Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

The NY Times broke IBM’s embargo this morning by publishing their story on IBM’s new cloud computing initiatives.  I’ve posted the full release here on CloudBzz. The diagram below gives a bit of insight into where IBM is today and where they are heading. IBM is also updating their collateral with a bit more detail.  Here is a fact sheet for their Smart Business initiative: Fact sheet: IBM Smart Business Smart Business is IBM’s commonly branded set of cloud computing offerings for business. This set of offerings gives clients three choices to deliver and consume cloud services to drive efficiency, productivity and control. Smart Business Services – cloud services delivered: 1: Private cloud services, behind your firewall, built by IBM. 2: Standardized services on the IBM cloud Smart Business Systems – purpose-built infrastructure 3. IBM CloudBurst: Pre-integrated har... (more)

Tungle Goes a Long Way Toward Reducing the Pain of Scheduling Meetings

Image byTungle via CrunchBase One of the biggest drains on time, effort and motivation in this business is the hell of arranging physical and virtual meetings with clients, prospects and podcast interviewees. Few of those people are in my timezone, we have no shared Exchange or Lotus Notes to endure rely upon, and I have absolutely no control over the calendaring solution that they choose to use in managing their own time. For all I know or care, half of them might still retain secretaries with quill pens to keep their paper diaries. Over the years, I have tried a lot of tools with varying capabilities. Some were full-featured overkill that attempted to assert far too much control over my workflow. Worse, some of them tried to control the workflow of my invitees — people with whom I might only interact a couple of times — and that was completely unacceptable. At the... (more)

Comodo System-Cleaner Free Utility Optimized for Windows 7

Jersey City, NJ, August 27, 2009 - New for Windows 7 users: Comodo System-Cleaner has now been optimized for the popular Windows 7 operating system. In addition to cleaning PC registries, the software improves Windows performance by deleting unnecessary data and registry files. This free product is also effective for improving performance for PCs running Windows XP and Windows Vista. PC users may download Comodo System-Cleaner 2.0.1 either to portable devices or direct to their PCs. One Comodo System-Cleaner feature, Autoruns Manager, can be compared to the Microsoft System Configuration Utility, but with enhanced options. With the latest release of Comodo System-Cleaner, PC users also receive A registry cleaner that identifies, removes or repairs any unnecessary or corrupted entries A disk cleaner that removes all the junk data from the disk drive, freeing up space a... (more)

Windows Azure for Noobs

Azure Track at Cloud Expo Ok, so I admit I’ve been busy on projects and of course I’ve been focusing a ton on SharePoint 2010. In the meantime, I hadn’t been paying much attention to what’s been developing with cloud computing and more specifically in this case Windows Azure.  I was, in fact, a noob. :-) This week I had the opportunity to attend a Windows Azure Boot Camp, so that now makes me an expert. At least that is what my boss will claim. :-) So this post today is for those of you who haven’t been keeping up and want to know about some of the basics.  It’s not to teach you the ins and outs of developing with Windows Azure.  Although, getting started isn’t too difficult and the boot camp site has all the materials you need to get you started quickly. If you’re not familiar yet, Windows Azure is part of Microsoft’s cloud computing platform.  Specifically, it i... (more)

Zero-Day Apache Exploit? Zero-Problem

A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it. It’s called “Apache Killer” and it’s yet another example of exploiting not a vulnerability, but a protocol’s behavior. UPDATE (8/26/2011) We're hearing that other Range-* HTTP headers are also vulnerable. Take care to secure against these potential attack vectors as well! In this case, the target is Apache and the “vulnerability” is in the way multiple ranges are handled by the Apache HTTPD server. The RANGE HTTP header is used to request one or more sub-ranges of the response, instead of the entire response entity. Ranges are sometimes used by thin clients (an example given was an eReader) that are memory constrained and may want to display just portions of the web page.  Generally speaking, multiple byte rang... (more)

Persistent Threat Management

Examples of devops focuses a lot on provisioning and deployment configuration. Rarely mentioned is security, even though there is likely no better example of why devops is something you should be doing. That’s because aside from challenges rising from the virtual machine explosion inside the data center, there’s no other issue that better exemplifies the inability of operations to scale manually to meet demand than web application security. Attacks today are persistent and scalable thanks to rise of botnets, push-button mass attacks, and automation. Security operations, however, continues to be hampered by manual response processes that simply do not scale fast enough to deal with these persistent threats. Tools that promise to close the operational gap between discovery and mitigation for the most part continue to rely upon manual configuration and deployment. Be... (more)

Juniper Delivers Cloud-Based Global Attacker Intelligence Service

"Next-generation security must be built on automated and actionable intelligence that can be quickly shared to meet the demands of modern and evolving networks," said Nawaf Bitar, senior vice president and general manager, Security Business Unit, Juniper Networks, as Juniper today unveiled its next-generation security products for protecting data center environments, fortified by the Junos Spotlight Secure a global attacker intelligence service "This is only possible if you are able to collect definitive information about attackers," Bitar continued. "Junos Spotlight Secure provides the platform to deliver advanced intelligence with device-level attacker tracking. This integrated approach improves security intelligence, provides collective defense against attackers and delivers true defense in-depth for the data center," he added. Spotlight Secure, said Bitar, will ... (more)

Network Design in a Virtual World

We get quite caught up in high level architectures at times. It is good to read some posts that focus on design and implementation and the practicality of taking higher level architectures to reality. Two of Ivan’s posts caught my eye this week. In the first, he discusses the difference in how application and network folks look at the deployment of tiered applications and what that means for the security between them. In the second, he asks a question that our entire industry has under delivered on for more than a decade: why can’t we have plug-n-play networking? They may appear as wildly different topics, but in my mind they are more than related. Applications and operations must drive network design and implementation. In creating a data center design it is important to carefully design how L2 and L3 are layered on top of the physical network. L2 and L3 provide ... (more)

Apeon Web - How Does It Work

Appeon WebHow Does It Work?     I was just putting together some information and slides for a presentation to my fellow coworkers on the high-level technical architecture that Appeon Web uses to webify any PowerBuilder Classic based application including ones built using the PowerBuilder Foundation Classes (PFC)!    The main interesting aspects that I am always amazed at with the Appeon Web product are things like: removes the PBVM dependency, builds re-entrant & multi-threaded code, converts your 2 tier application into a 4-tier model, builds full 32 or 64 bit compliant code, includes its own Data Access Layer (DAL), supports all the popular DBMS systems (now including mySQL & HANNA), supports all the popular application servers, can deploy your PB application using either a J2EE or .Net architecture, provides its own security mechanism or allows you to integrate wit... (more)

Cyber Security Industry Alliance Issues Findings from Summit on Sarbanes-Oxley and IT Security

ARLINGTON, Va., Aug. 15 /PRNewswire/ -- Cyber Security Industry Alliance (CSIA), the only public policy and advocacy group dedicated exclusively to cyber security, today released a report that summarizes key findings and conclusions from a conference held to discuss the adequacy of guidance given on IT security in Sarbanes-Oxley. Today's announcement follows a Sarbanes- Oxley compliance initiative that began in 2004 with a CSIA report outlining the implications of Section 404 for information security. Attendees at IT Security and Sarbanes-Oxley Compliance: A Roundtable Dialogue of Lessons Learned, addressed whether the statutory and administrative materials governing Section 404 provide enough guidance on IT security to enable management and auditors to carry out their compliance obligations. "The conference proceedings and subsequent announcements from the Securities... (more)

BlazeMeter Anticipates Traffic Torrent by Releasing Five Advanced Load Testing Features

NEW YORK, NY -- (Marketwire) -- 11/27/12 -- BlazeMeter, provider of the Apache JMeter™ based load testing platform, today released five new features to their already rich load testing cloud. The suite of new features further simplifies load testing just in time for the expected rush of traffic over the holiday season. BlazeMeter's New Load Testing Features - Google Analytics Integration *Exclusive* Retrieve relevant site data from your Google Analytics account and integrate automatically into a new test setup. - Comprehensive Protocol Support Stress test your SQL systems (MSSQL, MySQL, Oracle), HTTP/S, Web services, Mobile and TCP/IP. - Test Behind the Firewall Use your VPN credentials to integrate a series of our dedicated load servers into your private network. - Smart Functional Testing Analysis of .JTL files to assess errors or failed transactions of any tests ru... (more)