worse as they rush to offer services online, according to new research.This year's Annual Security Report from NTA Monitor, a security testing firm, found that 20% more security vulnerabilities turned up in the infrastructures of banks, building societies and other financial institutions compared with last year's report. The survey covers networks, applications and systems. By comparison, a month ago NTA reported that the security o...... [more]
Consumer-tech use threatens corporate security The use of consumer-based technology such as web email, instant messaging, smartphones and games consoles by employees is one of the most significant threats to corporate IT security. Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.Consumer-based communications tools such as Hotmail, instant messagin...... [more]
iPhone, Gmail and blogs - a corporate security nightmare The use of consumer-based technology such as web email, instant messaging, smart phones and games consoles by employees is one of the most significant threats to corporate IT security.Analyst companies Forrester and Gartner have both warned this week that the entrance of consumer technologies into the enterprise is impossible to eliminate and challenges traditional security models.Consumer-based communications tools such as Hotmail, insta...... [more]
Attackers persuade users to infect themselves The Sans Institute has uncovered more evidence that internet attackers don't necessarily need any clever technical tricks to plant malicious software on users' systems - an understanding of psychology will do just as well. In a bulletin on Friday, Sans' Internet Storm Center (ISC) described a website that led to several users mysteriously becoming infected with malware. Part of the mystery, according to ISC handler Bojan Zdrnja, was that the site di...... [more]
Researchers say Web apps over Wi-Fi put data at risk Users who access Google Inc.'s Gmail or the Facebook social-networking site over Wi-Fi could be putting their accounts at risk of being hijacked, according to research from Errata Security Inc., a computer security company. It's not just those sites but any rich Web applications that exchange account information with users, including blogging sites such as Blogspot or even software-as-a-service offerings such as those of Salesforce.com Inc.,...... [more]
Aladdin's eSafe upgraded to halt proxy menace Security vendor Aladdin Knowledge Systems has added an element to its eSafe secure web gateway that it claims can block the operation of 'anonymous' proxies. Anonymous proxies (or anonymisers) are websites that allow users to connect to the Internet through an external website, thereby allowing users to bypass local network security restrictions. This bypass mechanism was originally designed for safe, anonymous Web surfing (for example to access MyS...... [more]
Aladdin eSafe Secure Web Gateway Blocks 100 percent of Anonymous Proxies Anonymous proxies, or anonymizers, are Web sites that allow Internet users to connect to the Web through an external Web site, thereby bypassing any restrictions typically enforced on the local network. This bypass mechanism, though originally designed for safe, anonymous Web surfing, proves extremely dangerous for businesses, schools and other organizations. It opens any computer to all malware that is usually filtered ou...... [more]
Secure Computing washes Web 2.0 Secure Computing's latest Webwasher gateway appliance has upgrades designed to protect users from a new wave of "Web 2.0"-related security threats. The new device features the company's SecureCache technology, which caches web objects as well as the results of the most recent virus scan for each object. This means Webwasher only has to scan an object the first time it is requested, resulting in better performance, according to company officials. In addi...... [more]
Blue Coat claims instant phish blocking Blue Coat has added what it calls a "zero-second" anti-phishing capability to its ProxySG security gateway, which it claims can assess a requested web page in just 25ms. The innovation, according to Nigel Hawthorn, the company's international marketing VP, is that as well as referring to both local and Internet-hosted databases of dodgy sites, the system includes algorithms to analyse as-yet unseen URLs for phishy behaviour. "Only sites not...... [more]
The top 10 reasons Web sites get hacked Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say. "They're totally ignoring it," says IT consultant Joel Snyder. "When you go to your Web site des...... [more]
Microsoft desperately seeks fix for 'massive' Russian PDF attack Microsoft said it is working around the clock on a patch for a Windows flaw that is partly responsible for an ongoing attack wave of infected PDFs. The company has updated a security advisory to reflect the fact that exploit code is in the wild, but it may be too late for many. Security researchers said hackers have ramped up attacks using malicious PDF files that target the vulnerability. F-Secure called the surge in spam carryin...... [more]
Web security glitch derails TheTrainline.com TheTrainline.com, a UK website for buying train tickets, has a security bug, which means customers could be invited to submit credit card details over an insecure link. The bug kicks in only when users make an error with their credit card details, so it won't affect the majority of customers.The bug remains unresolved more than three weeks after the issue was first flagged up to the firm.Customers will see a confirmation that they are submitting info...... [more]
New emails address you by name, then try to hose your PC Beware of emails that mention you and your company by name and claim to be official communications from the US Department of Justice. They're phony and will attempt to install malware on your machine. The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an attachment that contains a nasty Trojan, two separate security firms, MessageLabs and Websense, are reporting.The pra...... [more]
Rogue nodes snoop on TOR traffic Researchers have uncovered more evidence that the TOR anonymiser network is being misused by hackers, and quite likely government intelligence agencies. TOR (The Onion Router) is a network of proxy nodes set up to provide some privacy and anonymity to its users. Originally backed by the US Naval Research Laboratory, TOR became an Electronic Frontier Foundation (EFF) project three years ago. The system provides a way for whistleblowers and human rights workers to...... [more]
German police Skype-hacking leaked German police have hired a company to create Trojans capable of capturing traffic from Skype and SSL, leaked documents appear to show. The two scanned documents , which appear on the Wikileaks website in their German form, are difficult to verify, but one appears to describe how a security company, Digitask, was asked to create a "Skype Capture Unit" based around Trojans planted on targeted PCs covertly transferring data to a remote server. "As...... [more]
Et tu, Gmail? Simple hack defeats last barrier to decades-old attack In the morass of Web 2.0 insecurity, Gmail and other Google-hosted services stood out as a beacon of hope. That's because they were believed to be the only free destination that offered protection against a decade-old vulnerability that enabled hackers to steal sensitive authentication details as they pass over Wi-Fi hotspots and other types of public networks...Now, we know better. According to security researcher Rob Graham,...... [more]
Mozilla raises Firefox security bar Firefox 3.0's new anti-malware blocker, a tool that prevents some malicious pages from loading, is the browser upgrade's most important new security feature, Mozilla's head of engineering has said. Officially dubbed Malware Protection, the tool warns users when they steer Firefox to sites that are known to install viruses, spyware, Trojan horses and other malicious code. When a user tries to reach a site on the banned list, a large red warning appears in lieu...... [more]
Virtual servers 'pose security risk' One of the most attractive features of virtualisation - the ability to replicate virtual servers on the fly to meet demand - carries major security risks - from data theft to denial of service - according to a talk scheduled for the Black Hat DC 2008 conference this week in Washington. When a virtual machine migrates from one physical server to another, it can be subject to a range of attacks primarily because authentication between machines is weak and the...... [more]
That Wi-Fi network you thought was secure? it ain't Businesses using some of the more advanced methods for securing connections to Wi-Fi access points need to take a hard look at the configuration settings of client computers. So say researchers who have documented a simple way to impersonate trusted networks. The attack works on access points that use the Wi-Fi Protected Access (WPA) in concert with Protected Extensible Authentication Protocol (PEAP) or other so-called Extensible Authenticatio...... [more]
PayPal: Steer clear of Apple's Safari If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer. "Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview....... [more]
BlackBerry servers ripe for the hacking Many companies running BlackBerry Enterprise Server (BES) could be inadvertently opening a door to attackers, a penetration testing company has found. Penetration testing consultancy NTA Monitor found that most of its customers running the BlackBerry Server with Microsoft Exchange were taking the path of least resistance by opening unencrypted ports from the heart of their network to service providers. The providers, in turn, opened a return back to the BE...... [more]
Paypal to block 'unsafe browsers' Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts. Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it. Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4". Phishing attacks trick users into handing over sensitive data. Paypal...... [more]
Google adwords fuel new URL attack Google adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks. On the face of it, the scam follows a traditional attack route involving the sending of spam emails to random Internet addresses in the hope of finding users who have purchased adwords. The email claims that the user's account payment has failed and asks them to "upd...... [more]
'Secure' PayPal page is... you guessed it A serious scripting error has been discovered on PayPal that could enable attackers to create convincing spoof pages that steal users' authentication credentials. The cross-site scripting bug is made all the more critical because it resides on a page that uses an extended validation secure sockets layer certificate. The new-fangled SSL mechanism is designed to give users a higher degree of confidence that the page they're visiting is secure by turning th...... [more]
Researcher: Debian cryptography may be flawed A security researcher has warned that cryptographic keys generated in the last year and a half using Debian OpenSSL may be invalid. HD Moore, director of research for network-security company BreakingPoint Systems, posted details of the compromise on Metasploit.com on Wednesday.According to Moore, a bug in a Debian OpenSSL package was created in 2006 by the removal of a piece of code, which was taken out to stop the Valgrind and Purify security tool...... [more]
Working to make the internet safe As the need for security on the internet continues to grow, one of the the guardians of the networked world lays claim to an enviable record. In its 13 years in business, VeriSign says it has maintained a "100% up time" service in operating the infrastructure that controls the internet. The firm has a crucial role in the day-to-day operation of the internet - two of the world's 13 root servers, which direct global internet traffic, are managed by the firm, it r...... [more]
Royal Bank of Scotland fixes data-stealing flaw The Royal Bank of Scotland (RBS) has fixed a cross-site scripting flaw in its Worldpay Internet payments service that could have allowed attackers to steal users' credit card details, according to a report. Adam Grit discovered the cross-site scripting (XSS) flaw in a secure payment page of the Worldpay site, RBS' Internet payments service, according to a report from IT industry journal The Register. The flaw allowed third parties to inject conten...... [more]
After Debian's epic SSL blunder, a world of hurt for security pros It's been more than a week since Debian patched a massive security hole in the library the operating system uses to create cryptographic keys for securing email, websites and administrative servers. Now the hard work begins, as legions of admins are saddled with the odious task of regenerating keys too numerous for anyone to estimate. The flaw in Debian's random number generator means that OpenSSL keys generated over the past 20...... [more]
Researchers breach Microsoft's CardSpace ID technology A trio of computer security researchers say they've successfully compromised Microsoft's CardSpace, a technology intended to strengthen the security of personal information on the Internet. CardSpace ships with the Windows Vista operating system. It works in concert with a browser when someone uses a Web site that asks for information such as an address or a credit card number. That personal information can be stored on the user's computer...... [more]
Radware Apps to Protect Vs. SSL Attacks, VoIP Misuse Radware, a company that offers integrated application delivery solutions for business-smart networking, announced today that it’s launched its “APSolute Immunity” security initiative. The company also said it’s released an enhanced version 4.10 of its DefensePro security solution. Radware officials say the company’s DefensePro is a real-time Intrusion (News - Alert) Prevention System that maintains business continuity by protecting the...... [more]
Small Business A Big Target For Cyber Attacks Once upon a time, most small-to-midsize businesses enjoyed a relatively secure status, free from malicious cyber threats. Not so anymore, experts say. "It used to be that SMBs were not a target just because of how small they were," said Andy Klein, senior product marketing manager, e-mail security division for SonicWall Inc., Sunnyvale, Calif. "So they could put up a Web server and no one would ever see it. But that's changed. Two, t...... [more]
Design flaws impair security at banking sites Banking Web sites suffer from design flaws that undermine their security, exclusive of software vulnerabilities, according to a University of Michigan study to be released Friday. Of 214 sites surveyed in 2006, more than 75% had at least one design flaw that could lead to a security problem, the university said. The flow and layout of the sites can make those sites riskier, and the problems can't be fixed with a patch unlike a software vulnerability....... [more]
Austrian official fuels Skype backdoor rumours Off the cuff remarks by Austrian government officials suggest that Skype conversations might be intercepted. Speaking at a recent meeting on lawful interception between ISPs and Austrian regulators, an unnamed "high-ranking" official at Austria's interior ministry said that listening into a conversation over Skype presented no particular problems, Heise security reports. The opinion contrasts with the view of Joerg Ziercke, president of Germany's Fe...... [more]
The University of Exeter deploys Juniper's ethernet solution Juniper Networks has announced that The University of Exeter in the UK has deployed its EX-series ethernet switches as well as MX-series ethernet services routers, integrated security gateway firewall/VPN/intrusion prevention platforms and SSL VPN platforms, to upgrade its campus-wide network infrastructure. According to Juniper Networks, the network infrastructure created by its MX-series and the EX-series running on Junos software,...... [more]
Kaminsky reveals 'many ways' to attack with DNS Dan Kaminsky has revealed more details about the DNS flaw, and has said that he would do it all over again, despite receiving some harsh words from his peers in the security community. Kaminsky's full-time job over the past few months has been working with software vendors and Internet companies to fix a widespread flaw in the DNS (domain name system), used by computers to find each other on the Internet. Kaminsky first disclosed the problem on 8...... [more]
Secure Web gateway for effective data loss prevention in an SSL world Businesses are increasingly moving to SSL-encrypted traffic on their network for greater security and data protection. In fact, in 2007, Enterprise Strategy Group estimated that SSL-encrypted application deployments had increased by 50 to 55 percent. However, more SSL traffic on the network inhibits the effectiveness of a data loss prevention solution. In response to this new application profile that favors SSL traffic, organ...... [more]
Web who's who botches secure sockets layer New research has uncovered flaws in the encryption certificates used to protect the websites of hospitals, banks, and even top-secret government spy agencies, raising questions about whether they are complying with regulations requiring them to adequately safeguard their online visitors. Rodney Thayer, a security researcher with Canola & Jones, spent a day and a half scoping out weak websites using nothing more than a handful of search queries type...... [more]
IT security: The trends to watch in 2009 In the arms race between security specialists and threats, it's hard enough keeping up with advisories, warnings of potential problems and new philosophies of safe IT, let alone mixing in the rapidly changing technological and economical implications of the connected environment. The continuing economic downturn could lead to more instances of cybercrime, with a corresponding tightening of security budgets. That was the gloomy prognosis of security exper...... [more]
HRS deploys Radware's intelligent application delivery system Hotel Reservation Service, or HRS, has deployed Radware's intelligent application delivery system to ensure the availability and accelerated performance of its network systems and offer better user experience - simple, secure and fast. According to Radware, its OnDemand Switch platform keeps HRS and its global corporate network running smoothly, even when faced with constantly rising demand. The OnDemand Switch enables HRS to work wi...... [more]
Man-in-the-middle attack sidesteps SSL A combination of poorly educated users, fewer security warnings in browsers, and sites that mix secured and unsecured content allow man-in-the-middle attacks that can sidestep the ubiquitous secure sockets layer (SSL) encryption used to pass login credentials, a researcher told attendees on Wednesday at the Black Hat Security Briefings. Using a proxy server sitting between the victim and the Internet, security researcher Moxie Marlinspike — his real...... [more]
Kaminsky calls for DNSSEC deployment Dan Kaminsky's second act has begun: Pushing the adoption of the DNSSEC security standard for the domain-name system. So many security frameworks — from password resets via e-mail to SSL certificates — rely on DNS in some way that the protocol has to be secured for Internet security to work, Kaminsky told attendees at the Black Hat DC Security Briefings. DNSSEC is by far the leading security standard for the domain-name system, and the US government has alrea...... [more]
Juniper offers multi-vendor threat management Juniper is set to launch software to allows security products from competing vendors to share and analyse log information in order to determine the root cause of network problems and fix them. Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and Unified Access Control devices that enable them to publish log information to a UAC server that shares the data with other platforms. The interface between the SS...... [more]
Regaining app-centric visibility, control Enterprises need a better way to control software-as-a-service, cloud computing, Web 2.0 and other applications that are hosted outside the enterprise because the traditional port-based approach has ceased to be effective. Moving beyond port-based traffic classification isn't easy, but because the "threat industry" now has application-level exploits and applications are at the heart of many data leaks, enterprises must rise to the challenge....... [more]
Websense releases first appliance Websense is set to release its first hardware appliance. The V10000 Web Gateway Appliance will run Websense's Secure Web Gateway Software including anti-malware filtering, SSL traffic inspection, application controls, and threat protections for web surfing. The appliance "is the first appliance we've ever done," says Dave Meizlik, director of product marketing. For customers, a hardware-based platform can provide the opportunity to consolidate servers...... [more]
Botnet probe turns up 70GB of personal, financial data Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data. The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials. The researcher...... [more]
Blue Coat looks to streamline WAN optimization rollouts Blue Coat Systems is aiming for instant gratification with a new configuration wizard designed to help IT professionals get their ProxySG appliances up and running quickly. The streamlined setup executes a baseline WAN optimization configuration, including the ability to accelerate remote file access (utilizing CIFS), e-mail and Web-based applications. The wizard enables setup in less than a minute, says Carrie Oakes, vice president of...... [more]
Palo Alto adds VPN gateway, traffic shaping to firewalls Palo Alto Networks is adding an SSL VPN gateway and traffic shaping to its firewalls, offering businesses another opportunity to reduce the number of devices they buy and maintain. While Palo Alto's previous software for its appliances supported site-to-site IPSec VPNs, it had no capacity to establish remote-access connections to individual users. PAN 3.0 software uploads SSL VPN agents to remote machines so they can establish VPNs with t...... [more]
The Internet is incomplete, says its co-designer, Vinton Cerf The co-designer of the Internet's basic architecture, Vinton Cerf, said the Internet "still lacks many of the features that it needs," particularly in security, during a blunt talk to a tech industry crowd here. Cerf, who is a vice president and chief Internet evangelist at Google Inc., co-designed with Robert Kahn the TCP/IP protocols that underpin the Internet. That was in 1973. And despite its having become operational in 1983, an...... [more]
Phishing still a mystery to most web users Phishing web sites are still a mystery to the majority of internet users, according to a recent study by VeriSign. The report is part of the company's research into the clues people use to spot potentially unsafe sites. VeriSign set up a Phish or No Phish site, and asked visitors to identify which of two web site images presented side by side is a phishing site.The most commonly missed indication was the poor level of spelling on the phishing site. Aro...... [more]
Mozilla patches 11 Firefox bugs Mozilla has patched 11 vulnerabilities in Firefox, more than half of them labelled "critical". The update was the first since late April, when Mozilla rushed out a refresh to plug a hole that the company's developers has inadvertently introduced in the Windows version of the browser, and came just days after the launching of a "tweener" build of the upcoming Firefox 3.5. Of the 11 flaws fixed in Firefox 3.0.11, six were rated critical, one "high," two...... [more]
Researchers set to reveal SSL vulnerability Confidential online connections made from public wireless hotspots remain vulnerable to attacks despite improved security that was supposed to fix the problem, according to security researchers. The vulnerability means that attackers can lurk in the middle of what victims think are secure SSL sessions with banks, retailers and other secure websites, picking off passwords and other information that can be used later to steal account funds or compromise...... [more]
Mozilla patches three Firefox bugs Mozilla has patched Firefox 3.5 and Firefox 3.0 to quash three security vulnerabilities, including a pair unveiled last week at Black Hat, and a third Mozilla itself revealed last month. Firefox 3.0.13, the update to the older browser that Mozilla will drop off the support list in January 2010, includes two bugs, while Firefox 3.5.2 fixes a separate flaw. The vulnerabilities patched by Firefox 3.0.13 were disclosed last week by Dan Kaminsky of IOActive and a s...... [more]
Microsoft Internet Explorer SSL security hole lingers Microsoft still does not acknowledge a weakness in its Internet Explorer browser that was pointed out seven weeks ago and enables attackers to hijack what are supposed to be secure Web sessions. The company says it is still evaluating whether the weakness exists, but Apple, which bases its Safari for Windows browser on Microsoft code, says Safari for Windows has the weakness and the Microsoft code is the reason. If Microsoft doesn't fix the...... [more]
PCI survey finds some merchants don't use antivirus software Consumers face a greater risk of losing control of their data when doing business with smaller retailers, as many haven't made investments to comply with the Payment Card Industry's Data Security Standard (PCI DSS), according to a new survey. The survey, which covered 560 U.S. and multinational organizations, asked respondents a variety of questions about their investments and deployment of technology to comply with PCI DSS, which was...... [more]
SSL spoof bug still haunts IE, Safari, Chrome Nine weeks after a hacker demonstrated how to spoof authentication certificates for virtually any website on the internet, users of Internet Explorer and many other applications remain susceptible because Microsoft hasn't patched the underlying vulnerability. The bug, which resides in an application programming interface known as CryptoAPI, causes IE and other applications that rely on the code to be tricked by fraudulent secure sockets layer certif...... [more]
Vendors scrambling to fix bug in Net's security Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet. The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL (Secure Sockets Layer) communications between computers using what's known as a man-in-the-middle attack. Although the flaw can only be exploited...... [more]
H1N1 drives demand for secure remote access The H1N1 pandemic is pushing companies to upgrade their secure remote access capabilities in order to enable more employees to work out of their homes and other remote locations in an emergency. Vendors of remote access technologies are reporting an unexpected increase in demand for their products over the past several months as a result of H1N1-related concerns.
"What companies are really looking for is the ability to provide secure, remote access to...... [more]
Companies ill-prepared for Christmas break breaches With just under two weeks to go until Christmas Day, research has revealed that nine out of ten companies will not be taking additional IT security precautions over the period. ProCheckUp warned companies that with increased traffic to e-commerce sites, reduced staff and increased hacking activity, it is even more difficult for companies to protect themselves from malicious attacks at this time. Richard Brain, co-founder of ProCheckUp, said: "...... [more]
The 12 Cons of Christmas While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off. CSO compiled a list of twelve dirty tricks to avoid this holiday season (or any time). Product come-ons
After a day of shopping, you log on to Twitter and 'tweet' about how hard it is to find a Zhu Zhu Pet, this season's hot toy, for your daughter. S...... [more]
The Top 10 Security Threats in Cyberspace The year 2010 promises to be an action packed year in cyberspace. With the giants of the Internet reporting an unprecedented breach in their networks, it is not farfetched to presume that the next world war could be fought in cyber space! Attacks are now exceedingly covert, complex and targeting specific organizations and no million dollar protective blanket of security product/infrastructure can completely secure your machine. The only weapon you have...... [more]
If you need more information about SSL, please feel free to contact us with your SSL questions using our contact form.
