The business that manages New York City's hospitals consolidates 11 data centers into two facilities, dispensing with two-thirds of their physical servers for a predicted savings of $70 million over 5 years. Consider these four tips. CIO Continue reading

In the security industry, researchers have often been able to infiltrate botnets. Yet, the next step has always been a big question mark. Now, defenders may have a new slate of options. The takedown of the Coreflood botnet marks the start of more aggressive stance against botnets, say security experts. Last week, the U.S. Department of Justice obtained a temporary restraining order forcing registrars to reroute requests from infected computers, not to Coreflood's command-and-control servers, but to a substitute server managed by a non-profit group. Under the judge's order, the sinkhole server can issue commands to prevent the bot agents... Continue reading

Security experts warned Monday that banking customers should worry about a wave of spearphishing attacks utilizing the recently-breached email database stolen from marketing firm Epsilon. The email addresses leaked during the attack could be used to send targeted attacks to the customers of Epsilon's clients, which include a host of banks such as Barclays Bank of Delaware, CapitalOne, Citibank and JPMorgan Chase. The banks are "freaking out" about the leak, says Avivah Liten, vice president of security research for analyst firm Gartner. CSO Online Continue reading

The take-down of the Rustock botnet in March gave Microsoft another head for its mantle: two in just the last year. That’s an impressive take for any private firm, and one of a string of actions against bot networks in recent years. But security experts say that the company’s success in building a legal basis for moving against botnets is an even bigger achievement. threatpost.com Continue reading

Google leveled new charges against China this week, claiming that the country has interfered with some citizens' access to the Internet giant's Gmail service, disguising the interference as technical glitches. Security experts say that China is most likely using invisible intermediary servers, or "transparent proxies," to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning. Technology Review Continue reading

On Super Bowl weekend, HBGary CTO Greg Hoglund found himself locked out of his own email account. The fallout of the leaked messages from his account and that of HBGary Federal's CEO Aaron Barr has been widely reported. Yet, not from the point of view of the victims. In Part 1 of this interview with CSO correspondent Robert Lemos, Hoglund talked about how the hack happened and the lessons for chief security officers. In Part 2, he describes his research on Anonymous and why the group is making the insider threat problem more dire. CSO Online Continue reading

Nine valid but fraudulent certificates have been issued for major Internet sites -- including Google mail, Microsoft Live, and Yahoo -- raising the possibility of undetectable phishing, man-in-the-middle and drive-by download attacks, multiple advisories stated on Wednesday. The secure sockets layer (SSL) certificates, issued by root certificate authority Comodo, allow the attackers to sign fraudulent sites and content. The certificates were issued because of a compromise at a registration authority (RA) using stolen log-in credentials for one of Comodo's European partners, according to the company's report on the incident. CSO Online Continue reading

In 2009, Red Hat, SuSE, and other Linux distributors fixed a major flaw that could have allowed any user to escalate his privileges and fully compromise a Linux system. The vulnerability, in theudev process, occurred because the device-resource-handling component did not verify that a certain type of message, known as a netlink message, came from the kernel. A variant of the udev flaw, or CVE-2009-1185, is one component of the DroidDream attack identified earlier this month. That exploit, called exploid.c, uses a netlink message to create a user-controlled copy of the init process, which handles boot up, thus gaining root... Continue reading

On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since beenwidely reported in the media, the hacking group Anonymous leaked thousands of e-mail messages from the accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the company in a public statement. In this excerpt of an interview with CSO correspondent Robert Lemos, Hoglund admits that the company made many mistakes in defending its data, but refutes some of the details of the hack and highlights lessons that other companies should take to heart. CSO Online Continue reading

With Android, each mobile phone company has its own build of the Android operating system so that it can include its own user interface, graphics, and branding. Although Google released an updated version of Android that fixed the vulnerability soon after it was discovered, at least 42 percent of phones run an older version that is still vulnerable, according to data available on the Android developer site. Technology Review Continue reading

Published this week: Third-party content is the Web's third rail Continue reading

Published this week: Cyber criminals strike at ad networks -- again • Companies scramble to tame the wild endpoint Continue reading

It's so easy to let blogging fall by the wayside. I turned around and found that I hadn't reposted my articles here since October. I will start posting articles as soon as they are up, so if you want to follow my work, watching the RSS feed will work. Thanks and be secure out there. -R Continue reading

Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks. The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the Web sites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents. CSO Online Continue reading

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis. The code, dubbed "DroidDream," attempts to use two exploits to gain root privilege on a compromised smartphone by breaking out of the sandbox designed to limit what applications can do on Android devices, mobile security firm Lookout stated in its most recent analysis. CSO Online Continue reading

Companies infected by Stuxnet should not feel bad -- even systems secured to industry best practices had little chance to dodge the pernicious program, according to a recent report. In the paper, "How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems," three researchers concluded that the worm's multitude of infection vectors and companies' need for interconnectivity between control systems makes it nearly impossible to defend against a well-constructed, multi-pronged attack such as Stuxnet. CSO Online Continue reading

Among the speculation surrounding the spread of the Stuxnet worm -- the first cyberattack that targets industrial control systems -- is this likely scenario: Attackers might have spread the worm to a Russian technology provider in an effort to infect Iran's nuclear industry. Unknown to the Russian company, its workers were compromising facilities in multiple countries with a program designed to hide within the code of industrial controllers. If true, the scenario would not be the first time that suppliers have been used to attack their customers. In a handful of recent instances, attackers have used contractors and other third... Continue reading

Many companies' applications still don't meet the security standards outlined in the Payment Card Industry (PCI) Data Security Standards, according to a recent study. During the 18-month study, which was published last week, security firm Veracode scanned the binary code of more than 2,900 applications on behalf of its clients. Its findings are sobering: Nearly six out of every 10 applications had an "unacceptable" level of security; more than eight out of 10 applications failed to catch classes of Web application vulnerabilities required for remediation under PCI DSS. While the customers eventually fixed the flaws, most enterprises' applications fail to... Continue reading

In the slowly recovering economy, telecommuting has become an essential way for businesses to retain valuable workers, increase productivity, and support "green" initiatives. But from a security perspective, telecommuting can also be dangerous -- if you don't have the right technologies in place. For small and midsize businesses (SMBs), telecommuting is taking off. Nearly 60 percent of SMBs plan to increase their use of telecommuting to cut costs in the next 12 months, according to survey conducted by Staples Advantage, the IT service of the well-known office-supply chain. Yet many SMBs don't have the expertise in-house to deal with security... Continue reading

For five hours last week, Twitter users were inundated with an avalanche of odd tweets. The messages -- actually snippets of JavaScript -- would execute when a browser user moused over the text. While the lion's share of the tweets were simple pranks, the technique exploited a flaw in Twitter's website that could have allowed malcontents to possibly attack the end user's system. The vulnerability, known as a cross-site scripting flaw, allowed online miscreants to execute JavaScript code. Even fully patched modern browsers would not have been protected against the attack, according to security experts. The danger comes from emerging... Continue reading

For the last few months, a sophisticated computer worm has wriggled its way between some of the most critical control systems in the world. The timing of the worm's release, combined with several clues buried in its code, has led some experts to speculate that the worm, dubbed Stuxnet, was originally designed to sabotage an Iranian nuclear facility, possible the enrichment plant in Natanz, roughly 180 miles south of Tehran. This week, officials in Iran confirmed that Stuxnet had been found on systems inside the plant, although they denied that it had caused any harm. But Stuxnet has since spread... Continue reading

For about six hours on Tuesday, a small snippet of JavaScript code ran rampant among Twitter users. The code used a particular class of flaw to execute simple commands, including changing the color of the interface and posting itself to the users' followers. Victims only had to hover the mouse pointer over the text. As social networks become more popular, such threats are becoming more common, taking advantage of the trust between users. No wonder, then, that more than a third of small and midsize businesses (SMBs) already have identified a social network as the entry point for a virus... Continue reading

When the "Here You Have" worm started spreading last week, Intel had only a small number of its computers infected. The company's traditional defenses definitely helped, but a critical advantage was its well-trained employees, says Malcolm Harkins, the chief information security officer for Intel. When workers saw the worm and recognized it as a threat, they immediately started calling the information technology team. "The employee base saw it, they reacted really quickly and helped us contain it by alerting us to it and then telling others not to click on it," Harkins says. DarkReading Continue reading

The Exploit Hub -- a proposed free market for the buying and selling of attacks that exploit specific software vulnerabilities -- sounds more like a threat than a security aid. Yet the brainchild of security testing firm NSS Labs could just be what the doctor ordered to help enterprises eliminate their vulnerabilities, security experts say. The "app store for exploits" will allow security researchers and developers to sell validated exploits to known security professionals. NSS Labs plans to test every exploit in the marketplace to make sure each one works and does not carry malicious code. In addition, the company... Continue reading

Criminals intent on attacking others can lease networks of compromised computers, or botnets, from other criminals serving the underground community. These resources could be considered "clouds" in their own right, but researchers warn that that operators of legitimate clouds need to worry about being used for illicit attacks as well. In a presentation at the DEFCON hacking conference in August, two researchers did just that. David Bryan of Trustwave and Michael Anderson of NetSPI created a handful of virtual servers to attack a small financial company—a client that wanted to test its security against just such an attack. Rather than... Continue reading