Friday, June 20, 2014

USENIX: Unstable code can lead to security vulnerabilities

7 tips for protecting your AWS cloud | Tool aims to help enterprise IT manage 'honeypot' hacker decoys

Network World Security

Forward this to a Friend >>>

USENIX: Unstable code can lead to security vulnerabilities
As if tracking down bugs in a complex application isn’t difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn’t understand, often without alerting the programmer of the missing functionality.The code that can lead to this behavior is called optimization-unstable code, or “unstable code,” though it is more of a problem with how compilers optimize code, rather than the code itself, said Xi Wang, a researcher at the Massachusetts Institute of Technology. Wang discussed his team’s work at the USENIX annual technical conference, being held this week in Philadelphia.To read this article in full or to leave a comment, please click here Read More

WEBCAST: Brocade Communications

IT Agility: How Do You Stack Up?
Are you faced with increasing pressure to deploy technology faster? You're not alone. This year, over half of enterprises will be prioritizing building a private cloud, a concept introduced less than five years ago. View Now>>
WHITE PAPER: Juniper Networks

Security in the Next-Generation Data Center
This white paper examines these trends, and it reveals the key capabilities that today's security teams require to effectively ensure that vital corporate assets remain secure, while at the same time optimizing access, cost, and administrative efficiency. View Now

7 tips for protecting your AWS cloud
Code Spaces was hacked and had to shut down - what can you learn from this? Read More

Tool aims to help enterprise IT manage 'honeypot' hacker decoys
A new tool called the Modern Honey Network (MHN) aims to make deploying and managing large numbers of honeypots easier so that enterprises can adopt such systems as part of their active defense strategies.Honeypots are systems that are intentionally left vulnerable to a variety of attacks in order to attract hackers and monitor their tools, techniques and intentions. They were once almost exclusively used by security vendors, researchers and computer emergency response teams, but have increasingly become an important source of threat intelligence for businesses in recent years.There are many honeypot software packages available and most of them are free to use and open source. However installing, configuring and monitoring honeypots remains a somewhat complicated process that requires specialized knowledge.To read this article in full or to leave a comment, please click here Read More

Endpoint security demands organizational changes
Pity endpoint security software. Venerable antivirus has gotten a bad reputation for being an ineffective commodity product. This situation is illustrated by some recently published ESG research (note: I am an employee of ESG). Security professionals working at enterprise organizations (i.e. more than 1,000 employees) were given a series of statements and asked whether they agreed or disagreed with each. The research revealed that: 62% of respondents “strongly agreed” or “agreed” with the statement: “Endpoint security software is effective for detecting/blocking older types of malware but is not effective for detecting/blocking zero day and/or polymorphic malware commonly used for targeted attacks today.” 52% of respondents “strongly agreed” or “agreed” with the statement: “Our continued use of traditional endpoint security software is driven by regulatory compliance requirements for the most part.” 44% of respondents “strongly agreed” or “agreed” with the statement: “Endpoint security software is a commodity product with little measurable differences between brands.” Wow, it’s no wonder why some have declared that endpoint security software is “dead.” Negative opinions like these have put leading security firms like Kaspersky, McAfee, Sophos, Symantec, Trend Micro, and Webroot on the defensive and opened the door for endpoint antimalware upstarts like Bromium, Cisco/Sourcefire, Cylance, Crowdstrike, IBM, Invincea, Malwarebytes, and Triumfant.To read this article in full or to leave a comment, please click here Read More

WHITE PAPER: HP

Why you need a next-generation firewall
This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations. Learn More

8 technologies that are on the way out -- and one that we'll never be rid of
Soon-to-be-obsolete technologies "Image by Tim Reckmann/WikimediaIf "change is the only constant" applies anywhere, it's in the world of technology. One day you're proud of knowing how to set your VCR, and the next your DVR is recording shows you didn't even know were on. Few would have guessed in 1980 that vinyl records would be obsolete in 15 years; fewer still would have predicted that CDs would in turn be obsolete a mere 10 years after that.To read this article in full or to leave a comment, please click here Read More

Companies warned of major security flaw in Google Play apps
University researchers have found that developers often store authentication keys in the Android apps on Google Play, making it possible for criminals to steal corporate or personal data. Read More

Android 4.4.4 fixes OpenSSL connection hijacking flaw
A new version of Android for Nexus devices is primarily a security update that patches the bundled OpenSSL library Read More

WEBCAST: Dell SecureWorks

What Can Security Leaders Do to Combat Cyber Threats?
Training employees to understand the risk they create for your organization when they don't consider security in their day-to-day activities is a challenge for most IT and IT security organizations. Changing behavior is always difficult, especially when security awareness programs lack a well-defined approach and dedicated resources. Learn more

Hacker puts 'full redundancy' code-hosting firm out of business
A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company's backups.The customers of CodeSpaces.com, run by a company based in Wayne, New Jersey, called AbleBots, were informed Wednesday that their data might have been permanently lost following the compromise of the company's account on Amazon's Elastic Compute Cloud (EC2).The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.To read this article in full or to leave a comment, please click here Read More

Alert issued over plain text passwords in some Super Micro motherboards
Tens of thousands of servers have a hard-coded, plain-text password that could yield remote access to a management interface for a server, according to a security researcher.The problem is within a baseband management controller (BMC) in the WPCM450 line of chips incorporated into motherboards made by Super Micro, wrote Zachary Wikholm, senior security engineer for Cari.net, a server and cloud computing company.Baseboard management controllers are part of intelligent platform management interfaces (IPMI), which collect information on the health of the hardware and software data.To read this article in full or to leave a comment, please click here Read More

NASA bolsters Pluto-bound spacecraft for 2015 visit
When you are on a 3 billion mile trip through the universe at over 34,000 mph, you might need a check-up or two to make sure everything is function right.  That’s exactly what’s going on this week as NASA said it will soon update and checkout its Pluto-bound spacecraft known as New Horizons.  Mission controllers at the Johns Hopkins Applied Physics Laboratory will begin the spacecraft’s eighth check-up since the satellite launched in 2006. It will be the last before next year’s rendezvous with Pluto.  +More on Network World: Coolest house in the world: A Boeing 727+To read this article in full or to leave a comment, please click here Read More


SLIDESHOWS

10 reasons why open source is eating the world

Here are 10 reasons for the surging popularity of open source software.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES

1. New iPhone iOS 8 notifications to bring changes, annoyances

2. Chinese site in signal-jammer sting could pay record $34.9M FCC fine

3. Facebook reveals a homegrown SDN data-center switch

4. 7 tips for protecting your AWS cloud

5. How I live cellphone-free in a cellphone world

6. 3 steps for moving Cisco's Catalyst 6500 to the Nexus 9000

7. Cisco buys its way into AT&T SDN

8. It's not time for Cisco CEO John Chambers to retire

9. 10 evil supercomputers -- and their bloodthirsty plans for our demise

10. Katherine the White Shark crashes research site's servers


Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_security_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **

at

No comments:

Post a Comment