- +
Adobe launches hosted services, adds Flash to Acrobat 03 June, 2008 09:02:44
Adobe to launch Web site offering users free hosted services for document creation, sharing and storageAdobe this week is set to unveil the next version of its Adobe Acrobat software, which adds support for the company's Flash multimedia technology. The company also plans to launch a new Web site offering users free hosted services for document creation, sharing and storage.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Why Security SaaS Makes Sense Today
Dude! You Say I Need an Application-Layer Firewall?!
How to Beef Up Your Sales Pipeline
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Understanding Email Marketing: A Guide for SMBs
A Guide to Next-Generation Backup, Recovery and Archive
Strategies for Eliminating .PST Files
Taking On Demand CRM Integration to the Next Level
Newsletter Subscription
Targeted Office attacks
Unlike the most dangerous of the IE-targeted zero-day threats, those directed against Word and other Office apps can't employ drive-by downloads. Instead, they typically rely on getting a victim to double-click an e-mail attachment--and when they are paired with orchestrated attacks against particular companies, even wary users can accidentally click.
By sending the employees of a targeted firm a faked (or "spoofed") e-mail message that appears to come from a coworker or other source within the company, a malicious hacker has a much better chance of persuading recipients to open an attached Word document than if the message appeared to come from a random sender.
In mid-December, Microsoft confirmed that Word contained two such vulnerabilities that crackers exploited to launch "very limited and targeted attacks," following manipulation of a string of similar flaws in Excel and PowerPoint. The company now warns users to be wary not only of e-mail attachments in messages from unknown senders, but also of unsolicited attachments from known senders.
Microsoft products may be the most popular zero-day targets, but other common software has provided equally dangerous avenues of attack. In January a researcher announced discovery of a flaw in QuickTime's handling of streaming video that would have allowed an attacker to effectively commandeer a victim's computer. In late November 2006 a zero-day vulnerability in the Adobe ActiveX browser control introduced a similar risk.
The rise in zero-day incidents mirrors a major increase in the annual number of reported software vulnerabilities. In 2006 software makers and researchers catalogued some 7247 vulnerabilities; that's 39 percent more than in 2005, according to Internet Security Systems Xforce.
Most of these bugs don't lead to a zero-day exploit, however. Software companies often receive reports of bugs and crashes from their users, leading to discovery of security holes, which the companies then patch before any attacker can exploit them. When outside security researchers discover a flaw, they (for the most part, anyway) adhere to a set of practices, known as "ethical disclosure," specifically designed to avoid zero-day attacks.
Under ethical disclosure, researchers first contact the software vendor confidentially to report their findings. The company doesn't announce the problem until it has a patch ready, at which time it publicly credits the original researchers with having uncovered the flaw.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Corporate security and the climate crisis 03 October, 2008 11:21:00
How to adapt security and risk management policies - including IT security - to deal with climate change.US military strategists, CIA analysts, international agency officials and Nobel Prize winning economists concur with the consensus of the world's scientific community: the Climate Crisis is a planetary security issue, as well as a national security issue for each of the one hundred ninety two countries that belong to the United Nations. But the Climate Crisis is also, by extension, a corporate security issue, as well as, yes, a cyber security issue. - +
Companies own up to virtual security blind spot 02 October, 2008 11:05:00
VMWorld attendees reveal vast majority of companies have little or no security in place for their virtual systems.The vast majority of companies have little or no security in place for their virtual systems. That is a scary statistic revealed in a survey of attendees at the recent VMWorld 2008 conference in Las Vegas. - +
How to minimize the impact of a data breach 01 October, 2008 08:54:00
ID Experts' Rick Kam describes a customer-centric action planThirty-one percent of customers--nearly one-third of a company's client base and revenue source--are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute. - +
Five mistakes security pros would make again 30 September, 2008 10:18:00
Whether it's getting fired for standing up for what's right or making a network configuration mistake that leads to better security, there are some mistakes worth making. Five security pros offer personal examples.Ten years ago, Michael Riva was network administrator for a top-five American consultancy. Employees were downloading graphic pictures and videos onto the network. Riva told his boss a proxy server with content filtering might be in order; his boss laughed and suggested they put in a bigger file server instead. - +
What does the financial meltdown mean for security? 29 September, 2008 10:25:00
Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of securityAt first, this was going to be a column about the PR machine's hyperbolic efforts to connect the state of IT and security with the current financial crisis. Indeed, some have shamelessly sent me story pitches that try to get some bang out of the Wall Street meltdown.
Multimedia Technology & EVERKI sign exclusive distribution agreement. 06 October, 2008 14:34:00
ONCE A YEAR OPPORTUNITY TO SPEAK TO THE VENDORS! 06 October, 2008 13:48:00
New IBM Cognos Analytic Application Enables Quick, Actionable Insights Into Financial Performance 03 October, 2008 14:41:00
Verizon Business Data-Breach Report Examines Industry-Specific Challenges 03 October, 2008 12:24:00
IBM Launches Cognos 8 v4 - New Business-Driven Performance Management Software 02 October, 2008 12:02:00
|
||
|
||
|
|
||
|
Radicati Market Quadrant 2008 on Corporate Web Security
An Analysis of the Market for Corporate Web Security Solutions, revealing Top Players, Mature Players, Specialists and Trail Blazers. Read on to discover who makes the grade.
Subscribe to CIO
