Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
2010 Security Dreams? GFI Says "Dream On!"
Sometimes you've just got to smile, and GFI security expert David Kelleher gave me more than one with his dreams of a security utopia in 2010. Dream on is more like it.
2010 Threat Environment: New Year's Familiar Fears
Saying goodbye to 2009 won't, alas, let us say goodbye to many of the year's top threats, which promise to linger and persist into 2010, even as the New Year brings new threats, as well as new versions and varieties of the old ones.
Mobile Botnets: A New Frontline
There has been a recent rash of worms and malware targeting (jailbroken) iPhones. A group of researchers from SRI International published a study of an Apple iPhone bot client, captured just before Thanksgiving.
Global CIO: My 5 Favorite Cover Stories Of 2009
From a year's worth of InformationWeek cover stories, here's a very personal list. And I'm already regretting some I didn't pick.
Data Masking Primer
Data masking is an approach to data security used to conceal sensitive information. Unlike encryption, which renders data unusable until it is restored to clear text, masking is designed to protect data while retaining business functionality.
5 Security Predictions For 2010
Varonis shares five security trends that will impact SMBs in the coming year.
Fixing The Security Disconnect
A disconnect often exits between security teams and the population they service. I'm not referring to just users -- of course, you'll pretty much always find a rift between security and users -- but instead I mean the disconnect that often occurs among network groups, system administrators, developers, and similar groups.
Global CIO: A Holiday Miracle: Do You Believe In Angels?
Our recent column "The Thanksgiving Angels Of Flight 3405" sparked dozens of letters so we're rerunning it for Christmas and the holiday season. Do you believe?
Security PR: How To Disclose A Vulnerability
When your team discovers a new security vulnerability in a third-party product, there are ways to handle it correctly to achieve maximum visibility.
Global CIO: Oracle's Incredible Profit Machine: 22% Maintenance Fees
How important are your 22% annual fees to Oracle? It earned $3 billion on those fees last quarter while losing $800 million across the rest of the company.
2010 Year Of Fibre Channel-Over-Ethernet?
Will 2010 be the year of Fibre Channel-Over-Ethernet (FCoE)? I am always hesitant to predict that any particular year with be "the year" but I do think that FCoE will move out of conversation and testing phases and more into production.
Paper-Based Breaches Just As Damaging
IT tends to forget about things that aren't electronic. But you remember that stuff called paper, right? Have you considered that printed documents are just as damaging to a company's reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server?
Global CIO: Glimmers Of Growth In Outlook 2010 Research
Our exclusive research shows IT shops may spend more this year, but not much on hiring people.
Season's Security Greetings: 12 Holiday Tips To Keep Your Data Safe
'Tis the season -- for holiday time off, extended trips, office parties... and security negligence. Time to tighten the defenses and clamp down on the user indulgences. No Grinch or Scrooge stuff here: Just a few tips for keeping your workplace systems and data safe, as well as merry and bright.
Global CIO: The Top 10 CIO Issues For 2010
For CIOs, 2010 will require new emphases on customers, revenue, external information, and a passion for rapid change.
SkyGrabber Is For Porn, Not For Hacking Predator Drones
According to a sensationalized news story from late last week, Iraqi insurgents have intercepted live feeds from Predator drones. But the story's facts seem fishy: it claims the $26 off-the-shelf software product, SkyGrabber, was used to intercept live video feeds from U.S. Predator drones. But SkyGrabber does not have this ability.
Making Your IDS Work For You
Talk to anyone who knows anything about running an intrusion detection system (IDS), and he will tell you one of the most important processes during the initial deployment is tuning. It's also one of the important operational tasks that go on as new rules are released to make sure they are relevant to the environment you're tasked to protect.
Global CIO: Oracle CEO Larry Ellison On The Future Of IT
Ellison speaks out on Oracle's new Sun-enabled strategy and how that points to where the entire IT industry is headed.
Security Reminders From "Hacked" Predator Drones
The Wall Street Journal reported today that Iraqi militants are able to intercept live feeds from U.S. military predator drones with standard hardware equipment and a $30 software application.
Improved Security In Microsoft Office 2010
Microsoft has made Office 2010 available in public beta. After playing around with it for a while, I am not yet sure I need any of the new functionality.
Global CIO: Oracle-Sun A Bad Deal? Only A Fool Would Say That
Oracle buying Sun is bad business, says Motley Fool, but that analysis is simply, well, foolish. Here's why.
Christmas Wish List: Patching & Whitelisting
Christmas is next week, and if I were putting together a wish list of things to help lock down my enterprises, I'd have to put patch management and application whitelisting at the top. Why? It's simple. The two together could deliver the one-two punch to knockout the majority of compromises I've been seeing lately.
2010 Cybercrime Goals: Symantec
What do cybercrooks want next year? According to Symantec Hosted Services, they want bigger and badder botnets, pathways through CAPTCHA traps, local language spam and plenty of hooks as good as Michael Jackson and Tiger Woods.
Global CIO: The World's Largest Private Cloud: Who's Number One?
Its 13 petabytes include archived data from the world's top banks and pharma companies, and it's growing rapidly. The owner's name starts with A -- but it's not Amazon.
2010 Storage Trends Scale Out Storage
This time of year I am always asked what storage trends will take off during the next year. I often resist because it is very hard to get it right. What I try to do is see what is likely to gain traction in the coming year. Over the next few entries we will explore some of the 2010 storage trends that you ought to be paying attention to. One of those is scale out storage.
Global CIO: Welcome To The CIO Revolution, Circa 2010
After the craziness that was 2009, what are the top strategic priorities for CIOs in 2010? Four world-class CIOs share their insights.
U.S. And Russia Talk Internet Security
According to news reports, the American and Russian governments are engaged in talks designed to pave a way for a more secure Internet and a treaty to limit certain types of cyberweapons.
What It Takes To Have True Visibility Into Web Attacks
I'm one of those people who takes extensive notes but rarely goes back and read them. Today was one of those exceptions: I was looking through Evernote for something, and a statement I'd copied some time ago stuck out.
Trojan Buzus Attack Passes 1.5 Million Infected Sites
A widlfire-fast SQL injection that started picking up speed last week hasn't slowed down. Last week's hundreds of thousands of compromised sites have grown to more than 1.5 million, eSoft reports.
Global CIO: Oracle's EU Nemesis Mocked Intel After $1.5B Fine
After fining Intel $1.5 billion, top EC bureaucrat Neelie Kroes joked about Intel sponsoring European taxpayers. What sort of joke was she planning for Oracle?
Global CIO: Oracle Customer Comments Will Force EU To Yield
Oracle customers last week crushed the EU's case against Oracle by saying its databases don't compete with MySQL. But will the EU listen?
Why Stop At Automated Storage Tiering?
Automated tiering, the transparent movement of data based on activity or type, is quickly proving itself to be a hot consideration for storage managers but why stop at automated tiering? Can't we make the entire storage ecosystem respond automatically based on environmental conditions and its available resources?
Security PR: How To Talk To Reporters
Here are some tips for security professionals and security public relations representatives on how to pitch reporters when you have something new and exciting to share.
Global CIO: Riverbed Sees Cloud Computing Boom In 2010
With CIOs looking to the cloud to help rekindle growth and CEOs dazzled by the economic promise, Riverbed is very bullish on cloud computing.
How Organizations Get Hacked
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.
Using Facebook To Social-Engineer A Business
My firm was recently asked to compromise a company's network infrastructure using intelligence available from the Internet. The client's CIO was worried that social networking sites provided too much information about its employees and the company, so we discussed the possibility of using information gained from social networking sites to social-engineer our way into the customer's facility and, ultimately, into its network.
Top 15 Threats: How The Crooks Are Coming At You
The latest Verizon Data Breach Report lists the top outside threats -- keyloggers, spyware, SQL injections, remote access and control -- and inside threats -- access and privilege abuse, usage and other policy violations -- that businesses have faced. The report is based on actual business's data breach experiences.
Global CIO: Why SAP Won't Match Oracle's 22% Maintenance Fees
Here are five reasons why SAP won't make the awful mistake of raising annual maintenance fees to match Oracle at 22%.
Detecting Viral Persistence
Persistence is something that malware strives to achieve. If malware cannot survive the monthly reboot due to the Microsoft patch cycle or the usual Windows troubleshooting process (reboot first!), then it's going to have a short lifetime and little effectiveness. There are a few exceptions to the rule in terms of persistence.
New Cloud-Based Wireless Password Cracker
Security reports have consistently pointed out weak or default passwords as a major source for data breaches, similar to the recent Verizon Data Breach Study. Now there's a new service that tests the strength of passwords used in the encryption of wireless access points.
5 Tips To Help SMBs Stop Identity Theft
Many SMBs like to think identity theft is someone else's problem. Sure, consumers have to worry about it, and so do large corporations that collect information on millions of customers. But not smaller companies, right? After all, who'd bother targeting a run-of-the-mill SMB?
Global CIO: IBM Supports Oracle But Microsoft Kisses EU Ring
IBM exec Steve Mills says MySQL doesn't compete with Oracle, but Microsoft obsequiously awaits its chance to kiss the EU's ring by demonizing Larry Ellison's company.
When Controllers Fail
What are the chances of a controller failing in a storage system? I don't know the exact statistic but its safe to assume that its pretty low. When they do fail, the ramifications can be extreme, especially in the increasingly virtualized data center that counts on shared storage. Active-Active controllers provide the protection from controller failure but they are a bit of a misnomer. Both controllers are being used but they are assigned to specific workloads.
Global CIO: General Motors CIO On 4 Essential IT Skills
He'd like to hire people with all 4 into the new GM. But how can IT pros get this broad experience?
Bank Login Stealing Trojan Threat Grows
Cisco released its Cisco 2009 Annual Security Report this morning, and it contains some interesting insight on many of the vulnerabilities and threat vectors we face today.
A Real Insider Threat Story
I was sitting at my desk when my phone rang. I answered, and it was a large pharmaceutical company that was interested in consulting services. It had noticed a trend with one of its foreign competitors. Every time it went to release a new product (in this particular case a new drug), one of its competitors would release a similar drug with a similar name, several weeks before it, beating it to market.
Global CIO: Steve Jobs Is Bugs Bunny But Microsoft Is Elmer Fudd
Windows 7 is nice, Bing is neat, Sharepoint is solid, and Azure is promising. But does Microsoft scare the crap out of any of its competitors anymore?
Global CIO: The 50 Top Tech Quotes For 2009, Part II
"Take two of the five most-profitable businesses in China: they don't pay for their software." We've got 24 more great quotes in Part II of our best of 2009.
'Capture The Flag' Contest Targets End Users
Capture the flag (CTF) competitions and similarly organized scenario-based "games" can be a great learning experience for security professionals of all experience levels. Contestants are typically forced to work under pressure and in scenarios that range from real-world situations to extreme, all-out cyber-warfare.
Failure To Move
Don MacVittie in his blog over at F5 commented recently on an article that we have written "What is File Virtualization?" indicating that we missed a key issue in dealing with how to handle it when your virtualization box goes down. While my defense could be that th
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
