RSA (the security division of EMC) is looking to launch two new services in the second half of this year: an Identity service and a Compliance service.

The Identity service is SSO for cloud services, using RSA SecurID technology.

The Compliance Profiling Service will allow businesses to determine conformance on best practices, as defined by the Cloud Security Alliance.
JCPenney gamed Google's search engine for months. Google has now taken "corrective action". The NYTimes has an extensive article on the matter.
Familiar with two-factor authentication, whereby a PIN is generated and sent to a mobile device? It's been used in enterprise for some time, but is now becoming popular in the consumer market. Google is now offering two-factor authentication. One quirk: you need unique per-application passwords, which could lead to users writing down passwords. Techcrunch has the story
eBay is now open sourcing Tumeric, a policy-driven SOA platform where you can develop and deploy SOA services. Tumeric is Java based, standards based (WSDL, SOAP, XML, JSON, XACML, REST), and supports a variety of protocols and data formats. Eclipse plugins will help with the development of service providers and consumers.

Security services and a monitoring console with policy administration will be included.

There are no dependencies on internal eBay applications.

I've previously blogged that the cloud is great for hackers. Computing power cheaper and more available than ever before. And now German security researcher Thomas Roth has used EC2 to hack WPA-PSK, running through 400,000 possible passwords per second (almost assuredly using GPUs). These machines would typically cost tens of thousands of US dollars. Or pay about 30 cents/minute with Amazon. The full article: Cloud computing used to hack wireless networks
The Treasure Department is moving 4 existing site to Amazon Web Services. Moving to AWS:,,, and Congrats to Smartronix who was awarded the contract.