Is this a good time to embark upon a storage networking career? Naysayers might point to the tough job market, or a future where storage, networking and systems converge to such a degree that there will no longer be much demand for data storage specialists.

But many in the industry say it’s as good a time as any to get started in the storage industry.

“I’m seeing many signs of the market improving, and with that there will be more demand,” said Greg Schulz, senior analyst and founder of StorageIO Group.



The Washington Post reports in Defense official discloses cyberattack:

The most significant breach of US military computers was caused by a flash drive inserted into a US military laptop on a post in the Middle East in 2008.

A foreign intelligence agency managed to place malware on a USB flash drive that was later plugged into the US military laptop, infecting it. From there, the infection made its way onto a U.S. military Central Command network.

Terry Childs, the “rogue techie” who refused to disclose the passwords to a crucial city networking system for the better part of two weeks, has been sentenced to four years in state prison. He also may be stuck with up to $1.485 million in restitution payments.

Since Childs has been jailed since 2008, he may only spend an additional four to six months incarcerated, according to his attorney, Richard Shikman. This is the ostensible end of a situation which marked the closest a frustrated San Francisco employee has ever come to being equated with a James Bond villain. That comparison was made when Mayor Gavin Newsom himself was the man called in to eventually wrest the codes out of Childs in the engineer’s jail cell.

Now that we’re past the halfway point of 2010, it’s starting to become apparent that the browser trends we’ve noted over the past several months are no longer holding. Sure, Safari and Opera are still slowly gaining share, but the three big guys are restless. Firefox has started declining, Chrome’s growth spurt seems to have been put on hold, and Internet Explorer experienced gains for the second month in a row.

Between June and July, Internet Explorer gained 0.42 percent (from 60.32 percent to 60.74 percent), smaller than June’s gain, but still noteworthy. Firefox, meanwhile, dropped nearly a full percent (from 23.81 percent to 22.91 percent) and Chrome dipped 0.08 percent (from 7.24 percent to 7.16 percent). Safari increased 0.24 percent (from 4.85 percent to 5.09 percent) and Opera moved up 0.18 percent (from 2.27 percent to 2.45 percent).

The United Arab Emirates tends to be one of the more moderate nations in the Persian Gulf region, which may have contributed to its rise as a major financial center. The bankers apparently brought their BlackBerrys with them, creating a small but dedicated group of users on the UAE’s local carriers, like Etisalat. But one of the selling points of the BlackBerry—strong encryption between the hardware and RIM’s e-mail servers in Canada—hasn’t sat well with the UAE’s security services. After previous attempts to subvert the encryption, the UAE has now decided to simply ban sales of the devices. Meanwhile Saudi Arabia is considering blocking the use of RIM’s instant messaging service.

The problem, from the security service’s perspective, is that the e-mails never spend any time where the UAE’s security services can examine their contents. In what appeared to be an earlier attempt to get around this issue, Etisalat attempted to get RIM users on its network to install some software that simply took any e-mail that had been decrypted and forwarded it on to a server within the UAE. This effort was quickly discovered, however, and RIM washed its hands of the whole thing publicly.

As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft’s announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts.

Clients are the main target but servers are as vulnerable and should be patched as soon as possible. Please report any issues you have with the patch !

Adobe’s Reader and Acrobat PDF applications have been hit by a new attack exploiting an unpatched vulnerability in the pervasive tools. So far the exploit has been used mostly in targeted attacks, but researchers say it could soon spread now that the cat is out of the bag.

Adobe late yesterday issued a brief alert about the as-yet undisclosed vulnerability in Acrobat Reader and Acrobat 9.2 and previous versions that’s being exploited in the wild. “We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information,” Adobe said.

So far, Adobe and security researchers around the industry have been tight-lipped on details about the newly discovered vulnerability involved, but ShadowServer today said in its blog that the flaw resides in a JavaScript function in Acrobat and Reader. The trick is that the vulnerable JavaScript is hidden inside a “zlib stream,” which makes it difficult for security scanners to detect it, ShadowServer says. The flaw is found in 8.x and 9.x versions of the software, according to ShadowServer, and researchers are currently testing earlier versions for the bug as well.

The cybercriminals behind the Zeus botnet used Amazon’s Elastic Computing Cloud (EC2) to host the central server used to control a portion of the compromised machines, security firm CA stated on Thursday.

The company found that infected machines would contact a server hosted in Amazon’s cloud to download updates and additional functionality to any infected computer systems. The malicious software would then steal data and banking login credentials, Methusela Cebrian Ferrer, senior researcher at CA, said in a blog post.

“The group behind this criminal activity is obviously doing it for financial gain –  stealing both your identity and your money,” Ferrer stated. “In this variant, we have learned how cloud on-demand — pay-as-you-use — offerings could be used to fuel such online cybercrimes.”

Keyloggers and spyware are the most commonly occurring attacks in companies that suffer major data breaches, according to a report published today by Verizon Business.

The new report, “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” offers a look at the 15 most common security attacks and how they typically unfold. The data is extracted from Verizon Business’ April 2009 study of its computer forensics service customers, all of whom have experienced a major data breach.

The report taps Verizon Business’ detailed investigative records to identify, rank, and profile the most common attacks. For each type of attack, the report provides real-world scenarios, the warning signs, how the attack is orchestrated, how attackers got in, what information they took, what assets the attackers targeted, what industries are commonly affected, and what countermeasures are effective. In total, the report details nearly 150 ways to detect and combat security threats. This latest installment in Verizon’s data breach study series is based on the “2009 Verizon Business Data Breach Investigations Report,” issued in April. That landmark study analyzed more than 90 forensic investigations involving 285 million compromised records