Posts by happygeek

Research published today by data governance software developer Varonis reveals that, when it comes to the virtualized environment, security awareness appears to be something of a black hole.

The study found that data security in these virtualized environments can all too often be totally neglected, and some 48% of IT organisations reported or suspected there had been unauthorised access to files kept on virtual servers. The findings suggest that when it comes to awareness of security matters regarding virtualized servers and the data stored upon them, the harsh truth of the matter is that there is very little. Indeed, the survey found that 70% of those questioned had 'little or no' auditing in place for example.

When you consider that Gartner reckons there are now in excess of 50 million Virtual Machines installed on servers, it should come as no surprise to discover that 87% of respondents to the Varonis study said their application servers were already virtualized. The reasons for this virtualization being mainly a combination of deployment speed (76%) and disaster recovery potential (74%). Yet file security appears to be neglected almost across the board.

Sure, nearly 60% did claim to be "very careful about setting permissions and controlling subsequent updates" there's no escaping from the fact that 70% had implemented little or no auditing regardless of the company size. A statistic made all the more surprising by the revelation that in enterprises of more than 5,000 employees some 20% admitted …

According to new independent research commissioned by Corero Network Security, and conducted by the Ponemon Institute, two thirds of banks in the United States have suffered a Distributed Denial of Service (DDoS) attack during the last 12 months. The 64% statistic refers to the number of IT and IT security practitioners who reported that the banks at which they work were subject to at least one DDoS attack during 2012.

The research questioned 650 IT and IT security professionals working at a total of 351 banks, including some of the biggest in the world, and the sadly not at all surprising conclusion was that these DDoS attacks will continue, or 'significantly increase' during 2013 according to 78% of them.

With 48% of the banks concerned having been targeted multiple times during the course of 2012, the IT security professionals also admitted that Zero-Day attacks targeting previously unknown vulnerabilities were also hitting banks hard. Insufficiently experienced staff, along with ineffective security technology such as traditional firewalls (deployed by 35% of banks), were cited as the main barriers preventing the banks from being able to deal with these attacks more efficiently in 50% of cases. A lack of funding for security was the third most cited cause for concern.

"It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on …

Yes there is a way, but we don't use it as old 'dead' threads may still have relevant life breathed into them at a future date.

Yep, got it, deleted it, warned him...

Google's seemingly always changing indexing algorithm continues to hit site rankings as the search giant continues to drive a new generation of SEO relying upon original and relevant content generation and sharing above all else. Now a panel of SEO experts in the UK has warned that companies need to avoid putting all their SEO eggs into the one Google basket and instead embrace SEO strategic evolution in order to maintain and grow traffic.

At a round-table discussion, hosted by cloud provider UKFast, Sam Allcock, CEO of Custard Media, stated that the key to successful audience growth was traffic stream diversification rather than a reliance upon Google-led SEO strategies. "Businesses must investigate every alternative method of traffic, including Facebook and Twitter. It just so happens now the easiest way to attract traffic is through Google but will this be the case in five years?” Allcock said.

Naturally, much of the discussion revolved around the rise of social media and how this has ensured that link-building is no longer enough. "With the advent of social media it’s no longer about focusing on the link but on the traffic stream the content can give you" Christian Hill, director of strategy at digital agency Project Simply insisted, adding "It’s now about building the value of the business”.

UKFast MD Jonathan Bowers stated that his company has spent a lot of time assessing the role that hosting and page load speed plays in Google’s search ranking, but admitted that …

@misi: why so? Nothing obviously spammy about that intro.

@Herry111: welcome to DaniWeb!

...and nobody wants a stained position.

Is it a bug that the code all vanished (without warning) when I changed the article type from a snippet to a tutorial, or is that intentional?

Erk! Bug alert.

Sorry about that Rev, what a bummer :(

Welcome old timer. I have a feeling you will fit right in here at DaniWeb :)

Interesting comments from security outfit Rapid7's CSO and chief architect of Metasploit, HD Moore:

The Java applet security model has not kept up with up with browser-based threats. In an era where sandboxing at the process level has become the norm (Adobe Reader, Flash on Chrome, Chrome itself, Internet Explorer low-privacy mode), Java continues to enforce all security at the interpreter level.

Notwithstanding sandbox escapes, the capabilities available to a Java applet still exceed what comparable plugin technologies allow. Java has a ridiculous amount of functionality and has to contend with backwards compatibility issues to boot. The recent vulnerability involving the JMXBeanServer class is a great example of a Java applet being able to access a class it really has no business using in the first place.

And, as if by magic, it's now a tutorial...

Welcome back herge, glad we got it all sorted in the end for a successful return :)

If she was a photographer needing kit for portraits etc, then I would imagine she would have a good idea as to what the best equipment to purchase for her needs would be.

Impossible to answer the 'what product should I buy' question, as with all things, until you answer the 'what do you want to use it for' one. And saying 'take photos' isn't good enough to get a good enoguh response :)

Last week saw the discovery of YAJE: Yet Another Java Exploit. Sadly, Java vulnerabilities are neither new nor uncommon and the bad guys are quick to exploit them in the wild. Some claim that Oracle is in too much of a rush to extricate itself from this unholy mess and while being quick to patch whatever vulnerability is currently making the media headlines is still leaving far too many insecurities in the software unfixed. But does that mean it's time to give up on Java?

AlienVault's Head of Labs, Jaime Blasco, reproduced the latest exploit in a previously fully patched Java installation and found that the exploit was probably "bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681". In fact, according to Blasco, the exploit is the "same as the zero day vulnerabilities we have been seeing in the past year in IE, Java and Flash".

Most vendors, AlienVault included, were advising that prior to the Oracle patch the only sensible option to protect against the threat was to disable Java. Simple as. But is it really that simple, and should we be writing off software such as Java (or indeed Flash and Internet Explorer) as being 'too vulnerable' and 'too insecure' and therefore not fit for purpose?

Let's look at the facts for a moment: Oracle released a patch for this latest vulnerability within a few days of exploits being seen in the wild. That …

Patience? I thought that was a card game...

Welcome to the community!

use for medieval armour displays

That's one of the more unusual uses for a laptop. You've got to expand further on that now you have piqued our interest!

Welcome :)

Welcome :)

According to IT security outfit Kaspersky, which has just published details of the information security landscape as it was shaped during 2012, 99% of all mobile malware threats now target Android devices.

With 6300 new mobile malware samples discovered every month on average across 2012, Android has become the focus for the criminal fraternity for a second year in a row. The remaining 1% of threats, in case you wondered, were mainly targeting Java and Symbian-based smartphones.

Across 2012 as a whole, Kaspersky reports, the number of known malicious samples on the Android platform increased "explosively" compared to the previous year. "From just eight new unique malicious programs in January 2011" Kaspersky says "the average monthly discovery rate for new Android malware in 2011 rose to more than 800 samples".

Looking at the statistics more closely, the Android malware threat can be pretty much split into three distinct functional groups: SMS Trojans (premium-rate number scams), Backdoor Trojans (installing a channel to distribute further malware) and Spyware (collecting private data). The most widespread of which are the SMS Trojans, although Kaspersky warns the much less widespread mobile banking Trojans are actually far more dangerous in terms of financial impact to the user.

And the reason that Android finds itself in this position? Well that's simple, and twofold: it's now far and away the most popular smartphone and tablet device platform for one, and it allows software installation from untrusted sources for the second. You could add a third, I …

But you already know if you are online or not, surely?

That said, I'm seeing my purple dot of onlineliness...

I meant 'not amazing' in as much as 'not at all surprising that there are hundreds of thousands of kids under the age of 13 using Facebook' when fooling the membership registration process is so easy. Not that Facebook is alone in this, but Facebook does (by the nature of the beast) attract far more young kids than your average site.

Amazing? No.

Against Facebook membership T&C's? Yep.

Are you? Well, congratulations on that.

Or did you have a question to ask?

???

Want to try actually asking a question?

So go to Microsoft online and buy a copy then. Obviosuly you are not asking us for help in getting a cracked copy, as that would be illegal and against DaniWeb posting rules...

And that's like World of Warcraft how exactly?

This special edition of the Guinness World Records book will appeal to geeks and nerds the world over. Not just because it is packed full of the kind of trivia that we all thrive on in social situations, but also because that trivia is firmly based in the realm of video gaming. Previous editions have been described as being a veritable gaming almanac, and this sixth installment of the series does nothing to degrade that opinion. It's packed with facts, figures, lists, stats and high quality imagery.

It's also more than just a collection of lists though, the 2013 edition has a number of really rather well presented and very in-depth feature spreads covering games such as Call of Duty, Grand Theft Auto and Forza. There are even some more unexpected features like the one that looks at the relationship between the mediums of comic books and gaming, or another that delves into the top 50 videogame villains of all time.

As many of you may have been drawn to this review by the mention of Bowser, Darth Vader and Donkey Kong in the first place, let's start with a quick look at the Top 50 Video game Villains list which was compiled by polling Gamer's Edition readers and resulted in more than 12,000 votes in all. The broadness of gaming genres represented is quite staggering, as are the number of years covered. This is not just a list of the current bad guys and monsters …

Probably also worth pointing out the Terms of Service which state:

Posts contributed to the community immediately become the property of DaniWeb upon submission. Members may edit their posts for a limited time period immediately after, for the purpose of correcting spelling and grammar mistakes and accidental ommissions. After this initial period expires, posts may only be edited or deleted by DaniWeb team members, and only in cases where they do not comply with our forum rules for the purpose of making said content comply with all rules. As a discussion community, posts contributed by many members work together to form coherent discussions. Altering or deleting individual posts may have consequences that unfairly extend to other members of the community. All members are held responsible for their actions. As always, think before you permanently post something on the public Internet.

And? Is there a question just waiting to emerge?

If you mean a cracked copy or otherwise illegal download, then no we will not post links to such sites and asking for the same is a breach of DaniWeb rules.

If you mean a legit copy of Windows 7, and you do not have physical media, then you will need to contact your supplier or Microsoft support for help.

Microsoft has published an advance notification for vulnerabilities that will be patched in the January 2013 'Patch Tuesday' security bulletin due next week. However, anyone hoping for a permanent fix to deal with the Internet Explorer zero-day exploit that surfaced during the seasonal holiday period is going to be disappointed. There is no IE patch in this bunch, and while that might be a bit of a surprise to some given that IE security bulletins have become a very regular experience of late, the truth is that to expect a zero-day fix from Microsoft just a week or so after discovery is optimistic to say the least.

The zero-day vulnerability in question affects users of versions 6, 7, and 8 of Microsoft Internet Explorer and, courtesy of how IE accesses an object in memory that has been deleted or improperly allocated, can enable remote execution of code on target machines if the victim visits a malicious (or maliciously compromised) web site. The exploit is publicly available as a Metasploit module and in the wild. Although there will be no permanent patch from Microsoft next week, the software giant has already provided a one-click 'Fix-It' solution as a temporary measure while a proper patch is being developed. Of course, simply updating to either Internet Explorer 9 or 10 would also do the trick, as neither are listed as being vulnerable.

So what can we expect to see fixed as part of the forthcoming Patch Tuesday collection? Lamar …

A toolbar for what?

It's all now been fixed...

No I haven't, the edit button isn't working (even for us admins) right now...

And, that question is posted in the community feedback forum rather than the pascal forum. Not so surprising it's getting very little love then, is it? PS. I have moved it now...

@ChrisHunter

The lack of team work and the kill steaks is the reason I switched to battlefield

BO2 really does change all that. XP is awarded for doing the game type objectives, not just for kills. You get far more XP if you capture flags, defend flag carriers, kill flag carriers etc in Capture the Flag than you will if you just go on a kill spree. You get far more XP for capturing and defending the hardpoint in hardpoint than just killing at random. Similarly, although you still get XP for kills the scorestreak system now bases when you get your care package or sentry gun etc on team-based, challenge-based points rather than just killstreak totals. It all makes the multiplayer game much more team and objective oriented than before.

You can't force people to be team players, and plenty of noobs still camp and snipe and kill without any thought, but they don't level up quickly and you do so you filter them out of your gameplay quick enough as BO2 is more intelligent about how it puts players together in matches as well - or at least has seems to be.

not a hardcore gamer but you 2nd prestige already

Hehe. 2nd Prestige Level 37 now, and I have got the gold camo for my weapon of choice: MK48 (LMG) as I'm a bit of a spray and pray style player.

This one is for UK-based DaniWeb members, or those of you who are visiting the UK and want to be able to charge your smartphone via a USB mains charger that is neither bulky or heavy. I'm not usually the type of person to get excited by a plug, honestly, but I will make an exception for the Mu.

The designer of the Mu, Min-Kyu Choi, says that he was frustrated by the dimensions of a traditional plug and thought that it was about time to redesign something that dated back to 1947 and hadn't really changed much since. "My idea was very simple – redesign the plug to bring it in line with the clean look and feel of today’s technology; without compromising functionality" Min-Kyu Choi reckons. DaniWeb reckons he was succeeded, with knobs on (although not literally as that would spoil the sleek design of the Mu). And sleek the Mu certainly is; it's a startlingly compact design for both a plug and a USB charger in one. Folding completely flat for storage, to a depth of a smidgeon over half an inch thick.

If you want to be precise, when folded flat the Mu is 14mm x 55mm x 60mm. That's a reduction in size, over a traditional UK-spec plug, of more than 70%. Yet when you come to unfold it and use the thing then the user is not faced with a fiddley, nail-breaking, annoying exercise in temper control. Simply unfold …

I think you surprise me because the amount of tattoos and your personality doesn't really fit your profile. I do feel over the years people don't take you serious of what you do but in the end you manage to win people over.

You are wrong then :) People have taken me seriously enough in both my personal and professional lives, and have done so by and large very quickly indeed - usually within a few minutes of striking up a conversation or listening to a pitch. Most people, I am happy to report, see beyond my tattoos just as most people see beyond skin colour, sexual orientation, gender etc etc.

I think if you have time you can ask someone to drive and you can go to see Maria and ask her to do 1 tattoo once and while. I think knowing someone more 10 years is a long time and it's always good drop by and say hi you might made her day.

I don;t need to get ink to keep in touch with a good friend :)

@diafol

both with Tom Hardy

Brilliant actor, he was really good in Bronson I thought. Should have got an Oscar for that performance.

What he said :)

I think you need to be asking Facebook to solve your problem, not us.

It's like any other post, and cannot be deleted. See the terms of service:

Posts contributed to the community immediately become the property of DaniWeb upon submission. Members may edit their posts for a limited time period immediately after, for the purpose of correcting spelling and grammar mistakes and accidental ommissions. After this initial period expires, posts may only be edited or deleted by DaniWeb team members, and only in cases where they do not comply with our forum rules for the purpose of making said content comply with all rules. As a discussion community, posts contributed by many members work together to form coherent discussions. Altering or deleting individual posts may have consequences that unfairly extend to other members of the community. All members are held responsible for their actions. As always, think before you permanently post something on the public Internet.Quoted Text Here

Continuing our round up of 2013 IT security vendor predictions, we've got the thoughts of three of the big Infosecurity Europe exhibitors: Palo Alto Networks, SafeNet and Kaspersky Lab.

Brian Tokuyoshi from Palo Alto Networks predicts that social media, data decryption and virtualised network security will be high on the agenda in the year to come.

"Increasingly, social media platforms and webmail are becoming de facto communication platforms for personal use, bypassing enterprise security products in the process. Encryption makes more of this traffic invisible to existing security controls. In 2013, enterprises need to find ways to make sure Internet personal use policies do not conflict with the policies (or bypass the technologies) needed to protect the enterprise."

"Enterprises need to start thinking about decryption not just for data loss, but to check for policy violations and malicious content. CISOs will need to work together closely with HR and legal teams to respect personal privacy while maintaining corporate security, and to make sure that the cure isn’t worse than the ailment."

"When one virtual machine talks to another on the same host, the traffic may never cross the network. As a result, virtualisation network traffic may bypass all the physical network security protections in place for intrusion prevention, malware detection and policy enforcement. In 2013, organisations will be looking closely at their virtualisation strategy to see if it is in line with the network security best practices."

Meanwhile, Jason Hart from SafeNet, thinks education and …

I thought a guy did those tattoos on you but a women?

Maria did all my ink over the 10 years up to the middle of 2011, before that it was mainly done by a bunch of various biker gang types.

What happens after we die? ;)

Well, after I died, the medical team brought me back to life. Dunno if that happens every time though :)

I know lots of heavily tattooed girls who do not smoke, just as I know many non-tattooed women (and men for that matter) who are heavily into drink and drugs. Judging a book by the cover is a very dangerous game I would say.

Indeed, I like to think of my ink as being a kind of basic 'idiot-filter' in as far as that anyone who doesn't want to talk to me because they have made an instant judgement call about my personality (usually of the uneducated, illiterate, criminal kind) are exactly the kind of people I have little interest in speaking to. Job's a good 'un...

I guess the drive would be worth it? I mean you get to see your friend and get a good deal on a tattoo...

It would be rather dangerous to drive on the motorway for any distance with, say, a newly tattooed hand or arm.

Quite apart from the fact that I drive as little as possible these days due to health reasons.