Facebook’s international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network.

According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November.

The company farms all the data it stores back to its spiritual homeland in the US, but a privacy audit in Ireland is significant as it’s not only Facebook’s major EMEA bolthole, but is also the nearest responsible data protection authority outside of the firm’s US head office.

It’s important to note, however, that Facebook isn’t breaching European law when it makes stealth changes to its technology that cause upset among its 800 million-strong stalkerbase.

Last week the company fielded lots of complaints from users unhappy with the latest redesign to Facebook, that included Mark Zuckerberg’s creepy concept of “frictionless sharing”, which means displaying an individual’s entire life history as chronicled on the network.

An Austria-based collective called Europe versus Facebook filed 22 complaints with the Irish data protection commissioner.

Among other things, the group griped about Facebook’s “Like” button that – it was revealed by Oz blogger Nik Cubrilovic – carried cookies that included unique information after people had logged out of the dominant social network.

Facebook said it had “quickly” fixed the issue, but insisted there was no privacy or security breach.

“Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user,” it told The Register earlier this week.

Irish deputy data protection commissioner Gary Davis told the FT that his office would investigate Facebook’s operation outside of the US and Canada.

“This audit will examine the subject matter of the complaint but also will be more extensive and will seek to examine Facebook’s compliance more generally with Irish data protection law,” he added.

According to the RTE, a report on the outcome of that probe won’t be published until the end of 2011.

Facebook’s European policy director Richard Allan has previously called on self-regulation and the development of industry standards rather than for people to get stuck on “a debate on principles about data protection law each time”.

Despite the howls of protest against the immensely popular network, Brussels has limited power over how Facebook operates in Europe while siphoning the data it gathers to the US.

Regulators hope to close the loophole with the reform of the Data Protection Directive, proposals for which are expected in early 2012.

Facebook underplayed the latest regulatory action taken against the firm:

“Facebook’s European headquarters in Ireland manages the company’s compliance with EU data protection law,” it said.

“We are in regular dialogue with the Irish data protection commissioner and we look forward to demonstrating our commitment to the appropriate handling of user data as part of this routine audit.”

Client-side SSL Proxy – BIG-IP LTM’s client-side SSL proxy feature terminates SSL connections, decrypts the request, and sends the request in clear text to its final
destination. During the process of terminating an SSL connection, the proxy performs all of the certificate verification functions normally handled by the target web server, as well as
encryption and decryption functions. BIG-IP LTM includes hardware that accelerates these operations, enabling it to offload this task for large volumes of traffic in an efficient manner.
When used in combination with clone pools, this feature extends the effectiveness of IDS devices that would otherwise not be able to process encrypted data.

WCCP

Resolution

Verify the SDM template using the following Cisco IOS command:

Switch# show sdm prefer

The current template should be “desktop routing” or “desktop access” for WCCP to work properly.

Use the following command to change the template:

Switch(config)# sdm prefer routing
Switch(config)# reload

Websense Content Gateway provides the NTLM (NT LAN Manager) option to ensure that users in a Windows network are authenticated before they access protected content on the Internet.

When you enable the NTLM option, the proxy challenges users who request content for proof of their credentials. The proxy then sends the proof of the user’s credentials directly to the Windows domain controller to be validated. If the credentials are valid, the proxy serves the requested content and stores the credentials in the NTLM cache for future use. If the credentials are not valid, the proxy sends an authentication failed message to the user.

Websense Content Gateway supports both transparent (Single Sign-On) and explicit authentication. Transparent authentication is supported with Microsoft Internet Explorer 7 and 8, and Mozilla Firefox 2 and 3. Single Sign-On allows users to sign on only once, so that they can seamlessly access all authorized network resources. Therefore, if a user has already logged on to the Windows network successfully, the credentials specified during Windows logon are used for authentication and the user is not prompted again for a username and password. Explicit (basic) authentication is supported for other browsers. With explicit authentication, users are prompted for a username and password before they can access the protected content.

Websense Content Gateway supports the use of backup domain controllers for failover. If the primary domain controller does not respond to the proxy request, Websense Content Gateway contacts the next domain controller in the list (the backup domain controller). For the next request, the proxy tries to contact the primary domain controller again and then contacts the backup domain controller if the connection fails.

Websense Content Gateway supports access to Windows NT domain controllers and Windows 2000, 2003, and 2008 Active Directory.

Notes & Warnings

Known Limitations

1. WINS resolution is not supported. Domain controllers must have host names that can be resolved by a DNS server.
2. Extended security is not supported and cannot be enabled on the domain controller.
3. NTLM2 session security is not supported and cannot be enabled on clients. In the Security Settings area of the Windows operating system, inspect the Network Security: Minimum session security settings.
4. NTLMv2 is not supported with Active Directory 2008. The required Network Security: LAN Manager Authentication setting is described in step 5 of Configuring NTLM proxy authentication, below.
5. Not all browsers support transparent NTLM authentication.
6. Credential caching is performed when:
   1. Authentication is transparent
   2. The requestor (client) is on the same domain as the domain controller, or on a domain that has a trust relationship with the domain controller
   3. The browser is Internet Explorer 7 or 8*, or Mozilla Firefox 2 or 3
      *Credential caching does not work with Internet Explorer 7 or 8 if Microsoft Patch MS09-13 has been applied. For a work around, see the Websense Knowledge Base article “NTLM credentials not cached with Internet Explorer 7 and 8″. To view the article, log in to MyWebsense, click on the Support tab, select Websense Security Gateway from the Knowledge Base drop down list, and enter the article title in the Search box. For a description of the Microsoft patch, see Microsoft technical bulletin MS09-13 and Knowledge Base article 960803.

Parameters

The Palo Alto firewall is not a UTM. Gartner calls a device of this design a ‘Next Generation Firewall’. Although it operates as a single-unit IPS, Anti-Spam, URL filtering multi-function device, it has two main differences.

The first is that all these features can be turned on at the same time time without affecting performance. It achieves this by using enough processing power and multi-threaded, multi-core CPUs to simultaneously perform all operations on the data stream as it passes through the firewall. Traditional UTM machines perform, say, a URL check, then pass it to an AV engine and so on. Traditional UTM machines suffer performance losses when the features are progressively turned on.

But the second and most significant difference is that the Palo Alto firewall primarily filters traffic based on an application signature rather than a port number. To this end, port 80 as HTTP web traffic is irrelevant. The Palo Alto can be asked to look inside web traffic that could be running on any port and find chat clients or file transfers or bit-torrent, or voice applications. The port numbers are not required.

Now it should be clear that this is a massive advantage today because traditional firewalls cannot separate, say Farmville from a web page which gives information about the stock market. Farmville is an application which is often spawned from Facebook, and Facebook is an application that is port – 80 web based.

Finally, your policy can generally allow web-browsing, allow parts of Facebook, and disallow Farmville – for certain users in various ways.

I have come across this a lot lately where the Bluecoat reporter will show a deny in the access log for each authentication sequence. This is a common scenario when using NTLM however it can confuse things when using the reporter for denied reports. To fully explain the authentication process:

1. The client connects and issues a request without any authentication info. This happens for ALL new connections, unlike what happens with most Basic authentication implementations which will supply authentication information automatically for all connections after a successful authentication is performed.
2. The server returns a 407 status code, along with an header:
   Proxy-Authenticate: NTLM
   No realm, domain or anything is specified. Of course, additional Proxy-Authenticate headers might be supplied to announce other supported authentication schemes.
   At this point, the connection is closed, forcing the client to initiate a new connection, regardless of any keep-alive directives from the client.
3. The client connects and issues a GET-request, this time with an accompanying
   Proxy-Authorization: NTLM some_more_stuff
   header, where some_more_stuff is a base64-encoded negotiate packet.
4. The server once again replies with a 407 (“proxy auth required”) status code, along with an header:
   Proxy-Authenticate: NTLM still_some_more_stuff
   where some_more_stuff is a base64-encoded challenge packet. Somewhere in this packet is the challenge nonce.
   At this point it is vital that the TCP connection be kept alive, since all subsequent authentication-related information is tied to the TCP connection. If it’s dropped, it’s back to square one, authentication-wise.
5. The client sends a new GET-request, along with an header:
   Proxy-Authenticate: NTLM cmon_we_are_almost_done
   where cmon_we_are_almost_done is an authenticate packet. The packet includes informations about the user name and domain, the challenge nonce encoded with the user’s password (actually it MIGHT contain it encoded TWICE using different algorithms).

Either the server denies the authentication via a 407 return code, and we’re back to square one, or it returns the requested resource.

There is some CPL that will remove the initial deny from the access log:

<exception>

exception.id=("authentication_failed","authentication_redirect_from_virtual_host","authentication_redirection_to_virtual_host") access_log(no)

Of all the potential security evolutions expected to manifest themselves during 2010, smarter social engineering will more than likely remain the leading issue.

As security defense mechanisms continue to get stouter and trends like mobile malware and attacks on Apple Mac technologies will continue to play out on a smaller scale, the efforts of scammers and cyber-criminals to cash in on end user mistakes.

In terms of specific technologies to be wary of, Windows 7 will see a good deal of development related to new attacks, as scammers seek to keep pace with the tools most commonly found on end users’ machines.

Other noticeable trends will include greater interest and awareness in ongoing “cyber-war” activities going on in the international domain, and increased use of cloud based defenses to help organizations share intelligence and stay ahead of attacks, according to the researchers.

So, all in all look for more of what we saw in 2009, just on a wider scale in 2010.

I have seen issues with the MSI crashing out on some new installs of Windows 7 with FDE R73. I spoke to checkpoint about this and after some investigation it looks as it does not read the pre-check.txt file correctly. To fix, modify the precheck.txt file by adding a carrige return at the top of the text file.

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.

In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events.

Twitter issued a fix for the issue Dec. 30, and Google stated Dec. 31 it would examine the input validation process for the Google Calendar field to help address the situation.

Source: Sun Microsystems

Multiple security vulnerabilities have been identified in the PostgreSQL software shipped with Solaris. These vulnerabilities may allow a remote authenticated user with certain privileges to gain extra privileges via a table with a crafted index function. Further vulnerabilities may allow man-in-the-middle attacks on SSL based PostgreSQL servers by substituting malicious SSL certificates for trusted ones.