Category Archives: Security

6 Security ‘Must Haves’ For Cloud Computing

According to Gartner, to achieve effective and safe private cloud computing deployments, security, as it exists in virtualized data centers, needs to evolve and become independent of the physical infrastructure that includes servers, Internet Protocol (IP) addresses, Media Access Control (MAC) address and a lot more.

However, it must not be bolted on as an afterthought once companies move from enterprise deployments, to virtualized centers, to private/public cloud.

While the basic components of security in information management remain the same — ensuring the confidentiality, integrity, authenticity, access and audit of information and workloads — a new, integrated approach to security will be required.

More from CMSWire

So Much Data, So Little Encryption

If you go solely by top-level stats on encryption use, you’ll come away feeling pretty secure–86% of the the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn’t begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices. And 31%–more than any other response–characterize the extent of their use as just enough to meet regulatory requirements.

The reasons for this dismal state of affairs range from cost and integration challenges to entrenched organizational resistance exacerbated by a lack of leadership. The compliance focus is particularly galling. Encrypting a subset of data amounts to a “get-out-of-jail-free card” because it may relieve companies from having to notify customers of a breach. But knowingly doing the bare minimum to check a compliance box isn’t security; it’s a cop-out.

From an interesting post.

Microsoft Unveils Apps for Crime-Fighting Data Mining

Once again, software is fighting crime. Microsoft unveiled a suite of tools and initiatives for law-enforcement groups “specifically designed to improve public security and safety,” the company said.
..
..
It’s also the latest example of law enforcement officials arming themselves with better technology to help fight crime. The FBI, for instance, said that new database and data-sharing efforts have resulted in solving a number of difficult highway serial killings.

Gathering that data is key. That’s why Microsoft this week said it is giving a free tool to INTERPOL called the Computer Online Forensic Evidence Extractor (COFEE), an application that “uses common digital forensics tool to help officers at the scene of the crime.”

The company is working on a mobile version for future release, said Richard Domingues Boscovich, senior attorney for Microsoft’s Internet security program, told InternetNews.com in an e-mail.

A larger tool set for large-scale crimes is Microsoft Intelligence Framework, which is aimed at helping intelligence and law enforcement agencies coordinate information to detect and prevent terrorism, and to solve organized and major crime cases. The framework offers tools for storing and analyzing evidence and information across a variety of sources

From EarthWeb article.

Cross-Site Scripting takes over Twitter

Twitter

Cross site scripting is getting to be a common security vulnerability for online services. And Twitter that allows 140 characters per tweet wasn’t an exception.

The worms exploit a common vulnerability in Web applications called cross-site scripting, which allows someone to inject code into Web pages others are viewing.

In this instance, Twitter users who clicked on the name or image of anyone sending the worm messages would get infected and then send the message on to all that person’s followers. Anyone viewing an infected user’s profile would also get infected and pass the worm on.

“What we’re seeing was it was possible for codes to be embedded, small pieces of JavaScript, into people’s profiles. This should be fairly elemental to filter out,” he said.

While the attacks were mostly a nuisance, they could have been dangerous if spyware or other malware had been downloaded onto Twitter users’ computers, Cluley said.

To avoid such JavaScript-based attacks, you can turn off JavaScript in your browser. Instructions for doing this are here. You can also use utilities such as NoScript, an open-source Firefox extension, Hayter recommended.