Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Data Leak Vulnerability In Android Gingerbread
Google's Android Gingerbread (version 2.3) operating system is affected by a data-leak vulnerability that is very similar to a vulnerability in an earlier version that was supposed to have been fixed.
Backup Deduplication 2.0 Needs Better RAID
As we wrap up our series on what is needed in the next generation of backup deduplication devices, one of the key needs is going to be a better drive protection capability. Today most deduplication systems leverage RAID to provide that drive protection, however as capacities increase, RAID rebuild times are going to get worse. Vendors need to provide a better solution.
Is Apple (Finally) Stepping Up Its Security Game?
Apple's reported recent hire of noted security author and expert, David Rice, is yet another step the company has made in the past year to help improve its sloppy security image.
The SpiderLabs Report
Four out of five of the victims were so clever that they didn't need a firewall
Internet 'Kill' Switch: Balancing Security And Freedom
Why it's important to have controls in place before deploying such a powerful tool
Russia To NATO: Investigate Stuxnet
The Stuxnet worm is alleged to have set back Iranian's controversial uranium enrichment program significantly. Now, the Russians are asking NATO to find some answers.
Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
Deduplication 2.0 - Recovery Performance
"It's all about recovery", you'll here it in almost every sales presentation by a backup vendor. That advice holds true for backup deduplication devices as well. A common mistake is to assume that because deduplication products, most often disk based, that they also offer the best recovery performance. This is not always the case and as we move into the next dedupe era it has to improve.
New Age of Mobile Malware On Way
New types of malware are emerging, designed specifically to exploit the unique features of mobile handsets.
WikiLeaks Targeting P2P Networks?
That is the allegation in a news report that ran last week. While the outcome from the investigation could have a profound impact on whether the anti-secrecy organization is a media outlet – there is a bigger lesson.
How Careful Do You Need To Be With Cloud Storage? - Security
Developing a cloud storage strategy is moving to the top of many IT managers project lists. How to use cloud storage and what applications or processes could benefit the most from the use of cloud storage are key questions to answer. One mantra that keeps coming up is "you have to be careful" with cloud storage rollouts. Really? What makes cloud storage so risky that it requires this extra caution?
Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
Backup Deduplication 2.0 - Density
As we continue our requirements for the next era of backup deduplication, the next important area for improvement is in the denseness of systems. This means more raw capacity in less physical space. While getting sufficient power to the data center is a problem for some data centers, the lack of available data center floor space is becoming a problem for even more of them. Backup deduplication systems need to help address that pain by increasing density.
The Relative Risk Of Malware
Trend Micro reports there are 3.5 new malware released every second, up from 1 new malware every 1.5 seconds a year ago. But what's your actual risk?
Backup Deduplication 2.0 - Power Savings
In our last entry we opened a discussion of what is needed as we move into the next era of backup deduplication and focused on integration to backup software. Another area that is becoming increasingly important is to be able to lower the power requirements that disk backup deduplication hardware requires. Power is a pressing issue in the data center and disk backup systems need to address those concerns
Report: Stuxnet Joint Israeli-U.S. Operation
A story published this weekend adds evidence to what many have suspected all along: that the Stuxnet worm was nation-state designed and developed to set-back Iran's nuclear ambitions.
Kudos To Tucson University Medical Center For Firing Alleged Snoops
The Tucson University Medical Center reportedly has let go three employees for accessing the medical records of those involved in the Tuscon shooting tragedy without authorization.
Security Researcher Targets SCADA, Releases Exploit
Another exploit for SCADA software emphasizes the need for organizations to review their network design and device exposure before they become a victim.
Backup Deduplication 2.0 - Integration
Deduplication has moved from a risky hard to explain technology to one that is almost expected by customers from a disk backup device. Next generation backup deduplication systems are going to require a new set of capabilities to make them more than just disk backup. They will have to integrate with the backup software, begin to provide power management, and there needs to be a greater focus on recovery performance.
Password Reset
The downside of crafting a strong password is that while it's harder to guess or crack, it's also harder to remember and then use
Schwartz On Security: Hack My Ride
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
A Textbook Case For Monitoring
Vodafone's customer database leak demonstrates dangers of not properly monitoring database activity
Security Doesn't Matter To Brands: A Counter Point
A recent video blog entry made the assertion that security doesn't matter to a company's brand. The post was strong on opinion, light on facts. I say lax security and breaches do have an impact on brand. And I back up this assertion with a few data points.
Desktop Virtualization And Local Storage - Just Say No
There is an ongoing debate about what type of storage is best to use to support desktop virtualization solutions, especially in small to medium sized implementations. Storage is one of the most expensive parts of a desktop virtualization project and as a result anything you can do to drive cost out of the storage purchase is going to make desktop virtualization economics work better. This leads some to advocate local storage.
AT&T Mocks Verizon iPhone, Unlimited Data Plans Possible
An AT&T executive is talking trash about the Verizon iPhone, and reports indicate that Verizon may bring back unlimited data plans for the iPhone.
Anonymity And Nonversations
One sure result of the whole Wikileaks thing is security researchers, whistleblowers, and government officials talking past each other.
Virtual WAN Optimization
Returning to our discussion on virtual appliances one of the areas where we are seeing a lot of use of virtual appliance technology is in the WAN optimization market. WAN optimization has been atop the project list whiteboard for many data center managers. WAN connectivity is expensive. By optimizing utilization of the WAN you can either lower your WAN connectivity bill or at least delay the need to upgr
Schwartz On Security: First, Know You've Been Breached
Spain's national aeronautics institute found three Mariposa botnet infections on internal PCs, thanks to constant testing. But when it comes to breaches, many organizations still have their heads in the sand.
Japan To Ban Virus Creation? Bad Idea
The Japanese paper, the Yomiuri Shimbun, ran a story during the holidays about how the Japan Ministry of Justice wants to criminalize the creation of viruses. If they pursue this course, it's only going to get messy for security professionals there.
Going Out With A Bang
We like to think that most firms have 'gotten the memo' that hackers hack databases, yet the flurry of breaches at years end suggests otherwise
Dell Adds Security To Its Acquisition Binge
Dell today entered an agreement to acquire managed security services provider SecureWorks for an undisclosed sum. I didn't see this one coming, but I should have.
Mixing Tiers And Mixing Vendors In A Virtualized Environment
VMware's Storage VMotion is a tool that brings the capabilities of virtual server migration to storage. Without interrupting users virtual machine data can be moved from one storage platform to another. It allows you to mix storage tiers and vendors more easily than in a non-virtualized environment. The missing link with this capability is all it can do is move data you need to know where to put that virtual machine.
7 Ways To Save Microsoft In 2011
If Redmond can't adapt to the most competitive landscape in decades, it will fall further behind Apple and Google in key growth markets like phones and tablets.
Mining Web Proxy Logs For Interesting, Actionable Data
Simple statistical analysis of Web proxy logs provides wealth of information and incidents missed by AV
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
