Men arrested in Stop & Shop data theftsFour California men were arrested in what police said was a scheme to switch checkout-lane credit card readers at Stop & Shop supermarkets as a way to steal customers’ numbers and passwords. [Redmond]
PCI DSS auditors see lessons in TJX data breachFollowing the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX’s mistakes. [SearchSecurity.com]
Multiple Vulnerabilities in 802.1X SupplicantThe Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. A lightweight version of the CSSC client is also a component of the Cisco Trust Agent (CTA) within the Cisco Network Admission Control (NAC) Framework solution. [Cisco]
Warezov worm fiends target Skype Dial M for Malware. [TheReg]
It’s no secret that small and midsized businesses (SMBs) are a hot topic these days. Companies like SAP and Oracle are giving SMBs more attention, and analysts predict this trend will continue in 2007.
But it’s also no secret that “SMB,” like so many TLAs and buzzwords, is incredibly broad. The first question to ask anyone who talks about SMBs is what they consider to be the definition of a small company, and what constitutes midsized.
Well, wonder no longer. TechTarget sister site SearchSMB.com has put together a list of how various vendors and analysts define SMBs.
And they’re even nice enough to provide a list of other potential meanings of the abbreviation, so you’ll know when talking to SAP execs that they’re probably not talking about a Server Message Block, or the Society for Mathematical Biology, or — no matter how much having one might help — a Screaming Mechanical Brain. Just feel lucky they’re not talking about Super Mario Brothers or the Steve Miller Band. Even retro cool can’t survive being that retro.
The newest kid on the Linux block got a bit of a kick in the shin earlier this week with the announcement that IBM does not plan to support Oracle Unbreakable Linux. The announcement means that users who have problems running IBM software on Oracle’s Linux distribution will have to go to Oracle, not IBM, to get things working.
Unbreakable Linux is a clone of Red Hat Enterprise Linux, which IBM does support. The decision not to support Unbreakable Linux is due to lack of demand, according to Lisa Lanspery, spokesperson for IBM, as reported by SearchOpenSource.com news writer Jack Loftus.
IBM also supports Novell’s SUSE Linux; it and Red Hat comprise about 90% of the enterprise Linux market together, Lanspery said. If that changes in the future and more customers demand support for Unbreakable Linux, she said, IBM may offer it.
The news from IBM falls in line with earlier sentiments from systems integrators (SIs) and analysts that the battle for Linux dominance doesn’t matter too much to them. Although Novell, Red Hat and now Oracle are all vying to be the leaders in enterprise Linux, SIs can for the most part adapt to what their customers want, and ISVs are safe sticking to the most one or two popular distributions.
Wireless security: IT pros warily watching mobile phone threatsSecurity experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them.
Security, compliance, and disaster recovery top the list of remote office and branch office (ROBO) IT priorities, according to a new study by Enterprise Strategy Group. Improving application performance and accessibility for ROBO users were next in line in terms of importance. [Tekrati]
The company’s antipiracy software adds a “yellow state” for times when it just can’t tell if software is genuine. [CNET]
Vendors in the XML application–acceleration market seem to be applauding Cisco Systems Inc.’s acquisition of Reactivity Inc., this week, if only because it validates a broad-based need for appliances that can make complex Web-services based applications run efficiently.
Both analysts and vendors say application-acceleration is one of the hottest part of the networking market right now, as end-user companies try to simplify and accelerate their networks, even as they re-design applications to use those networks more heavily.
Vendors of services-oriented application (SOA) application development and management products say Cisco’s interest proves the need for speed, but also for security, as XML-based attacks increase.
To secure SOA applications, security vendors have to be able to deconstructe SOAP and other Web services protocols and work quickly and securely with the XML itself.
The full version of this story appeared on TechTarget sister site SearchWebServices.com.
The Trojan usually arrives in e-mail, then installs itself as a rootkit, using operating-system functions to capture Web traffic. It detects when a user appears to be posting a comment to a blog, then inserts a linethat asks readers to look at “a fun video.” Clicking on the link takes a victim to a malware site where keyloggers or remote-control software can be dropped on the machine.
The variant is hard to isolate, partly because it changes its form every time it’s downloaded.
Secure Computing recommends looking at videos only on known sites, such as YouTube, instead of following links, even from postings that appear to be from a known source.
The full version of this story appeared on TechTarget sister site SearchSecurity.com.
Who says Linux has to stay in the server room? It may not be on every desktop yet, but the operating system — and open source generally — is coming ever closer to being a household name.
Ideastorm is Dell’s Digg-like suggestion box, where users can submit their ideas and vote on them. The top-five ideas as of the writing of this blog: pre-installed Linux; pre-installed OpenOffice; a bare-bones Windows installation; a Linux laptop; and an option to just buy the computer raw, without any system pre-installed.
Microsoft may be pouring oil on the fire if Vista’s anti-piracy policies end up driving desktop users to Linux, but it probably has a bit of time. Windows is still the main operating system at companies around the world, and Linux applications may still need work before they’re ready to go mainstream.
The U.S. Patent and Trademark Office, has issued a patent to Incipient, Inc., for its split-path architecture that performs block level storage virtualization – a core function within its Incipient Network Storage Platform (iNSP). The iNSP software suite is embedded in SAN switches and helps deliver network data mobility, network volume management and network copy services. Since October 2005, the Waltham, Mass. company has won five patents each covering key storage virtualization technologies that the company has developed.
Educate your daughters, wives, nieces and moms. I don’t want any of the women in your life getting up in front of a glamorous Oscar audience, like Little Miss Sunshine’s Abigail Breslin, to make women look tech-clueless. On Sunday, Breslin admitted that she didn’t know what her father, a computer systems analyst, did for a living. The Academy should be ashamed for writing a script like that just for a laugh. Contributors at my new favorite girl technology blog, She’s Such a Geek, agree.
Women in the technology field — as resellers, consultants, programmers, or IT personnel — are no longer a novelty. Though the field is still male-dominated, there are promising stories of women bucking stereotypes all over the news, and popular culture needs to catch up with that reality. But with this education comes responsibility.
The fact is that women are busting onto the hacking scene against all odds. Hacker Raven Alder started a movement in 2004 (whether she admits that her gender is an issue or not), and just this month, two girls from Ohio hacked into their school’s computer system to post a message that school was cancelled due to snow.
As political theorist Hannah Arendt said, “Do not do what you would undo if caught.” Criminal hackers should take this to heart. But if they don’t, make sure you’re prepared to deal with hackers of all genders, races, and ages at SearchSecurityChannel.com’s hacking tools and techniques topic center.
Though it’s hardly the most objective survey sponsor in the world, security software vendor nCircle Network Security Inc. has published results of a recent survey of 83 IT security professionals showing that nearly two-thirds or 66% said they believe their own personal data is less secure than 24 months ago. The survey was conducted by nCircle, a provider of agentless security risk and compliance management solutions. nCircle’s CEO, Abe Kleinfeld, said the results point to a “real and present danger to online data that IT security professionals see everyday.”