Upping The IPS Ante

My colleague at Forrester, Chris Silva, recently commented upon the recent Air Defense acquisition by Motorola.  Looking at the deal through the security lens, I completely agree with Chris that this will help ease integration of wireless security into wireless infrastructure.  It's good to see one of the major wireless brands step up and take wireless security seriously.  Perhaps that other major wireless vendor will get the hint...

Upping The IPS Ante

Motorola announced this week its intentions to acquires Wireless IDS/IPS vendor AirDefense.
The acquisition may provide a bit of deja vu to readers who recall the
acquisition of Network Chemistry's wireless IDS/IPS assets by Aruba
Networks in 2007.

Read more


Get Involved Now In Cloud Computing Discussions

A Culture of Compliance

Wireless as Fashion

As a security guy, I’ve spent a lot of time thinking about the security ramifications of wireless connectivity.  Wireless has evolved from a single protocol, 802.11b, to a veritable alphabet soup loosely defined as "Mobility."  We now have 11a/b/g and maybe n, Bluetooth, RFID, CDMA, Wi-Max, and a bunch of other stuff that all provides wireless access, often without even a thought of security.  As people scramble to have the latest, coolest, most connected devices in the company, they are tossing security right out the window.

Read more

Power Outages Are A Major Risk That Most Companies Overlook

Stephanie Balaouras

TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.

When companies think of disaster recovery and downtime, they typically think of catastrophic events such as hurricanes, tornadoes, and earthquakes. What companies don't realize is that the most common cause of downtime is power failures. In a joint study by Forrester Research and The Disaster Recovery Journal of 250 disaster recovery decision-makers and influencers, 42% of respondents indicated that a power failure was the cause of their most significant disaster declaration or major business disruption.

Read more

Lessons learned from the massive SQL injection attacks against legacy Microsoft ASP apps

Chenxi Wang

I am sure many of you are aware of the recent massive-scale SQL injection attacks targeting Microsoft ASP applications running on IIS. The latest report has the number of attacked sites at 500,000. The press makes it sound like there is a new vulnerability in IIS or ASP. This cannot be further from the truth. The reality is the attacks are targeting Web applications where user input validation is not done (this is one of the fundamental security programming techniques). When a Web application does not validate its form input, it is opening itself up to code injection attacks including SQL injection. Today, the security industry is doing a decent job of communicating the importance of input validation. But you'll still find many legacy Web applications that have these flaws. And this is exactly what happened here: the attackers (well, they are organized) are using Google to find old ASP pages that take user input, and are systematically going after these pages to perform SQL injection attacks.

Read more