Cameron Sturdevant lists 9 points to keep in mind when comparing virtual desktop hypervisors.

I start by identifying what will be required of the desktops, what sort of hardware (client and server) will be required to support the requirements, and then I dive into the murky, swirling world of licensing:

1. License costs

In addition to the “three C’s” one of the most important testing criteria is licensing costs. None of the competing vendors make it easy to do an apples-to-apples comparison, so you’ll need to do some noodling to get a price per-desktop, per-year figure. It makes a difference how many years you include in your calculations. I suggest looking at a minimum of three and a maximum of five years, depending on your current physical desktop or laptop formula. Speaking of physical systems, you should factor in the costs of the user devices on which the remote virtual desktops will be hosted.

via Critical Testing Criteria: Virtual Desktop Infrastructure – Virtualization from eWeek.

Again, it is demonstrated that the strength of your key is less important than the ease with which someone can hack some other part of your system to learn its value.

According to the researchers, quantum key distribution (QKD) implementations rely on the detectors to measure the quantum property of single photons. Using bright illumination, the team demonstrated how two commercially available QKD systems—id3110 Clavis2 and QPN 5505, developed by vendors ID Quantique and MagiQ Technologies, respectively—can be fully remote-controlled.

“This makes it possible to tracelessly acquire the full secret key; we propose an eavesdropping apparatus built from off-the-shelf components,” the team wrote. “The loophole is likely to be present in most QKD systems using avalanche photodiodes to detect single photons.”

via Researchers Find Quantum Encryption Hack – Security from eWeek.

Several months after Citrix met all of the Gartner Group’s enterprise-ready virtual desktop requirements, VMware takes minor-version-leap forward to catch up:

View 4.5 addressed all four of the above shortcomings, and the breadth of their feature improvements were deeply scrutinized with hands-on assessments in our lab. To VMware’s credit, they didn’t try to address customer management requirements with band aids. Instead, they literally scrapped their previous management console and replaced with a far improved Adobe Flex-based console. In addition, they unveiled a Microsoft System Center Operations Manager (SCOM) management pack for View 4.5 management. That was another common request I’ve heard from early VMware View adopters. On the scalability side, View 4.5 is now capable of scaling to 10,000 managed desktops per management domain, which is currently double the maximum scalability supported by Citrix.

via VMware View 4.5: Ready for the Large Enterprise.

An interesting analysis of which countries’ domestic web surfers were most attacked:

AVG’s analysis is based on an examination of attacks during the last week of July. According to the company, AVG software detected attacks against one in 10 customers browsing the Web in Turkey during that period. Also near the top of the list were Russia one in 15, Armenia one in 24 and Azerbaijan one in 39.

The global average was one in 73 users. In the United States, one in 48 users were attacked, the same proportion as in Pakistan. Vietnam and Laos had a slightly worse percentage, coming in at one in 42 for both countries.

[...]

On the other side of the safety scale is Japan, where AVG software picked up attacks for one out of every 403 users. Sierra Leone had the fewest attacks, with just one out of every 696 Web users being hit. Other countries listed among the top 20 safest places are Taiwan 1 in 248 attacked, Argentina 1 in 241 attacked and France 1 in 224 attacked.

via AVG Lists Most Dangerous Countries for Web Surfers – Security from eWeek.

Privacy Item 1:

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway – and no reasonable expectation that the government isn’t tracking your movements.

That is the bizarre – and scary – rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants – with no need for a search warrant. (See a TIME photoessay on Cannabis Culture.)

via The Government’s New Right to Track Your Every Move With GPS – Yahoo! News.

Privacy item 2:

As the privacy controversy around full-body security scans begins to simmer, it’s worth noting that courthouses and airport security checkpoints aren’t the only places where backscatter x-ray vision is being deployed. The same technology, capable of seeing through clothes and walls, has also been rolling out on U.S. streets.

American Science & Engineering, a company based in Billerica, Massachusetts, has sold U.S. and foreign government agencies more than 500 backscatter x-ray scanners mounted in vans that can be driven past neighboring vehicles to see their contents, Joe Reiss, a vice president of marketing at the company told me in an interview. While the biggest buyer of AS&E’s machines over the last seven years has been the Department of Defense operations in Afghanistan and Iraq, Reiss says law enforcement agencies have also deployed the vans to search for vehicle-based bombs in the U.S.

via Full-Body Scan Technology Deployed In Street-Roving Vans – Andy Greenberg – The Firewall – Forbes.

Interesting, both because the “tamper-proof” voting machines can easily be hacked, and that the software is the IP of a socialist dictator.

This is your Sequoia touch-screen voting machine with Pac-Man hacked onto it without disturbing any of the “tamper-evident” seals supposedly meant to protect it from hackers…

Any questions?…

Sequoia’s voting machines, used in some 20% of U.S. elections, employ Intellectual Property (IP) still owned by a Venezuelan firm tied to Hugo Chavez. Sequoia itself is now owned by a Canadian firm called Dominion. (Though Dominion, like Sequoia itself before it, lied about the continuing Venezuelan/Chavez ties in its recent announcement of the acquisition, as detailed exclusively by The BRAD BLOG, to little notice, in June.)

via The BRAD BLOG : Pac-Man Hacked Onto a Touch-Screen Voting Machine Without Breaking ‘Tamper-Evident’ Seals.

Details on an old DoD break-in.  I wonder if the activity of the malware was logged anywhere?

In an article for Foreign Affairs, Deputy Defense Secretary William J. Lynn III writes that in 2008, a flash drive believed to have been infected by a foreign intelligence agency uploaded malicious code onto a network run by the military’s Central Command.

“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn writes. “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

via Defense Department Confirms Critical Cyber Attack – Security from eWeek.

Dr. Chuvakin presents a short Q&A on PCI DSS 2.0.

Everybody knows that PCI DSS 2.0 is coming! The Council released a summary of changes for version 2.0 [PDF] to be released in October 2010. Council folks have granted this brief interview to Security Warrior Blog; it is provided below in its entirety:

via Anton Chuvakin Blog – “Security Warrior”: Brief PCI Council Interview in Regards to PCI DSS 2.0.

Nice, now I no longer need to switch to a Windows machine just for these features.  I haven’t used it yet, though, so no comments on the functionality.

Voice and video chat for Linux is now available. This supports Ubuntu and other Debian-based Linux distributions, and RPM support will be coming soon.

via Google Apps update alerts: Gmail: Voice and video chat now available for Linux.

I don’t yet have anything GPS-enabled, but if I ever do, then remind me to turn off the geotagging before I go twittering all about where I will or won’t be that day.

When Adam Savage, host of the popular science program “MythBusters,” posted a picture on Twitter of his automobile parked in front of his house, he let his fans know much more than that he drove a Toyota Land Cruiser.

Embedded in the image was a geotag, a bit of data providing the longitude and latitude of where the photo was taken. Hence, he revealed exactly where he lived. And since the accompanying text was “Now it’s off to work,” potential thieves knew he would not be at home.

Security experts and privacy advocates have recently begun warning about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online.

via Web Photos That Reveal Secrets, Like Where You Live – Yahoo! Finance.