'Net Parrot Effect
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
Social Networks Make Great Phishing Holes (And The Crooks Know It!)
The overwhelming popularity of Facebook, Twitter, and other social networks -- as well as the nature of their members' trust in them and their content -- is proving to be bonanza for phishers. So much so that social networking scams increased a stunning 241% between early 2008 and this year.
5 Web Replacements For Traditional Tech Tools
New Web-based technology options like Box.net and Basecamp can help you get the job done quicker, easier, and less expensively. You've got nothing to lose but your resistance to change.
Don't Let Legacy Media Foil Your Forensic Investigation
When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?
Maximizing Block I/O Dollars With Thin Provisioning
Getting the most out of every storage dollar is critical in this economy and as we discussed in our last entry, viable options for optimizing file based primary storage are available now but as of yet solutions that can compress and deduplicate block I/O storage are not yet readily available. But all is not lost, there are things you can do to lower your primary storage block I/O costs.
Botnet Alert: 90% Of Email Now Spam
Nine out of ten e-mails are now spam, according to the latest Symantec/MessageLabs Intelligence Report. And more than 83% of that spam is generated by botnets, relatively unaffected by large shutdowns of spam servers.
Mobile Security: IT Pros Anything But Secure With Mobile Devices
Do as they say, not as they do might be a good description of the practices of IT professionals when it comes to mobile devices. A new survey from Credant shows that IT Professionals are not much better than anyone else when it comes to using a password to protect data stored on phones or other mobile devices.
Maximizing The Storage Budget - Capacity Optimization
In this economy, maximizing what you have and cost justifying what you need now becomes a much sought-after skill. The IT budget and the storage budget along with it are not growing in many organizations and I often hear that the budget is the same but they are not allowed to spend right now, which is worse than the budget being cut. Regardless spendable IT dollars are a precious commodity.
Could The Cloud Lead To An Even Bigger 9/11?
Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.
Forewarned Is Forearmed, Right?
Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.
Microsoft Puts Limits On Free Antivirus Downloads!
Microsoft's free antivirus and security suite, Microsoft Security Essentials, releases today, sort of. Incredibly, while millions of users have anticipated the release, only 75,000 downloads will be permitted.
Make Storage Strategic
How does your organization look at storage in the data center? Is it something you have to live with or is it something that can increase the organization's revenue or improve customer satisfaction? How do you make storage strategic to your organization?
Free Microsoft Antivirus, Security Suite Arrives Tomorrow
Tuesday is the day for release of the free public beta of Microsoft Security Essentials, Microsoft's security and anti-virus suite. The price is certainly right. Question is, will the program change the security landscape? Bigger questions is whether or not it provides the security your business needs.
Decommissioned Storage Justifies Encryption
There are many reasons to justify storage encryption; tapes falling off the back of a truck on the way to a vault for disaster recovery purposes is one, but when it comes to disk encryption not many have made the effort to encrypt disk based data. While that disk array is in your environment it should be relatively secure, except from internal threats, but what about when you decommission a storage array?
Data Leakage Through Nontraditional Networks
Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.
New Company Targets Web-Based Malware And Blacklists
Dasient, a security startup started up by former Google engineers, among others, is targeting malware that has your Web sites targeted, as well as monitoring your sites for their presence on blacklists. That last, as any business that's been blacklisted can attest, can be deadly.
Government Takes Action On Internet Badness
Sources of online criminal activity, such as Atrivo/Intercage and McColo, are no longer around. While I am not quite willing to share the full story behind these takedowns just yet, I can say that community action was the key.
Developers Often Left Out Of Security Training
A good friend was telling me recently about a risk assessment he was involved with in which his organization found some vulnerabilities in the Web application. When they asked the developer about them, the response was, "What is cross site scripting?" Wow -- how is it that in this day and age that someone, who probably considers themselves to be a competent Web developer, doesn't know XSS? Ask them about SQL injection, and the response would probably be the same.
Twitter Security Flaws: One A Day For A Month!
Twitter may be taking the world by tweetstorm (or it may be doomed) but one security researcher says that the social network carries a mess of vulnerabilities. A month's worth, in fact, and he intends to prove it, once a day, this July.
Apple Issues Java Security Updates For OS X 10.4, 10.5
Apple released security updates today for Java for Mac OS X for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later. The unfortunately reality is that Sun fixed these flaws more than six months ago. Why did Apple take so long?
Incorporating The 'CIA' Triad In Software Purchases
When talking to sysadmins and developers about security of the new software they're looking to deploy, I often end up in a discussion in which at least one or two of the CIA (confidentiality, integrity, and availability) triad is left out.
Solving Storage Performance Problems
When an application is slowing down because of poor storage I/O performance, the first step most IT professionals will take to solve the problem is to increase the physical drive count on the RAID group assigned to that application. How do you know when this will work and what are the best ways to implement this?
IT Snooping: Too Much Ado About Something?
There's been a lot of buzz lately about internal threats, and like most buzz, some of it's on-target. But some of it seems designed to make us paranoid about our employees -- to what end? Do we need to distrust everyone on our IT staffs and, by implication, everyone in our companies? And where does that get us?
Thin Provisioning Reduces The Cost Of Failure
When vendors talk about thin provisioning you will hear how it reduces CAPEX and how it increases storage admin efficiency. What you don't hear very often is how thin provisioning can reduce the cost of failure.
Cost Analysis Of Multifactor Authentication
A recent article on integrating the YubiKey, a USB token that can provide one-time passwords (OTP), and WordPress reminded me of how few people I know actually use multi-factor authentication to secure their resources. Instead, they rely on the passwords for users to authenticate to Websites and VPNs with nothing in between them and an attacker who might steal that password. The insecurity of passwords is a topic that's b
Hacking Challenge Shows XSS Still King
Last week, another company got egg on its face by running a "we're-so-secure-you-can't-hack-our-stuff contest." When are companies going to learn claims like that always backfire?
Trend Micro Tightens Defenses Against SMB Data Leaks
The latest version of Trend Micro's data loss protection (DLP) package, LeakProof 5.0, comes in two flavors: one for monitoring users and confidential data, the other covering those elements, but also providing tools for protecting intellectual property as well as confidential information.
Cloud Storage's Next Move: Archive
Cloud storage for the most part is being used today as a backup medium or for collaboration, but the next big step and where cloud storage may be at it's best is an archive repository to meet the enterprise's growing data retention and compliance demands.
Hackers Claim To Have Pwned US T-Mobile. As In: Everything.
It's not the kind of forum post an executive would like to see created about their company. It's not a leaked rumor about an upcoming product or service, or even a ranting upset customer. Nope. It's a group claiming to have controlled portions of your IT network for a long time.
And they published what looks to be proof of the breach. T-Mobile is investigating.
Former Hacker Named To Homeland Security Advisory Council
The Obama administration has said it wanted to bring a new approach to government, and a renewed emphasis on national cybersecurity efforts. And maybe that's what the administration was shooting for when it appointed Jeff Moss (also known as "Dark Tangent") and founder of the annual DefCon and Black Hat hacker conferences to the Homeland Security Council.
Trust And Web Ad Services
Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?
What Is Deduplication And Why Should You Care?
A couple of days ago I was speaking at an event in Dallas and was reminded that sometimes those of us in storage get too wrapped up in, well, storage and that IT professionals have other things to worry about than just storage. I asked the audience how many of them had done anything with deduplication. Only 30% had, although 100% wanted to know more.
Disaster Recovery: Location, Location, Location
A comment from a reader offers a reminder that effective disaster recovery planning -- and successful DR in the event of disaster -- requires more than just IT and personnel planning. You have to know where those resources are going to be able to work.
Disclosure Helps Bad Guys -- But Not The Way You'd Think
When publicly disclosing new attack techniques or simplifying older ones, many researchers -- including myself -- have been accused of indirectly assisting the bad guys by schooling them in their evil ways. Admittedly, we can never really be sure we're not helping them, but at the same time, we can't be certain the bad guys don't already know what we do.
For SMBs, Being Security-Savvy Doesn't Always Mean Doing It Yourself
When it comes to security, most security professionals -- indeed, most Dark Reading readers -- are do-it-yourselfers. They do their own research, find their own bugs, and remediate their own systems. It's almost a rite of passage -- if you have to ask for help, you can't be a real security pro.
But I wonder, sometimes, if this attitude doesn't hurt small and midsize businesses, in which having even one full-time security professional is more than many can afford. Such businesses are ju