April 22, 2014

Security Manager's Journal: Virtual machines, real mess
We found that those virtual machines were not running any antivirus software and hadn't been patched in more than two years, so we ran a virus scan of one of the virtual machines. Suddenly, everything became very clear. The virtual machine was infected with a virus whose characteristics matched the activity that caused the denial of service to the office. In fact, all 30 desktops in the classroom were infected. But that's not the worst of it. The installed images were derived from a base image maintained at a cloud provider. That base image contained the virus, which explains how 30 machines became infected.

Microsoft Azure SQL Database Security - Firewall Configuration
Deployment of cloud-based technologies introduces a wide range of challenges; however few of them are subjected to the same degree of scrutiny, concern, and public debate as security. In order to properly analyze security related challenges, it is important to note that they encompass several distinct but interrelated concepts, such as data integrity and confidentiality, access control, authentication, and authorization. In this article, we will start reviewing them in the context of Microsoft Azure Software as a Service-based SQL Database, focusing in particular on the SQL Server and database-level firewall access control functionality and methods that can be employed to implement it.

New iOS malware highlights threat to Apple mobile devices
The malware is designed to listen for outgoing connections. Once it recognises an Apple ID and password, it sends these unencrypted IDs and passwords to the cyber criminals behind the malware. The Unflod malware also highlights the risks of installing unknown apps on jailbroken iPhones. Reports of the malware targeting Apple iOS emerged in posts on reddit by iOS users hit by repeated system crashes after installing iOS customisations that were not part of the official Cydia market. A developer for the Cydia market, an alternative to the Apple App Store, has responded to news by in a reddit comment, saying that the probability of Unflod coming from a default Cydia repository is fairly low.

It’s Official: 2013 Was the Busiest Year Yet for Cyber Criminals
The finding comes in a report from the security arm of the telecom giant Verizon set to be published on Wednesday. The Verizon annual Data Breach Investigations Report is one of the most highly regarded in the industry and is now in its tenth year. It contains data on attacks from 50 companies and organizations, covering more than 63,000 computer security incidents and 1,347 confirmed breaches in 95 countries. As these things go, the report contains more data to analyze than any other report of its kind, said Jay Jacobs, a Verizon analyst and one of the report’s co-authors. If combating nine kinds of attacks sounds too ambitious, then maybe this will make it sound a little easier: On average, roughly 72 percent of all attacks were carried out using one of three methods, though the specifics tend to vary by industry.

What Is A Distributed Database And Why Do You Need One?
Grab this technical whitepaper to learn more about the NuoDB distributed database. Learn more about how NuoDB: Cracked the code and finally built a distributed database; Conceived the Durable Distributed Architecture (DDC) by studying the shortcomings of traditional designs; Built a database designed to scale-out on demand in the cloud; and Can provide your app with on-demand scale out, geo-distributed data management and resilience to failure

Managing the Demand for IT Infrastructure
To save costs and prepare for adoption of next-generation infrastructure technology and hybrid-cloud models, leading organizations are adopting commercial-style demand and service management that has two key characteristics. The first is a standard services catalog with clearly priced offerings that can be consumed on a price-times-quantity basis. Such a catalog requires creating bottom-up unit costs for each service based on a detailed bill of materials. This means that unit costs should be an aggregation of all the components making up the service and not an arbitrarily stipulated cost mostly based on averages and allocations.

Business success increasingly hinges on supply chain innovation and procurement advantages
The power of data-driven business networks and the analytics derived from them are increasing, but how do enterprises best leverage that intelligence as they seek new services, products and efficiency? How do automation and intelligence enter the picture for better matching buyers and sellers? BriefingsDirect had an opportunity to learn first-hand at the recent 2014 Ariba LIVE Conference. To learn more about how business—led by procurement—is changing and evolving, and how to best exploit this new wave of innovation, we sat down with Rachel Spasser, Senior Vice President and Chief Marketing Officer at Ariba, and Andrew Bartolini, Chief Research Officer at Ardent Partners.

SEC seeks data on cyber security policies at Wall Street firms
The SEC Office of Compliance Inspections and Examinations (OCIE) will review each company's tools and policies regarding governance, risk identification and assessment, network and data security controls, remote access and third party cyber risks. In a security alert released last week, the SEC said the effort was launched after participants at an SEC-sponsored roundtable discussion in March stressed the importance of strong cybersecurity controls at Wall Street firms. During the roundtable, SEC Commissioner Luis Aguilar recommended that the Commission collect information from broker-dealers and other financial firms about their cyber readiness.

Now is the time to switch back to Firefox
Mozilla's commitments to your privacy and to the open web are much more important than what any of its staff might have done in the past. In any case, Mozilla co-founder and former chief executive Brendan Eich has already quit, and Mozilla chairman Mitchell Baker has very publicly apologised. At this point, anybody who still thinks boycotting Firefox is a good idea is behind the times. It needs -- and deserves -- your support. Businesses, of course, tend to judge things on merit, which is where the argument for Firefox is strongest. I switched back to Mozilla Firefox in the middle of last summer, when it first became a better browser than Chrome, at least for me.

Intuitive, Robust Date and Time Handling, Finally Comes to Java
When dealing with dates and times we usually think in terms of years, months, days, hours minutes and seconds. However, this is only one model of time, one I refer to as “human”. The second common model is “machine” or “continuous” time. In this model, a point on the time-line is represented by a single large number. This approach is easy for computers to deal with, and is seen in the UNIX count of seconds from 1970, matched in Java by the millisecond count from 1970. The java.time API provides a machine view of time via the Instant value type. It provides the ability to represent a point on the time-line without any other contextual information, such as a time-zone.

Quote for the day:

"People grow through experience if they meet life honestly and courageously. This is how character is built." -- Eleanor Roosevelt