IT 360 LIVE REPORT: 7 April 2010

[attonbitusira]

Keynote speech was very good.

Gary Warner from the University of Alabama discussed modern threats, with a focus on phishing and financial institutions.

It was enlightening to see statistics on the number of modern anti-virus products that do not (and can not) detect malware which is broadcast with a link using a unique signature generator. Malware such as that which is involved in the Zeus command and control center may be detected simply as a "potential threat" or "unknown connection".

He mentioned the laboratory he operates in Alabama gathers 1.5 million pieces of e-mail each day; most of which is spam. They analyze the e-mail headers for patterns, in order to trace them back to originating IP addresses. Quite frequently the daily reports link back to only three or four originating servers, where the kit was repacked and distributed on other sites.

A specific example of a phishing scam on a US bank was discussed. The institution allowed its users to upload a picture to be printed on their customized credit cards (CapitalOne maybe? No names were given). One of Warren's colleagues was able to upload a PHP file renamed as a JPG, thus executing code that dumped a list of credit card numbers back to the page. Such is an example of a lack of data type validation. Their fix was to print each picture and rescan it manually, in order to eliminate the threat. Clunky, but it works.

More to come later...

[attonbitusira]

Sat in on a workshop providing the business case for virtualization. It was put on by Alliance Technologies and didn't provide too much technical information. The presentation was created for an audience of operational managers or analysts who need to pay attention to the costs of hardware.

While the speaker focused on vmware, experience has told me that the ROI analysis is very similar across the board. I would encourage any professionals interested in virtualization to compare vmware, xen, and hyper-v for licensing costs. Alliance Technologies mentioned that vmware has a very robust free version that companies can use for free, but I am not familiar with it.

One advantage of virtualization that I had not considered before was the ability to archive older machines and leave them in an off state within the pool. This would be particularly useful for software companies who are used to developing for a specific environment. As the hardware environment changes and the product matures, archiving the older development machines would be extremely useful to maintain compatibility.

The speaker was technically versed as well, but time constraints restricted us from diving into the minimum (cheap) hardware vmware can run on. Will we see virtualization at home? I would definitely take advantage of snapshot backups before performing a Windows Update if it was affordable...