End Users Lax With Company Data
A new security study shows end users from around the world treat data and corporate systems with little respect for the potential consequences. When it comes to corporate data, which is actually often customer data, there's little regard for security.
New DoS Attack Is a Killer
Things are a-brewin' in Sweden. Sweden is not just home of the infamous bikini team, it is also the home of Outpost 24, an equally sexy software-as-a-service network scanning service, and the employer of my friend Robert E. Lee and his colleague Jack C. Louis. These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking
Can You Prove Compliance In The Cloud?
Whether you're in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren't able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.
Scareware Purveyors To Get Legal Thrashing
We've previously warned about the rising number of scareware threats attempting to scam Internet users. Now Microsoft and the state of Washington are gnashing their legal teeth. Will it work?
Free Cloudmail Continuity Offer From LiveOffice
Snailmail may be immune to rain, sleet snow, etc. but heavy weather can wreak heavy damage -- and outright interruption and downtime -- on your e-mail traffic. A new free service from LiveOffice argues that the solution to storm clouds' potential for disruption lies in the digital Cloud.
Mozilla Fixes Password Management Gaffe
Just after Mozilla released Firefox version 3.0.02, which fixed a bevy of security problems, the foundation had to issue a notice to users about a flaw that could keep users from accessing and even creating passwords under some conditions.
Astaro Debuts E-mail Spam Fighter For SMBs
Everybody hates spam. It clogs inboxes and online traffic, cuts productivity, and holds out false hope of riches, romance, and hair. Astaro's new Mail Gateway is designed to help your company deal with spam and other e-mail issues without spending a lot of money.
Senate Committee Approves Updated FISMA Bill
The Senate Homeland Security and Government Affairs Committee just approved S.3474, which will update the Federal Information Security Management Act (FISMA), in the hope of lifting federal security efforts beyond what many have deemed a paperwork shuffle that does little to boost security.
One In Ten Computer Users Don't Have A Clue About Security
They've got computers, they've got apps and they've almost undoubtedly got confidential data, but a new study from privacy company Steganos found that nearly 10 percent of computer users didn't know if they had anti-virusware installed. And it gets worse...
Speed Is The SSD 'Killer App'
In a recent blog entry I provided a time line on when I thought SSD would become the dominant storage type for what is currently the active storage tier. One of the key enablers of this will be the increasing need for speed and mechanical hard drives' lack of ability to deliver it in a cost- effective manner.
North American Companies Embracing Security Outsourcing
The U.S. managed security services market is booming, and set to double in size in the next few years? MSSPs have been around, in one iteration or another, for as long as I can remember. Why is the market set to rock now?
Risky Employee Web Use: Cloud Storms Gathering
How are you going to keep them on task when they can go to the Web? is not only a productivity question, it's a growing security concern. A new study indicates the concern is growing fast.
Information Cards Are Awesome; But Are Identifying Parties Really Ready To Do This Right?
Perhaps the greatest thing about information cards is that they might finally free us from the purpose-defeating and idiotic practice of using Social Security numbers as a nigh-universal identifier. But it won't work unless the Identifying Parties find a way to balance security with portability, and can smartly manage distribution, expiration, and destruction.
McAfee Acquires Secure Computing
McAfee is buying Secure Computing for $465 million, rounding out its network security business and strengthening its security risk management offerings among companies of all sizes.
Cloud Storage 2.0
Cloud storage 1.0 as it exists today has one primary service; it stores data. Not very exciting. Cloud storage 2.0 will have to provide the ability to do more with that data than just store it.
Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. Up until we started virtualizing servers, you generally only needed this at the network switch level. Now with the multitenant nature of virtualization hosts, we need QoS at the network interface.
Palin E-Mail Hack Was "Easy"; FBI Investigating
Person who purportedly hacked VP hopeful Sarah Palin's Yahoo E-mail account posted what he or she claimed to be a first-person account of the attack. Meanwhile, the FBI is on the case of the pwned candidate's account.
From VMworld To Houston...
Sorry for the delay in getting this entry posted. I arrived in Houston last night to a city that is about 60% blacked out, including my office. Thanks to the kindness (a common theme in Houston) of a local storage integrator, Unique Digital, I am able to be back in business and send you today's entry, "From VMworld to StorageWorld."
VP Hopeful Sarah Palin's Yahoo E-Mail Account Hacked
A team of hackers dubbed "Anonymous" claims to have breached vice presidential hopeful Gov. Sarah Palin's Yahoo e-mail account, based on a number of announcements and screenshots posted to the Web and Wikileaks.org
SEC Fines Wall Street Firm LPL
The Securities and Exchange Commission took -- relatively -- harsh action against financial services firm LPL Financial for failing to protect its customer data. While the fine levied against LPL certainly isn't the most important news to break on Wall Street this week, it is the first step in what I hope is a long-term harsher stance taken by the SEC.
Survived Ike? Time Will Tell...
Ike tore through Houston, home one of our office and our lab. Once again, businesses have to learn that surviving the initial hit is only the beginning. The "P" part of a Disaster Recovery Plan is very critical to the long-term survival of the business.
UAE Bank Breach Spreads
International investigators still aren't sure, or they're not saying, how criminals managed to generate counterfeit bank and credit cards of legitimate users and conduct fraudulent charges from about 20 countries.
FCoE Or iSCSI, Does It Really Matter?
There is a lot of debate about Fibre Channel over Ethernet and converged network adapters. A CNA is a 10-GbE network interface card that supports multiple data networking protocols, basically TCP/IP traffic and storage networking. These adapters are going to support Fibre Channel over Ethernet (FCoE). The plan is to reduce networking cost of ownership by converging the data and storage networks onto a single adapter, which results in lower adapter, cabling, switch, power, and cooling costs.
Password Crackers For Hire
Earlier this week we wrote about how attackers are selling bogus security software suites to not only rip unsuspecting Web surfers off, but also infect their systems with malware. Now, an IBM researcher says many of those Webmail online password "recovery" services may actually be hackers for hire.
XP Security 'Scareware' Scams Skyrocketing
More users than ever before seem to be falling for scams being levied by fraudsters looking to make a quick -- and lucrative -- buck from bogus security applications. It's sad to see people get scammed from their money when they're seeking some level of protection from Internet threats -- but instead they end up paying to install software that does nothing, at best, or is in fact itself malware. At least one security firm says criminals are raking in hundreds of thousands a month doing so.
Top Tips For Preventing Identity Theft
Your customers' and clients' private information should be as important to you as their business -- and should be protected just as carefully, according to a new book on identity theft prevention techniques. Take a look at the top tips below.
Google Chrome Polishes Its First Security Update
Last week, Google released its shiny new Chrome browser. However, before the week finished, Google also had to issue a patch for one of security's most common -- and most well-known to developers -- application security issues: a buffer overflow vulnerability that would make it possible for an attacker to completely take over your system.
Security Finally a CEO Level Concern
Facing an ongoing threat from hackers and needing to comply with more government regulations have forced many businesses to recognize security as an important corporate initiative. Consequently, companies are increasing their spending on security products as well making it a top management concern.
Cloud Storage's Weakness
Cloud storage has one glaring weakness compared with traditional storage offerings; it does not get cheaper over time. Today, some services each year will increase your capacity at "no extra charge," but you are still paying the same amount of money for data written last year and data written this year.
In The Cloud, Architectures Matter
There is a common statement that I hear when talking with members of the cloud community, that the user should not be concerned with what is the architecture of the cloud. I disagree -- details matter.
Google Picasa Picture-Perfect For Spammers
Google's picture-sharing service, Picasa, has found favor not only with image-happy users, but also as a filter-evading route for spammers to stuff your mailbox with junk, according to a new Message Labs report.
Google Chrome Security Risks Already Announced
Barely a day after Google's new browser was released, Chrome is showing some scratches: researchers have pointed out known security vulnerabilities that can put users at risk of malicious exploits.