Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile
    • Virtualization

    Cloud Security, Weak Passwords, Data Breach Law Lead Week’s Security News

    By
    Fahmida Y. Rashid
    -
    September 4, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Cloud security news was prominent at the VMworld user show in Las Vegas the week of Aug. 29 where Symantec and VMware announced a desktop-as-a-service offering, which would allow IT departments to integrate security protections integrated into their virtualized environments from the start.
      Juniper also added antivirus capabilities to its virtual gateway platform, transforming the Web gateway into an integrated unified threat management system.
      Windows administrators around the world were reminded again that there was no need for malware authors to come up with sophisticated malware targeting exotic and unknown server and network vulnerabilities. Not when so many critical servers were protected with ludicrously simple passwords.
      Microsoft warned of a “Morto” worm which attacked Windows servers over the Remote Desktop Protocol. Instead of violating any vulnerability, the worm had a list of about 30 passwords that it systematically tried to break into the Administrator account. If the requests for help on the Windows Help forums were any indication, quite a few of the administrators had laughable passwords such as “letmein” and “pass123.”
      To foil brute-force password attempts, Confident Technologies rolled out a “Kill Switch” to its image-based authentication platform. The KillSwitch would automatically alert administrators if an attacker failed to enter the correct sequence of images or used a “banned” image.
      SQL injection attacks continue to wreak havoc around the world, as unknown attackers exposed developer information from the Nokia forums Website. Nokia shut down the site as it investigated the incident and cleaned up.
      As for data breaches, California has updated its pioneering data breach notification law with stronger provisions. Organizations are now required to file a notice with the state attorney general’s office if a breach affects more than 500 California residents. This will make it harder for organizations to avoid disclosing “small” incidents.
      The new law also outlined the information organizations must include in the breach notification law, including details of the attack, what exactly was stolen and when it happened. California led the way in having a breach notification law, it’s expected other states will follow suit, unless the federal government passes a national breach notification law first.
      Reviving worries about the SSL certificates and the Certificate Authority system that the entire Internet relies on, an Iranian user posted on Google Help forums asking about a fraudulent SSL certificate that his Chrome Web browser detected and blocked. After some investigation, it turned out that a certificate authority in the Netherlands, DigiNotar, had been compromised in July, and fake SSL certificates had been issued.
      While the incident was reminiscent of the Comodo compromise earlier this year, DigiNotar worried security professionals when it admitted it didn’t actually know how many fake certificates had been issued. Google, Microsoft and Mozilla has blocked all DigiNotar certificates outright in their respective Web browsers. This has some serious repercussions on all the businesses in the Netherlands and the Dutch government, who used DigiNotar to sign their certificates for their Websites.
      Considering all the warnings about making sure all the endpoints are running up-to-date security protection software, vendors also rolled out new updates to their security suites. Trend Micro released its Deep Security 8 platform and AVG launched its Internet Security 2012 suite.
      In what’s looking more like a publicity stunt than anything else, rumors are circulating that Apple lost an iPhone 5 prototype in a San Francisco bar. There are reports that Apple never reported the supposed loss to the police, so it’s a mystery as to what actually happened. If true this would be the second time that some klutzy Apple employee lost an iPhone prototype in a Silicon Valley region watering hole. The same thing happened to an iPhone 4 prototype in April 2010.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×