NSA Investigating Nasdaq Hack
Last month when we covered the attack on the Nasdaq's Directors Desk collaboration platform, we said the incident posed plenty of questions, while the Nasdaq proffered (at least publicly) few answers. It seems the National Security Agency agrees.
Lizamoon SQL Injection: Dead From The Get-Go
The latest round of headline-grabbing SQL injection attacks aren't new, and they aren't very effective; in fact, Lizamoon might as well be called the little injection that couldn't
(Slightly) More Organizations Proactively Managing Security Efforts
Security vendor survey at the RSA Conference 2011 shows more organizations planning and coordinating their security efforts across security and IT operations teams and risk management groups. But don't plan on a party and fireworks celebration just yet - the improvements are minor.
Collecting The SSD Garbage
Solid state storage (SSS) is the performance alternative to mechanical hard disk drives (HDD). Flash memory, thanks to its reduced cost compared to DRAM, has become the primary way the (SSS) is delivered. Suppliers of flash systems, especially in the enterprise, have to overcome two flash deficiencies that, as we discussed in our last entry, will cause unpredictable performance and reduce reliability.
Microsoft Wins A Botnet Battle
The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.
Understanding SSD Vendor Talk
If you are either evaluating or getting ready to evaluate investing in solid state storage for your data center you are going to be faced with learning a new language, confronted with a new set of specs and a new set of debate around what features are most important. This will be the first entry in a series that will give you the decoder ring to understanding what Solid State Disk (SSD) vendors are talking about and what statistics are most important.
Are Industrial Control Systems The New Windows XP
Earlier this week a security researcher posted nearly three dozen vulnerabilities in industrial control system software to a widely read security mailing list. The move has Supervisory Control and Data Acquisition systems (SCADA) system operators scrambling, and the US CERT issuing warnings.
RSA Breach Leaves Customers Bracing For Worst
RSA, the information security division of EMC Corp., disclosed in an open letter from RSA chief Art Coviello that the company was breached in what it calls an "extremely sophisticated attack." Some information about its security products was stolen. Customers are bracing for more details.
Trojan Attacks Remain Most Popular
Anti-malware vendor Panda Security's PandaLabs has found that the number of threats . . . surprise, surprise . . . have risen significantly year over year. What's interesting is how large a percentage of attacks Trojans have become.
For years we wanted a seat at the executive table. Now that we have it, it's time to play the game or head home.
Storage Performance Challenges In Virtualized Environments
The storage infrastructure that supports a virtualized server environment can quickly become a roadblock to expansion. As the project grows, server virtualization places new performance and scaling demands on storage that many IT professionals have not had to deal with in the past. In this entry we will cover some of the causes of the problems and in upcoming entries we will discuss how to overcome those problems.
NERC Creates Cyber Assessment Task Force
The North American Electric Reliability Corporation (NERC) recently announced the formation of a Cyber Attack Task Force. The task force will be charged with identifying the potential impact of a coordinated cyber attack on the reliability of the bulk power system.
Botnet Threat: More Visibility Needed
According to a report released by The European Network and Information Security Agency the current ways botnets are measured are lacking - and it just may be hurting the fight against the zombie plague.
The Truth About Malvertising
We tend to think of malvertising as short lived, one-oft attacks that somehow managed to momentarily breach the ad network's defenses. The reality is, malvertising is more norm than anomaly and can easily persist on major ad networks for months, even years, at a time.
Watch Where You Swipe
We tend to focus attention toward online data and identity theft and forget that we can be targeted just as easily offline.
Establishing Tiered Recovery Points
Our last entry introduced the concept of tiered recovery points. In this entry we will go into more detail about tiered recovery points. There are typically three types of recovery points you want; instant or close to it, also know as high availability. Within a few hours via some sort of disk or tape backup and finally recovering something old, an archive. Each of these tiers need to be established and
Dealing With Recovery Transfer Time
In our last entry we discussed lessons to be learned from the Gmail crash. In an upcoming entry we'll cover establishing the tiered recovery points. These three tiers of recovery; high availability (HA), backup and archive provide a similar goal; application availability. What separates them is the time it takes to put the data back in place so the application can return to service. Dealing with recove
What We Can Learn From The Gmail Crash
Google's Gmail had a glitch introduced that caused 30,000 users or so to loose email, chat and contacts from their Gmail accounts. The cause appears to be a bug in a software update. The current piling on by some storage vendors is humorous. As my mother used to say "people in glass houses shouldn't throw stones". Instead of doing that, lets learn from this experience so we can keep this from
Automatic Storage Optimization
It will come as no shock to any storage manager that the capacity of the data that you need to store is growing. The problem is that your budget is not, or at least not as fast as your need for storage. The speed of growth also means that traditional techniques may no longer be effective. You need the storage system to just handle it, in other words storage optimization needs to be automatic.