virtualization

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Symantec Warns: Worm Can Target Internet of Things

Symantec, the security software firm, is reporting that its researchers have discovered a new, malicious “worm” that is spreading on the Internet and has been adapted to attack embedded devices running the Linux operating system, including many devices that are part of the Internet of Things. Writing on the Symantec research blog, Kaoru Hayashi, a threat analyst within Symantec’s Security Response organization, said that the company had uncovered the worm, dubbed Linux.Darlloz, spreading between more common PC systems. However, an analysis of the program revealed that its creators were thinking big: engineering the worm to be capable of attacking a “range of small, Internet-enabled devices in addition to traditional computers.” Specifically, Symantec’s team found variants of Darlloz for chip architectures common in devices ranging from home routers and set-top boxes to security cameras. The warnings about an “Internet of Things worm” were hypothetical, however. Hayashi said that no attacks against non-PC […]

Gartner_Magic_Quadrant1

Gartner: Traditional IT Security Dead By End of Decade?

The analyst firm Gartner Inc. prides itself on its ability to identify emerging technology trends and talking up what’s next before it has even happened. The firm’s Hype Cycle maps the familiar path from promising new technology to ‘hot technology buzz word du jour,’ and (maybe) on to useful, less buzzy technology that’s actually being used. More important: the Gartner Magic Quadrant rates  technology companies (and their products) according to a set of criteria that includes how forward-looking (or “visionary”) the company is. Given the sway Gartner’s ratings have in companies’ willingness to invest in products, it’s a foregone conclusion that companies Gartner picks to ‘do well’ end up…umm…doing well. Gartner has an interest in finding the next big thing in every market – but also of preserving as much of the status quo as possible. (All those quadrants generate some serious cash!!) So I was interested to read about […]

Security Start-Up, University Team On Android Patch App

The saga of the application-signing flaw affecting Google’s Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google’s official patch. Duo Security announced the availability of an Android utility dubbed “ReKey” on Tuesday. The tool allows Droid users to patch the so-called “Master Key” vulnerability on Android devices, even in the absence of a security update from Android handset makers (OEMs) and carriers who distribute the phones, according to a post on the Duo Security blog. The tool can be downloaded from the site rekey.io. “ReKey is the latest of our research projects designed to make the Internet a safer place,” said Collin Mulliner, a postdoctoral researcher at NEU SecLab in a joint press release issued by NEU […]