denial of service attacks

Bluetooth security still a challenge

Mon, 24 Sep 2007 06:59:58 -0400

Bluetooth offers a tremendous opportunity for mobile users, but Ooi Szu-Khiam, senior security consultant at Symantec, says that security is still a big issue. Indeed, research firm InsightExpress revealed that 73 percent of mobile device users are not aware of security issues that could put mobile devices such as cell phones and Bluetooth-equipped notebooks at risk. "There are many other methods that (launch) a variety of denial-of-service attacks, and even some that could allow an attack to eavesdrop on private conversations," Szu-Khiam told Cnet. He also noted that "numerous instances of mobile viruses, worms and Trojan horses" have occurred in the last year. Some of the terms used to describe these security vulnerabilities: bluejacking, bluespamming and bluebugging.

For more information on Bluetooth security:
- see the article in Cnet

Test, test, and test some more

Mon, 02 Apr 2007 20:01:38 -0400

Continuous testing during a project's development is the most important indicator of whether you will deliver a relatively bug-free, quality product. Even post-deployment, periodic testing is important to see if something is about to or has already gone wrong. But even with all of this testing, unexpected failures, like total network collapses or denial-of-service attacks, are not a thing of the past. That's largely because of the complexity of today's corporate environments, where hundreds or thousands of devices are interconnected, each with bugs in their software making them vulnerable and each capable of random hardware faults and glitches. Testing every combination of everything is impossible, but that's no excuse for insufficient testing. Simply employing the standard testing procedures of exercising each function or product in isolation, and then again through the integration process may not be enough. Active testing on the whole system is the only way to prevent the out-of-the-box, seemingly impossible failures that are increasingly frequent.

Read more about the importance of testing:
- read the blog at IT-Director.com

ALSO NOTED: What it takes to be an effective CIO; Personality clashes on the job;

Sun, 04 Mar 2007 19:01:38 -0500

> What it takes to be an effective CIO. Article

> Personality clashes prevent the sharing of information-sharing between departments. Article

> Study: Convergence fears are in decline. Article

> Nearly half of businesses can't quantify the benefits of their outsourcing deals. Article

> Human error to blame for most network availability incidents and security issues. Article

> Combating Denial of Service attacks. Article

> Dirty data costs time and money, study says. Article

> The challenges faced by IT executives. Article

And finally… How technology buyers can get the most value from advisory firms. Column

How bad is the bot invasion?

Thu, 05 Oct 2006 20:01:38 -0400

One thing is sure, bots are taking over more PCs than ever--infecting more networks and gaining ground. But just how deep the infection is for federal government networks is currently the focus of a research effort. Trend Micro, a security vendor, says at least 7,000 government desktops have been compromised by bots that are using the machines for malicious purposes. The infected PCs can then be used for denial of service attacks and spam loads--not to mention that all these computers also allow unauthorized users access to their files. Yet as some federal government agency tech leaders and other experts note, the issue isn't as dire as Trend Micro initially reported.

For more on the federal bot invasion:
- check out this InformationWeek article
- Previous bot attacks thwarted. Article

Where DOS attacks are really coming from

Mon, 11 Sep 2006 20:01:36 -0400

A new study reports that the traditional thinking about denial of service attacks could be a bit skewed. And that means trying to fight DOS attacks could be a futile effort given that the assumed origins and methods are not what was initially believed. Security researchers report that 70 percent of DOS attacks are generated by less than 50 sources, and a relatively tiny number of sources are responsible for nearly 72 percent of total volume. That's a far cry from the belief that DOS attacks are coming from a vast number of sources via fake IP addresses.

For more on the origin of DOS attacks:
- check out this article at Dark Reading

How Cisco protects its own networks

Sun, 13 Aug 2006 20:01:38 -0400

Most of us aren't too concerned about how vendors are dealing with the same security issues hitting today's enterprises, yet since some of those same vendors push out products that feature risk issues now and then, it can be enlightening to learn how they're protecting their own networks and systems. That's the insight provided by Cisco's CSO John Stewart in an interview given this week. As Stewart says, his company has seen a surge in attacks on its networks, with a specific goal of knocking its electronic-commerce service using denial-of-service attacks near the end of each financial quarter. That's just one of the reasons it's got a multi-pronged security program running at full speed these days.

For more on how Cisco is boosting its own network security:
- read the interview at NetworkWorld

Vendors shore up VoIP security

Mon, 31 Jul 2006 20:01:38 -0400

A critical aspect of any Voice over Internet Protocol network is security, and lots of services are coming out to help bolster VoIP systems given the increasing risks and threats the technology poses to organizations' data and systems. Not only are VoIP networks as vulnerable as any other network when it comes to spam, privacy break-ins, denial-of-service attacks and viruses, they compound risks thanks to new hardware and software needed to make them run. The one shiny spot in the whole picture is that vendors are cranking out new security assessment services and security monitoring tools.

Find out more about tools for VoIP security:
- check out this article at Newsfactor

DNS vulnerabilities pose security concerns

Wed, 26 Apr 2006 20:01:39 -0400

Today's DNS servers are at risk, according to U.K. researchers, due to software flaws creating vulnerabilities that can crash the Internet support system or provide hackers access to connected systems. The news come through an advisory from the U.K. National Infrastructure Security Co-ordination Center. While the vulnerabilities are not being termed "high risk," there have been some denial-of-service attacks in which DNS servers were used. Vendors big and small are reviewing whether their products could be impacted by the flaws.

For more on the DNS vulnerability alert:
- read this NetworkWorld article

Web services not as secure as you may think

Sun, 09 Apr 2006 20:01:38 -0400

If you haven't deployed Web services yet, don't feel like you're behind the eight ball. According to some experts, the security issues inherent in Web services and deployments are good enough reason to stay away. As researcher Alex Stamos recently outlined at a conference, several Web services technologies--including AJAX (Asynchronous JavaScript and XML) and the XQuery query language--can be exploited by hackers to conduct denial of service attacks.

For more on Web services and security:
- read this IDG News Service article