Archive for April, 2009
New initiative for open cloud computing management standards
Posted by Mourad Ben Lakhoua in cloud computing management standards on April 29, 2009
The Distributed Management Task Force (DMTF) has launched the “Open Cloud Standards Incubator“. The goal of the initiative is to develop specifications that define how companies transfer applications and data between cloud environments – whether the clouds are located at one of the company’s data centres or not.
In cloud computing, the main focus for system performance, for the provision of applications and for data storage is not on clients, but on servers, which are organised in grids and large, distributed server farms. Therefore, cloud computing is one of the basic components and extensions of the “Software as a Service” (SaaS) application model, where applications are not installed on the user’s local machine, but rather delivered as on request services via server farms.
A central aspect of the cloud resource management approach, which is to be developed by the Open Cloud Standards Incubator, is the Open Virtualization Format (OVF). OVF describes an open, secure, portable and extensible format for packaging and distributing software to be run in virtual machines. As some of the group members anticipate that OVF will become one of the main components for cloud interoperability, they see much potential in standardising OVF protocol and API extensions, security aspects and corporate-independent regulations.
DMTF members include companies like AMD, Cisco, Citrix, EMC, HP, IBM, Intel, Microsoft, Novell, Red Hat, Savvis, Sun Microsystems and VMware, who are all involved in the incubator initiative. Other efforts to standardise cloud computing are, for example, the Open Cloud Consortium and the Open Cloud Manifesto.
[Source: h-online]
make sure you subscribe to my RSS feed!
Panda introduces cloud antivirus
Posted by Mourad Ben Lakhoua in Cloud Computing Security on April 29, 2009
Cloud computing is getting the top concern and achieved a lot of interest in the RSA2009 conference while the biggest issue in cloud is security many security software companies are working these days to adapt there security solutions to the cloud computing.
Panda security team have announced today there free cloud antivirus solution, they have added what they call Collective Intelligence, to detect viruses, malware, rootkits, and heuristicsin this technique according to panda classify new malware in under six minutes, and that it handles more than 50,000 new samples per day.
The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority usually when the machine is idle this help in treating a great amount of data.
you can try the Panda Cloud Antivirus and use it for free.
make sure you subscribe to my RSS feed!
Identifying the source of corporate threats
Posted by Mourad Ben Lakhoua in News on April 29, 2009
The Verizon Business RISK team recently released its “2009 Data Breach Investigations Report,” which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and “the predominance of total records lost was attributed to outsiders.”
With nearly three-quarters of attackers still originating from outside, it is tempting to accept the inside threat as a lesser concern. Later, however, the report states external breaches have dropped nearly 20% over five years. The growth in threats seems to come from partners rather than insiders. Or can we really tell?
This question is something everyone should ask themselves, whether they store, process or transmit personal identity information. When looking at the data and conclusions of breach reports, it is important to consider several factors before accepting conclusions or taking a security posture.
[Source: computerworld]
Guest blog: Canadian anti-spam laws take an important step forward
Posted by Mourad Ben Lakhoua in Cybercrime on April 28, 2009
The Conservative government in Canada last week introduced the Electronic Commerce Protection Act to help cull sources of spam and other malicious activity from within Canadian borders.
Although it was introduced as “the Government of Canada protecting Canadians” those of us in the industry recognize that this is a global problem, and the amount of spam and other malicious stuff ending up on Canadian’s computers will not likely be significantly impacted as a result.
Our latest threat report had Canadian sources of spam being only 1.1% of the global total, and of course most of that will be from compromised machines forming parts of a botnet.
However, I do think this is a positive step for Canada as a “good neighbour” in the global community. We have seen a lot of previously US-based spam operations move to Canada due to a lack of this type of legislation – hopefully those same people will find it more inconvenient to move further overseas and cease operations.
Another nice thing about this legislation are specific prohibitions on installation of non-desired software such as spyware, keyloggers, adware, etc, during commercial operations.
So, while this is an important step forward, ultimately the spam and malware problem requires a global response.
[Source: Sophos]
make sure you subscribe to my RSS feed!
Symantec Site Vulnerable to Cross-site Scripting Assaults
Posted by Mourad Ben Lakhoua in Vulnerabilities on April 27, 2009
According to Nemesis/t3am3lite (name of a website), Symantec’s site too is now open to XSS (cross-site scripting) attacks together with Iframe injections.
An XSS attack, according to security experts, launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as the end-user clicks on the hyperlink while on another site, or via any other mode of connection, the attacker compromises his data.
[Source: spamfighter]
make sure you subscribe to my RSS feed!
Hacked to Pieces
Posted by Mourad Ben Lakhoua in News on April 27, 2009
Jolyon Jenkins investigates whether we have lost the war on cybercrime and looks at a new criminal economy which has grown to feed the demand for our most private details.
Jolyon finds that the security details of ordinary members of the public – their bank details, passwords, and secret security questions are being openly traded in cybercrime forums. He hands over his own laptop computer to an ‘ethical hacker’ and finds that it takes two minutes for its password to be cracked. Within a few more minutes, the hacker has installed a key-logging Trojan that secretly passes all his computer activity – passwords, emails and all – back to the hacker’s own computer.
He finds that we are all vulnerable to criminals who trade on our human weaknesses: our magpie-like obsession with gaudiness and trivia, and our willingness to click the OK button without thinking through the consequences.
Ever since the internet became mainstream, we have been hearing warnings about hackers, spammers and other renegades of the online world. The internet security business now threatens to overtake the Chinese army as the largest employer on earth. But what has this army of consultants achieved, apart from spending billions of dollars? Every year the situation gets steadily worse.
[Source: BBC]
make sure you subscribe to my RSS feed!
Sources say Pentagon plans new cyber command
Posted by Mourad Ben Lakhoua in News on April 26, 2009
The U.S. military is planning to create a new military command to focus on cyberspace and protect its computer networks from cyber attacks, Pentagon officials said Wednesday.
The move comes as the White House prepares to release a broader study on the nation’s cyber security. Officials in recent months have warned increasingly that the nation’s networks are at risk and repeatedly are being probed by foreign governments, criminals or other groups.
The Pentagon has been reviewing for at least a year just how it needs to reorganize military efforts on cyber issues, one official said on condition of anonymity because he was not authorized to speak on the record. Another official said that under the new plan, being completed now, a subcommand could be set up under the U.S. Strategic Command.
The military’s plans to create the new cyber command was first reported Wednesday in The Wall Street Journal and The Washington Post.
Sited at Offutt Air Force Base just south of Omaha, Nebraska, the command oversees space issues and is responsible for protecting and monitoring the military’s information grid, as well as coordinating any offensive cyber warfare on behalf of the country.
Defense Department networks are probed repeatedly every day and the number of intrusion attempts have more than doubled recently, officials have said. Military leaders said this month that the Pentagon spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.
In the Pentagon’s budget request submitted last week, Defense Secretary Robert Gates said the Pentagon will increase the number of cyberexperts it can train each year from 80 to 250 by 2011.
[Source: Entrerprise Security Today]
make sure you subscribe to my RSS feed!
RSA Conference 2009 Webcasts
Posted by Mourad Ben Lakhoua in Webcasts on April 26, 2009
The RSA Conference team has made the Keynote Videos available from the RSA Conference 2009 in San Francisco the Largest gathering for security professional in the world.
Very interesting innovation technologies has been discussed (cloud computing, cyber security, crypto systems…) also you can find the spectacular opening ceremony .
So to who was not able to attend you didn’t miss much.Share and Enjoy!
make sure you subscribe to my RSS feed!
Hackers break into Salma Hayek's MobileMe account
Posted by Mourad Ben Lakhoua in News on April 24, 2009
An anonymous post on the imageboard 4chan.org has provided MobileMe login details for Hollywood actress Salma Hayek, according to Electronic Pulp. The account apparently was not incredibly difficult to hack, carrying the address of shayek@mac.com. The intruders did not need her password, they simply used the “forgot password” option to access the contents.
Hayek’s secret question allegedly asks for a “favorite character,” which happens to be her own character from the 2002 film Frida. The birthday is also required, although the information is also easily obtainable.
It remains unknown if Apple plans to change the lost password requirements for MobileMe. For public figures, however, it is clearly unwise to protect an e-mail account with questions that can be easily answered after taking a quick look on Wikipedia.
[Source: MacNN]
If you enjoyed this post, make sure you subscribe to my RSS feed!
International hackers, many from China, are attacking NYPD computers
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on April 24, 2009
A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD‘s computer system, the city’s top cop revealed Wednesday.
Commissioner Raymond Kelly said the perpetrators have yet to succeed, but their relentless activities have prompted the force to raise its guard against high-tech crime.
“It’s a threat that we must continue to pay close attention to every day,” Kelly said in a speech to the Council on Foreign Relations.
Kelly said the threat is similar to a shocking cyber espionage plot recently uncovered at the Pentagon.
China-based hackers successfully cracked the Pentagon’s computers and gleaned design features of the F-35 Joint Strike Fighter jet program being developed by Lockheed Martin, the Wall Street Journal reported Monday.
[Source: Daily News]
If you enjoyed this post, make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for April, 2009
SUBSCRIBE
Latest Comments