Enterprise Technology

04/21/2011

How to Shrink The Data Center: 4 Lessons Learned

The business that manages New York City's hospitals consolidates 11 data centers into two facilities, dispensing with two-thirds of their physical servers for a predicted savings of $70 million over 5 years. Consider these four tips.

CIO

Posted at 03:30 PM in Articles, Data Centers, Enterprise Technology, Published on CIO.com | | Comments (0) | TrackBack (0)

|

03/17/2011

HBGary's Hoglund identifies lessons in Anonymous hack

On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since beenwidely reported in the media, the hacking group Anonymous leaked thousands of e-mail messages from the accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the company in a public statement. In this excerpt of an interview with CSO correspondent Robert Lemos, Hoglund admits that the company made many mistakes in defending its data, but refutes some of the details of the hack and highlights lessons that other companies should take to heart.

CSO Online

Posted at 10:46 AM in Articles, Cybercrime, Enterprise Technology, Published on CSO, Security | | Comments (0) | TrackBack (0)

|

03/15/2011

Web attackers deface gov't sites, steal from financials

Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks.

The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the Web sites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents.

CSO Online

Posted at 01:52 PM in Articles, Cybercrime, Enterprise Technology, Published on CSO, Research, Security | | Comments (0) | TrackBack (0)

|

03/11/2011

InfoWorld Tech Watch: Week of March 7

Published this week: Third-party content is the Web's third rail

Posted at 02:17 PM in Blog, Enterprise Technology, Published on InfoWorld Tech Watch, Security | | Comments (0) | TrackBack (0)

|

03/04/2011

InfoWorld Tech Watch: Week of February 28

Published this week: Cyber criminals strike at ad networks -- againCompanies scramble to tame the wild endpoint

Posted at 02:10 PM in Blog, Enterprise Technology, Published on InfoWorld Tech Watch, Security | | Comments (0) | TrackBack (0)

|

10/12/2010

PCI Compliance Means Getting Your App Security Together

Many companies' applications still don't meet the security standards outlined in the Payment Card Industry (PCI) Data Security Standards, according to a recent study.

During the 18-month study, which was published last week, security firm Veracode scanned the binary code of more than 2,900 applications on behalf of its clients. Its findings are sobering: Nearly six out of every 10 applications had an "unacceptable" level of security; more than eight out of 10 applications failed to catch classes of Web application vulnerabilities required for remediation under PCI DSS.

While the customers eventually fixed the flaws, most enterprises' applications fail to meet with PCI standards -- a rather low bar for Web application security, says Chris Eng, senior director of security research at Veracode.

DarkReading

Posted at 05:31 PM in Antivirus, Enterprise Technology, Law and Policy, Published on DarkReading, Security | | Comments (0) | TrackBack (0)

|

10/07/2010

Two Ways For SMBs To Secure Their Home Workers

In the slowly recovering economy, telecommuting has become an essential way for businesses to retain valuable workers, increase productivity, and support "green" initiatives. But from a security perspective, telecommuting can also be dangerous -- if you don't have the right technologies in place.

For small and midsize businesses (SMBs), telecommuting is taking off. Nearly 60 percent of SMBs plan to increase their use of telecommuting to cut costs in the next 12 months, according to survey conducted by Staples Advantage, the IT service of the well-known office-supply chain. Yet many SMBs don't have the expertise in-house to deal with security -- about 40 percent rely on external IT support to run their operations, the study found.

DarkReading

Posted at 05:29 PM in Articles, Enterprise Technology, Published on DarkReading, Security, Small and Medium Business | | Comments (0) | TrackBack (0)

|

10/04/2010

Three Steps To Safer Connections With Your Business Partners

Among the speculation surrounding the spread of the Stuxnet worm -- the first cyberattack that targets industrial control systems -- is this likely scenario: Attackers might have spread the worm to a Russian technology provider in an effort to infect Iran's nuclear industry. Unknown to the Russian company, its workers were compromising facilities in multiple countries with a program designed to hide within the code of industrial controllers.

If true, the scenario would not be the first time that suppliers have been used to attack their customers. In a handful of recent instances, attackers have used contractors and other third parties as a bridge to their targets. While many companies are very watchful of their connection to the Internet, many times they are not so vigilant of their partners' connections to their own networks, says Eddie Schwartz, chief security officer of NetWitness, a data and network protection firm.

DarkReading

Posted at 05:35 PM in Articles, Enterprise Technology, Published on DarkReading, Security, Software | | Comments (0) | TrackBack (0)

|

09/28/2010

In Wake Of Attacks, Enterprises Look To Plug Browser Security Hole

For five hours last week, Twitter users were inundated with an avalanche of odd tweets. The messages -- actually snippets of JavaScript -- would execute when a browser user moused over the text. While the lion's share of the tweets were simple pranks, the technique exploited a flaw in Twitter's website that could have allowed malcontents to possibly attack the end user's system.

The vulnerability, known as a cross-site scripting flaw, allowed online miscreants to execute JavaScript code. Even fully patched modern browsers would not have been protected against the attack, according to security experts. The danger comes from emerging features of the Web -- and the ability of users to post content to sites.

The incident underscores that browsing websites, even well-known, "legitimate" sites, has inherent risks, says Michael Sutton, vice president of security research for Web security firm Zscaler.

DarkReading

Posted at 08:38 AM in Articles, Enterprise Technology, Published on DarkReading, Security, Software | | Comments (0) | TrackBack (0)

|

09/22/2010

For Small Businesses, Social Networking Poses New Security Risks

For about six hours on Tuesday, a small snippet of JavaScript code ran rampant among Twitter users. The code used a particular class of flaw to execute simple commands, including changing the color of the interface and posting itself to the users' followers. Victims only had to hover the mouse pointer over the text.

As social networks become more popular, such threats are becoming more common, taking advantage of the trust between users. No wonder, then, that more than a third of small and midsize businesses (SMBs) already have identified a social network as the entry point for a virus or Trojan horse infecting their corporate networks, according to survey released last week by Panda Security.

"Everyone has to worry about it, but small and medium businesses are most vulnerable," says Sean-Paul Correll, a senior threat researcher with Panda. "Either they don't have the needed expertise or they don't have the budget to hire the expertise."

DarkReading

Posted at 10:47 AM in Articles, Enterprise Technology, Published on DarkReading, Security, Small and Medium Business, Social Media | | Comments (0) | TrackBack (0)

|

Next »