| |
| Current Topic: Tech Industry |
|
Virtualization security: So far nothing |
|
|
|---|
| Topic: Tech Industry |
11:45 pm EST, Jan 20, 2009 |
In April 2004 I wrote my first article on the topic of virtualization security. I was trying to bring attention to the security aspects of this "new" technology that was getting quite a bit of hype at the time. The hope was that this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naiveté of youth!
...
Once again, the answer surprised us (though perhaps it shouldn't). Only 9.6% of participants are deploying any security tools specially designed to deal with virtualization. Another 21.2% expect to do so within the next three years. A whopping 69.3%, though, have no plans at all to do anything specifically aimed at securing their virtual environments. Virtualization security: So far nothing |
|
U of Tennessee finds 'bonus benefits' in log management |
|
|
|---|
| Topic: Tech Industry |
2:43 pm EST, Jan 19, 2009 |
Meanwhile, I recently talked with James Perry, the Information Security Officer at the University of Tennessee about his use of log management. His department has been using ArcSight Logger since July 2008, and he’s still finding interesting use cases. Here’s a look at some of them and how his organization is benefiting from log management. At the same time, the environment can’t be a free-for-all. The university network serves 159 merchants such as bookstores, coffee shops and other sales operations. This means there is a requirement for PCI compliance. Two of the campuses work with medical data. That means HIPAA compliance. There’s financial data, meaning GLBA compliance, and so on. As you can see, the need to log and monitor all activities for compliance purposes was a big driving factor in the university acquiring a log management product. What’s more, like most organizations today, the university is experiencing budget cuts, so Perry was forced to improve security and operations with fewer resources. Log management has helped to achieve the latter objective as well. U of Tennessee finds 'bonus benefits' in log management |
|
AirWave supports latest payment-card industry security mandates |
|
|
|---|
| Topic: Tech Industry |
2:41 pm EST, Jan 19, 2009 |
Aruba Networks has released an updated version of its wireless management software, with changes that let retailers and others monitor compliance with the latest payment-card security standards. The company's AirWave Wireless Management Suite 6.2 now can track compliance with version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS).The suite can create an array of reports documenting where the wireless network is in sync with the standard, and where it's not. The software update also includes placement suggestions for radio sensors; support for Cisco LWAPP 5.1/5.2 features; monitoring of Cisco 871w routers and remote Aruba access points; and the ability to accept a management trap by a Cisco WLAN controller as soon as it happens rather than waiting for a periodic polling of that controller. AirWave supports latest payment-card industry security mandates |
|
U.S. plots major upgrade to Internet router security |
|
|
|---|
| Topic: Tech Industry |
2:35 pm EST, Jan 19, 2009 |
The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications. DHS is funding two key initiatives related to enhancing routing security: Resource Public Key Infrastructure (RPKI), which adds authentication to the delegation of IP address blocks by the registries to ISPs and enterprises; and BGPSEC, which adds digital signatures to BGP announcements. (Maughan says he's modeling the BGPSEC initiative after the agency's DNSSEC effort, which has involved the National Institute of Standards and Technology [NIST] and the Internet Engineering Task Force [IETF].) With RPKI, the regional Internet registries are putting together a public key infrastructure to authorize IP address delegations from the Internet Assigned Numbers Authority (IANA) to the five regional Internet registries, including ARIN. Then the registries would authenticate the assignment of IP addresses and IP routing prefixes known as autonomous systems that are used by network operators. U.S. plots major upgrade to Internet router security |
|
Cisco CTO could be tapped by Obama |
|
|
|---|
| Topic: Tech Industry |
11:47 am EST, Jan 19, 2009 |
Cisco's CTO Padmasree Warrior is one of the top two candidates for the first U.S. CTO, expected to be named any day now, according to published reports. The 46-year-old candidate was formerly CTO at Motorola, where she worked for 23 years, and has worked for Cisco for the past 13 months. She skirted her prospects as federal CTO when asked about them by BusinessWeek via e-mail. Instead she addressed generalities. "Smart networking technologies and IT play a critical role in transforming government, energy, education and healthcare," she said. When she joined Cisco, Warrior laid out her philosophy about technology. "I enjoy envisioning and creating the future," she wrote in her blog, "and leveraging technology leadership for business growth. Expertise, experience, energy -- these exemplify my platform for achievement." Cisco CTO could be tapped by Obama |
|
Paris Hilton’s official web site serving malware |
|
|
|---|
| Topic: Tech Industry |
12:03 pm EST, Jan 14, 2009 |
So many jokes here... ----- The official web site of Paris Hilton (parishilton.com) has been embedded with a malicious iFrame, automatically exposing visitors to client-side vulnerabilities and banker malware, according to researchers from ScanSafe. Upon closer analysis, it appears that the site has been infected on the 8th of January, Thursday, becoming the very latest legitimate site whose use of outdated web application software led to its exploitation. Moreover, just like we’ve seen in previous related attacks, Hilton’s site compromise is a part of bigger malware campaign affecting several thousand sites, and is not being exclusively targeted. Paris Hilton site infected with malwareA javascript embedded at the bottom of the site, is actually an iFrame that used to point to the now down you69tube .com/flvideo/.a/.t/index .php. Once the downloader is executed it attempts to download another binary from the same site, including configuration files from several other sites among which is ManggaTv.com. The abuse and use of legitimate infrastructure as a foundation for the entire malicious campaign, is a common practice applied by cybercriminals these days. For instance, in this campaign not only is the official web site of a popular celebrity used to acquire the traffic, but also, another legitimate site is used as a dropzone for the configuration file of the banker malware. Paris Hilton’s official web site serving malware |
|
Windows 7: The Linux killer |
|
|
|---|
| Topic: Tech Industry |
10:19 pm EST, Jan 12, 2009 |
This guy is smoking something... ----
Microsoft has long been worried about Linux competition in the server market. When it came to ordinary PCs and laptops, however, it knew it had little to fear. But that was then. Now Microsoft may fear Linux on the desktop as much as it does the Mac. It's finally taking Linux seriously as a desktop operating system, and it has designed Windows 7 to kill it. Let me explain. Windows 7: The Linux killer |
|
Google helping expand undersea cable infrastructure |
|
|
|---|
| Topic: Tech Industry |
9:13 pm EDT, Aug 26, 2008 |
On Tuesday, the Web site TeleGeography reported that Google has joined a consortium to build an intra-Asia undersea cable called the Southeast Asia Japan Cable to connect Japan, Guam, Singapore, Hong Kong, the Philippines, and Thailand. Earlier this year, Google joined a group to build an undersea cable linking Japan to the United States. The consortium building the new intra-Asia cable has many of the same members as the consortium developed for the Japan-U.S. cable, including Google, Bharti, SingTel, KDDI, and Global Transit. There is already a lot of competition along this Southeast Asia route, where several cables have already been planned. As a result, the new intra-Asia SAJC cable won't likely be ready until 2011, TeleGeography analyst Alan Mauldin said in the report. Google helping expand undersea cable infrastructure |
|
Faster iPhone faster! Kill!! Kill!!: Expect a 3G iPhone by Christmas. |
|
|
|---|
| Topic: Tech Industry |
2:05 pm EDT, Jul 6, 2007 |
My challenge here is to write the one zillionth iPhone story (and MY third) without repeating too much what has been written before or failing to include at least a couple new items which -- trust me -- you'll find below. This column is mainly about how to properly manage the introduction of a disruptive technology, which is harder than most people would guess. It's also about how Apple plans to make this an iPhone Christmas. Yeah, what about Christmas? Apple couldn't risk introducing the iPhone at Christmas. They had to get all the bugs out before Christmas in order for the iPhone to be a risk-free gift. Knowing that the phones work, and work well, people can get used to the idea of giving them as gifts. That's one reason why it is easy to predict that iPhone sales for Christmas will be robust. Only for Steve Jobs "robust" is not enough. He wants iPhone Christmas sales to EXPLODE. How do you make that happen? Faster iPhone faster! Kill!! Kill!!: Expect a 3G iPhone by Christmas. |
|
|
|---|
| Topic: Tech Industry |
9:51 pm EDT, May 7, 2007 |
Global Services division reportedly the target, but analysts say layoff rumor inaccurate, ‘ludicrous’ IBM Layoffs 'ludicrous' |
|
