September 23, 2014

Securing virtual machines still a dark art, says Kaspersky Lab
Virtualisation is becoming a core part of mission-critical IT infrastructure, yet securing a virtual network is still a dark art, says David Emm, senior security researcher at Kaspersky Lab. “All too often businesses apply security measures developed for physical machines, which can leave the business exposed to a whole raft of risks,” he said. Despite the reliance on the virtualised environment moving the issue of securing it up the business agenda, Emm said five common myths, or misconceptions, continue to put organisations at risk.


5 things to prepare the CIO for disruption
Consumption expectations for customers and users changed as well. Consumers became more technologically savvy and demanded more. Overnight, consumers become familiar, and more comfortable with solutions quicker than IT organizations could adopt them. The technology available to consumers rapidly became more sophisticated. The combination of these two drove a change in consumer behaviors. Consumers, and customers became more demanding of technology…and by extension, corporate IT. So, how does the CIO respond to these changes in a timely and meaningful manner? Start at the top and work down.


The Open Group panel: Internet of things poses massive opportunities and obstacles
This so-called Internet of Things means more data, more cloud connectivity and management, and an additional tier of “things” that are going to be part of the mobile edge — and extending that mobile edge ever deeper into even our own bodies. Yet the Internet of Things is more than the “things” – it means a higher order of software platforms. For example, if we are going to operate data centers with new dexterity thanks to software-defined networking (SDN) and storage (SDS) — indeed the entire data center being software-defined (SDDC) — then why not a software-defined automobile, or factory floor, or hospital operating room — or even a software-defined city block or neighborhood?


Singapore reiterates call for industry collaboration in security
"Cybersecurity incidents highlight the importance of a robust cybersecurity framework to prevent any cyberattack, or its possible spillover impact on the physical world. This is especially critical for Singapore as we depend on IT in many aspects of our lives [and] are susceptible to cyber threats due to our high internet connectivity across the country," he said. The minister added that Singapore is targeting to become the world's first smart nation, providing citizens easier access to public services and data on their smart devices. However, this ability to retrieve data remotely also increases vulnerability to cyberattacks, so efforts have to go toward ensuring the country's cyber infrastructure remains secure and resilient.


Parameterization Part 5: Two Common Mistakes
In this post I would like to focus on two common mistakes that developers do, which make parameter sniffing a really bad thing, even when it would be a great thing otherwise. The reason I’m focusing on these two mistakes is because I see them so often, and they usually have such a dramatic impact on performance. There is a good chance that if you check the code in your system, you’ll find a few occurrences of these mistakes, and you might suffer from performance problems due to these mistakes without even knowing about it. OK, I hope I made you curious enough, so let’s get to business. In order to demonstrate the two mistakes, I’m going to use the following use case


Importing Excel Data into SQL Server Via SSIS: Questions You Were Too Shy to Ask
Retrieving data from Excel, and importing it into SQL Server hasn't the same appeal or glamour as, for example, performing heroics with ill-performing queries. This could be why one hesitates before asking questions about how to do it. Rob Sheldon calms your private doubts and fears by answering those embarrassing questions.


We just might put a dent in data breaches
Payment data can be compromised at retailers both big and small, but the nature of the compromise is very different depending on the merchant’s size. With small-scale retailers, the threat is that someone, probably an insider, will simply snatch the relevant data (credit card numbers, for example). That affects one customer at a time. The high-profile compromises, of course, hit large-scale retailers like Home Depot and Target, where cyberthieves are able to access millions of accounts all at once. These attacks have succeeded by compromising firmware on payment terminals directly, thereby snagging account data during the payment process.


Ebay under fire for inaction over phishing attacks
Security professionals found that attackers were using cross-site scripting (XSS) to embed malicious JavaScript code in eBay’s product listing pages in a link that appeared to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's web request and can execute on the user's computer, typically allowing the attacker to steal information. In the case of the compromised iPhone listing, the XSS code redirected users through a series of other websites, so they ended up at a legitimate-looking page asking for their eBay login and password.


Q&A on Kanban in Action
Kanban is a scheduling system used in lean production. It was developed at Toyota as a way to improve production by challenging people to continuously improve the Just-in-Time flow of goods and services while avoiding overburdening of the system and the workers. This was achieved mainly through limiting WIP, visualization and managing flow. Very much like kanban in software development. Kanban is only a part of Lean but it embodies some of the most important principles of Lean just like Scrum is only a part of Agile.


This is How Banks Need to Manage People Risk
Before you know it those issues can become major concerns and the cause of a perhaps untimely departure. A firm culture that pushes against this natural tendency is very important but also difficult to create. Yet taking time to understand what your employees can offer — especially where natural contact is limited - and any issues they have that may be bubbling up could pay dividends down the road. For employees also, making sure they have their manager's attention by sharing accomplishments and ideas proactively – new trading products, or new trading risk controls — will also make sure they are on the radar at promotion time.



Quote for the day:

“You have enemies? Good. That means you've stood up for something, sometime in your life.” -- Winston Churchill