Tim Callan, a product manager for VeriSign’s SSL business unit explains the vendor’s response to the OpenSSL vulnerability in Debian-based Linux distributions. He also defends the vendor’s Extended Validation Certificate business. Some security researchers say the EV certificates are being blemished by websites vulnerable to cross-site scripting attacks. Also, Paul Wood, a Senior Analyst at MessageLabs explains why the latest phishing attacks are targeting a bank’s new initiative to “go green.”

 

 Security Wire Weekly [19:10m]: Play Now | Play in Popup | Download

Robert Weaver, head of IT security at ING Direct talks about his bank’s authentication methods and new encryption software designed to lock out malware from sniffing customer transactions. The bank has gotten high security marks, but Weaver admits there’s more work to do.

 

 Security Wire Weekly: ING security chief talks authentication, encryption [11:57m]: Play Now | Play in Popup | Download

NSS Labs, well-known for its security product testing and certification program, recently launched its PCI Suitability service. Merchants–from global giants to small retailers–are faced with difficult buying decisions, as they determine what technologies they need to deploy to comply with PCI-DSS. Smaller companies, in particular, need to evaluate products like intrusion prevention systems and Web application firewalls that might not have gotten serious budget consideration before PCI. In this podcast, NSS’ president Rick Moy talks about the information PCI Suitability reports provide and how companies can use that information to help them make informed buying decisions.

 

 Security Newsmakers: NSS Labs to focus on PCI technologies: Play Now | Play in Popup | Download

Microsoft addressed remote code execution vulnerabilities in its Jet Database Engine and a flaw in its Malware Protection Engine. Which updates should be deployed first? Jason Miller, the security data team manager, at Shavlik Technologies and Don Leatham, director of solutions and strategy at Lumension Security examine Microsoft’s latest round of critical updates.

 

 Security Wire Weekly [11:51m]: Play Now | Play in Popup | Download

The SearchSecurity.com editorial team discusses virtualization security, the overcompliance mentality, PCI DSS changes, and tightening IT security budgets.

 

 Security Squad [20:29m]: Play Now | Play in Popup | Download

Simon Crosby, chief technology officer of Citrix Systems explains why virtualization security should be the job of security vendors. Also, Finjan CTO Yuval Ben-Itzhak describes how data stolen from thousands of personal and business computers were discovered on an unprotected server.

 

 Security Wire Weekly [10:05m]: Play Now | Play in Popup | Download