2010 Security Dreams? GFI Says "Dream On!"
Sometimes you've just got to smile, and GFI security expert David Kelleher gave me more than one with his dreams of a security utopia in 2010. Dream on is more like it.
2010 Threat Environment: New Year's Familiar Fears
Saying goodbye to 2009 won't, alas, let us say goodbye to many of the year's top threats, which promise to linger and persist into 2010, even as the New Year brings new threats, as well as new versions and varieties of the old ones.
Mobile Botnets: A New Frontline
There has been a recent rash of worms and malware targeting (jailbroken) iPhones. A group of researchers from SRI International published a study of an Apple iPhone bot client, captured just before Thanksgiving.
Data Masking Primer
Data masking is an approach to data security used to conceal sensitive information. Unlike encryption, which renders data unusable until it is restored to clear text, masking is designed to protect data while retaining business functionality.
Fixing The Security Disconnect
A disconnect often exits between security teams and the population they service. I'm not referring to just users -- of course, you'll pretty much always find a rift between security and users -- but instead I mean the disconnect that often occurs among network groups, system administrators, developers, and similar groups.
2010 Year Of Fibre Channel-Over-Ethernet?
Will 2010 be the year of Fibre Channel-Over-Ethernet (FCoE)? I am always hesitant to predict that any particular year with be "the year" but I do think that FCoE will move out of conversation and testing phases and more into production.
Paper-Based Breaches Just As Damaging
IT tends to forget about things that aren't electronic. But you remember that stuff called paper, right? Have you considered that printed documents are just as damaging to a company's reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server?
Season's Security Greetings: 12 Holiday Tips To Keep Your Data Safe
'Tis the season -- for holiday time off, extended trips, office parties... and security negligence. Time to tighten the defenses and clamp down on the user indulgences. No Grinch or Scrooge stuff here: Just a few tips for keeping your workplace systems and data safe, as well as merry and bright.
Making Your IDS Work For You
Talk to anyone who knows anything about running an intrusion detection system (IDS), and he will tell you one of the most important processes during the initial deployment is tuning. It's also one of the important operational tasks that go on as new rules are released to make sure they are relevant to the environment you're tasked to protect.
Security Reminders From "Hacked" Predator Drones
The Wall Street Journal reported today that Iraqi militants are able to intercept live feeds from U.S. military predator drones with standard hardware equipment and a $30 software application.
Christmas Wish List: Patching & Whitelisting
Christmas is next week, and if I were putting together a wish list of things to help lock down my enterprises, I'd have to put patch management and application whitelisting at the top. Why? It's simple. The two together could deliver the one-two punch to knockout the majority of compromises I've been seeing lately.
2010 Cybercrime Goals: Symantec
What do cybercrooks want next year? According to Symantec Hosted Services, they want bigger and badder botnets, pathways through CAPTCHA traps, local language spam and plenty of hooks as good as Michael Jackson and Tiger Woods.
2010 Storage Trends Scale Out Storage
This time of year I am always asked what storage trends will take off during the next year. I often resist because it is very hard to get it right. What I try to do is see what is likely to gain traction in the coming year. Over the next few entries we will explore some of the 2010 storage trends that you ought to be paying attention to. One of those is scale out storage.
U.S. And Russia Talk Internet Security
According to news reports, the American and Russian governments are engaged in talks designed to pave a way for a more secure Internet and a treaty to limit certain types of cyberweapons.
What It Takes To Have True Visibility Into Web Attacks
I'm one of those people who takes extensive notes but rarely goes back and read them. Today was one of those exceptions: I was looking through Evernote for something, and a statement I'd copied some time ago stuck out.
Why Stop At Automated Storage Tiering?
Automated tiering, the transparent movement of data based on activity or type, is quickly proving itself to be a hot consideration for storage managers but why stop at automated tiering? Can't we make the entire storage ecosystem respond automatically based on environmental conditions and its available resources?
Security PR: How To Talk To Reporters
Here are some tips for security professionals and security public relations representatives on how to pitch reporters when you have something new and exciting to share.
How Organizations Get Hacked
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.
Using Facebook To Social-Engineer A Business
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.
Top 15 Threats: How The Crooks Are Coming At You
The latest Verizon Data Breach Report lists the top outside threats -- keyloggers, spyware, SQL injections, remote access and control -- and inside threats -- access and privilege abuse, usage and other policy violations -- that businesses have faced. The report is based on actual business's data breach experiences.
Detecting Viral Persistence
Persistence is something that malware strives to achieve. If malware cannot survive the monthly reboot due to the Microsoft patch cycle or the usual Windows troubleshooting process (reboot first!), then it's going to have a short lifetime and little effectiveness. There are a few exceptions to the rule in terms of persistence.
5 Tips To Help SMBs Stop Identity Theft
Many SMBs like to think identity theft is someone else's problem. Sure, consumers have to worry about it, and so do large corporations that collect information on millions of customers. But not smaller companies, right? After all, who'd bother targeting a run-of-the-mill SMB?
When Controllers Fail
What are the chances of a controller failing in a storage system? I don't know the exact statistic but its safe to assume that its pretty low. When they do fail, the ramifications can be extreme, especially in the increasingly virtualized data center that counts on shared storage. Active-Active controllers provide the protection from controller failure but they are a bit of a misnomer. Both controllers are being used but they are assigned to specific workloads.
Bank Login Stealing Trojan Threat Grows
Cisco released its Cisco 2009 Annual Security Report this morning, and it contains some interesting insight on many of the vulnerabilities and threat vectors we face today.
A Real Insider Threat Story
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
'Capture The Flag' Contest Targets End Users
Capture the flag (CTF) competitions and similarly organized scenario-based "games" can be a great learning experience for security professionals of all experience levels. Contestants are typically forced to work under pressure and in scenarios that range from real-world situations to extreme, all-out cyber-warfare.
Failure To Move
Don MacVittie in his blog over at F5 commented recently on an article that we have written "What is File Virtualization?" indicating that we missed a key issue in dealing with how to handle it when your virtualization box goes down. While my defense could be that th