A week in security: Twitter and Facebook boost defences

This week was dominated by the VMworld 2010 conference in San Francisco, and some interesting partnership/acquisition activity which could help Dell and CA offer more secure products.

Twitter, Facebook and Microsoft also released enhancements to their products designed to improve security.

Twitter made moves to improve the security of its service with support for a new authentication system for people using third-party applications to read or send tweets.

The OAuth authentication method allows subscribers to use third-party applications without them storing passwords. The apps will still work if the user subsequently decides to change their password.

Ironically, the corresponding OAuth update required by TweetDeck users to make them more secure was used by scammers to try to spread malware.

Facebook also got in on the act, announcing a security feature that allows users to remotely log out of active sessions on any device, reducing the chances of havingtheir accounts hacked and used to send spam or malware.

CA announced plans to extend its cloud security capabilities with the acquisition of Arcot Systems, a provider of fraud prevention and authentication tools. The $200m (£129m) deal will help CA strengthen its Identity and Access Management offerings, the firm said.

Meanwhile, Dell announced plans to expand its partnership with security firm Trend Micro, in a deal which will bring the vendor's Worry-Free Business Security Services to its own customers.

Microsoft issued an updated version of its mitigation tool for hardening Windows applications against common security exploits used by malware. The Enhanced Mitigation Experience Toolkit 2.0 is now available from the Microsoft download centre, and adds two new mitigations to the four already supported in the tool since version 1.02 was released in October 2009.

Finally, there was a big emphasis on security at VMworld this year. VMware announced a trio of products aimed at redefining virtual security architecture from a perimeter to a defence-in-depth approach.

VMware vShield Edge, vShield App and vShield Endpoint cover anti-virus, load balancing and firewall security for cloud systems. By integrating these deep into the virtualised environment, security could become a selling point for cloud, according to the company.

Also at the show, Trend Micro posted an update for its Deep Security server protection platform, targeting server virtualisation and sporting a new module for VMware systems.

And Check Point introduced a virtualised edition of its Security Gateway appliance.