Go Back   Hardware Canucks > NEWS & REVIEWS > Press Releases & Tech News

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old April 7, 2010, 09:14 AM
Top Prospect
 
Join Date: Jan 2009
Location: Kitchener
Posts: 107
Default IT 360 LIVE REPORT: 7 April 2010

Keynote speech was very good.

Gary Warner from the University of Alabama discussed modern threats, with a focus on phishing and financial institutions.

It was enlightening to see statistics on the number of modern anti-virus products that do not (and can not) detect malware which is broadcast with a link using a unique signature generator. Malware such as that which is involved in the Zeus command and control center may be detected simply as a "potential threat" or "unknown connection".

He mentioned the laboratory he operates in Alabama gathers 1.5 million pieces of e-mail each day; most of which is spam. They analyze the e-mail headers for patterns, in order to trace them back to originating IP addresses. Quite frequently the daily reports link back to only three or four originating servers, where the kit was repacked and distributed on other sites.

A specific example of a phishing scam on a US bank was discussed. The institution allowed its users to upload a picture to be printed on their customized credit cards (CapitalOne maybe? No names were given). One of Warren's colleagues was able to upload a PHP file renamed as a JPG, thus executing code that dumped a list of credit card numbers back to the page. Such is an example of a lack of data type validation. Their fix was to print each picture and rescan it manually, in order to eliminate the threat. Clunky, but it works.

More to come later...
Reply With Quote
  #2 (permalink)  
Old April 7, 2010, 10:36 AM
Top Prospect
 
Join Date: Jan 2009
Location: Kitchener
Posts: 107
Default

Sat in on a workshop providing the business case for virtualization. It was put on by Alliance Technologies and didn't provide too much technical information. The presentation was created for an audience of operational managers or analysts who need to pay attention to the costs of hardware.

While the speaker focused on vmware, experience has told me that the ROI analysis is very similar across the board. I would encourage any professionals interested in virtualization to compare vmware, xen, and hyper-v for licensing costs. Alliance Technologies mentioned that vmware has a very robust free version that companies can use for free, but I am not familiar with it.

One advantage of virtualization that I had not considered before was the ability to archive older machines and leave them in an off state within the pool. This would be particularly useful for software companies who are used to developing for a specific environment. As the hardware environment changes and the product matures, archiving the older development machines would be extremely useful to maintain compatibility.

The speaker was technically versed as well, but time constraints restricted us from diving into the minimum (cheap) hardware vmware can run on. Will we see virtualization at home? I would definitely take advantage of snapshot backups before performing a Windows Update if it was affordable...
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Project X: Uprising! (April 16-18, 2010) Calgary, Alberta Project X Canadian LAN Parties & Events 30 April 2, 2010 07:22 PM
April's Fools discoveries! TimTheEnchanter Off Topic 23 April 2, 2010 12:59 PM
NVIDIA GT300 "Fermi" Delayed Till April 2010 geokilla Press Releases & Tech News 57 November 12, 2009 10:54 AM
April fools pages! CMetaphor Off Topic 16 April 2, 2009 03:53 PM