September 10, 2014

‘Can everyone hear me now?’
With so much potential for corporate data loss via the voice channel, it is critical that organizations find a way to protect this data. It is also incumbent on device manufacturers and/or third parties to offer methods of creating a secure channel, much as they have done for digital data communications. This need for voice channel protection is what led BlackBerry to acquire Secusmart. BlackBerry is establishing a beachhead in a new battleground for secure enterprise communications.


4 Signs of Big Data Information Overload
Big data involves mining and analyzing enormous sets of often unstructured information. That information may come from social media, sensors, and countless other sources. It’s a different game from BI, which creates analyses from structured data stores. Big data doesn’t mean BI is going away, but that analytics now has an exciting new branch of data discovery opening up. In the new age of big data analytics, discovery is part of the process, and this will naturally cause goals to shift as discoveries emerge.


The Wolf of VMware
IT organizations are increasingly getting pressured to significantly improve agility. In most environments, storage, networking and security remain the primary provisioning bottlenecks. Virtualization and software-defined infrastructure can shorten infrastructure provisioning from weeks to minutes or even seconds. You can also drastically reduce complexity... why are we still basing security decisions on an IP address, which is an arbitrary number that can change? That degree of complexity is unnecessary and illogical with today's technology.


10 Tips for Managing Open Source Vulnerabilities
"A structured OSS adoption process can create a competitive advantage for technology companies by allowing them to leverage off-the-shelf quality software, accelerate development and reduce costs," says Mahshad Koohgoli, CEO of code attributes management company Protecode. OSS is peer-reviewed, which usually results in good quality, but like proprietary code, it is susceptible to security vulnerabilities. Licensing compliance and export controls must also be taken into account, depending on company location and where it sells products. These concerns can be managed, however, as outlined in Protecode's tips below.


Apple Pay: Really a PayPal killer?
Apple Pay includes several features that were already widely expected and/or leaked including NFC integration (iPhone 6 and Watch), Touch ID authentication at POS, and partnerships with major card networks and banks. Importantly, PayPal was not included in the list of participating payments networks, while it is too early to tell about potential “exclusivity rules”. Given that Apple Pay uses a dynamic security code at checkout and not a consumer’s actual credit card number, we believe this creates a potential technological barrier for PayPal ever being included in Apple Pay, making the wallet potentially exclusive to only credit and debit card transactions.


Cyber Hygiene
The security controls and mitigation strategies are all targeted at organizations. Government departments or private sector enterprises can and should implement them and yes, that does have a cumulative beneficial effect on the ecosystem, but it doesn’t really provide actionable guidance for individual users. Would similar cyber hygiene steps help with home users? Everyone loves to talk about the threat from zero-days, but when my colleagues and I analyzed real world exploits in our 2011 Security Intelligence Report, we found that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities


Technically an Expert but You Can't Run Your Own Business!
While their skill at ‘doing the doing’ is not in dispute, many are not so great at running a business. Just because you are great at putting together a digital strategy for your client doesn’t mean you know how to actually run a business yourself. Just because you are great at creating an effective social media campaign for your clients doesn’t mean you know how to market and promote your own business. The saying goes, “cobblers’ children go unshod”: the cobbler spends so much time looking after customers' needs that he has no time for his children's.


Poorly maintained Linux servers turned into bots
"We have traced one of the most significant DDoS attack campaigns of 2014 to infection by IptabLes and IptabLex malware on Linux systems," said Akamai senior vice president and general manager, Security Business, Stuart Scholly. "This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Linux admins need to know about this threat to take action to protect their servers." In Akamai-Prolexic's view, the gang behind this malware was likely to expand their targeting of vulnerable Linux servers, as well as broadening the list of targets.


Heartbleed patch efforts ignored on thousands of websites
In its newly released August 2014 threats report, Santa Clara-based McAfee Inc.'s McAfee Labs research team also cited an estimate that more than 300,000 websites remain unpatched and vulnerable to Heartbleed as cybercriminals successfully transformed a roster of vulnerable sites into a "hit list" to identify new attack targets. Defining Heartbleed as "the most significant security event" since last holiday season's Target Corp. data breach, McAfee warned that many applications, websites and devices that remain unpatched are almost certain to be attacked


Real-Time Stream Processing as Game Changer in a Big Data World
In contrast to the traditional database model where data is first stored and indexed and then subsequently processed by queries, stream processing takes the inbound data while it is in flight, as it streams through the server. Stream processing also connects to external data sources, enabling applications to incorporate selected data into the application flow, or to update an external database with processed information. A recent development in the stream processing industry is the invention of the “live data mart” which provides end-user, ad-hoc continuous query access to this streaming data that’s aggregated in memory.



Quote for the day:

"What used to fit in a building now fits in a pocket, what fits in a pocket now will fit inside a blood cell in 25 yrs" -- Ray Kurzweil