storagedude writes: Security testing company Pwnie Express scanned Wi-Fi access at the RSA conference and found multiple EvilAP attacks. What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...
' I would like to suggest that an ANSI, ISO or IEEE committee come together and create an open standard for self-describing data. This format must encompass all other formats that exist today in weather, multiple medical formats, geospatial, genetics and so on. This working group could meet and get agreement across various industries in pretty short order, I believe. Just like wrapping files that are already wrapped. This clearly doesn’t solve the whole problem with its long-term issues, but it does get us to a common agreed format. This could also be used for any other file type like a jpeg.'
jammag writes: Google is creating a new operating system, Fuchsia — but why? For IoT, mobile, world domination? The search giant remains remarkably tight-lipped about the project. Yet one thing's for sure: with Google behind it, Fuchsia will likely play a key role in development in the years ahead.
'The only way I can see this working — and there is still risk — is if you have multiple employees inspecting the firmware to ensure it is indeed the manufacturer’s firmware. I would have at least two or more people get the firmware and validate the SHA256 hashes,' Newman writes.
‘Having an object storage system that allows byte-range access is very appealing,’ writes Layton. ‘It means that rewriting applications to access object storage is now an infinitely easier task. It can also mean that the amount of data touched when reading just a few bytes of a file is greatly reduced (by several orders of magnitude). Conceptually, the idea has great appeal. Because I'm not a file system developer I can't work out the details, but the end result could be something amazing.’
At the heart of the Multilevel Secure System (MLS) is a modified version of SELinux, with role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.
Lockheed Martin, Seagate and Red Hat are among the vendors who developed the system, which was unveiled at last week's Geospatial Intelligence (GEOINT) conference in DC.
storagedude writes: Big Data, the Internet of Things and manufacturing and areal density limitations could combine to reverse the long-running trend of falling data storage prices, according to an article on InfoStor. With neither flash nor tape offering a viable alternative to bulk disk storage, users may have to turn to technologies such as deduplication, thin provisioning, RAID 1 and heat-assisted magnetic recording (HAMR) to meet demand.
“If multiple vendors invest in a technology, it has a good chance of winning over the long haul,” writes Newman, a long-time proponent of tape technology. “If multiple vendors have a technology they’re not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market.”
darthcamaro writes: A year ago, there were only 22 Top Level Domain Names, with.com and.net being the most commonly deployed. Now there are hundreds of new names and according to VeriSign (the people that manage.com and.net), it's leading to confusion.
Are you confused by new.xyz /.guru.anything domains?
poseur writes: Just about every retailer has experienced a data breach due to insecure point-of-sale systems. Why is PoS security so hard? Experts say it's a moving target. The good news, experts say, is that payment solutions like Apple Pay could render PoS systems largely obsolete.
storagedude writes: With Amazon Web Services losing $2 billion a year, it’s not inconceivable that the cloud industry could go the way of storage service providers (remember them?). So any plan for cloud services must include a way to retrieve your data quickly in case your cloud service provider goes belly up without much notice (think Nirvanix). In an article at Enterprise Storage Forum, Henry Newman notes that recovering your data from the cloud quickly is a lot harder than you might think. Even if you have a dedicated OC-192 channel, it would take 11 days to move a petabyte of data – and that’s with no contention or other latency. One possible solution: a failover agreement with a second cloud provider – and make sure it’s legally binding.
Writing on InfoStor, Henry Newman said the security problem ‘is one hundred percent solvable with the right amount of motivation and the right amount of resources.’ His petition requests that if organizations with more than 1,000 employees fail to protect data, 'the organization becomes responsible for that loss with no exclusions and no liability limits.'
storagedude writes: Imagine in the not-too-distant future, your entire genome is on archival storage and accessed by your doctors for critical medical decisions. You'd want that data to be safe from hackers and data corruption, wouldn't you? Oh, and it would need to be error-free and accessible for about a hundred years too. The problem is, we currently don't have the data integrity, security and format migration standards to ensure that, according to Henry Newman at Enterprise Storage Forum. Newman calls for standards groups to add new features like collision-proof hash to archive interfaces and software.
'It will not be long until your genome is tracked from birth to death. I am sure we do not want to have genome objects hacked or changed via silent corruption, yet this data will need to be kept maybe a hundred or more years through a huge number of technology changes. The big problem with archiving data today is not really the media, though that too is a problem. The big problem is the software that is needed and the standards that do not yet exist to manage and control long-term data,' writes Newman.
storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name, reports eSecurity Planet. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.