How Are We Doing? Dark Reading Seeks Your Input
If you've been clicking through the pages of Dark Reading regularly for the past several weeks, you've probably noticed lots of changes. As we told you back in October, the site has undergone an overhaul that included moving to a new server and a new production system, and we've implemented a new design that's intended to make the site easier to navigate and use.
As with most new releases,
Solving The DR Testing Problem
It seems like almost every time I see a report on disaster recovery plan (DRP) testing, there are typically 50% of the respondents that either don't test their DR plan or don't test it frequently enough for the plan to be worthwhile. How can we solve this?
Free Memoryze Tool Gets A Much Needed GUI
When software vendors release a "free" version, there is often a catch or some limitation that leaves you wanting for more. Rarely is the release good enough to fill a void that you've been missing. But that's not always the case. A good example is the NetWitness Investigator product that I've been testing and wrote about in Friday's
Cyber Monday Risk Factor: Employees Back At Their Desks, Ready to Shop!
When everybody comes back to work next Monday, count on some of them spending at least a bit of the day surfing for online bargains. And some of them are going to be spending a lot of their time shopping -- some estimates place Monday's online shopping time as consuming more than half the workday. How much of that time also puts you and your network is up to you.
Security Firm Warns Of New Apple Malware
A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.
LiveView: Seeing Is Believing
Investigating security incidents is a necessary fact of life for IT shops everywhere. What varies is how each group handles the incident. I read an interesting article over the weekend from Enterprise IT Planet called "Five Essential Forensics Tools." While I wouldn't consider them all "essential," a couple of them are very important, like Wireshark and Helix, and others are just examples of the ki
IT Efficiency, First Demand Oversight
In this era of tightening budgets, storage administrators are once again being asked to do more with less. The problem is that for most data centers, the efficiency crank has been turned several times already and the easy efficiency steps already have been taken.
Security and Return-Oriented Programming
You don't have to stray too far from the financial pages to know that returns of any kind aren't much to brag about these days. You could say the same thing about "return-oriented programing." In a nutshell, return-oriented programming security attacks start out like familiar attacks, in which attackers take advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system's designer
SSD Can Mean Hard Cost Savings
In our last entry we talked about the time savings and potential increase in productivity and revenue that deploying SSD can enable. This entry we will focus on the hard cost savings associated with SSD. In the right situation, SSD can actually be less expensive than mechanical drives.
Web Security Testing Cookbook Book Review
Veteran web application developers know how hostile the Internet can be, and cookbooks like this one remind us that code vulnerabilities are as diverse as the applications they are unintentionally a part of. Authors Paco Hope and Ben Walther outfit readers with free software security tools and instruct how to use these plug-ins and utilities to build more tamper-resistent apps.
As More Lose Jobs, More Job-Spam Scams On The Loose
Spammers get their clicks by preying upon fear, among other things. And as unemployment levels rise, job, income and related concerns are becoming more common spam-prompts than ever.And prime among them are money-mule scams that try to rope people into laundering money from home.
London Hospitals Still Sick From Virus Breach
I was reading Graham Cluley's blog at Sophos earlier this week about a virus infection (the computer kind) at a number of U.K.-based hospitals. I pretty much passed over this story until I learned just how badly the hospitals were prepared for this.
SSD In Tough Times
At a recent conference I was asked how to cost-justify solid state disk during tough economic times. The interesting aspect to SSD is that because of its cost, it always has needed to be cost justified, regardless of the economic situation, and as a result is far better suited to do more than just "ride out" the storm.
Thompson Era At Symantec Drawing To A Close
Yesterday, the news broke that decade-long Symantec veteran John Thompson would be retiring. Symantec's board of directors appointed Enrique T. Salem, currently chief operating officer at the company, to be president and chief executive officer effective April 4, 2009.
Death of the AV Vendor: Microsoft Offers Free AV
The fundamental problem with the AV market is that it makes antivirus vendors as much a part of the problem as they are a part of the solution. They are motivated to promote exposures to create a market for their offerings, and the end result has been a massive increase in malware and an inability by the ecosystem to effectively combat it. This will change that dramatically.
Economy Sinks, Phish Rise
Shouldn't surprise anybody, but the worse the economy gets, the more aggressive the phishers become. Some new statistics show just how aggressive that is.
Every so often you hear the prediction of consolidation in the storage industry, especially during times where the economy is in question. Now is again one of those times and surely we will see some acquisitions here or there, but I think we are a long way off from the classic consolidate down to three vendors scenario. Here's why....
Making a Case For Comprehensive Patch Management
The Security Manager's Journal at Computerworld had a good, "real life" story about the effort required to implement a comprehensive patch management program and to have management sign off. J.F. Rice (a pseudonym created to protect the manager and the company) says he used a two-pronged attack to get support and raise awareness by meeting with system admini
Palin E-Mail Hacker Trial Delayed
The trial of David "Popcorn" Kernell, the 20-something student who has been accused of hacking then vice president-hopeful Sarah Palin's Yahoo e-mail account, has been postponed.
Hacking VoIP Book Review
Having implemented and customized Asterisk-based VoIP solutions in the past, I was already aware of potential security issues around Voice over IP, especially using SIP. So it was with great curiosity to read about author Himanshu Dwived's VoIP-hacking investigations.
Pssst. What's Your Password?
Your company invests heavily in provisioning and identity management software. Password are to be changed every 90 days or so. The goal is to make sure accounts are secure and users are accountable for their actions. Problem is: Everyone is sharing passwords.
New Tool Makes VoIP An Easy Target
VoIP isn't something that pops up on my radar too often. We're only now just beginning a deployment at my office that will take place during the next couple of weeks, so I'm slowly becoming more aware of what impact it could have. But what really got me thinking about just how secure the upcoming implementation is going to be is the release of a new VoIP security tool, UCSniff, by the Sipera Viper Lab.
My Spammers Didn't Get the Memo That They Were Toast
It has been a week that seemed like the good guys might finally be winning -- something -- in the cybercrime war. First, there were reports of a 65-plus percent drop in spam volume after a Web hosting firm known for hosting botnets, spammers, and child pornography was taken down. Then the Internet Corporation for Assigned Names and Numbers (ICANN) on Wednesday finally
Visa To Test New Credit Card Security Tactic
Credit cards were never designed for online purchases. They were designed more than 50 years ago for face-to-face purchases, yet credit card companies and online merchants continue to try to re-tool credit cards as viable for online payments.
Correlating Many Data Sources Is Often The Key
Being able to successfully perform incident response and digital forensics requires having the right tools and, more importantly, the right sources of information. I was assisting a client with a case recently that made this simple fact more apparent the more I dug into the monstrous amount of information they provided me.
Will The Cloud Hurt Storage Companies?
There have been a few articles written lately which claim cloud computing will hurt smaller storage companies like 3Par, Compellent, Xiotech, etc…. The theory being that there will have to be some industry consolidation. I disagree. Cloud computing should be a net gain for storage companies and here's why.
A Quarter Of DNS Servers Still Vulnerable
Maybe DNS should stand for Do Not Secure. Half a year after the announcement of of a Domain Name System flaw and about a quarter of the DNS servers that should have been patched haven't been.
Apple iLife Gets Security Fix
Apple today announced a serious security fix for iLife 8.0, Aperture 2, and Max OS 10.4.9 through 10.4.11. Each of the security flaws, if left unpatched, could lead to "arbitrary code execution," which means attackers could run code of their choice on your system.
Solving The Gap Between Virtual Machine And Storage
Server virtualization rollouts often get stuck after the first wave. That first wave is where you have virtualized most of your easy stuff. Then as the virtual machines begin to proliferate, it occurs to you that you have lost control. One of the key disconnects is from server to storage.
Obama Wins Spam Race Too
The spammers love a winner -- winners exploited in subject-lines make it easier for spammers to turn computer users into losers. Take a look at the still-growing volume of Obama-themed spam and spam-scams to see how the cybercrooks are handling the transition.
SSD's Latency Impact
In our last entry we talked about latency and what it was. We also discussed how storage system manufacturers are trying to overcome latency and performance issues of mechanical drives by using techniques like making the drives faster by using higher RPM drives, array groups with a high drive count, short-stroking those drives, wide striping those drives, and increasing the number of application servers
The Worst Way To Learn Of A Data Breach
While there's no welcomed way to learn that your customer data has been compromised, perhaps the worst way is to learn via an extortion letter. Pay up, or we'll expose millions of patient records, threatens a letter to Express Scripts.
Bending Skein Code
Few of the submissions to NIST's hash standard contest have been optimized for desktop/server processors. One, though, known as Skein, seems to have considered this. It is designed specifically to run well on Intel Core 2 processors -- without sacrificing speed on other processors or security.
Malware Attack Riding Coattails Of Obama Win
Antivirus software maker Sophos today discovered attackers have launched a Web campaign of their own that aims to exploit the senator's presidential victory. And it's rather nasty.
SSDs Are All About Latency
Nearly every storage manufacturer has been articulating a solid state disk (SSD) strategy in the past two quarters. EMC, HP, IBM, HDS, NetApp, and Compellent are all set to add the capability to their offering. Some are doing so today, while others are still in the strategy mapping process.
The Importance of Exit Procedures
There is an interesting article in the San Francisco Chronicle about a former IT manager turned "vengeful computer hacker" who logged in to his former company's mail server and turned it into an open mail relay for spammers to abuse. He also deleted the Exchange server's mail database and critical system files, preventing the server from being able to boot. After five years, he has fina