Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
M3AAWG Issues DKIM New Best Practices in Wake of Disclosed Key Length Vulnerability

SAN FRANCISCO, CA -- (Marketwire) -- 11/06/12 -- With the recently revealed ability to spoof email from companies that are using an outdated, weak encryption key to authenticate their email, the Messaging, Malware and Mobile Anti-Abuse Working Group is urging companies to adjust their DKIM processes immediately to improve end-user safeguards and today issued new best practices that specifically address the vulnerability. M3AAWG is calling on business enterprises to replace previously secure 512- and 718-bit verification keys with 1024-bit and higher encryption, among other recommendations to better validate the authenticity of who is sending an email.

"We've developed a short, succinct paper that explains the relatively simple and immediate steps large-scale senders can take to safeguard their brands in response to recent concerns about some levels of key encryption and usage. Technology is advancing, and to keep pace with hackers, the industry needs to revisit its practices in light of their expanding capabilities. We want to get the word out on the quick changes companies can make to protect consumers and their brands against this issue," Chris Roosenraad, M3AAWG Co-Chairman said.

"M3AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability," (www.maawg.org/sites/maawg/files/news/M3AAWG_Key_Implementation_BP-2012-11.pdf) details the technical steps that address the current vulnerabilities and is available in the Published Documents section of the organization's website at www.maawg.org/published-documents. The recommendations include:

  • Updating to a minimum 1024-bit key length. Shorter keys can be cracked in 72 hours using inexpensive cloud services

  • Rotating keys quarterly

  • Setting signatures to expire after the current key rotation period and revoking old keys in the DNS

  • Using the key test mode only for a short time period and revoking the test key after the ramp-up

  • Implementing DMARC in monitoring mode and using DNS to monitor how frequently keys are queried. DMARC (Domain-based Message Authentication, Reporting and Conformance) is another standard often used in conjunction with DKIM

  • Using DKIM rather than Domain Keys, which is a depreciated protocol

  • Working with any third parties hired to send a company's email to ensure they are adhering to these best practices

DKIM is a widely accepted standard used by businesses, governmental agencies, large email provider services and other entities that allows an organization to claim responsibility for sending a message in a way that can be validated by a recipient. For example, email services, such as AOL, Gmail and Yahoo, and commercial brands implement the standard as part of their messaging protocol. It includes an encrypted key in the message headers that ISPs and other receivers use to verify the message actually was sent by the referenced company.

Implementing DKIM makes it more difficult for criminals to forge illegitimate emails that are made to look like they came from a recognized company, a ruse that is often used to steal personal identity information from unsuspecting users. In late October, Wired journalist Kim Zetter reported that many companies were using weak encryption keys and other questionable practices as part of their DKIM implementation that could expose their email to this potential spoofing by cybercriminals.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; Symantec; Trend Micro, Inc.; and Twitter.

A complete member list is available at http://www.m3aawg.org/about/roster.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Linda Marcus, APR
+1-714-974-6356
Email Contact
Astra Communications

About Marketwired .
Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

SOA World Latest Stories
up.time, from uptime software, monitors performance, availability and capacity across all servers, virtual machines, applications, IT services, and the network. Proactively find IT system performance issues before they happen, report on total capacity, easily identify troublemakers, tr...
When Swedish communications services provider TDC needed network infrastructure improvements from their disparate networks across several Nordic countries, they needed both simplicity in execution and agility in performance. Our next innovation case study interview therefore highlight...
Many mid-market companies have invested significant time and resources to secure and back up their servers, client computers, data, and overall network infrastructure in what was the traditional client-server setup. Now, what were considered emerging technologies just a few years ago, ...
SYS-CON Events announced today that DevOps.com has been named “Media Sponsor” of SYS-CON's “DevOps Summit at Cloud Expo,” which will take place on June 10–12, 2014, at the Javits Center in New York City, New York. DevOps.com is where the world meets DevOps. It is the largest collectio...
SYS-CON Events announced today that the Web Host Industry Review has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Since 2000, The Web Host Industry Review h...
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. O'Reilly Media spreads the knowledge of innovators throu...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE