New Year, New Threats
I can just imagine a hacker's list of New Year's resolutions:
1. Give up Twinkies and Jolt
2. Write worst virus ever
3. Write undetectable worm
That first one may be trouble, but you can bet they'll have no problem with
those other resolutions, writing nasty new worms and viruses and unleashing
them on the world. Like any other crooks, hackers never seem to take a holiday.
The SPI Labs division of SPI Dynamics recently published a report on what it
expects to be the top Web application security threats for this year. The list
includes (in no particular order of prevalence or severity of threat):
- Rapid application development: Sufficient security testing is often
sacrificed during a compressed development cycle, leading to oversights and
- File formats: It's not the file itself that's vulnerable, but rather
the application interpreting the file. These types of vulnerabilities are
a popular target for phishing attacks.
- Bridges: In a bridge attack, hackers take advantage of trust between
the two sites, and get an additional layer to hide behind.
- Printers and routers: Any hardware, including printers and routers,
that run Web application servers are often targeted as they are less suspect.
- Web 2.0: While Web 2.0 may result in easier-to-use Web applications,
those complex apps also carry a greater security risk.
- Client-side attacks: Client-side vulnerabilities in Web browsers
can leave you open to phishing attacks and potential identity theft.
- Web application worms: Web-based worms are a relatively easy way
to launch widespread attacks.
It's a new year -- another 365 days for digital deviants to conjure up new
and interesting ways to break in where they shouldn't. Stay on your guard. That
should be your resolution.
As of Dec. 1, 2006, companies are required to release all electronically stored
information during the discovery portion of a trial. The Federal Rules of Civil
Procedure cover all e-mail messages, instant messages and any files stored anywhere
on your network. Virtual shredding -- or deleting potentially damaging electronic
evidence -- also becomes a more serious offense.
That doesn't mean you have to hang on to your boss' cookie recipe from 15 years
ago, but you better know where your company's financial records are stored and
be ready to produce them on demand. This may be an additional layer of hassle
for you if your company's under investigation, but at least you'll have tools
to help. E-mail archiving and management tools represented a $1.6 billion business
last year. With the new regulations in effect, that figure could double in 2007.
With Exchange Server as the repository, CommVault's QiNetix can help you comply
with those new data retention regulations and management guidelines. If you'll
soon be upgrading to Exchange Server 2007, it can also help with the migration.
QiNetix helps you dig up data stored in earlier versions, like Exchange Server
2003, 2000 and 5.5, whether you're proving your company's innocence to a federal
judge or overhauling your company's e-mail infrastructure.
Virtual Traffic Cop
There's a new traffic sheriff in town. Zeus Technology's latest release, Zeus
Extensible Traffic Manager Virtual Appliance, operates as a virtual appliance
within virtualized data center environments to manage real network traffic.
It runs on VMware's ESX Server 3, and manages incoming traffic with a cluster
of virtual machines (VMs). As you add or take away VMs, the unit reroutes all
incoming traffic so it's always going through the most available machines. Zeus
has already received VMware's seal of approval for its new appliance, passing
its certification program that guarantees a virtual appliance is configured
to operate natively within VMware's ESX Server 3.
Beats Going to the Mall
The flurry of online shopping is now officially over. So, too, are the security
risks and productivity hits from employees' online shopping. Just before the
holidays, when eager online shoppers were warming up their credit cards, Websense
released its official count of online shopping Web sites. As you may expect,
the number has almost doubled.
Since the same time last year, the number of Web sites devoted solely to shopping
increased from 590,000 to more than 900,500.
I'd still rather visit every one of those sites than set one foot inside a
Lafe Low is the editorial liaison for ECG Events.