News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Major spammer offers an allocution

Meanwhile, McAfee acquires Preventsys; a new Snort fix is released; Microsoft launches Web-based security services; and a group forms to tackle health industry flaws.

Spammer settles suit with Microsoft, Texas
The Blue Security saga showed that some spammers can fight antispam companies to the death and come out on top. But there are also times when the spammer caves to pressure and turns over a new leaf.

Ryan Pitylak, a spammer accused of unleashing up to 25 million unsolicited marketing messages a day at one point, has settled a lawsuit with the state of Texas and Microsoft. According to, the settlement will cost him $1 million plus the seizure of many of the assets he accumulated as a spammer. In his blog, Pitylak said he has seen the error of his ways and will dedicate his future efforts to helping eradicate nuisance email.

"Over time I have come to see how I was wrong to think of spam as just a game of cat and mouse with corporate email administrators," he said. "I now understand why so much effort is put into stopping it. The settlements with Microsoft and the [Texas] Attorney General's Office have been a serious reality check: harsh but good, and in the public's best interest."

He added: "I am pleased to announce that I am now a part of the antispam community, having started an Internet security company that offers my clients advice on systems to protect against spam. I'm now working earnestly to help other entrepreneurs avoid the traps that deceived me and led me to make questionable business choices."

McAfee acquires Preventsys
Santa Clara, Calif.-based antivirus firm McAfee Inc. announced Tuesday that it's acquiring Carlsbad, Calif.-based security risk management firm Preventsys Inc.

McAfee spokeswoman Siobhan MacDermott told the Reuters news agency that the transaction was valued "in the low millions." She declined to elaborate.

Preventsys develops security risk management software companies use to identify security problems as they seek to demonstrate and monitor compliance with internal auditing procedures and government regulations.

McAfee Chief Executive George Samenuk last week said at an investor conference that he planned to use some of the company's $1.1 billion in cash to broaden its portfolio of security products through acquisitions. He told a Cowen & Co. investor conference that he hoped to make several acquisitions over the coming quarters and that the deals would be valued between $5 million and $250 million.

New Snort fix arrives
Less than a week after Carpintereria, Calif.-based Demarc Security Inc. discovered a vulnerability in the popular open source Snort intrusion detection system (IDS) and issued a third-party fix, another security company has announced its own solution.

Chicago-based intrusion prevention system (IPS) firm AmbironTrustWave Corp. announced its own patch for Snort, which is used as a component of its ipANGEL product line. "The flaw was an evasion and not a vulnerability, which means that while it is possible for an attacker to bypass detection, ipANGEL sensors and the networks they protect were not at a heightened risk of other attacks," the vendor said. "The flaw affects all IPS products that leverage the open source Snort engine and potentially millions of companies worldwide."

Sourcefire Inc., the maker of Snort, has not yet made a fix known or endorsed any of the third-party patches, but said last week it would issue an update sometime this week.

Microsoft launches Web-based security services
Microsoft's Live Labs, launched in January, has rolled out two security-related Web-based services, one for providing authentication and another for connecting peer-to-peer applications through network firewalls. According to the IDG News Service, the services are part of Microsoft's plan to quickly deliver Web-based services to compete with Google Inc. and Yahoo Inc. Microsoft has already announced that many of its Live services will be hooked into the upcoming Windows Vista.

The Security Token Service (STS) is available at, while the new Relay Service is available at

The IDG News Service said STS is an online identity-management service that enables users to register personal information on a virtual information card using Microsoft's authentication service, code-named InfoCard. After signing up for STS, when users visit a site that is InfoCard-enabled, they can sign in to the site using information stored in the virtual card. Microsoft Chairman Bill Gates unveiled InfoCard at the 2006 RSA Security Conference in February, calling it the successor to the password approach used by most organizations today.

Health organizations band together for security's sake
Leading health care industry executives Monday announced the formation of the eHealth Vulnerability Reporting Program, an initiative created to enhance the security of eHealth systems. The program will establish a framework by which eHealth system developers, their customers and security companies communicate vulnerabilities and aid in determining the most appropriate mitigation strategy, the group said in a statement. It will also facilitate the identification and communication of pertinent and time-sensitive information regarding security vulnerabilities for the purpose of enabling organizations to better evaluate and manage associated risks.

"While both the health care industry and government recognize the enormous potential electronic health record systems possess, we shouldn't lose sight of the risks and challenges they introduce," Augusta Kairys, VP, provider relations for Highmark BlueCross BlueShield and an eHealth Vulnerability Reporting Program board member, said in a statement. "Exploitation of security vulnerabilities has the potential to undermine physician and consumer confidence in these systems. Our goal is to establish a mechanism to identify and communicate security vulnerabilities, thereby minimizing their exploitation."

This article originally appeared on

Dig Deeper on Web browsers and applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.