Interesting back-and-forth going on between Mike Rothman and a number of other bloggers on whether or not Virtualization Security is an actual viable security product that's being bought and installed by companies, or is it still just part of the flying-cars and robots-doing-all-of-our-laundry indeterminate future.

As the Managing Editor of ebizQ now, I certainly have a first hand view of how technology buzz-words grow like kudzu through the corporate world, as virtualization itself, pretty much nonexistent 2 years ago, now shows up in the headlines of at least a quarter of all the press releases flooding my little old email account like those little fighter spaceships pouring out of the death star in one of the early Star War's flicks.

My take on it, everyone wants virtualization in their headline, but I can only imagine about a quarter to half of all those press releases really amount to a viable (read valuable) use of virtualization. And as virtualization is being pulled too-and-fro, back and forth, trying to mean all things to all vendors, virtualization has at least established a beach-head, but it will take awhile to truly define itself to the non-IT side of corporate America, and therefore virtualization security can only come in behind that.

How far behind? I think that depends on the extent of the attacks, and the one thing that has certainly changed is the number of attacks as well as the number of attackers. And as these hacktackers can easily turn on a dime just to steal your dime, which just might turbocharge the market for virtualization security.

Posted by pschooff in | Permalink | Comments (2) | TrackBacks (0)

I haven't covered spam in awhile, or even email security for that matter, even though that's the horse I road in on to this whole tech mosaic, but I just couldn't help but mention this blog I found on the NY Times site about a new form of Rickles Spam.

OK OK, it's not called Rickles Spam, as in the insult comic who I think is still calling people 'hockey puck!' somewhere in Las Vegas, but the idea is that spam is now coming loaded with insults in the subject column. Why, you ask. Because insults get your attention, you idiot (see!).

Come to think of it, maybe spam is tired of being the red-headed step-child of the email inbox, tired of being blamed for all of the email inbox ills, and they've finally decided to seek some professional help, gain some self-confidence, and insult us right back.

The Times reports is that now that spam has pretty much covered all the deadly sins (lust, greed, tax avoidance), what they think will now get a rise out of you is slam spam, or better yet, Rodney Dangerfield spam, which is simply spam that will give you no respect.

So the next evolution in email, which seems to run hand-in-hand with human devolution, is spam telling you you're ugly, or that you stink, or, as Rodney himself would say, "Once when I was lost I saw a policeman and asked him to help me find my parents. I said to him, "Do you think we'll ever find them?" He said, "I don't know kid. There are so many places they can hide."

And when opened, what these emails deliver is a video.exe file that promises a video clip, but in fact contains a link to a site hosting malware that takes over the victims computer. So if you get any email with that says, "You stink," please don't open it...unless it's from your mother (sorry, that was just too easy).

Posted by pschooff in Spam | Permalink | Comments (0) | TrackBacks (0)

Dark Reading has an excellent article on the everlasting security debate, i.e. do the greatest risks to a company come from inside or outside, internally or externally. And unless your company is named, We Leak Data, I think the question is relevant to your company as well.

A recent study by Verizon found that while a majority of breaches are executed from the external, it is often instigated because of a slip-up or security short-cut initiated by someone inside the company, and is usually a vulnerability that has been overlooked for a lengthy period of time. More specifically, the study found that 73 percent of data breaches resulted from external sources. This includes breaches caused by business partners, a source of vulnerability that increased fivefold during the study. Only 18 percent of breaches were caused by insiders.

The study also asserts that 62 percent of data breaches can be attributed to a significant error in internal behavior. Sixty-six percent of the breaches involved data that the victim organization did not know was on the system, and 75 percent of breaches are discovered by a third party, rather than someone inside the organization.

Verizon concludes that it's not always about complex security hacks that need sophisticated security measures to stop them, but what's really needed is a focus on the basics, i.e. security training. So most breaches are crimes of opportunity, as in, if you leave your keys in the car at the ballgame, don't be surprised when your car isn't there when the game ends.

And as ebizQ has just recently hired an excellent editorial intern named Jessica Mola, and as she's already learned all the difficult things to do (she's picked them up quite quickly, I might add), I guess it's time to go back and show her the security basics.

Posted by pschooff in | Permalink | Comments (0) | TrackBacks (0)

Got a chance to sit down and talk with Jason English, VP of Corporate Marketing at iTKO, where I got the low-down on iTKO's latest release, LISA 4.5, and how it addresses some of the tougher challenges of SOA, and Jason sounds off on one of the bigger buzz words at this years Gartner AADI show: Governance.

Listen to or download the 3:07 minute podcast below:

Download file

Posted by pschooff in AADI Podcast | Permalink | Comments (0) | TrackBacks (0)

After a couple of attempts at tracking down the folks from SOA Software, I learned an important lesson in that if you want to find someone, it's probably a good idea to check their booth first. And at their booth of Gartner's AADI show, I finally caught up with Roberto Medrano and Jim Crew and learned what's going on with SOA Software, and got a quick preview of their upcoming Webinar tomorrow (Wednesday) on Enterprise SOA and the Mainframe, which is all the buzz at the Gartner AADI show and which you should definitely check out right here.

Listen to or download the 2:59 minute podcast below:

Download file

Posted by pschooff in AADI Podcast | Permalink | Comments (0) | TrackBacks (0)

Dun duh. Dun duh. Dun duh dun duh dun duh CHOMP!

Well, OK, maybe a little hard to figure out, but I'm just trying to recreate the thudding base tones of the Jaws theme as the shark strokes closer and closer to some unsuspecting swimmer.

And as if it's any surprise, another report on Web security is trying to scream at us Web swimmers and Web enterprises, "Get out of the water NOW!!!"

OK, maybe it's not that bad, but the fact is that the web has become a much more dangerous place in the last year. And the reason for that is the SQL injection, and just to point out, our good security man Mike Rothman did a podcast about the scourge of SQL injection for your delectation right here.

Also, keep a look out this Monday, as Mike Rothman has a feature article coming up the dreaded SQL injection as well (along with the key methods of avoiding it).

According to this article at Search Security, threats to Web surfers have gone up 220% this May compared to May of last year, while compromised websites have increased 407% in the same period, while Web malware has increased 855%.

Yep, someone is definitely screaming SHARK! But hey, we're all still in the water. I mean, what choice do we have? Just stay as safe as you can, and learn everything you can about the threats, about stopping the SQL injection and securing your web applications, and hey, maybe it wouldn't hurt to put on a little shark repellent before you hit the rough waters of the Web.

Posted by pschooff in | Permalink | Comments (0) | TrackBacks (0)