Primary Storage's Three Faces
Primary storage has three faces. There is active data and inactive data; both of these data sets actually consume space, which we can compress and then remove. Then there is the third face, with the capacity that is allocated but not in use. Each needs to be handled in a different way.
Account & Identity Mismanagement
Companies' lack of proper identity management and account revocation never ceases to amaze me. Why aren't these things integrated with the human resources hiring process and subsequent exit procedure when an employee leaves or is fired?
Fannie Mae Logic Bomb Makes Case For Strong IDM
The indictment of an IT contractor working at Fannie Mae, who schemed to destroy the data on 4,000 servers, confirms what we know: bad economic times and layoffs are perilous, and identity and access management has never been more important.
Click Fraud Rises As Economy Sinks
Fake clicks on ad links are climbing as fast as the economy falls,up a full percentage point in the last three months of 2008, according to pay per click monitoring company Click Forensics.
Web Malware Infects Fast, Dies Young
The number of new infected Web sites grew by 66%, from 100,000 to 200,000 per day to 200,000 to 300,000 per day in the past three months, according to AVG Technologies.
Hardware Vendor-Induced Vulnerabilities
During a recent penetration test, a friend encountered some really strange findings that he asked me to review. Several of the desktops located in one of the departments had a process listening on an ephemeral, nonstandard TCP port. He provided his Nmap and Nessus findings, which both reported an Apache Web server was running on this mysterious port. The fact they were all running Apache was cert
IE8 Security: Some Questions Answered, Others Raised
Internet Explorer 8, which Microsoft has now labeled "Release Candidate 1," meaning it's ready to be tried out by (or on) the public, promises some leaps in browser security. Does it deliver? Yes and, depending on who you ask, not quite.
The Death Of PCI DSS? Don't Be Silly
Yes, in the past year two big retailers, who were apparently compliant to the Payment Card Industry Data Security Standard, were breached. Does that mean PCI DSS has grown increasingly irrelevant? That's absurd.
How To Celebrate Privacy Day (And How Not To)
Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.
NFS On VMware, Not NetApp's Sole Domain
Using NFS to store and boot virtual machine images is becoming an attractive option, and for obvious reasons NetApp has been promoting the use of its solutions as the perfect complement to a VMware on NFS strategy. However, NFS isn't the sole domain of NetApp any longer. It now has company from a variety of vendors, including EMC, ONStor, BlueArc, and
Software Piracy Places Everyone At Risk
On Monday, the United States claimed victory in a World Trade Organization case against China for that country's alleged lax stance toward software piracy. What's that have to do with IT security? Plenty, as the recent Downadup outbreak, as well as a number of new Trojans to hit the Mac OS X platform, highlight.
OS X Trojan Resurfaces In Photoshop CS4
I guess too many people got wind of the iWork 09 Trial Trojan application that was circulating in some peer-to-peer networks. The bad guys have changed their strategy: they're now targeting people downloading pirated versions of Adobe Photoshop.
Get Your Pentesting Permission Slip
As infosec professionals, we are often tasked with performing duties that would be considered illegal if we did not receive proper authorization beforehand. For example, if you were performing a penetration test against a system that you or your employer doesn't own, or for which you don't have authorization to access, then you could be violating a number of laws leading to termination and possible criminal prosecution.
Monster.Com Loses Millions MORE Job Seekers' Records
Monster.com has been hacked again, with possibly millions of customer records -- including names, phone numbers, e-mails, passwords and more -- stolen from its obviously poorly protected database. The company's handling of the news of the breach (the third in less than two years!) is as sloppy as its security.
Spread Of Downadup Worm, New Apple Mac Trojan
Security firm Symantec notes that the Downadup worm has swept through China, Argentina, Taiwan, Brazil, India, Chile, and Russia. The infection doesn't even register in the United States. Why?
Phishing Doesn't Pay, Microsoft Finds
Lured by bad math and get-rich-quick pipe dreams into a life of cybercrime, those phishing for dollars confront a problem not unlike that faced by traditional anglers: too few fish in the sea.
Cloud Storage Matures
The cloud is becoming tangible and definable. Customers are beginning to store data on it and companies like Bycast, Cleversafe, Amazon and Nirvanix have real customers paying real money to use their products or services. Companies like EMC and HP are bringing legitimacy to the co
The Trouble With Phishing
Any person who is familiar with even the basics of modern computer threats will know the term phishing. It is an example of the more generic threat known as social engineering, or using psychology as a primary attack vehicle. In general, people tend to be trusting and helpful (although, of course, we can all quickly bring to mind those who are neither). Phishing and other social engineering attacks make use of these traits to trick computer users into giving up valuable information, fr