KevLar's Space

my little space on the interwebs

Is LTO Tape On Its Way Out?

storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increasingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum. “If multiple vendors invest in a technology, it has a good chance of winning over the long haul,” writes Newman, a long-time proponent of tape technology. “If multiple vendors have a technology they’re not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/15skwAu

The People Who Are Branding Vulnerabilities

antdude points out a story at ZDNet about how the naming of security vulnerabilities and exploits has evolved into branding and awareness campaigns. Heartbleed set the trend early this year, having a distinct name and logo to represent a serious security problem. It seemed to work; the underlying bug got massive exposure, even in the mainstream media. This raises a new set of issues — should the response to the disclosure of a vulnerability be dependent on how catchy its name is? No, but it probably will be. Heartbleed charmed the public, and in a way, it was designed to do so. By comparison Shellshock, POODLE (aka clumsy “Poodlebleed”), Sandworm, the secretively named Rootpipe, Winshock, and other vulns seem like proverbial “red headed stepchildren” — despite the fact that each of these vulns are critical issues, some are worse than Heartbleed, and all of which needed fast responses. The next “big bug” after Heartbleed was Shellshock — real name CVE-2014-6271. Shellshock didn’t have a company’s pocketbook or marketing team behind it. So, despite the fact that many said Shellshock was worse than Heartbleed (rated high on severity but low on complexity, making it easy for attackers), creating a celebrity out of Shellshock faced an uphill climb.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/15rUL32

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony’s New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline “Hacked By #GOP” which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn’t meet their demands.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1C9rhWk

Big IT Vendors Mostly Mum On Commercial Drone Plans

alphadogg writes: Word that the Federal Aviation Administration might take a very hard line on commercial drone use has those with designs on such activity nervous. But as for big enterprise IT vendors, it’s really hard to tell what they think because they’re keeping any plans in this field very hush-hush. More consumer oriented companies like Amazon, Facebook, and Google are active, but companies like IBM and HP are quiet, while Microsoft affirms it has nothing doing. A former FAA lawyer says sitting on the sidelines even during this unsure regulatory period is probably not a great idea. “I have a hard time believing they don’t have some sort of programs in place,” attorney Mark Dombroff says.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1xVsPAC

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1rkXrnJ

DHS Set To Destroy “Einstein” Surveillance Records

schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called “Einstein” that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn’t collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/15h89qS

Book Review: Bulletproof SSL and TLS

benrothke writes If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn’t wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben’s review.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1rkil6c

LinkedIn Study: US Attracting Fewer Educated, Highly Skilled Migrants

vinces99 writes The U.S. economy has long been powered in part by the nation’s ability to attract the world’s most educated and skilled people to its shores. But a new study of the worldwide migration of professionals to the U.S. shows a sharp drop-off in its proportional share of those workers – raising the question of whether the nation will remain competitive in attracting top talent in an increasingly globalized economy. The study, which used a novel method of tracking people through data from the social media site LinkedIn, is believed to be the first to monitor global migrations of professionals to the U.S., said co-author Emilio Zagheni, a University of Washington assistant professor of sociology and fellow of the UW eScience Institute. Among other things, the study, presented recently in Barcelona, Spain, found that just 13 percent of migrating professionals in the sample group chose the U.S. as a destination in 2012, down from 27 percent in 2000.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1v51wA9

Nuclear Weapons Create Their Own Security Codes With Radiation

Zothecula writes “Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they’re to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory’s (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon’s own radiation to protect itself from tampering.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1zS8LwS

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran’s nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1pcNAo0

Follow

Get every new post delivered to your Inbox.