CouchDB, the open source database that is part of the NoSQL movement, is now available on Google’s Android. Palm, a division of Hewlett Packard, has already announced that the next version of its webOS will include services for syncing local data with CouchDB. According to Couch.io executives, applications — web…
Author: admini
First SMS Trojan for Android is in the wild
There have been isolated cases of devices running Android getting infected with spyware since last year, but this is the first occasion that an SMS-spewing Trojan, common in the world of mobile malware, has affected devices running Google’s operating system.
If a user agrees to permit an application to access premium rate service during installation, the smartphone may then be able to make calls and send SMSs without further authorisation.
http://www.theregister.co.uk/2010/08/10/android_sms_trojan/
Windows Azure Gains Single Sign-On Support
Microsoft began charging Windows Azure customers in early February, and by early June claimed to have garnered some 10,000 paying customers. However, so far use of ACS continues to be free because it’s available via Microsoft’s AppFabric Labs environment in a manner similar to a community technology preview or CTP.
http://itmanagement.earthweb.com/features/article.php/3897451/Windows-Azure-Gains-Single-Sign-On-Support.htm
It’s time to be proactive on cybersecurity
Traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report’s authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement.
“As we look at the evolution of risky domains and websites over multiple years, we can’t avoid the conclusion that the risk keeps increasing in both volume and sophistication,” said David Marcus, director of security research and communications for McAfee Labs.
Use hacker techniques: Data loss is accelerating at an alarming rate, as there were 222 million records lost in 2009 in the United States alone.
Provide data to help prosecute cybercriminals: A major component for combating spam lies in the hands of ICANN (the Internet Corporation for Assigned Names and Numbers), as it accredits the registrants that sell the domains which cybercriminals use to host malicious sites.
An offensive security practice should involve the entire security industry while incorporating methods that have proven successful. This includes educating those fighting cybercrime “on the streets” to have the latest in malware techniques, bringing tools to the mass population to help identify risky behavior, pointing users to the right contacts to report crimes, and helping to build education and awareness at the kindergarten level through higher education.
http://www.net-security.org/secworld.php?id=9713&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
Cloud might let users bypass IT — for a while
The generic name for what the IT department will need to be really good at is “IT service management.” Though this philosophy has been around for decades, even when IT designed, built and ran virtually all the systems its end users needed, it’s going to take on far more importance in the age of cloud-style outsourcing.
Randy Steinberg, a national specialist leader at Deloitte Consulting and expert in IT service management, observes that many organizations are starting to realize that cloud computing will change the skills they need in their internal IT department. “You can see evidence of this in the industry already — some of the fastest growing jobs are in IT Service Management, sourcing experts, service definition skills and procurement.
Another source for my story, Rob England, a consultant who writes a blog about IT service management called the IT Skeptic, also noted how the interface between an internal IT department and the rest of the organization will change as cloud takes off. “One aspect that doesn’t get enough attention is that service desk becomes more important not less,” England said.
“Carr’s “IT Doesn’t Matter” is coming true – the cloud will help break down the isolation of IT as a cultish specialty and place Information as just another department.”
We know from our reporting at FCW and Government Computer News that ITIL is quite popular around government. Even though one can see plenty of anecdotal evidence of ITIL uptake, it turns out that good research about ITIL adoption rates and return on investment are hard to come by. The IT service management vendor Hornbill has a recent user survey about ITIL use that has some interesting data about the areas of ITIL that current adopters are most interested in.
http://fcw.com/blogs/tech-briefing/2010/08/itil-and-cloud.aspx
Assess Security of Cloud Computing Apps
Cloud solutions offer “revolutionary potential” for small and mid-size businesses, says Mark White, chief technology officer for Deloitte Consulting LPP’s Technology practice. “The cloud is a real boon to small business.”
The cloud can be a disruptive force that can help small businesses punch bigger than their size,” says Charles Babcock, author of Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can’t Afford to Be Left Behind (McGraw-Hill, 2010).
Understanding how your employees are deploying cloud computing and establishing some sense of control are critical to managing security risks, say experts. It’s not just a matter of cataloging cloud services embraced by your IT department or at an enterprise level, cautions Babcock. Just because you haven’t embraced cloud computing doesn’t mean your employees aren’t working in the cloud.
White often has conversations with CIOs who tell him their organizations don’t use cloud computing, only to find the company’s employees are doing so. “For employees, some enterprise issues of standardization, information privacy and security may not be at the top of their list,” White says. Be aware that employees might be reluctant to reveal what they’re doing in the cloud if they know they’re violating company policy or taking risks.
In the Ponemon survey, 68 percent of IT professionals thought cloud computing is too risky for financial information and intellectual property. “It’s not a very good defense for the CIO to stand up in court and say, ‘I had no idea where the data was.'” * Vet cloud service providers. “If you don’t feel that way with the cloud vendor you’re talking to, you probably need to go back to the drawing board and find someone you can trust.”
Although cloud computing might pose something of a “security minefield” right now, businesses have little choice but to catch up with the technologies their employees are embracing, says Ponemon.
http://technology.inc.com/security/articles/201008/cloud.html