Subscribe to Email Updates

Subscribe

Author: Shaun Donaldson

Shaun Donaldson is Editor-at-large at Bitdefender Enterprise. Shaun is also responsible for supporting relationships with strategic alliance partners and large enterprise customers, and analyst relations. Before joining Bitdefender, Mr. Donaldson was involved in various technology alliances, enterprise sales and marketing positions within the IT security industry, including Trend Micro, Entrust, Bell Security Solutions and Third Brigade.

All about Virtualization and Cloud Security | Recent Articles:

Windows Server 2003 end-of-support and security management considerations

Jul 03 by Shaun Donaldson

I came across an interesting article reported by The Register. In a survey, half of companies will still have Windows Server 2003 somewhere in their environment

Read More

Context versus isolation: solving one of security’s trickiest problems

May 13 by Shaun Donaldson

Securing endpoints has always required balancing context and isolation. Context is about knowing what is happening within an endpoint, while isolation is about the security mechanism being separated from the endpoint that it is protection.

Read More

Reboot the cloud? Yes, it has happened, and here’s why.

May 13 by Shaun Donaldson

While rare, every now and then, major cloud providers such as Amazon must ponder interrupting service to reboot parts of their environments. It is a curious thing, and leads to asking, “Why?”

Read More

Cloud is Driving Shadow IT Amongst End-users and Datacenter Users

Feb 10 by Shaun Donaldson

Not long ago, I presented a webinar on BrightTalk about cloud and BYOD (Bring Your Own Device). In it I discuss how users have myriad options that are outside the control of IT groups – shadow IT. That end-users are using applications powered by public cloud computing isn’t surprising. Most of us, at one point or another, have used web mail to move a file, Evernote to jot-down thoughts, or DropBox to share files.

Read More

Anthem breached by remote attack, 80 million records at risk

Feb 06 by Shaun Donaldson

Anthem, one of the largest health insurers in The United States, has announced they have been breached. The company has created the web site http://www.anthemfacts.com/ giving a brief outline of events. While short on details, the Anthem notes, “Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."

Read More

Security and Virtualization: Adaptation is the “new normal” [INFOGRAPHIC]

Jan 05 by Shaun Donaldson

It is no secret virtualization technology is changing the datacenter landscape. The agility, flexibility, and overall operational benefits are myriad, and conversations about the return on investment in virtualization have, for the most part, long-since been concluded. However, as with many wide changes in computing, conversations about security implications tend to lag behind. For security professionals, increasing agility can also mean introducing new areas of concern; agility can create fragility.

Read More

Why Aurora is more than a sunrise

Nov 25 by Shaun Donaldson

A short while ago, Amazon announced a new offering called Aurora. In a nutshell, Aurora is a MySQL database engine wrapped as a service. It’s relatively cheap, and Amazon handles the nitty-gritty of the thing.

It begs the question, why does it matter? As Amazon declares, it’s the fifth SQL database engine that they have made available. So, why the big deal? It is a big deal because it says quite a bit about how Amazon operates.

First, let’s have a look at the product page:

 

Amazon Aurora provides up to five times better performance than MySQL at a price point one tenth that of a commercial database while delivering similar performance and availability.”

 

Read More

Many SMBs are not in the business of IT, but need cloud more than ever

Nov 12 by Shaun Donaldson

The National Small Business association published a report, the “2013 Small Business Technology Survey”. While it contains interesting information, one particular quote stood-out for me.

 

Not surprising, there was a huge jump in small firms utilizing cloud computing. In 2010, it was just five percent—today, 43 percent are on the cloud.”

Read More

4 Things You Should Know Before Running A Botnet

Nov 06 by Shaun Donaldson

 1) They understand what they are doing

 

Herding a botnet isn’t easy these days. The people doing it understand that it is decidedly illegal to run malicious software on computers that are owned by others. They are professionals; where there’s money, there is dedicated will. Over the years, we have observed that the business of malware has gone from creating nuisance software (almost accidental attacks) to stealthy, sophisticated networks of compromised systems.

Read More

SSL v3 vulnerability: this POODLE eats secure cookies

Oct 15 by Shaun Donaldson

What this is:

  • A method to compromise communication encrypted by SSL v3 (meaning: access secure cookies, thereby gaining access to session information)

What this is not:

  • A direct method of compromising endpoints

What is required:

  • A node capable of intercepting traffic between two nodes; a “bump on the wire”

  • The nodes at each end (client and server) are willing to fall-back to SSL v3

 

Original announcement

Original publication

Read More

SSL v3 Vulnerability - Remedies and What You Can Do

Oct 15 by Shaun Donaldson

 

If you are running systems that maintain SSL 3.0 compatibility, you are advised to define a Signaling Cipher Suite Value (SCSV) to prevent unintended protocol downgrades between clients and servers when both parties support a higher version of the protocol.

Disabling fallback to lower protocols is different from operating system to operating system. Here are some guidelines for the most frequently used webservers:

Read More

Shellshock is Shocking, According to Shellers

Sep 26 by Shaun Donaldson

If you’ve had a few spare moments to peruse the news, and happen to do so with an eye toward IT, you’ll have heard about Shellshock. As with many a vulnerability, there are many questions, and in this post I hope to answer some.

What is the problem?

Bash (Bourne-again Shell) is a command line interpreter packaged with most Unix variants. It’s quite handy for running commands, especially when invoked from scripts. The vulnerability roughly relates to how Bash parses environment variables (used to set the context of commands). The vulnerability allows someone entering environment variables to insert arbitrary code. Instead of just setting the context of execution, Bash executes the injected commands.

Read More

Cloud Security




Subscribe to Blog Updates

Latest Tweets