MY PROFILE | PRIVACY 
Vol. 16, #24 - June 20, 2011 - Issue #833

New Job Opportunities in Cybersecurity

  1. Editor's Corner    
    • New Job Opportunities in Cybersecurity
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars & Seminars
    • VIPREcast: The Dangers of Social Media at Work - 6/21
    • Malware Unmasked Webinar, July 20   
    • BriForum 2011: Register today - 7/19-21
    • Free Desktop Virtualization Seminar
    • Directions on Microsoft - Office 365 Preview TeleBriefing - 6/23
  4. Tech Briefing
    • Adobe Pushes Reader Silent Updates
    • Nissan LEAF Tells Any RSS Feed Provider Where You Are
    • Microsoft Patches Critical IE9, Windows Bugs
    • Microsoft Survey Reveals Extent of Emerging Internet Phone Scam
    • Security Solutions: Is HTML5 a Security Risk?
  5. Windows Server News
    • VMware View 5
    • Answers For The Private Cloud Curious
    • Private Cloud Strategy: A Four-Step Plan For Success
    • Virtual Disaster Recovery On A Budget
  6. Third Party News
    • Android Is A Malware Cesspool -- And Users Don't Care
    • The GFI® Software 2011 Parent-Teen Internet Safety Report
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Free SAN Monitor Allows you to Monitor Dell®, IBM®,
      & Sun® StorageTek? Storage Arrays

Free SAN Monitor Allows you to Monitor Dell®, IBM®, & Sun® StorageTek? Storage Arrays

SolarWinds free SAN Monitor tool gives you a-glance insight into storage performance & capacity with a slick desktop dashboard that lets you view top LUNs by size, busiest LUNS, & most under-utilized LUNs. You can also drill down into LUN inventory details including: LUN size, physical disks, RAID type, total IOPs, IO response time and more. Download and try it out for yourself. It?s free.
Download Now.

Editor's Corner

New Job Opportunities in Cybersecurity

I assume you all know the SANS institute. If you don't you should. They do excellent work. SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center. More at SANS here, but keep on reading first. http://www.wservernews.com/go/1308389305750

Alan Paller is director of research at the SANS Institute. He just wrote an editorial in the SANS Newsbites that I thought was so good and timely that I am repeating it here, with the encouragement you check out their website and take some SANS courses:

"Have you noticed that cybersecurity is getting far more press coverage than ever before? From FOX News to public television, cybersecurity is THE hot topic. A Bloomberg TV reporter told me that cybersecurity outranked the presidential race yesterday. This surge in visibility is catalyzing two huge opportunities for people interested in cool jobs in cybersecurity.

"The first is the shift from compliance-based security to continuous monitoring and daily prioritization of mitigation tasks. That change has gotten strong White House support. Just last week the federal agency cybersecurity (FISMA) reporting requirements were substantively changed to emphasize continuous monitoring and alleviate the need for a lot of compliance reports. Today people who know how to implement continuous monitoring of Twenty Critical Controls are in increasingly high demand among government agencies and contractors and among commercial organization that are also shifting to continuous monitoring.

"The second major opportunity is bigger, but is just emerging. It is a direct response to the question now coming from senior executives and CIOs: "Do we know whether every system and application we deploy has security baked in?" The people who can answer that question with authority will be the new heroes in cybersecurity. They have many names: security architect, security engineer, security consultant, and several more but their skills are those that can on a large scale, make sure that every application has security built in.

Three of the companies that have done the best job in transforming their security programs to be able to ensure security is architected in are helping with a workshop in August to share best practices. If you want to be the leader in this area for your company or agency, you should consider attending the program. My favorite part is the way Cisco in particular is creating pretty good security architects out of IT architects - very impressive." http://www.wservernews.com/go/1308389321796

Quotes of the Week

"A positive attitude causes a chain reaction of positive thoughts, events and outcomes. It is a catalyst and it sparks extraordinary results." - Wade Boggs

"As long as you're going to be thinking anyway, think big." -- Donald Trump

"Do not wait to strike till the iron is hot; but make it hot by striking." -- William Butler Yeats

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Simplify your life with mPowerTools - 100+ Reports - tackle AD chores in bulk - a search & replace tool - you'll never script again AND NO third party databases!:
http://www.wservernews.com/go/1308559014821

Subscribe to the latest hot e-zine: CyberheistNews: 'Arming you with the facts'. Gets you ammo twice a month to defend your network against cybercrime:
http://www.wservernews.com/go/1308312039953

Frustrated with gullible end-users causing malware infections? Find out who the culprits are in 10 minutes. Do the Free Phishing Security Test on your users!:
http://www.wservernews.com/go/1308312051406

Webinars & Seminars

VIPREcast: The Dangers of Social Media at Work - 6/21

If you're like other organizations, the use of social media at your company is rampant - with employees visiting sites for legitimate business purposes or simply for fun. With new Facebook, Twitter, and LinkedIn scams popping up daily, how do you strike a balance between enabling use while keeping users safe?

In this VIPREcast, gain insight into the risks posed by Facebook, Twitter, LinkedIn, blogging platforms, and other social media outlets, such as:

  • Lure campaigns: From clickjacking to survey scams, what your users may be seeing online.
  • Alternative attacks: Recent scams on services such as Tumblr that rapidly expose the network and negatively impact acceptable use policy content.
  • Business-centric exploits: Malware techniques that capitalize on IT missteps and how to prevent them.

Join us for an important VIPREcast that will look at recent exploits we've seen, the most common techniques being used, and best practices for successful social media policies:

11:00am ET / 10:00am CT / 8:00am PT / 15:00 GMT

Date: Tue, Jun 21, 2011
Location: This is an Internet based event.

Register/More Info: http://www.wservernews.com/go/1308389532171

Malware Unmasked Webinar, July 20

Targeted attacks are moving away from purpose-built platforms (Zeus, SpyEye, Bugat) to general tools (Sunspot) that can be tailored to target specific industries or organizations. Learn how to detect these threats and why they could be a significant concern to your organization. Sign up for the July 20 webinar at:

BriForum 2011: Register today  - 7/19-21

The most advanced, technical, hands-on desktop virtualization event is returning to Chicago this July 19-21. Independent industry experts, led by Brian Madden, share the latest tips and strategies around desktop virtualization, VDI, application virtualization, and Remote Desktop Services. In addition, technical staff from the top solution providers in the space will be in attendance so you can ask all your questions and try out these technologies. Don?t miss out on this unique opportunity to interact with hundreds of your peers from across the globe as well to share best practices and lessons learned.

Register today and save! http://www.wservernews.com/go/1308312303609

Free Desktop Virtualization Seminar

Coming to Atlanta, Detroit, and St Louis this June, and 12 other cities throughout the remainder of the year, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.

Register today! http://www.wservernews.com/go/1308312328546

Directions on Microsoft - Office 365 Preview TeleBriefing

Topic: Office 365 Preview
Analyst: Wes Miller, Research VP, Server Applications
Date: Thursday, June 23, 2011
Time: 10:00 a.m. PDT / 1:00 p.m. EDT / 18:00 UTC

When Office 365 is released on June 28th, it will combine cloud services including Exchange Online, SharePoint Online and Lync Online subscription licenses with licenses to Office 2010 desktop software and the Office Web Apps. Like the Business Productivity Online Suite (BPOS) that it replaces, Office 365 promises Microsoft collaboration software with a single, predictable, per-user bill and less management and maintenance that the software would require on-premises. However, Office 365 requires organizations to trust Microsoft and their ISPs with critical IT infrastructure and information, and it does not deliver the same features as the software would on-premises.

This TeleBriefing provides an overview of Office 365 features and limitations, and highlights migration and management considerations for customers. Register for this TeleBriefing by clicking the link below: http://www.wservernews.com/go/1308389740281

Tech Briefing

Microsoft Patches Critical IE9, Windows Bugs

It's baaack! Patch Tuesday arrived this week, and everyone had something to say about it. This time around, Computerworld had the best write-up, and a link to the important bulletins, so here goes, with a link to the article: "Microsoft today patched 34 vulnerabilities in Windows, Internet Explorer (IE), Office and other software, 15 of them labeled "critical" by the company. The large number of updates -- as well as the fact that Microsoft issued them two hours later than usual -- will put pressure on enterprise administrators, one expert said. "No doubt IT administrators will have to pick and choose where to act first," said Wolfgang Kandek, chief technology officer for Qualys.

Administrators are advised to patch MS11-038, MS11-039, MS11-040, MS11-042, MS11-043, MS11-045, MS11-046, MS11-050, and MS11-052 immediately to prevent exploitation by attackers. Next, administrators should patch MS11-041, MS11-044, and MS11-048 as soon as possible. Lastly, admins should patch MS11-037, MS11-047, MS11-049, and MS11-051 at their earliest convenience. MORE: http://www.wservernews.com/go/1308389859843

Adobe Pushes Reader Silent Updates

Erm, Adobe, are you listening? It would be nice if you would give system admins a way control this as well, thank you very much. Silent updates can break things in existing environments and it's hell to find out what changed.

"Adobe has switched on silent updating for its popular Reader PDF viewer, the company announced Tuesday. "[We're] turning the automatic update option on by default for all Adobe Reader users on Windows," said Brad Arkin, senior director of product security and privacy at Adobe, in a post to a company blog yesterday. The next time an update is detected by Reader, Adobe will present a dialog box asking users to allow silent updating. In the dialog, the box "Install updates automatically" will be checked by default." more at ComputerWorld: http://www.wservernews.com/go/1308389927265

Nissan LEAF Tells Any RSS Feed Provider Where You Are

Nissan LEAF CARWINGS tells any RSS feed provider your current position, speed, direction, destination, etc. And you cannot stop it from doing so.

Casey Halverson discovered this and said on his blog: "The Nissan LEAF all-electric car is full of technological firsts. One of which is a GSM cellular connection to the Internet for providing voluntary telemetry information to Nissan, new charging stations, competitive driver rankings, and even RSS feeds. This is called Nissan CARWINGS.

"However, before you start plugging in your favorite RSS feed sources, there is something you need to be aware of.

"After creating some of my own third party RSS feeds, I noticed something very peculiar in the HTTP GET in my Apache logs (note that I blanked out the exact position of the car in my drive way with x and y)." MORE: http://www.wservernews.com/go/1308390094937

Microsoft Survey Reveals Extent of Emerging Internet Phone Scam

Warn your users. They might get scammed this way too. Redmond released survey results showing an emerging form of Internet scam that targets English-language markets and costs victims on average $875 (U.S.).

The scam works by criminals posing as computer security engineers and calling people at home to tell them they are at risk of a computer security threat. The scammers tell their victims they are providing free security checks and add authenticity by claiming to represent legitimate companies and using telephone directories to refer to their victims by name.

Once they have tricked their victims into believing they have a problem and that the caller can help, the scammers are believed to run through a range of deception techniques designed to steal money. More: http://www.wservernews.com/go/1308390180187

Security Solutions: Is HTML5 a Security Risk?

by Richard Campbell: "It has been a long time coming, but HTML5 is all but upon us now. And the new HTML5 browsers promise a more sophisticated, richer browsing experience without resorting to plug-ins. But what does HTML5 do to the security of the browser? Is HTML5 a security risk? For the most part, the answer is "no more than any other browser," but there are some interesting exceptions that largely rely on web developers to do the right things. Read More: http://www.wservernews.com/go/1308390241281

Windows Server News

VMware View 5

VMware View 5, the next version of VMware?s desktop virtualization platform, is expected to come out by VMworld 2011. Find out what features your peers are putting at the top of their VMware View 5 wish lists in this exclusive podcast: http://www.wservernews.com/go/1308390308171

Answers For The Private Cloud Curious

What is private cloud? Who uses it? What will I get in return? If you are starting to plan for a private cloud, it?s important to ask these fundamental questions. Access this featured article for answers to your biggest private cloud inquiries: http://www.wservernews.com/go/1308390354906

Private Cloud Strategy: A Four-Step Plan For Success

To get the benefits of cloud computing, you need a solid cloud strategy. Prepping for private cloud computing begins with the assets you already have. Access this four-step plan for private cloud success and reap the full benefits this technology has to offer: http://www.wservernews.com/go/1308390400656

Virtual Disaster Recovery On A Budget

Providing the most efficient and cost-effective disaster recovery (DR) system is essential to any organization. But as IT pros know, finding the most affordable technique to provide this is not always easy. In this popular webcast, discover key DR strategies that you can implement on a tight budget: http://www.wservernews.com/go/1308390449515

Third Party News

Android Is A Malware Cesspool -- And Users Don't Care

Galen Gruman at InfoWorld wrote: "Google's security precautions are insufficient, but it's time to hold users accountable as well. Android smartphones are expected to reach about half the market by year's end, surpassing iOS as the market leader in such devices. Android smartphones (and tablets) are also among the least secure ones available, thanks mainly to the Android Market being full of Trojan horses and other malware masquerading as legitimate apps. Just this week, Google was revealed to have removed another dozen or so of such malware apps, months after they entered the uncurated Android Market. You will see mobile security apps soon, VIPRE being one of them: http://www.wservernews.com/go/1308390536671

The GFI® Software 2011 Parent-Teen Internet Safety Report

Compromised desktops have become hackers? preferred entry point into corporate networks. As more workers adopt mobile technologies and bring their work home with them, home computing practices have become a serious source of risk not only to consumers, but also to enterprises. A corporate laptop that becomes infected by a virus, worm or other "malware" in an employee?s home can drive a gaping hole in security defenses when it is connected to the corporate network.

To gain a better understanding of home computing practices, GFI® Software commissioned a scientific study of home Internet use by parents and their teenage children. This population represents a particularly interesting "risk pool" not only due to their usage patterns in the home, but also due to the theory that "tech savvy" teens, who have spent their entire cognizant lives in the Internet age, may prove to be a harder human target for social engineering attacks than their elders: http://www.wservernews.com/go/1308390605859

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

WServerNews - Product of the Week

Free SAN Monitor Allows you to Monitor Dell®, IBM®, & Sun® StorageTek? Storage Arrays

SolarWinds free SAN Monitor tool gives you a-glance insight into storage performance & capacity with a slick desktop dashboard that lets you view top LUNs by size, busiest LUNS, & most under-utilized LUNs. You can also drill down into LUN inventory details including: LUN size, physical disks, RAID type, total IOPs, IO response time and more. Download and try it out for yourself. It?s free.
Download Now.