The second annual Imperva Hacker Intelligence Initiative report, this one entitled [Monitoring Hacker Forums](http://www.imperva.com/docs/HII_Monitoring_Hacker_Forums_2012.pdf), is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack. ![dweb-hackers](/attachments/small/0/dweb-hackers.jpg "align-right") The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and …

Member Avatar
Member Avatar
+0 forum 2

A Drupal security advisory, [SA-CORE-2014-005](https://www.drupal.org/SA-CORE-2014-005), rather embarrassingly states that: > Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users. I think that's a whoops, with an uppercase W. The highly critical SQL injection vulnerability is to be found in versions of Drupal …

Member Avatar
+2 forum 0

Last week, the NoSQL database host MongoHQ suffered a breach which exposed customer files, email addresses and password data to the attackers. The ripples from that breach are still being felt, as users of the Sunrise calendar app on the iPhone found out this morning. Luckily that password data was not only encrypted, but hashed using bcrypt. As security expert [Paul Ducklin](http://nakedsecurity.sophos.com/2013/10/31/lessons-to-learn-from-the-mongohq-database-breach/) from Sophos explains: "bcrypt is a so-called keystretching function that ramps up the time it takes for a supplied password to be checked against its stored hash, by requiring various parts of the hash calculation to be repeated …

Member Avatar
Member Avatar
+0 forum 1

According to the fourth annual [Web Application Attack Report](http://www.imperva.com/download.asp?id=419) from Imperva retailers suffer from twice as many SQL injection attacks when compared to other industry sectors. What's more, the United States remains the number one source of all web attacks. Other key findings of the report include the startling revelation that one website was observed to be under attack for 98% of the time, or 176 out of 180 days if you want to be precise. One web application was seen to receive a mind-boggling 94,057 SQL injection requests in a single day which, if you do the math, works …

Member Avatar
Member Avatar
+3 forum 1

First we had the news that [URL="http://www.daniweb.com/news/story276878.html"]IBM was helping clean up crime[/URL] in the US and UK, now it seems that Sweden is getting a touch of the Big Blue Brother effect. The city of Stockholm is launching a project using IBM's streaming analytics technology in order to gather real-time information on, well, pretty much everything that moves. Working in collaboration with the [URL="http://www.kth.se/?l=en_UK"]KTH Royal Institute of Technology[/URL] the project is already gathering real-time data from the GPS devices installed in some 1500 taxi cabs and will soon add delivery trucks, traffic cameras, traffic light sensors, rail systems and weather …

Member Avatar
Member Avatar
+0 forum 1

Many of the biggest forum-based online communities, including DaniWeb, are powered by vBulletin software. So it came as something of a shock when the BBC reported that a [URL="http://www.bbc.co.uk/news/technology-10714192"]vBulletin security flaw means that any hacker could "easily access the main administrator username and password for a site"[/URL]. But is the security flaw really both that simple and that serious, and are DaniWeb users at risk? [attach]16094[/attach]Let's answer the most important question first: No, DaniWeb users are not and have never been at risk from this security flaw as it only impacted upon a specific new version of vBulletin that was …

Member Avatar
Member Avatar
+1 forum 1

Despite having recently been [URL="http://www.daniweb.com/news/story273853.html"]cast as the villain of the piece[/URL] by some high profile members of the Free and Open Source Software community, IBM has just revealed itself as actually being something of a crime-fighting superhero. The Florida State Department of Juvenile Justice is following in the footsteps of the Ministry of Justice, one of the largest UK government departments with in excess of 95,000 employees and a budget of some £9 billion, by employing IBM predictive analytics tech to assess prisoner re-offending risk and ultimately protect the public at large from the dangers that repeat offenders pose. With …

Member Avatar
+0 forum 0

Over the weekend, software development and collaboration tools specialist Atlassian suffered a security breach to an internal system, potentially exposing customer passwords. The reason? It forgot about an old legacy database which had not been taken offline. According to Atlassian spokesperson [URL="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html"]Mike Cannon-Brookes[/URL] the company had migrated its customer database into a new one, where all customer password were encrypted, during July 2008. "However, the old database table was not taken offline or deleted" Cannon-Brookes says "and it is this database table that we believe could have been exposed during the breach". He agrees that this was "a big error" …

Member Avatar
+1 forum 0

Less than a year after launching its high performance computing strategy, Microsoft finds its [URL= http://www.microsoft.com/hpc/] HPC Server 2008[/URL] near the top of the heap. The Windows Server 2008 derivative placed 23rd on a list of the 500 top-performing supercomputers in the world, as measured by the [URL= http://www.ncsa.uiuc.edu/] National Center for Supercomputing Applications (NCSA)[/URL]. And it’s which is still in beta; general availability is set for the end of this month. Running on a Dell PowerEdge Cluster equipped with 9,474 processor cores and 9600 GB of memory, HPC Server 2008 performed 68.5 trillion floating point operations (teraflops) per second, …

Member Avatar
Member Avatar
+0 forum 1

In an [URL="http://www.guardian.co.uk/technology/2010/jan/24/computer-security-crime-anonymous-datasets"]interview[/URL] with The Observer newspaper, Dr Ian Brown from the Oxford Internet Institute who is writing a report on anonymous datasets for the European Commission warns that "criminals could identify individuals through mobile phone data and use the information to track people's movements and find out when they are away from home". His concerns have been peaked, it would seem, by the problem of statistical de-anonymisation. Statistical what? Well, there have been great advances (although that's not perhaps the right word) in the last couple of years when it comes to the re-identification of individuals whose anonymity is …

Member Avatar
Member Avatar
+2 forum 1

File under FAIL: social network widget maker RockYou has fallen victim to a SQL injection flaw and as a result some 32.6 million users are being urged to change their passwords as a matter of urgency. Security specialists Imperva discovered the problem at social networking development site Rockyou.com and issued a warning to users of its applications earlier this week. "Rockyou.com is not just any software site. Since its creation in 2006, it's become the hub for many social networking sites such as Bebo, Facebook and Myspace, to mention but a few" said Amichai Shulman, Imperva CTO. Shulman claimed that …

Member Avatar
Member Avatar
+1 forum 2

At the risk of coming off like TV's "[url=http://www.amctv.com/originals/madmen/]Mad Men[/url]," Amazon Web Services really are New and Improved. The company today announced the addition of [url=http://aws.amazon.com/rds/]Amazon Relational Database Service[/url], giving users of Amazon's Elastic Compute Cloud (EC2) access to a virtual instance of MySQL. That's the New part. Improvements include a family of high-memory instances and a price reduction of Linux-based EC2 compute time to 8.5 cents per hour from 10 cents. The 15 percent price drop takes effect Nov. 1. "Many customers have told us that their applications require a relational database," said Adam Selipsky, vice president of [url=http://aws.amazon.com/what-is-aws/]Amazon …

Member Avatar
+1 forum 0

This post has nothing to do with Michael Jackson, his death, his kids, his Neverland Ranch or anything related to him. It has everything to do with my need for a virtual laboratory where I can test virtual machines, write about them or produce other documentation about them without a significant financial outlay of my own. I call this virtual playground, Neverland, because currently it is a fantasy of mine and the way many see it--it's likely to remain so. Last week, I posted "[URL="http://www.linux-mag.com/id/7397"]My Midsummer Night's Dream of A Virtual Lab[/URL]" on my Virtualization column at [URL="http://www.linux-mag.com"]Linux Magazine[/URL] to …

Member Avatar
Member Avatar
+0 forum 4

Busy this weekend? President Barack Obama and his IT staff are [URL="http://www.whitehouse.gov/blog/09/05/21/Opening/"]asking for ideas[/URL] through June 3 to help make government more open. The call for ideas first went out on May 21. So far, there's [URL="http://opengov.ideascale.com/"]1171[/URL]. People can vote thumbs up or thumbs down on the ideas. "Then on June 3rd, the most compelling ideas from the brainstorming will be fleshed out on a weblog in a discussion phase," said Vivek Kundra, Chief Information Officer, and Beth Noveck, Deputy Chief Technology Officer for Open Government, on the White House blog. "On June 15th, we will invite you to use …

Member Avatar
Member Avatar
+0 forum 1

[URL="http://blogs.zdnet.com/perlow"]Jason Perlow[/URL] and I had the pleasure of interviewing [URL="http://www.kickfire.com"]Kickfire[/URL] CEO Bruce Armstrong for the May 22nd episode of [URL="http://www.blogtalkradio.com/frugalfriday"]Frugal Friday[/URL] to discuss the Kickfire appliance. The Kickfire appliance is a Linux-based, rack-mountable, database appliance tuned for Data Warehousing. Here's the real scoop: Starting at a mere $32,000 US, you get the horsepower performance of a system (actually a set of systems) costing in the $400,000 range. And it consumes very little power while saving you a bundle of cash while performing like big iron. How do they do it? Linux, [URL="http://www.mysql.com"]MySQL[/URL] Enterprise DB and a SQL chip. Read all …

Member Avatar
+0 forum 0

Well, well, well...Larry Ellison, [URL="http://www.oracle.com"]Oracle[/URL] CEO [URL="http://www.oracle.com/us/corporate/press/018535"]added[/URL] [URL="http://www.virtualiron.com"]Virtual Iron[/URL] to his collection today. Congratulations, Larry. When is Oracle going bankrupt? Every time that I've seen a company acquire too many other companies in a short time period, they always end up in the dustbin. Oracle just acquired [URL="http://www.sun.com"]Sun[/URL] just one short month ago. I'm not sure what Larry's thinking on this one--Virtual Iron is [URL="http://www.xen.org"]Xen[/URL] which is an open source, Linux-based virtualization product that Oracle could have produced themselves. I'm also not sure exactly what they're buying--Virtual Iron's vast client base? That's a laugh. Virtual Iron sparks such little interest …

Member Avatar
Member Avatar
+0 forum 1

Alfresco released [URL="http://wiki.alfresco.com/wiki/Alfresco_Labs_3"]Alfresco Labs (Beta) 3[/URL] today and with it announced a new capability that enables businesses to leverage Microsoft Sharepoint functionality without buying additional Sharepoint licenses. Sound too good to be true? It’s not, and what has allowed Alfresco to do this is the 2004 EU Commission order for Microsoft to publish the Sharepoint protocol. Apparently, Alfresco is the first ECM vendor to take advantage of the Sharepoint protocol availability. I spoke to Alfresco CEO John Powell about the significance of this announcement. “I think is really a game changing announcement,” Powell says. “The core of Microsoft growth is …

Member Avatar
Member Avatar
+0 forum 1

Will the tech sector lead an economic turnaround? Forbes.com thinks so. This week, Peter C. Beller writes that Monday’s IBM revenues numbers and the fallout from the proposed Oracle and Sun Microsystems could lay the groundwork for an economic rebound. I’ll get to the IBM numbers in a moment, but Beller thinks that, even though IBM’s numbers clocked in lower than analysts had expected, they show enough to indicate that technology spending may just soon be on the upswing. “Those sentiments support claims from other tech companies that a turnaround, for technology spending at least, could be on the way,” …

Member Avatar
+0 forum 0

It's probably a little early to be looking for implications of Oracle buying Sun (no, it's official, here's the [URL="http://www.oracle.com/us/corporate/press/018363"]press release[/URL]). They've only just confirmed it's happening, and as one of the journalists who covered Novell buying Lotus many years ago I can confirm things aren't done until they're done, frankly. A few things spring to mind, though. First there will be much talk of useful synergies between the two. Second, there will be a strong company coming out of this. That aside, however, there will be more. First it's almost certainly going to be seen as a blow to …

Member Avatar
+0 forum 0

Just as the excitement started to hot up, first with the news that the controversial and increasingly popular legal free streaming music service Spotify was to open up with the release of a third party developer API, and then with the actual announcement of the availability of [URL="http://developer.spotify.com/en/libspotify/overview/"]Libspotify[/URL] itself, so the reality of the situation pours cold water upon it. What the heck am I talking about? Well, Spotify is perfectly poised to cash in on the [URL="http://www.daniweb.com/blogs/entry4215.html"]potential gap[/URL] that might open up in the online music market as first Apple, and now Amazon, introduce 'variable rate' pricing for downloads. …

Member Avatar
+0 forum 0

Seems every time I write a piece suggesting open source as an option, I get a couple of comments warning readers about the scary complexities of open source licenses. So I decided to ask a guy who knows free and open source (FOSS) exactly what the deal was regarding FOSS licensing and whether they were really any more or less complex than their commercial counterparts. [URL="http://twitter.com/jzb"]Joe 'Zonker' Brockmeier[/URL], who is Community Manager for [URL="http://en.opensuse.org/OpenSUSE_11.1"]openSUSE[/URL] and has been working with FOSS in one way or another since 1996, says the bottom line is that you should always check the license language …

Member Avatar
Member Avatar
+0 forum 1

With the [URL="http://www.daniweb.com/blogs/entry3625.html"]success[/URL] of the iPhone App Store and Microsoft wanting a [URL="http://www.itwire.com/content/view/20349/53/"]piece of the action[/URL] it was only a matter of time before RIM got into the [URL="http://www.itwire.com/content/view/21310/53/"]online application storefront[/URL] game. With the BlackBerry App World online store launching later this month, [URL="http://na.blackberry.com/eng/developers/application_storefront"]submissions are now being accepted[/URL] from developers who want to get their applications in at the get go. With a potential audience of some 21 million BlackBerry users it could prove to be a very profitable outlet for those software developers looking elsewhere than the already crowded and [URL="http://www.itwire.com/content/view/23321/1231/"]somewhat restrictive[/URL] iPhone App Store. But just how difficult …

Member Avatar
+0 forum 0

It’s another tough morning for tech stocks, with Apple, HP, Oracle, Motorola, Google, and Dell all seeing their stocks fall 2% or more. The falloff is primarily from the news that consumer/retail spending fell 2.7% in December – twice the amount that economists had expected. At least the companies I mentioned above don’t have the problems that Nortel Networks has. Nortel, the largest manufacturer of telephone equipment in North America, filed for bankruptcy this morning, sending its own shares plummeting 75% to 07.5 cents in early morning trading. Word on the street was that Nortel might have trouble making an …

Member Avatar
+0 forum 0

Oracle, Research and Motion and Palm are all releasing earnings statements today, and that should pick up momentum in what has been a fairly dormant technology trading week. The web site Tradingmarkts.com thinks the earnings news means opportunity in two technology-heavy exchange-traded funds (ETFs); Technology Select Sector (SPDR ETF XLK); and the ProShares Ultra Technology ETF, ROM. Both ETF’s have more tech company assets than most tech indexes, and has a two-to-one weighting over the Dow Jones U.S. Technology Index. Could be a quick score, there. Elsewhere, trading is light as the Christmas-New Years season looms and traders and investors …

Member Avatar
+0 forum 0

Is the time that it takes to boot up and power down a computer at the beginning and the end of the day work? [URL="http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202426038668"]A number of lawyers[/URL] are trying to settle that question. On the one hand, users start rebooting the computer and then spend up to 15-20 minutes chatting, getting coffee, and so on during the process, which adds up to a lot of unproductive time for the employer, contends one side. On the other hand, the bootup process -- which may be required due to security or power concerns, and can include a variety of programs required …

Member Avatar
Member Avatar
+0 forum 3

Trying, ever so hard, to find some good news amidst the doom and gloom on Wall Street. At least the market went up for a second straight session, with the DJIA up 400 points on Monday trading; that after rising 500 points last Friday. Investors seemed cautiously optimistic about the Federal Reserve/U.S. Government's plan to bail out Citicorp to the tune of $300 million. And one trader, perhaps suffering from a nasty case of irrational exuberance, thought that the stock market had finally found its bottom. I won't go that far, but two straight days of triple-digit gains on Wall …

Member Avatar
+0 forum 0

A few years ago, small businesses just needed a telephone line and maybe a single computer with a dial-up connection to set up shop. Now that technology has exploded, nearly every company needs a reliable phone system, a Web site, and maybe even a whole network of computers to stay competitive. All that tech comes with the need for reliable people to manage it. If you're in the market for tech workers, or already employ a team to handle your infrastructure, make sure you avoid these four things that are guaranteed to insult even the most laid-back IT worker. [B]Get …

Member Avatar
Member Avatar
+0 forum 2

In a report on enterprise open source usage released this week, Gartner research director Laurie Wurster stated in rather strong language that companies could face a big intellectual property issue because they are using the software without understanding the IP implications of the licensing language. But is she exaggerating the danger and is there less complexity with open source licenses than with proprietary ones? [B]What's The Matter Here?[/B] According the [URL="http://www.gartner.com/it/page.jsp?id=801412"]Gartner press release[/URL] announcing the survey results, Gartner found that 69 percent of companies surveyed still have no formal policy for evaluating and cataloguing open source software usage in their …

Member Avatar
Member Avatar
+0 forum 2

If you've been clinging to the interoffice email and calendaring capabilities of Microsoft Exchange as your company's last vestige of proprietary software, it's really time to consider giving up the ghost. Open source collaboration software vendor [URL="http://www.open-xchange.com/"]Open-Xchange, Inc.[/URL] announced recently it now offers its flagship product, Open-Xchange, as an [URL="http://www.open-xchange.com/en/products/open-xchange-appliance-edition-en"]appliance edition[/URL] in addition to its server and hosting versions. Like Microsoft Exchange, it's got email, calendaring, document sharing, contact management, and a backup and recovery system. Unlike Exchange, however, it doesn't come with a hefty price tag. Most deployments cost in the area of only $70 per user, per year. …

Member Avatar
+0 forum 0

There's plenty of speculation that the current state of the economy will [URL="http://ostatic.com/158388-blog/recession-a-boon-for-open-sourcess"]greatly benefit open source technology[/URL], and you know an idea is taking root when mainstream IT conferences include presentations about implementing FOSS solutions in enterprise. Desmond Atkinson, with UK-based capacity planning firm [URL="http://www.metron.co.uk/"]Metron Technology Limited[/URL], plans to lead a session about open source virtualization at a [URL="http://www.cmg.org/PRNewswire20-Conference"]conference[/URL] next month sponsored by the [URL="http://www.cmg.org/"]Computer Measurement Group[/URL] (CMG). I caught up with Atkinson recently to get his thoughts onwhat CTOs need to know about green IT, where it's headed, and why the term is actually a misnomer. [B]LH:[/B] [I]Everywhere you …

Member Avatar
+0 forum 0

The End.