Sourcefire Inc. has plugged security holes in its popular Snort intrusion detection tool that could have allowed attackers to get in through the security software itself to run unauthorized code on a victim’s server.
The flaws in Snort’s DCE/RPC preprocessor would have allowed a stack-based buffer overflow, according to an advisory from Sourcefire. The preprocessor is enabled by default.
Sourcefire advised users to fix the flaw by upgrading to Snort version 22.214.171.124 or beta 2 of Snort 2.7.
The full version of this story appeared on TechTarget sister site SearchSecurity.com.
Microsoft released a Vista-compatible version of its SQL Server 2005 database this week, rectifying a critical gap in its own Vista-enabled product line, and eliminating virtualization restrictions on the popular database at the same time.
The rules that come with SQL Server 2005 Service Pack 2 remove any limit on the number of instances of SQL Server that can run in virtual machines as long as the server on which they run has a SQL Server license for each CPU on the machine.
Earlier rules would have required a license for each virtual machine.
The new version does not support the Microsoft Data Engine, the database engine under SQL Server 2000. SQL Server is important to Microsoft customers because it’s widely embedded in applications that require a local database, though it is typically not considered robust enough to scale to the levels of Oracle or IBM’s top databases.
The original version of this story appeared on TechTarget sister site SearchWinIT.com.
Double-Take Software, Inc. has introduced new virtualized-server protection features to its disaster recovery backup-and-replication software. Double-Take for VMware Infrastructure is designed to safeguard work being done on each virtual server by backing up the data running on that server specifically, as well as on data from other virtuals and from the host. With regular backups, Double-Take can recover and reload a single virtual server with all its most recent data if it or its host machine should crash, the company said.
The enhanced replication software cuts costs by eliminating the need for the software to run inside each guest-server operating system. It also shrinks restore times for virtual machines, the company said.
Finding good IT technicians is getting harder, and companies may have to start paying more to get and keep consultants, according to a study of IT salaries by Computer Economics, Inc., a research firm based in Irvine, Calif.
The company’s 2007 IT Salary Report found that half of companies surveyed will increase their IT staff by 5% or more in the next year. Factor in that fewer college students are studying to be IT consultants, and consulting firms could find it harder to fill their payrolls, according to Mark McManus, vice president of IT research at Computer Economics.
But the pinch could actually be good news for managed service providers (MSPs) for two reasons, he said. First, end-user companies that aren’t able to get in-house IT help will have to outsource. Perhaps more importantly, the remote nature of MSPs’ business model will attract the growing number of former consultants who are looking to cut back on travel.
“What we’re really seeing is that the majority of IT workers are really wanting to go with large companies. [They’ll] have a stable environment, and they can work in a location that’s desirable and not do a lot of traveling,” McManus said.
So far, IT salaries have not skyrocketed. After several years of fairly stagnant pay rates, salary increases started accelerating in 2005, according to the report. They have now reached an average of 3.8%, although that is still below the average increase of 4.2% for all professions as reported by the U.S. Bureau of Labor Statistics in 2006, according to the Computer Economics report.
That rate is also before inflation, which the Bureau of Labor Statistics reported at about 3.26% from 2005 to 2006. But McManus said he expects worker shortages in IT will cause a “jump” in salaries this year, sparking a bidding war for companies trying to get the best employees.
“I think in the short run it’ll hurt [MSPs], and in the long run it’ll work out to be more of an advantage” as the MSP model becomes more widely adopted, McManus said.
In other news, researchers warn of a new security hole in Mozilla Firefox that could allow attackers to tamper with cookies.
There’s a story making the rounds today that Microsoft is poised to sign a new technology partnership with Red Hat that could be as sweeping as the one it signed with Novell. There’s only one problem with the report: Red Hat is denying it.[All About Microsoft]
Purchase of RTLinux technology–used for devices like animatronic robots–opens new markets for
Wind River’s embedded Linux efforts. [CNET]
SanDisk looks to cut executive salaries and eliminate 250 jobs. [DailyTech]
SQL Server 2005 SP2, which is required for use with
Vista and Office 2007 is now ready for downloading.[SearchWinIT.com]
Storage continues to be a hot topic among VARs, customers and the tech world in general. One area that’s had the magnifying glass help up to it is continuous data protection (CDP). The debate among experts is: which is better — true CDP or near CDP? True CDP offers a granular level of information management that allows for the storage “tape” to be rolled back to any point in time. This way, if any data is lost, true CDP has already captured it and can restore it. You may know a consumer product with similar capabilities: TiVO. Near CDP is basically taking a snapshot of a database on a predefined schedule — say, every ten minutes.
Still not clear on CDP? Get the low down on everything VARs need to know about CDP with our guide, Delivering continuous data protection services.
If you already use the technology, you should look at this article on the CDP debate by Jo Maitland on SearchStorage.com. That debate may be moot if Mendocino can carry through with the promises that it is making.
One other piece of storage news of note: Open-source storage? This is one story that all storage VARs should be following. The opportunity to provide a storage service in an inexpensive, affective manner is astounding — not to mention that in addition to providing a valuable service, the opportunities for reoccurring revenue make the head spin.
All signs point to the end of life for EMC’s Retrospect backup software for small businesses. Sources say the company cannot support an SMB software channel.
EMC stoops for the midrange, while NetApp stretches for the high end. [eWEEK]
User Account Control: insecure by design? [TheReg]
Multiple vulnerabilities are found in Cisco PIX 500 Series Security Appliances and the Cisco ASA 5500 Series Adaptive Security Appliances. [Cisco]
People actually redeeming vouchers [TheReg]
Google studied the reliability and performance history of a hundred thousand of its SATA and PATA drives with between 80 and 400GB storage and 5400 to 7200rpm, and while unfortunately they didn’t call out specific brands or models that had high failure rates, they did find a few interesting patterns in failing hard drives. [Engadget]
It’s in the nature of the channel beast that VARs, SIs and computer consultants need to know every computer woe that might, could, may, does, does not exist and what could help, or might harm a customer’s business. There always will be a need to refine assessment tools.
This week Microsoft released its Business and Technology Assessment Toolkit free to its partners. According to our site, SearchITChannel.com, partners are giving it the thumbs up. Both Evolve Technologies, Inc, and Computer Consulting Inc credit Microsoft for making their jobs easier. Dave Sobel, president of Evolve Technologies, Inc says it increased his deal close rate increased by 20 percent.
Basically, this tool kit provides a set of questions for the tech-heavy VAR to ask his or her not so tech-savvy clients. This communication tool provides general best-practices assessment recommendations and is not Microsoft centric.
So if you got your free toolkit, but can’t install it, Office Small Businesses 2007 retails at $279 and Office Professional 2007 retails at $329 at CompUSA. Thanks, Microsoft!
On February 6th, Julia Henderson, of SearchSecurityChannel.com fame, told us of a study that revealed some of the weaknesses of site-authentication images. This study was the most damning to banks, such as Bank of America, who have instituted the security method for their online banking sites.
However, an article in today’s Guardian offers a report that paying attention to the secure nature of the log-in page for your bank may be the least of your worries. According to the article, the Royal Bank of Scotland has been struggling with “systematic attempts” by “organized hacking gangs” to compromise the organization’s security via executives working from home.
The hackers, evidently, work under the assumption that systems used outside of the office are less secure than those under the umbrella if corporate IT. Through emails designed to appeal to the specific user targeted and keylogging software, the attackers are able to get into the company’s system through the VPN.
As telecommuting becomes more and more popular, VPN security, including its weaknesses, will become increasingly important to the integrity of corporate networks.