New Year, New Threats

I can just imagine a hacker's list of New Year's resolutions:

1. Give up Twinkies and Jolt
2. Write worst virus ever
3. Write undetectable worm

That first one may be trouble, but you can bet they'll have no problem with those other resolutions, writing nasty new worms and viruses and unleashing them on the world. Like any other crooks, hackers never seem to take a holiday.

The SPI Labs division of SPI Dynamics recently published a report on what it expects to be the top Web application security threats for this year. The list includes (in no particular order of prevalence or severity of threat):

  • Rapid application development: Sufficient security testing is often sacrificed during a compressed development cycle, leading to oversights and other vulnerabilities.
  • File formats: It's not the file itself that's vulnerable, but rather the application interpreting the file. These types of vulnerabilities are a popular target for phishing attacks.
  • Bridges: In a bridge attack, hackers take advantage of trust between the two sites, and get an additional layer to hide behind.
  • Printers and routers: Any hardware, including printers and routers, that run Web application servers are often targeted as they are less suspect.
  • Web 2.0: While Web 2.0 may result in easier-to-use Web applications, those complex apps also carry a greater security risk.
  • Client-side attacks: Client-side vulnerabilities in Web browsers can leave you open to phishing attacks and potential identity theft.
  • Web application worms: Web-based worms are a relatively easy way to launch widespread attacks.

It's a new year -- another 365 days for digital deviants to conjure up new and interesting ways to break in where they shouldn't. Stay on your guard. That should be your resolution.

Save Yourself
As of Dec. 1, 2006, companies are required to release all electronically stored information during the discovery portion of a trial. The Federal Rules of Civil Procedure cover all e-mail messages, instant messages and any files stored anywhere on your network. Virtual shredding -- or deleting potentially damaging electronic evidence -- also becomes a more serious offense.

That doesn't mean you have to hang on to your boss' cookie recipe from 15 years ago, but you better know where your company's financial records are stored and be ready to produce them on demand. This may be an additional layer of hassle for you if your company's under investigation, but at least you'll have tools to help. E-mail archiving and management tools represented a $1.6 billion business last year. With the new regulations in effect, that figure could double in 2007.

With Exchange Server as the repository, CommVault's QiNetix can help you comply with those new data retention regulations and management guidelines. If you'll soon be upgrading to Exchange Server 2007, it can also help with the migration. QiNetix helps you dig up data stored in earlier versions, like Exchange Server 2003, 2000 and 5.5, whether you're proving your company's innocence to a federal judge or overhauling your company's e-mail infrastructure.

Virtual Traffic Cop
There's a new traffic sheriff in town. Zeus Technology's latest release, Zeus Extensible Traffic Manager Virtual Appliance, operates as a virtual appliance within virtualized data center environments to manage real network traffic.

It runs on VMware's ESX Server 3, and manages incoming traffic with a cluster of virtual machines (VMs). As you add or take away VMs, the unit reroutes all incoming traffic so it's always going through the most available machines. Zeus has already received VMware's seal of approval for its new appliance, passing its certification program that guarantees a virtual appliance is configured to operate natively within VMware's ESX Server 3.

Beats Going to the Mall
The flurry of online shopping is now officially over. So, too, are the security risks and productivity hits from employees' online shopping. Just before the holidays, when eager online shoppers were warming up their credit cards, Websense released its official count of online shopping Web sites. As you may expect, the number has almost doubled.

Since the same time last year, the number of Web sites devoted solely to shopping increased from 590,000 to more than 900,500.

I'd still rather visit every one of those sites than set one foot inside a mall.

About the Author

Lafe Low is the editorial liaison for ECG Events.


comments powered by Disqus

Subscribe on YouTube