Data Storage Today

EU Probes New Google Privacy Policy

Mon, 06 Feb 2012 08:53:21 -0500

The European Union's data protection authorities have asked Google to delay the rollout of its new privacy policy until they have verified that it doesn't break the bloc's data protection laws.

Google publicized its new privacy rules -- which regulate how the Web giant uses the enormous amounts of personal data its collects through its search engine, email and other services -- with much fanfare last week.

Since then, it has launched a huge publicity campaign informing its users around the globe of the new policy, which is set to come into force on March 1.

But that launch date may now be under threat.

In a letter to Google Chief Executive Larry Page, Jacob Kohnstamm, the chairman of the group of 27 national privacy regulators in the EU, said the French data protection agency has launched an investigation into the new rules and how they will affect Google users in the EU.

"We call for a pause (in the rollout of the new rules) in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis," Kohnstamm wrote in the letter, which was sent Thursday and published on Friday.

Google's search engine has a market share of more than 90 percent in the EU, with rival services like Microsoft's Bing gaining little traction. The EU's competition authorities are already examining whether Google uses this dominance to stop other search engines from entering the market.

Google said in a statement that it had briefed data protection agencies before making its new policy announcement and that none of them had had substantial concerns at the time.

"Delaying the policy would cause significant confusion," it said in the e-mailed note.

In its descriptions of the new privacy policy, Google says its main aim is...

New Malware Attacks Target Online Banking

Mon, 06 Feb 2012 08:48:54 -0500

Computer criminals have found a way to hack their way past the latest generation of online banking security techniques, British researchers say.

In the scheme, account holders are tricked by an offer of training in a new "upgraded security system" after being logged into the bank's real site, after which money is moved out of their account but evidence of the theft is invisible to the user, the BBC reported Thursday.

The scam involves what has been dubbed the Man in the Browser attack, or MitB, where the malware the user has been tricked into downloading lives in their Web browser and can get between the user and the bank Web site, altering what is seen and changing details of what is being entered.

Some versions of the MitB will change payment details and amounts and can also change on-screen balances to hide its activities, experts said.

"The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking," said Daniel Brett of malware testing lab S21sec.

Every time a new update to the malware is released, it takes security companies a number of weeks to learn how to spot it, he said.

Online banking fraud losses totaled $27 million in the first six months of 2011, a Financial Fraud Action U.K. spokesman said.

But banks are taking action against such scams, FFA's Mark Bowerman said.

"We've got intelligent fraud detection software, and it's used to seeing how you operate your online bank account.

"Any deviations from the norm and the software is going to pick it up -- that may be the type of transaction you've made or the amount," he said.

HELIOS WebShare UB2 Eases Access, Collaboration

Wed, 01 Feb 2012 07:38:18 -0500

HELIOS Software GmbH, a leading developer of cross-platform file, print, image, proofing, remote collaboration, and PDF server software, announced major new features to its server-based HELIOS WebShare UB2 remote access, managed file transfer, and collaboration software. WebShare UB2 makes it simple to add secure remote file access to any file server.

INDUSTRIAL STRENGTH FILE MANAGEMENT

HELIOS WebShare UB2 facilitates enterprise-wide document collaboration, enabling easy yet secure remote access to server files via any web browser, from Mac, Windows, Linux, or mobile devices.

The new Gallery view presents scalable previews of images, and multi-page PDFs and Microsoft Office files within the web browser. Even Japanese, Chinese, and Cyrillic documents can be previewed without the need to have specific character sets installed on a local computer.

Also new to WebShare UB2 is the Apple Spotlight compatible search system, allowing users to quickly find server files by file name, text content, and meta data.

TAKES THE WORK OUT OF REMOTE COLLABORATION

The WebShare Manager component enables automatic two-way remote synchronization of files, with customizable synchronization plans. Mac, Windows, and UNIX/Linux users can easily drag & drop project files from the web browser or local workstation into the WebShare Manager window to enable synchronization of files between the remote WebShare server and the local workstation. Even automatic file versioning can be enabled.

WebShare Manager lets teams quickly find and use files scattered in various locations on a file server without the need to move or collect those files into a single folder. This project oriented approach speeds the remote collaboration process, reducing the work required to a few mouse clicks.

WebShare Manager also offers a Resume Transfer capability that supports resumption of interrupted uploads, to ensure high file synchronization reliability even for low...

Report: Electronic Health Records Still Need Work

Mon, 30 Jan 2012 09:31:34 -0500

America may be a technology-driven nation, but the health care system's conversion from paper to computerized records needs lots of work to get the bugs out, according to experts who spent months studying the issue.

Hospitals and doctors' offices increasingly are going digital, the Bipartisan Policy Center says in a report released Friday. But there's been little progress getting the computer systems to talk to one another, exchanging data the way financial companies do.

"The level of health information exchange in the U.S. is extremely low," the report says.

At the consumer level, few people maintain a personal health record on their laptop or electronic tablet, partly due to concerns about privacy, security and accuracy that the government hasn't resolved.

"How will sensitive health data be kept confidential and secure in digital data-sharing environments?" the report asks. "Many consumers ... are waiting for a reassuring answer to this question."

The report offers a window on progress toward a goal set by President Barack Obama, and President George W. Bush before him, that everyone in the United States should have an electronic medical record by 2014.

While making no predictions, the report offers a collection of details indicating that the goal is a long shot at best.

"Will 100 percent of our nation have electronic health records by 2014?" asked Janet Marchibroda, who directs the center's health technology initiative. "I would say getting to that last mile is difficult." She expects the majority of hospitals and doctors to meet the goal, but it's another matter when it comes to consumers.

In politically polarized Washington, the center tries to tackle national problems from a pragmatic perspective. The report, more than six months in the making, was produced by a panel representing hospitals, doctors, insurers, consumers and technology companies. The review was led by two former senators with ties to the...

After Code Theft, Symantec Advises to Stop Using pcAnywhere

Thu, 26 Jan 2012 11:27:23 -0500

If getting hacked earlier this month by an Indian group wasn't bad enough, the high-profile hacktivist group Anonymous is claiming it has Symantec source code. And Symantec isn't taking any chances.

"Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006," Symantec said in a statement. "Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring."

Despite those polices and procedures, though, Symantec is suggesting pcAnywhere users pull the plug on the remote access software. pcAnywhere allows users to remotely access and control other computers. Symantec said the encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks that open the door to stealing session data or credentials.

Symantec's Quick Advice

"Symantec came out with strong -- and, to my mind, correct -- advice to their users: stop using pcAnywhere until a patch is available," said Graham Cluley, senior security analyst at Sophos. "Hopefully this will be the full extent of the Symantec security breach, and there aren't any more revelations awaiting users. I'm sure if Symantec did know anymore they would share it with their customers, as they have been very open so far."

Symantec has indeed been open, which is a good lesson for companies dealing with data breaches. When an Indian hacking group claimed it got its hands on source code used in the Norton anti-virus program in early January, Symantec was quick to respond and make the appropriate recommendations to users.

Much the same with the pcAnywhere issue, Symantec issued a white paper with security recommendations and published a customer advisory on its Web site. For example, Symantec noted that a secondary risk with pcAnywhere may occur if a malicious...

O2 Accidentally Exposes Customers' Phone Numbers

Fri, 27 Jan 2012 09:34:32 -0500

An untold number of U.K. residents may have unwittingly broadcast their numbers to sites across the Web while browsing the Internet with their cellphones during the past two weeks.

Mobile service provider O2 said Wednesday that a glitch had exposed the numbers of smartphone-toting customers who connected to the Internet over the company's network.

The company, a major subsidiary of Spain's Telefonica, S.A., has some 22 million customers in Britain. It was unclear how many of those may have been affected and a call seeking further comment from O2 was not immediately returned.

The glitch was "potentially very serious," said Matt Bath, the technology editor for British consumer watchdog Which?

"You are making private information available into the wilds of the Web," he said. "A lot of good Web sites won't do anything with that data at all (but) there's a potential for a rogue Web site to harvest the information. That is an open door when it comes to spam, which is annoying, but also outright scams."

O2 said in a blog post that the company routinely shares its customers' telephone numbers with what it described as "trusted partners" for purposes such as age-verification and billing for premium content. But because of a glitch introduced during a routine maintenance operation around January 10, "there has been the potential for disclosure of customers' mobile phone numbers to further Web site owners."

O2 said it had fixed the bug Wednesday and apologized for any concern caused. But Bath said the damage may already have been done.

"This genie is completely out of the bottle," he said. "Some unruly Web site may be rubbing their hands with glee at the data bounty that's landed on their laps."

The Information Commissioner's Office, Britain's data protection watchdog, said it was looking into the potential breach.

"When people visit a Web site via their...

Cisco Shows Traction in Server Market with 10,000 Customers

Wed, 25 Jan 2012 12:59:37 -0500

Defying naysayers, Cisco is boasting a major milestone for its Unified Computing System, or UCS. Just two years after rolling out the server product, data center managers and CIOs are finding value in the technology -- more than 10,000 of them, to be exact.

Two years ago, industry watchers doubted Cisco could gain traction with its new computing technology in a market dominated by Hewlett-Packard and IBM. But UCS is proving to be a force to be reckoned with, capturing 53 industry benchmark performance world records and winning a dozen industry awards for innovation since it started shipping in July 2009.

"This announcement is a pretty big deal," said Zeus Kerravala, principal analyst at ZK Research. "I was really skeptical as to whether Cisco could be a server vendor at all. Two or three years ago, it was unusual for someone to deploy a Cisco server. It was like someone deploying Macs in the workplace. Now it's not that unusual. That 10,000 mark legitimizes Cisco as a server vendor."

Rising Server Tide

Cisco seems to be in the right place at the right time -- right in the middle of the cloud's growing adoption. The 2011 Cisco Cloud Index forecasts that cloud computing is transforming business, with more than 50 percent of computing workloads in data centers expected to be cloud-based by 2014.

Cisco's Cloud Index also predicts global cloud traffic will grow 12-fold by 2015, to 1.6 zettabytes per year. That's the equivalent of more than four days of business-class video for every person on Earth. This explosive cloud growth requires advanced data center capabilities -- and Cisco is promoting UCS to support end-to-end cloud application delivery.

"Cisco is on par -- and many would argue that they are superior -- to where IBM and HP are with servers," Kerravala said. "And it's not...

AWS Offers Storage Gateway for Automated Backups

Wed, 25 Jan 2012 12:11:06 -0500

Amazon Web Services announced Tuesday that it was releasing a public beta of its Storage Gateway, enabling companies to schedule automatic backups to the Amazon cloud. Storage Gateway is a software appliance currently optimized for VMware, although other virtual environments will be supported in the future.

The gateway sends backup snapshots of data to the cloud, while also storing the data locally. Snapshots can be used to readily restore the data to local hardware, and can be accessed as Amazon Elastic Block Store volumes for mirroring data between on-premises and Amazon apps that are based in the Elastic Compute Cloud, or EC2.

Disaster Recovery, Data Migration

In a statement, Amazon said the gateways make it easy to use its EC2 "for additional capacity during peak periods, for new projects, or as a more cost-effective way to run normal enterprise workloads."

The company said it expected the AWS Storage Gateway would be used primarily for disaster recovery and business continuity, backup, and data migration. AWS cited the advantages of reducing costs for hardware by emphasizing a cloud strategy, and avoiding any concerns about running out of storage space or managing off-site facilities.

Storage volumes created with the gateway can be attached as iSCSI devices to on-site app servers. Amazon said the standard iSCSI interface worked with existing apps and on-premise architecture. Gateway-Stored volumes, available now, maintain a complete copy on local storage, while uploading backup snapshots to Amazon. Gateway-cached volumes, available soon, can use local storage as a low-latency cache for frequently used data, while the clean copy lives in the cloud.

Each gateway can support as many as 12 iSCSI volumes and a total of 12 terabytes, and there can be multiple gateways for each account. If different configurations are needed, users can request special arrangements. Users can choose to store data in...

Microsoft Unmasks Kelihos Mastermind; Botnet Dead But Not Gone

Wed, 25 Jan 2012 10:13:23 -0500

Now that Microsoft has outed the software engineer it believes masterminded a massive attack that delivered spam and stole confidential data, what's next on the botnet mitigation front? And is the Kelihos takedown even having an impact on spam levels?

Microsoft took down the Kelihos botnet with partners Kyrus and Kaspersky Labs last September. Since then, the Microsoft Digital Crimes Unit has continued to actively investigate the case. Microsoft named Andrey N. Sabelnikov, a Russian citizen and former software engineer at an antivirus vendor, in an amended complaint filed with the U.S. District Court for the Eastern District of Virginia on Monday.

"We continue to explore ways to make the information learned from our takedowns more readily available to others who can take action to address infections in a more systematic and automated manner," said Richard Domingues Boscovich, a senior attorney in the Microsoft Digital Crimes Unit. "Our objective is to effectively put information and tools into the hands of those that can help protect innocent computer users."

Does It Even Matter?

Damballa Labs tracks the Kelihos botnet as "FierceGorillaConvicts." In September 2011, Microsoft estimated the global proliferation of the botnet to be in the realm of 40,000 victims. Damballa observed and confirmed the victim status of around 10,000 victims in North America alone.

Gunter Ollmann, vice president of research at Damballa, said security researchers and vendor analysts work to dismantle and take down dozens of botnets on a daily basis -- but very few of these efforts ever make it to the press, let alone become headline news.

"Over the years, security researchers have found that tearing down parts of a criminals' command and control infrastructure is easy, but it is almost impossible to kill a botnet in its entirety when the criminals want to keep it going," Ollmann said.

"Past media events...

Opengear Expands Secure Remote Monitoring

Wed, 25 Jan 2012 09:15:57 -0500

SANDY, UT, January 24, 2012 -- Opengear, a leading provider of secure enterprise-grade console servers and remote management solutions, today announced the launch of its next-generation, customizable remote monitoring and management (RMM) gateway product family, the Opengear ACM5500. Opengear makes it easy for MSPs (Managed Service Providers) to remotely monitor and manage their customers' network infrastructure, whether on the road, in an office, or at another customer site. Customized alert thresholds proactively track device status, and can fix problems before a customer is even aware of them, or before they become a crisis.

Until now, tools to help monitor and manage a variety of application software and both network and environmental devices have been complex and expensive. With Opengear's dedicated secure hardware agent, MSPs have visibility into and the ability to monitor and control customers' network infrastructure devices even behind a firewall - easily and affordably. Based on open standards, the Opengear ACM5500 product family complements the tools currently used to manage customers' IT environments (i.e., Cisco, Juniper, Avaya, F5, etc.), so there is no "rip and replace."

Opengear expands RMM for network/IT devices (both SNMP-based and non-SNMP based), environmental devices and software applications (e.g., Microsoft Exchange Server, etc.). The ACM5500 provides serial console-port connectivity, environmental monitoring, power management and monitoring and remote site storage of offline logs and running configuration files. The ACM5500 family also includes environmental sensors, local 4GB storage, internal v.92 and cellular modems that enable out-of-band access, auto response, power management and security. With the Opengear ACM5500 family of RMM gateways, secure in-band and out-of-band access to remote sites is available from anywhere in the world, thereby providing better control and visibility into a network and its physical environment.

Secure, Out-of-band RMM Gateways for MSPs

Opengear has seen incredible growth over the past few years from MSPs who...