How Much Space To Store Pi…

3.141592654… is about my limit when it comes to remembering Pi… and that seems to have worked for me. However… there is a new world record… Pi to 5 trillion places! (It’s a ‘2′ if you were wondering…)

However, the real news here is how much storage it took… 6TB. Not too sure what the real point of doing this is, but it does raise an interesting point on how data is expanding – and what was previously thought as adequate and used to take a few bytes now takes MB or even GB… they call it progress.

20 years ago WordPerfect was my word-processor of choice, and I struggled to get files more than a few kilobytes, these days the average presentation is a few megabytes. Time moves on and organizations are increasingly using multi-media for internal as well as external communications programmes (and even as integral parts of presentations) - the move from ’standard’ video to HD is another area which is driving storage requirements through the roof at 40GB per hour. When planning for future storage needs, these new technologies and ways of working need to be taken into account. It’s not just the storage that is affected, bandwidth can also be crippled with ‘legitimate’ video use which effects overall performance.

Fortunately, backup technology – both from the application and the backup media perspective are keeping up, but you still need to plan for changes.

Guy Bunker

No comment so far

August 31, 2010 | Filed Under backup | Leave a Comment 

Smudged… But Your Password Isn’t…

A really cool bit of research from the University of Pennsylvania has looked at how smudges on your smart phone touch screen can be used to guess your password. So, while this is all research at present, as per usual it will only be a matter of time before it is exploited.

So… along with wiping SatNav marks off the windscreen so the burglars don’t pinch your SatNav, you should also think about wiping the marks off the smart phone as well after you have entered your password… bring back the mini-keyboard, all is forgiven! :-)

Guy Bunker

No comment so far

August 18, 2010 | Filed Under Consumerization, security | Leave a Comment 

Spammers Turn to Oil Spill, Paul the Octopus and Phishing Live Chat

Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.

The report found spammers changed focus from the World Cup and shifted back to current events like the oil spill and economy in July. While leveraging news headlines may be an old trick, fraudsters are always looking for new techniques to use in the hunt for users’ information. This month Symantec observed a phishing website spoofing an e-commerce brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.

The following trends are also all highlighted in the August 2010 report:

  • The ICC 2011 Cricket World Cup begins on February 17, 2011, and phishing sites promoting the tournament have already been observed.
  • Russia recently has been suffering from heat waves which also caused severe wildfires. Russian spammers took this opportunity to send spam promoting air-conditioners.
  • Paul the octopus has gained international fame as it correctly predicted the winner of Germany’s games at 2010 FIFA World Cup as well as the final. Spammers leveraged this “brand” and sent spam promoting his fortune telling advice.
  • Blank subject lines were the top spam subject line for the second month in a row, suggesting that spammers are finding that users respond to such messages

The full report can be found here:

http://www.symantec.com/content/en/us/enterprise/other_resources/b-state_of_spam_and_phishing_report_08-2010.en-us.pdf

Paul

No comment so far

August 12, 2010 | Filed Under Phishing, Spam | Leave a Comment 

Cached Credentials & Data Loss

There have been a couple of stories in the news recently about cached credentials. In essence, you enter your username and password and it enables you to, in this case, easily buy things from the online shop. Making it easier to use compromises the security and here meant that someone else could readily buy stuff when they shouldn’t have been able to.

Move to the business environment… what sort of compromises do you make with your security in the name of user convenience? When it comes to enterprise applications, especially those on mobile devices and / or accessed through a web browser, what is your policy on cookies and caching? If someone were to pick up your mobile phone, or iPad how easy would it be to get access to your data?

Now is the time to revise security policies and usage polices, especially where the IT equipment is used by the employee. Ensure passwords are required when the devices are switched on, have auto-lock policies after a short period of time (5-10 minutes should be ample) and review cookie credential caching for enterprise apps.

Guy Bunker

No comment so far

July 22, 2010 | Filed Under Consumerization, Information Policy, security | Leave a Comment 

Is today really Black Thursday for Cyber Attackers?

dv1163013Today the Domain Name System Security Extensions (DNSSEC) protocol public key gets added to the ‘root’ name servers. Some commentators such as Alex Pawlik quoted in ZD Net predict it will be a ‘Black Thursday’ for cyber attackers with malicious DNS re-directs becoming a thing of the past. I’m not so sure we should talk about this in terms of it being a panacea but it’s certainly a step in the right direction.

The implementation of DNSSEC has been a long time in coming and each milestone passed is a very necessary step in the right direction. The signing of responses from the 13 root zone server clusters today should be seen in that context—it’s a start and a very big start. However, any expectation that this milestone marks the date that the Internet suddenly becomes safe is exaggerated.

To be effective, DNSSEC needs to be implemented down the whole DNS chain, from the root down to your ISP or company, so there are still many more milestones to be achieved before DNSSEC can achieve some of its promise, even if cyber criminals don’t identify ways around the signed response safeguard.

Kevin Hogan

1 comment - Latest by:

July 15, 2010 | Filed Under cyber-crime | 1 Comment 

From The Heart Of The Data-Centre…

In a recent announcement by SAP, they say that they will ‘push all useful data to mobile devices’. Good news… but not entirely unexpected, the smart-phone of today is just as powerful as the laptop of yesteryear and much easier to carry. However, security and usage policies are sorely lacking in enterprises of all sizes.

I wrote previously on keeping up with the user and what they install on their smart-phones, this just emphasises the point further. If all data is available, even that from the heart of the data-centre, then the security should be as strong as that you usually have for the data-centre… policies for appropriate usage, data-loss-prevention and anti-malware to name a few. Remote device management including data wipe should be considered, and even encryption for the device and any removable media (aka memory cards).

The data-centre has arrived in your pocket… but does the CIO/CISO realise it… and if they do, have they done anything to protect it… yet?

Guy Bunker

No comment so far

July 13, 2010 | Filed Under IT equipment, Information Policy, data-loss, security | Leave a Comment 

World Cup 2010 spam sees nine fold increase on Germany 2006

Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.

The top 10 subject lines matching news headlines recently are:

  1. FIFA World Cup South Africa… bad news
  2. World Cup: Uruguay Beats South Korea 2-1
  3. Germany beats England 4-1 in World Cup
  4. ONGOING FIFA WORLD CUP LOTTERY SOUTH AFRICA 2010.
  5. World Cup: Germany Defeats England 4-1
  6. SOUTH AFRICAN WORLD CUP 2010.
  7. Oil spill teams keep wary eye on storm in Gulf
  8. World Cup: Argentina Beats Mexico 3-1
  9. Ghana beat US, reach first World Cup quarter-final
  10. World leaders slam North Korea, Iran

The following trends are also all highlighted in the July 2010 report:

  • Fraudulent gaming sites providing fake FIFA offers
  • Symantec analysts found that health-related online pharmacy image spam to be the be particularly difficult to curtail and dubbed Spamonster since despite being blocked by Symantec, it continues to show up in filters.
  • Symantec observed phishing websites spoofing Google’s social networking site Orkut. The phishing websites took advantage of the celebration of special occasions.
  • The top Subject line of the month was “Outlook Setup Notification.” Other top headlines include “Reset your Facebook password” and “Reset your Twitter password.”

Link to new report: State of Spam and Phishing

No comment so far

July 9, 2010 | Filed Under Spam | Leave a Comment 

Who Has Your Data? In The Cloud, It’s Not You…

The news last week was that EMC was closing its Atmos cloud storage service with immediate effect – you can keep using it for developmental purposes but that’s about all.

Why did it close? Industry analysts said that it never took off, and recent surveys show that it is still a way off becoming mainstream.

So… what if you have data in a cloud service provider and it decides to shut down the service? EMC isn’t the first to do this, and it won’t be the last – you do need a contingency plan. In this case, there is a grace period where you can get your data out – but, as a simple task, workout how much data you have and how much bandwidth and figure out how long it would take to get the information out. This is a simplistic view as everyone else will also be trying to get their data, so bandwidth is going to be under severe strain (the equivalent of a run on the banks…) Do you have enough local storage to hold it all and if you have data being processed by an application, then will you be able to get your hands on the application as well?

Let’s assume you did manage to get your data out, then how long will it take to get it reloaded onto another service provider’s cloud and get the application back up and running?

Business Continuity / Disaster Recovery needs to take into account outsourced (out-tasked) IT services and have contingency plans for service outages and shutdowns – planning should start now… after all there’s no time like the present.

Guy Bunker

1 comment - Latest by:

July 5, 2010 | Filed Under Availability, Cloud computing, backup | 1 Comment 

Catching Up With The User…

With the news that a couple of Android apps have been pulled as they misrepresented their purpose (they were used as research – duping users into downloading and installing them – to see if people would), it raises an(other) interesting question for IT departments around applications, mobile devices and keeping up with the user.

While companies have been getting stricter at what can and cannot be installed on corporate laptops, the same is not true of smartphones. There are now tens of thousands of apps for phones like the iPhone and Android, and while they do have to go through an approval purpose, it won’t be your corporate one.

I have recently been involved in writing security policies for a number of companies and it becomes very apparent as to the need for up-to-date polices coupled with a suitable education programme. Technology is moving rapidly and care needs to be taken to protect corporate data wherever it is and however it is accessed. Updates to policies are worthless if they are not effectively communicated – this is a case in point – updating the policy on downloading apps won’t stop people from doing it if they don’t know about it. If you have technology to prevent inappropriate apps from being installed on smartphones, great – if not, then you need to remind staff of some of the dangers of just downloading and installing apps from the web.

Cyber criminals go after the low hanging fruit and the smartphone is just that – a simple way into a person’s life and potentially the corporate network.

Guy Bunker

No comment so far

June 29, 2010 | Filed Under Consumerization, Education, Information Policy, cyber-crime, misleading applications, security | Leave a Comment 

Shanghai to London – Spammers will be following the crowds

Symantec’s security response team have found that Shanghai World Expo 2010 is the latest major world event to be hijacked by spammers. We’ve been monitoring several different variations of spam that uses World Expo keywords and email subjects to deliver their usual mix of fake promotions, products and services to unsuspecting web users.

With around 70 to 100 million visitors expected to turn up at the World Expo, it’s no surprise that spammers are attempting to take advantage of it. We saw the same thing with Vancouver Olympics, and are observing it right now with the World Cup, and the ticket. And as ticket registration for London 2012 has already begun, the UK could become the next prime target for these scams. To help you avoid the scammers, we’ve put together the following tips.

Do’s

  • Ensure when signing up to receive mail, that you verify what additional items you are opting into at the same time and de-select the ones you do not want to receive.
  • Unsubscribe from legitimate mailings that you no longer want to receive and be selective about the websites that you register your e-mail address on.
  • Avoid clicking on suspicious links in e-mail or IM messages. These may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
  • You must also make sure you delete any spam you receive. It is worthwhile considering a reputable antispam solution to handle your filtering, such as Symantec’s Brightmail messaging security family of solutions.

Don’ts

  • Do not open unknown e-mail attachments or spam messages. These attachments are what could potentially infect your computer.
  • Do not fill out forms with any personal or financial information or passwords. Reputable companies are unlikely to ask for your personal details via e-mail. If you are really unsure, get in touch with the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window and find out.
  • Never reply to spam as this could simply result in more spam.

 
Photo by Flickr user gustible, licensed under CC BY 2.0.

No comment so far

June 23, 2010 | Filed Under Spam | Leave a Comment 

Next Page »