Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
'Net Parrot Effect
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
Social Networks Make Great Phishing Holes (And The Crooks Know It!)
The overwhelming popularity of Facebook, Twitter, and other social networks -- as well as the nature of their members' trust in them and their content -- is proving to be bonanza for phishers. So much so that social networking scams increased a stunning 241% between early 2008 and this year.
5 Web Replacements For Traditional Tech Tools
New Web-based technology options like Box.net and Basecamp can help you get the job done quicker, easier, and less expensively. You've got nothing to lose but your resistance to change.
Social Network Users Increasingly Under Siege
We all knew this was coming. As Social Networks gained in popularity, they'd become more juicy targets. Now we're starting to see some data.
Don't Let Legacy Media Foil Your Forensic Investigation
When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?
Maximizing Block I/O Dollars With Thin Provisioning
Getting the most out of every storage dollar is critical in this economy and as we discussed in our last entry, viable options for optimizing file based primary storage are available now but as of yet solutions that can compress and deduplicate block I/O storage are not yet readily available. But all is not lost, there are things you can do to lower your primary storage block I/O costs.
Botnet Alert: 90% Of Email Now Spam
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.
Think PCI DSS Stinks? Here's Your Chance To Deodorize
There's been plenty of complaints about the Payment Card Industry Data Security Standard (PCI DSS), since it went into effect in 2005. Next week, stakeholders, will have a chance to do something about it.
EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.
The Iranian 'Proxy War'
Iranians are using proxies worldwide to circumvent government censorship.
Mobile Security: IT Pros Anything But Secure With Mobile Devices
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.
Maximizing The Storage Budget - Capacity Optimization
In this economy, maximizing what you have and cost justifying what you need now becomes a much sought-after skill. The IT budget and the storage budget along with it are not growing in many organizations and I often hear that the budget is the same but they are not allowed to spend right now, which is worse than the budget being cut. Regardless spendable IT dollars are a precious commodity.
Could The Cloud Lead To An Even Bigger 9/11?
Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.
Forewarned Is Forearmed, Right?
Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.
Microsoft Puts Limits On Free Antivirus Downloads!
Microsoft's free antivirus and security suite, Microsoft Security Essentials, releases today, sort of. Incredibly, while millions of users have anticipated the release, only 75,000 downloads will be permitted.
Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks
You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.
Make Storage Strategic
How does your organization look at storage in the data center? Is it something you have to live with or is it something that can increase the organization's revenue or improve customer satisfaction? How do you make storage strategic to your organization?
Free Microsoft Antivirus, Security Suite Arrives Tomorrow
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.
Facebook Scam: I'm Stranded In London. Send Money!
Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
Decommissioned Storage Justifies Encryption
There are many reasons to justify storage encryption; tapes falling off the back of a truck on the way to a vault for disaster recovery purposes is one, but when it comes to disk encryption not many have made the effort to encrypt disk based data. While that disk array is in your environment it should be relatively secure, except from internal threats, but what about when you decommission a storage array?
Data Leakage Through Nontraditional Networks
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
Twitter Worm InvitesTweet Trouble
The latest Twitter worm arrives in the form of an invite -- but it's an invitation only to trouble.
iPhone 3.0 Software Sports Snazzy New Features, Sure: It Also plugs a Whopping 46 Security Flaws
The nearly four dozen security holes filled in the iPhone 3.0 software published by Apple yesterday have gone nearly ignored with all of the buzz surrounding the new features. But these flaws aren't anything you want to put on hold.
MessageLabs Launches IM Security Service
Symantec's MessageLabs has unveiled an Instant Messaging security service in response to a sharp increase in the number of malicious urls in IMs.
New Company Targets Web-Based Malware And Blacklists
Dasient, a security startup started up by former Google engineers, among others, is targeting malware that has your Web sites targeted, as well as monitoring your sites for their presence on blacklists. That last, as any business that's been blacklisted can attest, can be deadly.
Government Takes Action On Internet Badness
Sources of online criminal activity, such as Atrivo/Intercage and McColo, are no longer around. While I am not quite willing to share the full story behind these takedowns just yet, I can say that community action was the key.
Developers Often Left Out Of Security Training
A good friend was telling me recently about a risk assessment he was involved with in which his organization found some vulnerabilities in the Web application. When they asked the developer about them, the response was, "What is cross site scripting?" Wow -- how is it that in this day and age that someone, who probably considers themselves to be a competent Web developer, doesn't know XSS? Ask them about SQL injection, and the response would probably be the same.
Data-Encryption Critics Play A Dangerous Game
Is encryption "overrated" as a data-security tool? Only if your company has a death wish.
Twitter Security Flaws: One A Day For A Month!
Twitter may be taking the world by tweetstorm (or it may be doomed) but one security researcher says that the social network carries a mess of vulnerabilities. A month's worth, in fact, and he intends to prove it, once a day, this July.
Dark Reading Launches Database Security Tech Center
Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.
Apple Issues Java Security Updates For OS X 10.4, 10.5
Apple released security updates today for Java for Mac OS X for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later. The unfortunately reality is that Sun fixed these flaws more than six months ago. Why did Apple take so long?
Incorporating The 'CIA' Triad In Software Purchases
When talking to sysadmins and developers about security of the new software they're looking to deploy, I often end up in a discussion in which at least one or two of the CIA (confidentiality, integrity, and availability) triad is left out.
Solving Storage Performance Problems
When an application is slowing down because of poor storage I/O performance, the first step most IT professionals will take to solve the problem is to increase the physical drive count on the RAID group assigned to that application. How do you know when this will work and what are the best ways to implement this?
Working With Security Service Providers: What Every Small Business Should Know
Our friends at DarkReading say choosing the right security provider is only the beginning. The real keys lie in setting expectations and building relationships - you can't just hire a security provider and forget about it.
IT Snooping: Too Much Ado About Something?
There's been a lot of buzz lately about internal threats, and like most buzz, some of it's on-target. But some of it seems designed to make us paranoid about our employees -- to what end? Do we need to distrust everyone on our IT staffs and, by implication, everyone in our companies? And where does that get us?
Thin Provisioning Reduces The Cost Of Failure
When vendors talk about thin provisioning you will hear how it reduces CAPEX and how it increases storage admin efficiency. What you don't hear very often is how thin provisioning can reduce the cost of failure.
Isilon Debuts New Appliance to Speed Backups
The Backup Accelerator appliance works with Isilon's NAS cluster to speed up backups of file-based data.
Cost Analysis Of Multifactor Authentication
A recent article on integrating the YubiKey, a USB token that can provide one-time passwords (OTP), and WordPress reminded me of how few people I know actually use multi-factor authentication to secure their resources. Instead, they rely on the passwords for users to authenticate to Websites and VPNs with nothing in between them and an attacker who might steal that password. The insecurity of passwords is a topic that's b
You're Secure. Now What About Your Vendors And Providers?
Having spent time and resources securing your own network, shouldn't you make sure that your customers, vendors, and providers have made the same effort?
Hacking Challenge Shows XSS Still King
Last week, another company got egg on its face by running a "we're-so-secure-you-can't-hack-our-stuff contest." When are companies going to learn claims like that always backfire?
Trend Micro Tightens Defenses Against SMB Data Leaks
The latest version of Trend Micro's data loss protection (DLP) package, LeakProof 5.0, comes in two flavors: one for monitoring users and confidential data, the other covering those elements, but also providing tools for protecting intellectual property as well as confidential information.
Cloud Storage's Next Move: Archive
Cloud storage for the most part is being used today as a backup medium or for collaboration, but the next big step and where cloud storage may be at it's best is an archive repository to meet the enterprise's growing data retention and compliance demands.
Hackers Claim To Have Pwned US T-Mobile. As In: Everything.
It's not the kind of forum post an executive would like to see created about their company. It's not a leaked rumor about an upcoming product or service, or even a ranting upset customer. Nope. It's a group claiming to have controlled portions of your IT network for a long time.
And they published what looks to be proof of the breach. T-Mobile is investigating.
Former Hacker Named To Homeland Security Advisory Council
The Obama administration has said it wanted to bring a new approach to government, and a renewed emphasis on national cybersecurity efforts. And maybe that's what the administration was shooting for when it appointed Jeff Moss (also known as "Dark Tangent") and founder of the annual DefCon and Black Hat hacker conferences to the Homeland Security Council.
Trust And Web Ad Services
Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?
What Is Deduplication And Why Should You Care?
A couple of days ago I was speaking at an event in Dallas and was reminded that sometimes those of us in storage get too wrapped up in, well, storage and that IT professionals have other things to worry about than just storage. I asked the audience how many of them had done anything with deduplication. Only 30% had, although 100% wanted to know more.
Disaster Recovery: Location, Location, Location
A comment from a reader offers a reminder that effective disaster recovery planning -- and successful DR in the event of disaster -- requires more than just IT and personnel planning. You have to know where those resources are going to be able to work.
Microsoft Squashing Six Critical "June Bugs" in IE, Windows, and Office Apps
The software maker said today that it deliver a total of ten patches next week, which is about average for a Patch Tuesday. Six of the 10, however, are rated critical.
Disclosure Helps Bad Guys -- But Not The Way You'd Think
When publicly disclosing new attack techniques or simplifying older ones, many researchers -- including myself -- have been accused of indirectly assisting the bad guys by schooling them in their evil ways. Admittedly, we can never really be sure we're not helping them, but at the same time, we can't be certain the bad guys don't already know what we do.
For SMBs, Being Security-Savvy Doesn't Always Mean Doing It Yourself
When it comes to security, most security professionals -- indeed, most Dark Reading readers -- are do-it-yourselfers. They do their own research, find their own bugs, and remediate their own systems. It's almost a rite of passage -- if you have to ask for help, you can't be a real security pro.
But I wonder, sometimes, if this attitude doesn't hurt small and midsize businesses, in which having even one full-time security professional is more than many can afford. Such businesses are ju
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
