Return to the The Data Chain website homepage

Blog

Archive for 2013

Negative reinforcement: How NOT to improve user behavior

23 Sep 2013

One of the interesting aspects of security awareness training is the intersection of information security with human resources. We know from experience that security practitioners are not always experts in the latter, but what we recently saw from Dave Clemente was a real doozy.

Read blog post

The BYOD dilemma

17 Sep 2013

There is a myth amongst businesses that if you welcomingly accept BYOD (Bring Your Own Device) into the workplace, it will increase productivity.

To some extent, this is true. On the other hand, however, there is the issue that if you don’t have an IT infrastructure that can handle a large number of different devices accessing the network, day to day operations can’t be properly carried out.

Read blog post

Keep It Focused

15 Sep 2013

In their book, “Switch: How to Change Things When Change is Hard” authors Chip and Dan Heath examine how influencing humans to change requires appealing to two parts of the brain: the rational and the emotional. Since the emotional part of our brain often gets frustrated when asked to make huge changes, Chip and Dan recommend that we “shrink the change” to change behavior in the face of resistance.

Read blog post

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

21 Aug 2013

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times.

Read blog post

The NSA’s decision to cut back on sys admins

21 Aug 2013

A couple of weeks ago, the NSA Director, General Alexander was quoted in a Reuters article saying that in order to limit data access and potential leakage, they will cut back on 90% of NSA system admin staff.

Read blog post

Why should you scan internal apps?

19 Aug 2013

Recently the question came up, “Why should I worry about and scan internal
applications?” Here is a short list that enumerates some of the more important
reasons:

Read blog post

Managing the device juggle

28 Jul 2013

IT managers and directors cannot hide from the fact that we now have more devices than ever before and this number will only increase in the coming years.

Read blog post

SSO – it’s more than a single log in

25 Jul 2013

5 stumbling blocks of SSO and how to tackle them.

Last week we presented a webinar with Infosecurity Magazine on the topic of ‘SSO, Passwords, and Beyond.’ It became apparent that we need to address some of the hurdles that have prevented many organisations from implementing SSO.

Read blog post

Enpowering BYOD users

25 Jul 2013

Trust between the IT department and the workforce has clearly eroded to a concerning level, where there can be a feeling of Big Brother mentality, with a quarter of European workers worried that IT might view information on their personal devices, according to a recent report.

Read blog post

If it’s broke – fix it

11 Jul 2013

Since the credit crunch hit the pockets of innocent businesses and consumers in 2008, those in the industry that were to blame for its arrival were also faced with less budget than they had before.

That said, the industry is still the wealthiest of all, and a lack of investment in technology could primarily be due to the anxiety of future failures, not an absence of money.

Read blog post

Business-tested, Gartner-approved: WhiteHat named a Leader in Application Security Testing in New Magic Quadrant Report

08 Jul 2013

This week marks the release of the Gartner “Magic Quadrant for Application Security Testing,” the first ever to combine Dynamic and Static Application Security Testing (DAST and SAST). WhiteHat Security has been placed in the leader quadrant, recognizing our corporate vision to provide best-in-class application security testing solutions, our work as a “pioneer” in the space, and our execution in bringing products to market that meet the needs of the enterprise and SME user.

Read blog post

Keeping your cool in a data centre

27 Jun 2013

Edward Jones, CEO - PMB Holdings and MK DataVault writes: Cooling is one of the most important aspects of a data centre, reflected by the wide array of techniques and strategies that have emerged as solutions. The chosen approach for a facility will often be regarded as one of its defining features, especially for the more unusual solutions such as Yahoo’s Compute Coop facility, which features an ambient air system resembling an enormous chicken coop.

Read blog post

Why Data Security Pros Are Knocking Down Firewalls

27 Jun 2013

Barry Shteiman, Senior Security Strategist, Imperva writes: Yesterday, a very interesting article in the AFCEA caught my eye: “DISA Eliminating Firewalls.” Although the title seemed provocative at first, the article itself just made me smile.

Read blog post

Do you trust in the internet, are digital certificates the new malware?

19 Jun 2013

Gavin Hill, Director, Product Marketing, Venafi writes: Organised criminals are using encryption keys and digital certificates against you on a daily basis. We’ve all come to trust that we securely communicate with websites as we go about our daily online transactions. The green address bar in our browsers gives us a sense of confidence that the transfer of information is secure. However, many times when our browsers popup with a warning that something is wrong with the website certificate, we ignore it and proceed anyway. Cryptographic keys and certificates are the core of trust in digital communication. But what happens when that trust is used for nefarious action against you?

Read blog post

Private Cloud offers multiple benefits to (almost) all applications

16 Jun 2013

Brian Jacobs, Senior Product Manager, Ipswitch Inc. writes: Although ‘the cloud’ has become a part of standard IT vocabulary over the past few years, many organisations remain unaware of the potential impact cloud technologies can have on their businesses.  Can almost any business benefit from ‘the cloud’?  For most, the answer is a definite yes, although there are some areas where the cloud may not be beneficial.

Read blog post

Red Hat Enterprise Linux: Foundation for the open hybrid cloud

11 Jun 2013

Jim Totton, vice president and general manager, Platform, Red Hat, writes: Red Hat espouses a vision called open hybrid cloud, but it’s important to note that this is not merely “cloud washing” or a response to the latest fad. Rather, it’s based on a foundation that Red Hat has been building for years, and stems from the experience and credibility we’ve established in helping to create the market for commercial Linux. This long-held vision has been informed by a decade of collective feedback from our customers, and helps avoid some of the pitfalls that are often created within enterprise software –sometimes by vendors themselves. Examples of pitfalls are the purpose-built solutions that enterprises adopt that end up becoming rigid and inflexible infrastructure silos. These silos are expensive to maintain, often implement non-standard interfaces and APIs, and result in vendor lock-in.

Read blog post

Fighting fire with fire

11 Jun 2013

Leon Ward, SourceFire writes: In this latest phase of the cyber security threat cycle, organisations are battling hard to combat the advanced malware, targeted attacks and advanced persistent threats (APTs). While these threats have demonstrated themselves to be more damaging than any in their wake, technologies are available to deal with them.  In this continuously evolving threat landscape, the trick is to select the right technologies and apply them correctly.

Read blog post

The ten things you didn’t know about malware

29 May 2013

Brian Laing, VP at AhnLab writes: Malware – no computer wants it but researchers estimate that the majority of computers have it. But what is malware and what makes it so particularly bad for your PC? Malware - Short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. 

Read blog post

Ruby Gone Wild

28 May 2013

Barry Shteiman writes: It has been recently discovered that the Ruby on Rails (RoR) environment suffer from certain parser vulnerabilities. The CVE-IDs associated with these vulnerabilities are CVE-2013-0155, CVE-2013-0156.

Read blog post

While we are all busy beating up Softie…

27 May 2013

Let’s face it, Microsoft is everyone’s favourite punching bag.  Every analyst, publication and blogger has foretold its demise in recent times.  PC sales are down, Surface hasn’t taken off… so on and so forth; this is all I have seen in the press for the last month.

Read blog post

Why Hosters Should Care About Web Security

16 May 2013

Barry Shteiman at Imperva writes: Earlier this week, the “Moroccan Ghosts” published a list of 52 defaced Israeli sites, replacing site content with political propaganda pages (and some cool Moroccan music).

Read blog post

How to protect your business from state-sponsored attacks

16 May 2013

Calum Macleod, EMEA Evangelist, Venafi writes: It has taken some time but we finally have succumbed to the delights of a certain kitchen utensil. Years of resisting George, John, and the seductive talents of Penelope, had left me more determined than ever to resist at all costs.

Read blog post

The global cost of cyber security

07 May 2013

Lane Thames writes: As an engineer, numbers and mathematics play significant roles in my daily activities. Sometimes, however, putting a number on something just doesn’t make sense.

Read blog post

Cloud-Ready GlusterFS 3.4 Beta Now Available

07 May 2013

John Mark Walker, Gluster Community Lead writes: The Red Hat Storage team would like to congratulate the Gluster Community on the beta release of GlusterFS 3.4. With new features and enhancements in cloud, virtualization, and performance, the beta version of GlusterFS 3.4 brings high reliability, scalability, and data mobility to users and application developers.

Read blog post

Can DCIM be the Autopilot of the Data Center?

30 Apr 2013

George Brooks at Commscope writes: The dream of automation is to take away the guess work and most of the burden associated with piloting technology. This is what helped spark the creation of an automated system for flying planes: autopilot. The same dream of automation also resides with the professionals who maintain and run data centers.

Read blog post

Five best practices for easing network configuration and change management pain

29 Apr 2013

Brian Jacobs, Senior Product Manager, Ipswitch Inc. writes: When a business grows, so does its network. Even during times when the economy slows, many companies’ infrastructures are likely to continue evolving.  To ease these growing pains, network administrators should look for tools that can manage changes and automate most of them.

Read blog post

Twitigation

28 Apr 2013

Alex Rabbetts, MD, MigSolv writes: Having a large number of Followers on Twitter is great. Unless until you end up in Court!

With over 500million account holders globally, Twitter is the population-size equivalent of a respectable continent. It’s therefore hardly surprising that the community is finding itself having to deal with a growing number of legal issues, not least because what’s being said online is having serious consequences offline.

Read blog post

Google Apps for business – redefining the line between consumer and corporate use

17 Apr 2013

Ed Macnair, CEO of SaaSID writes: “Google Apps are an attractive proposition for any business that wants to enable employees to access and work on company documents from anywhere, on any device. However, this very capacity for accessing and sharing documents is inhibiting many businesses from adopting online file-sharing applications such as Google Drive.

Read blog post

How to defend against longline phishing attacks

14 Apr 2013

Scott Greaux at Phishme.com writes: report from ProofPoint released at the RSA conference discussed what is supposedly a new phishing technique dubbed “longline” phishing.  The report touts “longlining” as the newest way criminals are sending phishing emails in efforts to bypass technical controls.  Mass customization of emails allows criminals to fly under the radar of most email filters and successfully deliver spear-phishing emails to a larger number of email users at a single organization.  This tactic combines the best of both worlds from the criminal’s standpoint, but it doesn’t really change the game in terms of defending against phishing attacks, as your users still provide the most effective line of defense against the phishing threat.

Read blog post

What has horsemeat got to do with Cyber Security?

08 Apr 2013

Harjinder Singh Lallie, Senior Teaching Fellow (Cyber Security), WMG, University of Warwick, writes:  In January 2013, a scandal broke out in the UK and Europe. Horsemeat had found its way into the food supply chain, it was discovered initially in products advertised as beef and then subsequently in many other forms of meat. In this case, the scandal had not arisen because of a potential health risk - although there were concerns about tiny quantities of certain medical products being found in the food, but more because this was a fraudulent transaction that had gone unnoticed for so long.

Read blog post

GCHQ’s Job Application Site is a Plain Text Offender (And Other Rookie Mistakes)

27 Mar 2013

Rob Sobers, Technical Director, Varonis writes: Rookie mistakes.  Everyone makes them.  Even crafty old veterans fumble the ball every once in a while.  In the field of data security, however, small mistakes can result in really big problems.

Read blog post

The Strategic Value of Data

19 Mar 2013

Steve Shah writes:The examples of how big data is changing the world are abound. From Nate Silver’s infamous election data to the latest discussion of data surrounding “March Madness“, the impact of big data on our lives is undeniable. What has been interesting however is the focus on how technology, especially around cloudcomputing, has enabled the big data discussion to really take off. If you think big technology has had a profound impact on data, just wait till you see how big data will change the landscape of technology.

Read blog post

The Evernote Hack – After the Panic

14 Mar 2013

Orlando Scott-Cowley writes: This weekend Evernote became the latest cloud vendor to have its systems breached; user data including passwords has been compromised. In case this is news to you, a quick recap – Evernote assured us that passwords were correctly hashed and salted unlike LinkedIn, who neglected to salt their passwords. Evernote didn’t tell uswhether or not the salts were compromised too. The attack “follows a similar pattern” to others so we can assume some sort of long term APT style compromise.

Read blog post

Red Hat's endorsement of the pNFS Standard

14 Mar 2013

Barabara Murphy, CMO Panasas writes: In late February, Red Hat announced the release of Enterprise Linux 6.4 with pNFS support. This validates the pNFS standard that Panasas and its founder and chief scientist, Dr. Garth Gibson, have long been championing. While the announcement did not receive much fanfare in the press, Red Hat adoption of pNFS is a key advance for the pNFS standard which until now has lacked a mainstream commercial release vehicle. We believe this to be the most important step forward for pNFS since the protocol was first included in the upstream 3.0 Linux kernel in 2011, after years of effort by engineers from Panasas and other leading storage companies. We salute Red Hat for its strong endorsement of the standard.

Read blog post

Red Hat Teams with Intel for Open Source Big Data Innovations

27 Feb 2013

Ranga Rangachari, vice president and general manager, Red Hat Storage writes: A significant component to the big data and open hybrid cloud direction Red Hat announced on Feb. 20 is our collaboration with leading big data software and hardware providers to offer enterprise features and interoperability. The intended result of this community-driven innovation will be a set of co-developed reference architectures that provide enterprise customers with comprehensive big data solutions. In a press release from Intel today announcing Intel® Distribution for Apache Hadoop software (Intel® Distribution), Red Hat has extended its strategic collaboration with Intel to jointly innovate and develop enterprise big data solutions through the open source community.

Read blog post

Twenty Critical Security Controls

26 Feb 2013

Adam Montville, Security and Compliance Architect at Tripwire writes: 

The Center for Strategic and International Studies (CSIS) recently released Version 4 of the Twenty Critical Security Controls (here) as was determined by a consortium which included representatives from the NSA, US CERT, the DoD’s JTF-GNO and Cyber Crime Center, the DoE, the State Department, and some top commercial forensics experts and pen testers from the banking and critical infrastructure sectors.

Read blog post

High street 2013: administration or rejuvenation?

20 Feb 2013

Pontus Noren, director and co-founder, Cloudreach writes: Since Woolworths stores disappeared from the physical high street in January 2009, the bricks and mortar retailers have been falling apart. More than 27,000 people were out of work when its 800 stores closed, consigning a century of trading to the history books. An alarming amount of traditional big names have sunk since: already this year we have seen Jessops, HMV and Blockbuster Video enter administration.

Read blog post

Enterprise SaaS: Service and Support is Vital for Growth

19 Feb 2013

Orlando Scott-Cowey writes: Too many Enterprise SaaS and Cloud vendors focus their efforts on marketing and spinning a good story to attract new customers, rather than spending time or money looking after those customers once they have signed on. Once the ink is dry on the contract ongoing service and support seems to be an afterthought.

Read blog post

IP management and the future of BYOD, Top tips on IPv6 for businesses

14 Feb 2013

Axel Pawlik, Managing Director, RIPE NCC explains how to make sure your business is ready for IPv6:

Making sure your business is connected to the whole Internet

Businesses today depend on the Internet. Whether it’s for advertising or websites, managing suppliers or communicating with customers, it’s inevitable that somewhere along the line there is a stakeholder using the Internet. But what if your business was walled-off from a section of Internet users, websites and services that is expected to grow rapidly over the coming years – would you even know?

Read blog post

Creating the right kind of business apps for 2013

07 Feb 2013

Quinton Alsbury, Co-founder and President of Innovation at Roambi writes: We've all been there - squinting at a work application on a mobile device, zooming in and out in attempt to make sense of the information with an interface that feels like it’s leftover from another era. Each swipe or tap leads to a spinning icon while your device tries to download data from a non-existent mobile connection. Your frustration builds until eventually; you give up, put your phone or tablet away, and wait until the next time you’re at the office with your laptop.

Read blog post

Postini Exit: Time to Choose

06 Feb 2013

Orlando Scott-Cowley writes: If you’re a Google Postini customer, or even an observer of the market, you’ll be well aware that Google has brought the curtain down on its Postini email services. To paraphrase Google, it’s “transitioning Postini services to the Google Apps platform beginning in 2013.”

Read blog post

Red October - The Hunt for Data

01 Feb 2013

Tom Goren Bar, Data Security Researcher at Imperva writes: The recent discovery of the Red October malware has focused a lot on its effects, but inadequate attention has been given to its purpose - which successfully evaded anti-virus and network intrusion detection systems for at least five years.

Read blog post

IT is changing – tech support needs to keep up

23 Jan 2013

Jon Hunt, Business Development Director at Point to Point writes: On a daily basis, new technologies are emerging amidst a nexus of converging forces – social, mobile and cloud.  Although these forces are innovative and disruptive on their own, together they are revolutionising business and society, disrupting old business models and changing how we behave as consumers.  Everyone from the CEO to the receptionist has a smartphone, laptop or tablet these days.  And unlike a few years ago, you no longer need a PHD in electronic engineering to set up your new device.

Read blog post

What’s your point?

21 Jan 2013

Richard Walters, CTO of SaaSID asks whether “enduser protection” is a contradiction in terms if you’re actually securing the device.

Read blog post

We are family...all the sysadmins, network engineers, and me!

11 Jan 2013

Denny LeCompte, SolarWinds writes: In case you missed it, SolarWinds spilled the beans when we exposed the AmericanUK, and Australian system administrators in November. We revealed the SysAdmins’ likes and dislikes at work and at play, their favorite entertainment, and their choice beverages, among other things. What we didn’t tell you is that we conducted the same survey with a bunch of network engineers… (we are working towards an advanced degree in IT anthropology).

Read blog post

THE Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do?

10 Jan 2013

Adam O’Donnell from security specialist, Sourcefire, writes: A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framework Ruby on Rails. This blog post will talk about what is currently known about these vulnerabilities, what could happen based on previous experiences with these types of vulnerabilities, and what organizations and consumers need to know in order to stay aware and stay protected.

Read blog post

Serialization Mischief in Serialization Mischief in Ruby Land (CVE-2013-0156)Ruby Land (CVE-2013-0156)

09 Jan 2013

HD Moore writes: This afternoon a particularly scary advisory was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricked into decoding the request as a YAML document or as a Ruby Symbol, both of which can expose the application to remote code execution or SQL injection. A gentleman by the name of Felix Wilhelm went into detail on how the vulnerability works, but stopped short of providing a working proof of concept. These kinds of bugs are close to my heart, as Metasploit itself is written in Ruby, and we use Ruby on Rails within the Metasploit Community, Express, and Pro user interfaces.

Read blog post

Planes, Trains, Automobiles and… Spear Phishing?

09 Jan 2013

Steve Maslowsky, PhishMe writes: Does your organization have employees that travel frequently? If so, they are probably being targeted by phishers.

Read blog post

We’re up to the DCIM challenge (Show Me!)

08 Jan 2013

Mark Harris writes: The amount of interest in DCIM has never been higher. Over the last few quarters the flood-gates have begun to open and there are now FUNDED initiatives everywhere we look. Prospective buyers are no longer sitting on the sidelines and waiting for DCIM ‘to mature’. DCIM is no longer ‘coming soon’, it is HERE NOW and available to the masses (and many are in the process of buying now).

Read blog post
iomart racks sky

Mailing list




Copyright 2010-14 The Data Chain Website design and management by CBJ Digital Ltd.