Cybersecurity buzz could be a bubble

Is the current interest in cybersecurity only a passing fad, a bubble that, like the housing market, will burst?

Some experts think so. In a Washington Post article, Roger Novak, co-founder of a venture capital firm called Novak Biddle Venture Partners, said the proliferation of small and start-up companies seeking funding for cybersecurity products and services bears similarities to the dot-com bubble of the late 1990s and early 2000s.

“A lot of the early people made significant money, but there were a lot of 'me too' companies,” he said in the Post article. “So a lot of people in the investment community probably absorbed losses in the space and began to move on.”

Details Here

first published week of:   05/10/2010

Dark side arises for phone apps

As smartphones and the applications that run on them take off, businesses and consumers are beginning to confront a budding dark side of the wireless Web. Online stores run by Apple Inc., Google Inc. and others now offer more than 250,000 applications such as games and financial tools. The apps have been a key selling point for devices like Apple’s iPhone. But concerns are growing among security researchers and government officials that efforts to keep out malicious software are not keeping up with the apps craze. In one incident, Google pulled dozens of unauthorized mobile-banking apps from its Android Market in December. The apps, priced at $1.50, were made by a developer named “09Droid” and claimed to offer access to accounts at many of the world’s banks. Google said it pulled the apps because they violated its trademark policy. The apps were more useless than malicious, but could have been updated to capture customers’ banking credentials, said the chief executive of Lookout, a mobile security provider. “It is becoming easier for the bad guys to use the app stores,” he said.

Details Here

first published week of:   06/07/2010

Data breaches often caused by configuration errors

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Verizon said it found that a surprising and “even shocking” trend is continuing: There are fewer attacks that focus on software vulnerabilities than attacks that focus on configuration weaknesses or sloppy coding of an application. In 2009, there was not a “single confirmed intrusion that exploited a patchable vulnerability,” the report said. The finding has caused Verizon to question whether patching regimes - while important - need to be done more efficiently given the trend in how attacks are occurring. In other findings, some 97 percent of the malicious software found to have stolen data in 2009 was customized in some way.

Details Here

first published week of:   08/02/2010

DDoS attacks, network hacks rampant in oil and gas industry

Massive denial-of-service (DoS) attacks and “stealthy infiltration” of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom, according to a new survey. Extortion schemes related to distributed DoS attacks are also rampant, especially in some parts of the world, according to the survey. The report, titled “In the Crossfire - Critical Infrastructure in the Age of Cyber-War,” was prepared by the Washington, D.C. policy think tank Center for Strategic and International Studies (CSIS). CSIS asked 600 IT and security professionals across seven industry sectors in 14 countries about their practices, attitudes about security, and the security measures they employ. A little more than half of the respondents (54 percent) said they had experienced “largescale denial of service attacks by high-level adversary like organized crime, terrorists or nation-state (for example, like in Estonia and Georgia).” The same proportion, according to the report, also said their networks had been subject to “stealthy infiltration,” such as by a spy ring using targeted malware attacks to allow hackers “to infiltrate, control and download large amounts of data from computer networks belonging to non-profits, government departments and international organizations in dozens of countries.” The oil and gas sector faces the highest rates of victimization, according to the CSIS survey. Overall, 71 percent of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54 percent of respondents in other sectors. The CSIS survey also found distributed DoS attacks were “particularly severe” in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA.

Details Here

first published week of:   02/01/2010

Did Amazon Just Move Supercomputing to the Cloud?

Perhaps it was inevitable: the cloud is already parsing enormous quantities of information at a high speed for the world’s webmasters; why not diversify its processor types and apply that power to problems that previously required in-house supercomputing resources?

That’s the pitch behind Amazon’s new GPU-powered Elastic Compute Cloud (EC2) on-demand computing resources, powered by NVIDIA’s Tesla GPUs. Amazon’s on-demand computing resources have long been used for processing chunks of data too large for in-house resources--famously, the New York Times used EC2 to parse 405,000 giant TIFF files in order to make 71 years of its archives available to the public.

Making GPU-based servers that can accomplish the same thing is a logical extension of Amazon’s existing CPU-based server technology. Amazon has also taken extra steps to make sure that these servers are well-suited to high performance computing applications, including 10 Gbps Ethernet interconnects “with the ability to create low latency, full bisection bandwidth HPC clusters.”

What’s especially interesting about this development is that outside of graphics-intensive operations and the odd password crack, for which GPUs are naturally suited, most high performance software has yet to be translated so that it can run on GPU servers. Amazon--not to mention IBM and the other vendors creating the servers that power Amazon’s new offering--are therefore placing a bet on the general utility of GPU servers and the continued migration of software to these platforms.

Details Here

first published week of:   12/06/2010

e-paper may send e-ink running for its e-mommy

A new type of electronic paper display has leaped several bounds ahead of its e-ink brethren. In a paper published in Applied Physics Letters, the company Gamma Dynamics describes a new type of “e-paper” that can update the display at a video-level refresh rate and sustain a significantly brighter image than most e-ink displays—all without using any power.

E-ink displays have been commonplace in e-readers, like the Kindle, for a few years now. They have some drawbacks—a painfully slow refresh rate, for instance—that some manufacturers are looking to solve. Gamma Dynamics has created a new setup that displays static images without using power, just like e-ink. Their “e-paper” screen design sandwiches a network of flat electrodes between a layer of oil on top and pigment underneath.

Under an applied voltage, the pigment will flow up to the top surface, and the oil below, creating a pigmented area where there wasn’t one before. Likewise, a different voltage will send the oil flowing to the top and make the pigment recede, turning it blank again.

Details Here

first published week of:   10/11/2010

Volume 31

-->