Stesso discorso per MFE, che supporta solo il controller del gamecube (dopotutto il programma è un porting diretto da GC), ma costringe l'utente ogni volta a staccare la spina (letteralmente) per spengere la console, non essendo presente nessuna opzione per ritornare all'homebrew channel o resettare (i pulsanti del Wii, infatti, non rispondono).

Infine, è uscito recentemente MPlayer, che supporta un buon numero di file audio e video, usa il wiimote come sistema di controllo, ma manca di una interfaccia grafica adeguata, essendo appena alla versione 0.02. Ieri sera l'ho provato e si è dimostrato una valida alternativa a MFE, sopratutto per il fatto di non dover ogni volta staccare la spina. C'è da dire però che la qualità video è inferiore a quella ottenuta con MFE, e un paio di volte è il programma è crashato su un file MKV (non so se sia un problema del file o di compatibilità). Vi terrò aggiornati per ulteriori sviluppi.

I’ve been ranting at The Archimedius Report about virtualization and security and the inherent challenges of securing mobile, state-changing servers.  That’s why these paragraphs from Ephraim’s article published Monday set off yet another “implication” for data center and network security, thanks to some insightful comments by Gartner’s chief security analyst John Pescatore:

The area that worries Pescatore most is how quickly cloud-based services are updated and changed. He cites Microsoft's painstaking development of the SDLC (Software Development Life Cycle) initiative that assumes mission-critical software will have a three- to five-year period in which it will not substantially change.

"In the cloud, every two weeks we add a new feature, changing the app all the time. But the secure SDLC is not built to do that. We are going back to the old Netscape days of pushing out new features real quick, and nobody has a security cycle that moves that fast," Pescatore says.

What makes matters even worse is that the business user can't say he wants to stay on the old version. "In the cloud you have to accept the next version, possibly nullifying any security that was built into the old application or assumed through integration at the customer site.  

                                    - Ephraim Schwartz, InfoWorld, July 7 2008

As I mentioned in Virtualization-Lite the network security solution leaders have poor visibility into the hypervisor layer and even poorer hypervisor layer enforcement capabilities.  Neither Cisco, nor Juniper nor McAfee are well-prepared for the tasks of defending fluid virtual server environments, unless each environment is confined within an individual hypervisor.  That’s not really virtualization, but rather virtualization-lite.  Virtualization-lite is the acceptance of a reduced business case for virtualization in exchange for a more stable network security posture.

The nature and scale of cloud computing would put even more pressure on this world of static security already put on notice by virtualization in the data center.  Imagine millions of blade servers deployed around the world each hosting dozens of VMs capable of following the moon, as Kevin Kelly says.

That level of mobility (servers chasing cheap electricity around the globe thanks to ubiquitous cloud computing) would wreak havoc on the security status quo architected for years to defend fixed servers.  Leading network security appliances have assumed inflexibility inside the perimeter, and that has been a key impediment to virtsec and to the rapid proliferation of virtualization of the data center. 

Of course, Kelly’s “follow the moon” vision is further off than the vision of virtualization and smaller independent clouds/utilities.  Yet there is still trouble on the horizon.  If you accept Carr (that utility computing is inevitable) the picture for IT as we know it today is bleak.  The security industry wouldn’t be in much better shape either:

In the long run, the IT department is unlikely to survive, at least not in the familiar form.  It will have little left to do once the bulk of business computing shifts out of private data centers and into “the cloud.”   

- Nicholas Carr, The Big Switch, page 118

A few weeks ago I talked about the tactical nature of network security and its occasional quicksand mentality, where every new move means a risk of sinking even deeper into the perceived risk abyss.  At this point it appears that tactical network security teams are not taking the lead when it comes to unleashing virtualization, for obvious reasons.  They’re deploying the hypervisor VLANs we just discussed, which limit flexibility and movement to within the confines of a single hypervisor. 

IN A NUTSHELL

Security solutions are behind when it comes to virtualization.  Security pros are taking a tactical posture.  Yet change is coming according to Carr.

With sunrise over the data center comes an array of clouds stretched out as far as the eye can see.  Will those clouds tease us into accepting a potentially weaker security posture in exchange for lower IT costs and greater convenience?  I think the answer is yes.

MUCH-NEEDED RAIN?

As network security pros and pundits struggle to create ROI models for security or new rationales for more proactive postures within increasingly reactive bureaucracies I think it is obvious that we’ll accept more breaches in exchange for more convenience.  That is, until the defining moment of an attack so audacious that it forces innovation as a means of service provider survival.

A cloud breach could be monumental and shocking. It may be what netsec needs to get back on top of the game.

A cloud attack could drive a new renaissance in security, with new outlooks and probably even panic overspending.  Maybe we would even see application service providers market security in the same way that Swiss banks once marketed privacy.  That could make security strategic to brand.  And many enterprises already know how to calculate brand ROI.

===================================

Disclosure: I’m the VP Marketing for Blue Lane Technologies, a winner of the 2007 InfoWorld Technology of the Year for security, Best of Interop 2007 in security and the AO 100 Top Private Company award for 2006 and 2007. Blue Lane is also a 2007 Best of VMworld Finalist in data protection. I’ve been a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks and ShoreTel. I’ve been an Always On blogger/columnist since 2004. My recently launched personal blog is: www.archimedius.net .  I recently added my blog to a growing lineup of editors at BroadDev.com.  These are all my opinions, and do not represent the opinions of employers, spouses, kids, etc.

Subscribe to RSS headline updates from: http://feeds.feedburner.com/Security-Bloggers-Network
Powered by FeedBurner

Suele ocurrir que todo ataque a la seguridad de aparatos electrónicos es visto como algo ilegal y amoral, ya que suele abrir paso a usos inadecuados (según el punto de vista del fabricante), y en parte es cierto ya que hay usos y usos, en el caso que nos embarca, las consolas me parece un poco estúpida la postura de cerrar las puertas a los usuarios más espabilados e inquietos, ya que si bien es cierto que lo primero a lo que se aspira es a la malvada piratería pero también hay una cosa llamada BACKUPS a la que deberíamos tener derecho como compradores, luego surgen nuevos proyectos e ideas conocidas como Homebrew, entre las que encontramos emuladores, reproductores, motores para juegos, traducciones, sistemas operativos, y todo lo que la imaginación les dé de sí.

Para no inundar nuestra wii con todas las aplicaciones han creado el Homebrew Channel un canal que albergará todo lo que instalemos vía tarjetas SD, TCP o USB Gecko sin la necesidad de arrancar antes el Twilight Hack, yo de momento no lo he instalado porque prefiero dar un tiempo para que los usuarios dejen sus opiniones y problemas, pero cada vez me resulta más difícil darle la espalda al ScummVM Wii con soporte para wiimote OUUHH YEAHH. Si no sabes nada de como va todo esto, te dejo un tutorial de instalación, lo necesario: una wii chipeada, el Zelda Twilight Princess, una tarjeta SD y un rato libre.

Os dejo una selección de aplicaciones que ya están funcionando en cientos de wiis, no son todos los que están, pero están todos los que son:

Cargadores

• Twilight Hack - Descarga
• Homebrew Channel V0.8 - Descarga
• Wii Homebrew Launcher - Descarga

Homebrew

• MFE Wii (Reproductor multimedia) - Descarga
• Wii Linux 0.4 - Descarga
• Gecko Region Free 1.3 - Descarga

Emuladores

• ScummVM r2 - Descarga
• Wii Mupen64GC - Descarga
• Genesis Plus - Descarga
• SNES Channel - Descarga

Juegos

• Tyrian (matamarcianos clásico) - Info+código+descarga
• Quake Wii - Info - Descarga

“La politica italiana si impegni a costruire un’Italia europea per un’Europa in grado di agire. I giovani non rimarranno a guardare e noi faremo la nostra parte.” Si conclude così la lettera aperta inviata questa mattina dalla Gioventù Federalista Europea (Gfe) al Presidente del Consiglio Silvio Berlusconi, ai ministri del Governo ed ai parlamentari italiani.

La Gioventù Federalista Europea – www.gfeaction.eu – www.eurobull.it

La GFE è la sezione giovanile del Movimento Federalista Europeo. Il Movimento è stato fondato a Milano il 27-28 agosto 1943 da un gruppo di antifascisti raccolti intorno ad Altiero Spinelli. I principi sulla base dei quali esso è nato sono contenuti nel Manifesto di Ventotene, elaborato nel 1941 dallo stesso Spinelli, con la collaborazione di Ernesto Rossi e Eugenio Colorni. L'analisi e le proposte politiche contenute nel Manifesto si basano sulla presa di coscienza della crisi dello stato nazionale - ritenuto la causa principale delle guerre mondiali e dell'affermazione del nazifascismo - e sulla convinzione che solo il superamento della sovranità assoluta degli Stati attraverso la creazione di una Federazione europea avrebbe assicurato la pace in Europa. La GFE si differenzia radicalmente dai modelli normali di organizzazione politica, i partiti e i gruppi di pressione. Diversamente dai gruppi di pressione, che cercano solo vantaggi particolari per gruppi particolari senza modificare necessariamente l'assetto dei poteri costituiti e a differenza dei partiti, che hanno come quadro privilegiato di azione il quadro nazionale, la GFE esercita un’iniziativa politica autonoma rivolta alla fondazione di uno Stato nuovo, la Federazione europea.

Il 21 maggio 2006 in occasione della sua  prima visita ufficiale  a Ventotene il   Capo dello Stato, Giorgio Napolitano dichiarò che “per rilanciare l’idea di Europa c’è bisogno dell’impulso dei giovani, il cui sentire europeo si è fatto naturale e profondo, e nell’avanguardia della Gioventù Federalista Europea, la molla più forte”.

“La Gioventù Federalista Europea- scrive il movimento giovanile dell’Movimento Federalista Europeo fondato da Altiero Spinelli- ha osservato con attenzione e preoccupazione il dibattito pre-elettorale italiano in cui le tematiche europee sono state completamente assenti. L’attuale situazione internazionale mostra, invece, come la gestione di problematiche quali l’immigrazione, la sicurezza e la crescita economica esclusivamente sul piano nazionale rischi di portare al fallimento delle relative politiche.

Il rinnovamento del sistema politico italiano è infatti strettamente legato ad un’azione innovatrice all’interno del quadro europeo: non c’è futuro per l’Italia al di fuori dell’Europa e un'Europa unita e democratica è necessaria per affrontare la sfida della globalizzazione e della connessa necessità di realizzare un nuovo ordine internazionale capace di assicurare sicurezza e stabilità.

Tuttavia l’Unione Europea oggi non è in grado di essere interlocutore di USA, Cina, Russia con la pienezza dei poteri necessari. Occorre per questo riprendere il processo costituzionale europeo: l'Europa ha bisogno di un governo democratico e federale capace di agire.

L’ordine mondiale è in crisi, sia sul terreno della sicurezza che su quello della globalizzazione economica. La redistribuzione del potere e della ricchezza a livello mondiale sta generando e genererà scontri e tensioni sempre più forti tra le diverse aree del mondo. Se non emerge una soluzione alternativa all’attuale modello di gestione della globalizzazione, l’unica risposta possibile sarà il ritorno al protezionismo e alle guerre commerciali e monetarie.  L’Europa, che ha vissuto sulla propria pelle gli orrori dei periodi di autarchia e nazionalismo esasperato avvenuti nel primo dopoguerra, ha una responsabilità enorme nel tentare di indicare una via diversa per gestire i problemi della globalizzazione. L’Unione Europea deve avere la forza di promuovere la riforma delle istituzioni sovranazionali, affinché siano dotate dei poteri necessari ad attuare politiche di redistribuzione della ricchezza, gestione del mercato, affermazione dei diritti, salvaguardia dell’ambiente.”

E la lettera dei  Giovani Federalisti Europei continua chiedendo al Governo ed al Parlamento che:

“1. l'Italia, come indicato dal Presidente della Repubblica Giorgio Napolitano, porti subito a compimento la ratifica del Trattato di Lisbona che racchiude alcune delle riforme necessarie ad imprimere un nuovo slancio alla costruzione europea in occasione delle elezioni per il rinnovo del Parlamento Europeo nel giugno 2009. Le elezioni europee potranno diventare il primo passo verso l'Europa politica se i partiti politici europei sapranno indicare chiaramente ai cittadini le proprie idee sul futuro dell’Europa ed il loro candidato alla presidenza della Commissione Europea che si impegnerà a realizzale.

2. il Parlamento Italiano approvi, in occasione della ratifica, una mozione che impegni il governo a rilanciare il processo costituente in tutte le sedi istituzionali europee anche tra un'avanguardia di Stati, se l'unanimità non sarà possibile;

3. l’Italia sostenga nelle sedi internazionali che il Presidente della Commissione Europea potrà essere nominato solo dopo gli esiti delle elezioni europee del giugno 2009, come previsto dal Trattato di Lisbona:”

“I giovani europei- si conclude  così la lettera della Gfe- ripongono grandi aspettative in una politica che sia in grado di rispondere ai problemi più vicini alla loro vita quotidiana. Questa politica può essere portata avanti soltanto a livello europeo. E’ dunque responsabilità di tutti gli schieramenti, dare all’Europa, e quindi all’Italia, gli strumenti necessari per non tradire le attese  delle nuove generazioni.”

Almost two years ago the network security industry noticed the emergence of new classes of highly effective IPS evasions.  It became obvious that hackers had gone pro and were learning how to disguise their exploits in ways that could evade pattern match (signature or anomaly) detection.

Polymorphic Hacker Bonanza

Patterns depend on prior knowledge.  Global networks of security experts still watch for new patterns to quickly deploy protection before too much damage is done; but mutation renders pattern match security worthless. I discussed this last year in Where's Waldo Goes Polymorphic. 

The rise of exploit mutation is also feeding the rise of voluminous libraries of short-life libraries, the rise of processing requirements for traffic inspection, the rise in signature tuning requirements and draconian tradeoffs between different kinds of intrusion prevention, latency and service impacts.  Every credible review of deep packet intrusion prevention systems includes asterisks (qualified comments) and/or frank discussions of latency and service disruption.  Many emphasize the network IPS ability to manage the noise produced by false alarms or praise the cottage industry of noise management solutions.

IPS solutions can also be evaded by the likes of IP fragmentation, buffer overflow attacks (with disguised payloads) and SQL injection.  While heuristics and packet scanners can help to identify some forms of these attacks, hackers have found ways to evade them through alphanumeric, metamorphic and mutating shell codes that cannot be easily identified; they can pass through the perimeter blending in with the vast majority of innocent traffic.

Enterprise CSOs depending on pattern match (plus this and/or that add on) are about to learn a new reality.  The old world devices aren’t working like they used to work.  At the dawn of production virtualization (server mutation in the data center) the network IPS is already crumbling under the pressure of exploit mutation outside the perimeter.  See my blog from February 2007- Virtsec: the Beginning of the End of Static Security.

Security Needs to Migrate from Layer 4 to Layer 7

All of these evasions can work because deep packet pattern match doesn’t have the protocol intelligence to recognize the attacks with high enough levels of accuracy.  Another problem is that these “one size fits all enforcement systems” can only alert (on) or block suspicious traffic.  Besides the latency incurred because inspecting traffic for more patterns ties up more processing resources; blocking terminates server sessions reducing system availability.  Security has never been important enough to impact service availability; and IPS has never been accurate enough to trust more than a small population of signatures for blocking.  So most protective signatures are disabled as not to mistakenly disrupt services.

So round and round we go watching the hacker and marketing arms race escalate between tired hardware, tired architectures and mired security pros fighting off innovative “open source” professionals probing perimeters for wealth and information assets.  One side gets perpetual defense and the other perpetual offense.

There is a Better Way: Protocol Fluency

Data Centers can use more than a hundred protocols between dozens of different operating systems, applications and databases and users.  Most IPS systems understand only a fraction of those protocols.   Every protocol not covered is a vector that can be exploited by a hacker.  It is a point of pattern match evasion.

Protocols, Proactive Protection and Promises

That’s why I predict that we are about to see a netsec protocol and vulnerability race that will be like nobody’s business.  As security teams realize that deep packet is in deep trouble (as far as netsec is concerned) more vendors will start touting protocol coverage and vulnerability intelligence.  Who was it this year at RSA who talked about security needing to think inside out?

There are about 130 data center protocols, depending on what you’ve deployed.  How many does your IPS understand? If you’ve standardized that number may be smaller.  But it’s a fair question to ask your vendor, especially if you’re experiencing successful evasions.

There are also hundreds of unique software vulnerabilities across leading data center operating systems, applications and databases.  Don’t confuse signatures with vulnerabilities, although some vendors do try to blur the line with the “virtual patch” marketing concept.  One security reseller determined that an entire library of signatures with one leading system only protected about 30% of known data center vulnerabilities across Microsoft, Oracle, Solaris, Linux, Apache, etc.  And that’s with the rare instance of all signatures turned on!

That means assuming that a large signature library means comprehensive protection is a head fake at best.  It does explain CSOs who testify about millions of false alarms a week being an excuse for missing a real attack: lots of noise from false alarms (the large library identifying suspicious traffic) while hackers evade the static pattern match systems with mutation and exploit unprotected vulnerabilities.

Then there is an architecture consideration.  If an IPS is using brute force pattern match on all traffic in combination with some protocol decoding, it is very likely that the decoding will be “slow path”.  That means that it will require more processing resources and may force additional latency/coverage tradeoffs.  Many network IPS architectures already require Draconian tradeoffs between latency and protection because they have to equally inspect all traffic.  Additional specialized processing of traffic has the effect of extra cars on the rush hour freeway; each one beyond a point adds a disproportionate influence on delay.

That’s why the next front in the IPS war will be about accuracy-enabled exception-based systems.  By exception based I mean that they will be able to quickly parse out innocent traffic and focus controlled code on the traffic heading to known vulnerabilities.  An example of this approach is in this 19 page white paper by Blue Lane CTO Allwynn Sequeira.  It is a vendor paper (my apologies) but I think it is the most brilliant articulation thus far of what we’ll call a data center IPS.  And the industry needs fresh thinking.

Last year I predicted the rise of virtsec as an issue.  Now I’ll go on the record and announce the race to proactively secure the next generation data center (physical and virtual infrastructure) against new classes of attacks.  That race will be won by the vendors who understand all key protocols, all key vulnerabilities and can act with precision on exploits, and in ways that have very little impact on latency.  From Oracle databases to Windows servers and hypervisors holding pools of VMs, the industry needs to shift its traditional focus away from exploits and desktops and turn it to core vulnerabilities and protocols.  Until then we’re all a hack away from losing trust in yet another institution, or having to testify why the system you bought simply couldn’t keep up.

==================================================

Disclosure: I’m the VP Marketing for Blue Lane Technologies, a winner of the 2007 InfoWorld Technology of the Year for security, Best of Interop 2007 in security and the AO 100 Top Private Company award for 2006 and 2007. Blue Lane is also a 2007 Best of VMworld Finalist in data protection. I’ve been a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks and ShoreTel. I’ve been an Always On blogger/columnist since 2004. My recently launched personal blog is: www.archimedius.net .  These are all my opinions, and do not represent the opinions of employers, spouses, kids, etc.

Last week the tech press marked yet another week of security capitulation, with reports of widespread unpatched Oracle databases and the acknowledgement that a cyber attack had recently blacked out at least one city outside of the US.  It has become even more apparent that our private and public sector IT leadership and vendor community has become increasingly comfortable with security as a reaction to events rather than as a means to shape them. 

If you followed popular blogs about the Oracle CPU issue you would have seen all the telltale signs of the coming fall (and I don’t mean calendar year 4^th quarter). I blogged about the ORACLE SECURITY PARADOX last week and explained how the interests in play were leading us to database security jeopardy.  While this most recent Oracle CPU and the recognition of the “patch fatigue” issue brings attention to vulnerable, unpatched Oracle databases, I also pointed out that a broader and even more disturbing dynamic is at work.   

The proliferation of unpatched and vulnerable data center servers includes a multitude of embedded and legacy systems running custom applications that are critical to 24/7 operations in multiple key industries including health care and energy production.  These systems are perilously behind the times when it comes to security and yet are increasingly exposed to the public-facing network.   

This week Computerworld also published “Apocalypse Soon” and the following early paragraph should raise a few eyebrows: 

Indeed the threat is “urgent and real,” says The Business Roundtable, an association of CEOs of large U.S. companies.  The Washington-based public policy advocacy group says there is a 10% to %20 chance of a “breakdown” of the critical information infrastructure” in the next ten years, brought on by “malicious code, coding error, natural disasters, [or] attacks by terrorists and other adversaries. 

While the report included a very broad range of threatening scenarios (including natural disasters) it wasn’t coincidental that malicious code was the first item mentioned by Computerworld. Our malaise has become so acute that the recent acknowledgement of a hacked blackout becomes just another headline.  

This recent power hack is just another sign of a dying status quo of old technologies, complacency and confusion that is nurtured by an ever-growing stream of service revenue, outsourcing and faulty tech industry leadership still bent on squeezing every dollar of revenue out of every past investment.  It is time for the netsec industry to think ahead instead of trying to hold back innovation. 

How many “acceptable” intrusion prevention system reviews contain the caveats that they worked against less than 50% of test attacks?  Most emphasize their sophisticated (false alarm) management capabilities versus any enhanced detection/prevention.  I’ve blogged before about this in Security3.0.  These older packet inspection architectures need to be upgraded. 

Last week a security executive joined the chorus of large public company trade interviews about why it’s important not to buy best of breed security “point products”.  Me thinks he doth protest too much.  Why would a senior executive of a public security company waste precious leadership ink in leading tech journals fighting innovation and private companies? 

I think there is a simple answer: they’re losing business to innovation and think wheeling out an exec to lead the charge against it is a smart marketing move.  Hardly. This is a problem deeper than a media message or the tired benevolent security bureaucracy metaphor that often manifests itself in times of turmoil. 

Yet the security problem is bigger than innovative private companies and the security industry needs to wake up from its slumber and innovate.  It’s simply too late for proclamations. 

THE BIG BANG THEORY 

As a culture we’ve become so enamored with the power of convenient access that we’ve leapfrogged ourselves into a new era of convenience, vulnerability and complacency.  Our de facto “plan”: we will react to breaches with half-hearted steps until a defining event frightens us into overreaction.  I’ve heard this repeatedly when out meeting with IT pros from high profile companies:  “I get budget when things go wrong.” 

Yet the very convenience that is driving us to new heights in productivity is building out a kind of backplane (or ether) that allows for the unprecedented theft, transport and concealment of data and resources.  Today as more unpatched databases and embedded systems are connected to the Internet, hackers are becoming more sophisticated and more financially motivated. 

The Yin/Yang dialectic between teenage desktop attack and security vendor innovation that got us to where we are today is transforming into an arms race between tired, low layer, hardware-centric IPS architectures and increasingly innovative cybercriminal gangs.  The mounting spam in your inbox is only the tip of an iceberg of innovation mutating in real time around static exploit signature spam defenses.  The spam button on my Yahoo mail is an outright joke as it protects me from the last spam coming again to my inbox.  

This shift from fame to fortune seeker is manifesting itself in numerous ways.  We’re seeing mushrooming bot activity and new and higher projections of how many servers around the world have been compromised.  We’re seeing the rise of more sophisticated attacks, including SQL injection, cross-site scripting and polymorphic attacks designed to evade the traditional security products that were highly effective against known exploit signatures and unusual anomalous traffic and behaviors.   

It is readily apparent that the malicious hacker community is innovating faster than the security industry.  They understand the growing market opportunity created by increasing network access to unpatched databases and embedded systems. And they are innovating on multiple levels, from core technology and tools to online markets for stolen information.    

THE TREND IS THE CYBERCRIMINAL’S FRIEND 

As the web of convenience reaches deeper into the data center and core databases; as security pros spend more time simply keeping up with the operational requirements of older, static security technologies; and as enterprises invest more in compensatory operational expenses (service revenue) or to upgrade hardware to keep up in the packet inspection race… network attacks are becoming increasingly complex, increasingly sophisticated and increasingly successful. 

We are setting ourselves up with the preconditions of a big bang that risks the core of our trusted web economy and the emerging global meritocracy that fuels our engine of innovation and commerce.  It has the potential to be fast, decisive and mysterious, all at the same time.  Our drive to convenience is great for consumers.  It is perhaps just as great for cybercriminals.  Their next opportunity for enrichment may be sitting in your data center, behind layers of half measures and stacks of security service invoices.  The following is ICANNs Stephen Crocker’s advice for what CIOs should say to their CEOs, also from Computerworld: 

“Boss, we need to take care of ourselves, but we also need to organize into a powerful user group and bring some pressure on [vendors] so that the network is fundamentally safer tomorrow than it is today.” 

The message is clear, security vendors need to rethink their architectures for accuracy, availability and performance.  They need to get beyond packet inspection and exploit signature matching and avoid the temptation to invest solely in alarm management.  They need to start at the data center perimeter versus play out their legacy strengths with desktops.  They need to step upstack and embrace innovation.  If they don’t do it, their customers will; and exec trade ink about point products will be pointless.  

Disclosure: I’m the VP Marketing for Blue Lane Technologies, a winner of the 2007 InfoWorld Technology of the Year for security, Best of Interop 2007 in security and the AO 100 Top Private Company award for 2006 and 2007. Blue Lane is also a 2007 Best of VMworld Finalist in data protection. I’ve been a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks and ShoreTel. I’ve been an Always On blogger/columnist since 2004. 

Earnings Date: 26-Apr-07 AMC

Ticker: MFE

Company: McAfee, Inc.

Industry: Software & Programming

Competitor: Symantec Corporation (SYMC), Trend Micro Incorporated (TMIC)

Summary: McAfee, Inc. is a global supplier of computer security solutions designed to prevent intrusions on networks and secure computer systems and other digital devices from a variety of known and unknown threats and attacks. The Company offers two families of products: McAfee System Protection Solutions and McAfee Network Protection Solutions. The solutions include anti-virus, anti-spyware, anti-spam, intrusion prevention, secure messaging, Web filtering and vulnerability management. McAfee also offers policy management tools to keep threat-protection systems up-to-date and allow companies to enforce security policies. Its products are offered primarily to large enterprises, governments, small and medium-sized businesses and consumers through a network of qualified partners. McAfee operates its business in five geographic regions: North America; Europe, Middle East and Africa; Japan; Asia-Pacific, excluding Japan, and Latin America. In October 2006, the Company acquired Onigma Ltd.

Gapping Analysis:

Technical Analysis: Both 1-year & all-years charts do not show any obvious trend.

Average Daily Volume: 1.01Mil

Pivot Point Analysis:

Fundamental Analysis: MSN rating is 7. Last price is ~$30.00, target FY end is $44.12 (12 Anaylsts: Medium). Debt/Equity ratio not available. Sales & EPS were inconsistent. Free Cashflow was increasing over last few years. ROE = 10.6%. ROA = 5.8%.

Insider Trading: No insider market purchase for past one year.

Short Ratio: 3.6

IV:

News: (11/4/07) Wachovia notes that Dave DeWalt started as the new CEO of MFE at the beginning of April, and sources within the co suggest his presence has already had a positive impact. Firm says that current business trends are positive and channel checks are solid, and they think that MFE is undervalued at 16.8x CY08 EPS vs 19.0x for the security software sector and 23.8x for the enterprise software group. Maintains Outperform.

Conclusion: Noted that stock chart did not show strong positive trend, and gapping history was not consistently positive. Due to recent hugh gaps in Tech stocks, decided to take a small risk and buy FOTM Calls at very cheap price.
Position: BTO 5 May 35 Call @ $0.10

Results: Reports Q1 (Mar) earnings of $0.44 per share, excluding non-recurring items, $0.10 better than the Reuters Estimates consensus of $0.34; revenues rose 15.5% year/year to $314.2 mln vs the $292.4 mln consensus. Co issues in-line guidance for Q2, sees EPS of $0.33-0.38 vs. $0.37 consensus; sees Q2 revs of $295-310 bln vs. $307.46 mln consensus. Co guides for FY07, sees EPS of $1.55-1.65 vs. $1.52 consensus; sees FY07 revs of $1.22-1.29 bln vs. $1.24 bln consensus.