Here's some other news from this year's RSA Security conference that you may have missed -- but we didn't.
Why Gates felt safer at RSA
Microsoft Chairman and Chief Software Architect Bill Gates offered up his best David Letterman/Jay Leno impression at the start of his keynote speech Tuesday morning, wishing his audience a happy Valentine's Day and suggesting his choice to be in San Jose was better than another offer he had passed up.
"My other invite was to go quail hunting with Dick Cheney," he said.
The joke was in reference to an accident last weekend in which the vice president accidentally shot his 78-year-old hunting companion while aiming for quail at a Texas ranch. His friend, Austin lawyer Harry Whittington, later suffered a mild heart attack.
McNealy's best Letterman-like list includes some hits and a few misses
Later that same morning, when arch rival Scott McNealy, the chairman and CEO of Sun Microsystems, took the stage, he got laughs when he said with his typical deadpan delivery: "I noticed he didn't mention my invitation to go hunting with him."
Also borrowing from Letterman's act, McNealy opened his keynote with a "top ten" list of security systems administrators' worst nightmares. Those that were a direct swipe at Microsoft went over the best with the crowd. A couple of others fell flat, but maybe that's just because they hit too close to home.
10. First line of defense is 'pull the power plug.'
9. Worn out Control+Alt+Delete keys.
8. Wearing an orange jumpsuit for next 5 to 7 years.
7. Working in an all-Microsoft shop.
5. You're the only one who opens funnybunny.exe.
4. Company policy is root-level access control for all.
3. Blue screen of death.
2. Being told there's a patch to a patch.
1. Having a virus named in honor of you.
Microsoft CSO's sense of humor shines through in interview
During an interview just prior to the conference kick-off, Microsoft Chief Security Officer Karen Worstell was asked a variety of questions about patches and the company's roadmap in security, all of which she approached with serious reflection. Then she was asked for career advice for anyone who aspires to become a company's chief information security officer.
"Have a nice, stiff drink until the feeling goes away," she quipped.
That's one way to grab our attention
During a briefing with security management provider High Tower Software Inc., based in Aliso Viejo, Calif., university-computer-scientist-turned-CTO Eugene Schultz was asked what threats he's seeing, particularly among new customers when they first go online with the company's security event management tools. Normally, this is when vendors unleash a litany of interesting malicious code, non-compliance issues and clever social engineering. But Schultz decided to keep his discoveries brief. "Butt-ugly stuff," he said. "Butt. Ugly. Stuff."
Study shows growing devotion to security
A new report unveiled at the conference Tuesday suggests IT pros are sinking a lot more time and money into security than in previous years. According to the report, based on a survey of 410 IT decision makers in the United States, Canada, Britain, Germany and France, 78% of respondents said they've increased their number of IT security projects while three quarters of those polled said IT security has become a critical part of their business planning.
Atlanta-based Forrester Consulting conducted the survey on behalf of the Business Software Alliance (BSA), whose members include Apple Computer Inc., Cisco Systems Inc., Dell Inc., Hewlett-Packard Co., IBM, Intel Corp., Internet Security Systems Inc., McAfee Inc., Microsoft, RSA Security Inc. and Symantec Corp.
"This survey offers many encouraging signs that companies are taking data security seriously and have dramatically escalated their safety measures [and that] IT decision makers are prepared to work closely with law enforcement to respond to security threats and protect our information systems," BSA President and CEO Robert Holleyman said in a statement.
Of all the financial risks associated with information security, 81% of respondents said they're most worried about losing business due to system downtime. Seventy-four percent of respondents also said they're concerned about compliance and liability. Across the board, respondents said their level of concern about these issues has increased dramatically over the last two years.
Meanwhile, 73% percent said information security has become a critical part of their company's strategic business planning and 63% said their customers regularly ask about their security measures. Seventy percent said they've made improvements to address customer concerns.
The survey also indicates that the private sector wants the federal government to play a role in addressing information security. Fifty-four percent said that they maintain a list of government authorities to whom they report security breaches and 54% said they know exactly who they need to contact within government in the event of a breach. But 67% said they would be more likely to work with law enforcement if they had specialized skills and tools for cyber-forensics investigations, suggesting the need to equip police with those tools.
A copy of the study is available on the BSA Web site.
Report: Spam spiked in January
The amount of spam clogging cyberspace shot up by almost 10% in January, while the number of e-mail viruses decreased from December, according to a threat analysis report New York-based MessageLabs Ltd. released at the conference Tuesday.
In January, the global ratio of spam in e-mail traffic from "new and unknown bad sources" was 66.6% (1 in 1.5), an increase of 9.2% over the previous month, MessageLabs said. The global ratio of e-mail viruses was 1 in 41.7 (2.4%), a decrease of 5.4% since December.
MessageLabs said it stopped more than 4 million copies of Nyxem-E during its first week. The worm was scheduled to begin overwriting files on infected machines Feb. 3, but failed to cause the anticipated impact, the report said, adding, "MessageLabs believes this is largely due to many infected computer users and businesses conducting extensive virus 'clean up' in the intervening days." MessageLabs observed a clean-up rate of around 11,000 IP addresses per day.
January also saw a decline in the proportion of phishing attacks in e-mails following the 2005 holiday season, MessageLabs said. However, the ratio of phishing as a proportion of malware increased by 4.9% and accounted for 10.6% of malware intercepted by MessageLabs in January.
The full report is available on the MessageLabs Web site.
And the winners are…
This year's winners of the 9th Annual RSA Conference awards are Oded Goldreich of Weizmann Institute of Science, Ari Schwartz of the Center for Democracy & Technology and Jack Jones, for his work with Nationwide Insurance.
The awards are meant to recognize individuals who demonstrate excellence in the field of information security and cryptography. This year's recipients were selected based on their "exceptional contributions" in the categories of mathematics, public policy and security practices, RSA Security said in a statement.
Goldreich was recognized for excellence in mathematics for his "outstanding" research in the interplay of randomness and computation, and the foundations of cryptography, RSA said, adding, "In addition to his fundamental contributions to the foundations of cryptography, he has written a three-volume book on the theory of cryptography which has quickly become a reference book worldwide."
Schwartz was recognized for excellence in public policy for leading efforts to define and fight spyware last year. He founded the AntiSpyware Coalition on behalf of the Center for Democracy & Technology and has been instrumental in gathering evidence for a number of public actions against spyware vendors.
Jack Jones, CISO for Columbus, Ohio-based CBCInnovis, was recognized for excellence in security practices. As the former CISO of Nationwide Life Insurance Co., he was acknowledged for his instrumental efforts in creating an information security group of nearly 100 professionals. Under his leadership, the group has been responsible for various aspects of information risk management covering issues related to security of software and components. Additionally, RSA said, he aided the development and implementation of an information security policy modeled on ISO 17799.
"Following the trend of the industry, the level of innovation in information security has grown exponentially in recent years," said Sandra Toms LaPedis, general manager and area vice president, RSA Conference. "We're pleased to recognize the forward-thinking group of organizations and individuals that is driving technological advancements for security year after year."
This article originally appeared on SearchSecurity.com.