Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - And the Top Source of Critical Security Threats is...PowerShell (esecurityplanet.com)

storagedude writes: That's right, Microsoft's CLI management tool was the source of more than a third of critical security threats detected by Cisco in the second half of 2020, according to eSecurity Planet.

Dual-use tool exploitation was the top threat category noted by Cisco, followed by ransomware, fileless malware, and credential dumping, with PowerShell a primary vector in those last two categories also.

“Based on Cisco’s research, PowerShell is the source of more than a third of critical threats,” noted Gedeon Hombrebueno, Endpoint Security Product Manager for Cisco Secure.

Cisco recommends a number of protection steps that are, of course, made easier with Cisco Secure Endpoint, and other EDR tools are effective against PowerShell exploits also.

But there are a number of steps admins can (and should) take that are completely free, like preventing or restricting PowerShell execution in non-admin accounts, allowing execution of signed scripts only, and using Constrained Language mode.

Submission + - MITRE Security Tests Reveal Built-in Advantage of First-gen Antivirus Vendors (esecurityplanet.com)

storagedude writes: The MITRE cybersecurity product evaluations use adversarial attack techniques instead of basic malware samples, and as a result are the best tests of enterprise security products — particularly in light of dramatic recent attacks on SolarWinds and Colonial Pipeline.

What's especially interesting is just how well first-generation antivirus vendors like Symantec, McAfee and Trend Micro have fared in the MITRE tests. An eSecurity Planet article analyzes the data and speculates on why the old guard may have a built-in advantage over the hot upstarts:

"They may have been overshadowed in recent years by some of the flashy marketing of the upstarts, but that long history gives the old guard a product depth that’s tough to beat," eSecurity Planet wrote. "Just one example: Symantec was prepared for last year’s SolarWinds hack because it long ago faced attacks when hackers tried to disable endpoint agents, a primary vector for the Sunburst malware.

"In cybersecurity, experience still counts for something."

Submission + - New Object Storage Protocol Could Mean the End for POSIX (enterprisestorageforum.com) 1

storagedude writes: POSIX has scalability and performance limitations that will become increasingly important in data-intensive applications like deep learning, but until now it has retained one key advantage over the infinitely scalable object storage: the ability to process data in memory. That advantage is now gone with the new mmap_obj() function, which paves the way for object storage to become the preferred approach to Big Data applications.

Submission + - Object storage and POSIX should merge (enterprisestorageforum.com)

storagedude writes: Object storage’s low cost and ease of use have made it all the rage, but a few additional features would make it a worthier competitor to POSIX-based file systems, writes Jeff Layton at Enterprise Storage Forum. Byte-level access, easier application portability and a few commands like open, close, read, write and lseek could make object storage a force to be reckoned with.

‘Having an object storage system that allows byte-range access is very appealing,’ writes Layton. ‘It means that rewriting applications to access object storage is now an infinitely easier task. It can also mean that the amount of data touched when reading just a few bytes of a file is greatly reduced (by several orders of magnitude). Conceptually, the idea has great appeal. Because I'm not a file system developer I can't work out the details, but the end result could be something amazing.’

Submission + - Is LTO tape on its way out? (enterprisestorageforum.com)

storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increaingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

“If multiple vendors invest in a technology, it has a good chance of winning over the long haul,” writes Newman, a long-time proponent of tape technology. “If multiple vendors have a technology they’re not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market.”

Submission + - If your cloud vendor goes out of business, are you ready?

storagedude writes: With Amazon Web Services losing $2 billion a year, it’s not inconceivable that the cloud industry could go the way of storage service providers (remember them?). So any plan for cloud services must include a way to retrieve your data quickly in case your cloud service provider goes belly up without much notice (think Nirvanix). In an article at Enterprise Storage Forum, Henry Newman notes that recovering your data from the cloud quickly is a lot harder than you might think. Even if you have a dedicated OC-192 channel, it would take 11 days to move a petabyte of data – and that’s with no contention or other latency. One possible solution: a failover agreement with a second cloud provider – and make sure it’s legally binding.

Submission + - Data archiving standards need to be future-proofed (enterprisestorageforum.com)

storagedude writes: Imagine in the not-too-distant future, your entire genome is on archival storage and accessed by your doctors for critical medical decisions. You'd want that data to be safe from hackers and data corruption, wouldn't you? Oh, and it would need to be error-free and accessible for about a hundred years too. The problem is, we currently don't have the data integrity, security and format migration standards to ensure that, according to Henry Newman at Enterprise Storage Forum. Newman calls for standards groups to add new features like collision-proof hash to archive interfaces and software.

'It will not be long until your genome is tracked from birth to death. I am sure we do not want to have genome objects hacked or changed via silent corruption, yet this data will need to be kept maybe a hundred or more years through a huge number of technology changes. The big problem with archiving data today is not really the media, though that too is a problem. The big problem is the software that is needed and the standards that do not yet exist to manage and control long-term data,' writes Newman.

Submission + - Google Introduce HTML 5.1 Tag to Chrome (datamation.com)

darthcamaro writes: Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec.

Submission + - When Customer Dissatisfaction Is a Tech Business Model (datamation.com)

jammag writes: A new trend has emerged where tech companies have realized that abusing users pays big. Examples include the highly publicized Comcast harassing service call, Facebook "experiments," Twitter timeline tinkering, rude Korean telecoms — tech is an area where the term "customer service" has an Orwellian slant. Isn't it time customer starting fleeing abusive tech outfits?

Submission + - Linux Needs Resource Management for Complex Workloads (enterprisestorageforum.com)

storagedude writes: Resource management and allocation for complex workloads has been a need for some time in open systems, but no one has ever followed through on making open systems look and behave like an IBM mainframe, writes Henry Newman at Enterprise Storage Forum. Throwing more hardware at the problem is a costly solution that won’t work forever, notes Newman.

He writes: 'With next-generation technology like non-volatile memories and PCIe SSDs, there are going to be more resources in addition to the CPU that need to be scheduled to make sure everything fits in memory and does not overflow. I think the time has come for Linux – and likely other operating systems – to develop a more robust framework that can address the needs of future hardware and meet the requirements for scheduling resources. This framework is not going to be easy to develop, but it is needed by everything from databases and MapReduce to simple web queries.’

Submission + - Does Heartbleed Disprove 'Open Source is Safer'? (datamation.com)

jammag writes: "Almost as devastating is the blow Heartbleed has dealt to the image of free and open source software (FOSS). In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow'...Tired of FOSS's continual claims of superior security, some Windows and OS X users welcome the idea that Heartbleed has punctured FOSS pretensions. But is that what has happened?"

Submission + - Hard Drive Relaibility Study Flawed (enterprisestorageforum.com) 1

storagedude writes: A recent study of hard drive reliability by Backblaze was deeply flawed, according to Henry Newman, a longtime HPC storage consultant. Writing in Enterprise Storage Forum, Newman notes that the tested Seagate drives that had a high failure rate were either very old or had known issues. The study also failed to address manufacturer's specifications, drive burn-in and data reliability, among other issues.

'The oldest drive in the list is the Seagate Barracuda 1.5 TB drive from 2006. A drive that is almost 8 years old! Since it is well known in study after study that disk drives last about 5 years and no other drive is that old, I find it pretty disingenuous to leave out that information. Add to this that the Seagate 1.5 TB has a well-known problem that Seagate publicly admitted to, it is no surprise that these old drives are failing.'

Submission + - The Burning Bridges of Ubuntu (datamation.com)

jammag writes: "Whether Ubuntu is declining is still debatable. However, in the last couple of months, one thing is clear: internally and externally, its commercial arm Canonical appears to be throwing the idea of community overboard as though it was ballast in a balloon about to crash." So claims a top Linux pundit, pointing out instances of community discontent and apparent ham-handeness on Mark Shuttleworth's part. Yet isn't this just routine kvetching in the open source community?

Submission + - Are We Witnessing the Decline of Ubuntu? (datamation.com) 2

jammag writes: "When the history of free software is written, I am increasingly convinced that this last year will be noted as the start of the decline of Ubuntu," opines Linux pundit Bruce Byfield. After great initial success, Ubuntu and Canonical began to isolate themselves from the mainstream of the free software community. Canonical, he says, has tried to control the open source community, and the company has floundered in many of its initiatives. Really, the mighty Ubuntu, in decline?

Submission + - Software-defined data centers might cost companies more than they save (datamation.com)

storagedude writes: As more and more companies move to virtualized, or software-defined, data centers, cost savings might not be one of the benefits. Sure, utilization rates might go up as resources are pooled, but if the end result is that IT resources become easier for end users to access and provision, they might end up using more resources, not less.

That's the view of Peder Ulander of Citrix, who cites the Jevons Paradox, a 150-year-old economic theory that arose from an observation about the relationship between coal efficiency and consumption. Making a resource easier to use leads to greater consumption, not less, says Ulander. As users can do more for themselves and don't have to wait for IT, they do more, so more gets used.

The real gain, then, might be that more gets accomplished as IT becomes less of a bottleneck. It won't mean cost savings, but it could mean higher revenues.

Slashdot Top Deals

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...