yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
The Malware Mess
Android-based malware marked a 35% growth rate not seen since early 2012

A couple weeks ago McAfee Labs released the McAfee Threats Report: Second Quarter 2013, which found that Android-based malware marked a 35% growth rate not seen since early 2012.  They also found twice as many new ransomware offerings in Q2 as in Q1, bringing the 2013 ransomware count higher than the total found in all previous periods combined.  Everything was in play – SMS stealing bank malware, infected legitimate apps, malicious apps in sheep’s clothing, along with fake dating and entertainments apps.  A lot of areas that we spend a good portion of our mobile time.

In addition to mobile threats, Q2 also saw a 16% uptick in suspicious URLs and a 50% increase in digitally-signed malware samples.  Attackers are showing that they can adapt to the criminal opportunities and continue to infiltrate the ever changing infrastructure.  Ransomware, a very popular and profitable scheme, where pop-ups or other messages threaten the user unless they pay a ransom, doubled from Q1 to Q2.  Hey, if it works, might as well.  Malware signed with legitimate certificates increased 50% to 1.2 million samples.  You think you’re getting the safe code due to the certificate’s authentication but that cozy blanket gets cold quick.  Malware also continues to find life with infected URLs according to McAfee.  The total number of suspect URLs found reached 74.7 million or a 16% increase over Q1.  The Indexed Web is at least 3.82 billion pages so around 2% of the web but still.  I might suggest, ‘watch what you type, don’t click suspicious links, avoid porn sites,’ and other rather obvious actions but these days it could be delivered through an ad loading on a popular news site.  Almost no one is immune.  SPAM continues to hog email servers accounting for almost 70% of all global email volume.  That’s nuts.  Think about it all the legitimate email we send over a month and it only accounts for 30% of all email?!?  What a waste of resources.  Other highlights included cyber espionage campaigns and attacks on digital currency.

These threats come at a time where there seems to be a disconnect between executives and their technical teams.

The Ponemon Institute’s most recent research shows that when it comes to locking down enterprise infrastructure, the application layer is responsible for more than 90% of all security vulnerabilities, yet more than 80% of IT security spending continues to be at the network and endpoint layer.  According to Ponemon, ‘Most Organizations are Woefully Behind in Application Security.’  For it’s ‘Current State of Application Security Report‘ , they asked 642 IT professionals (both executive & engineering) 20 questions concerning tools usage, development team knowledge and security best practices to better understand the maturity of an organization’s application security program in comparison to the core competencies of high-performing organizations.  They found that a much higher percentage of executive-level respondents believe their organizations are following security procedures through the lifecycle of application development than do the engineers who are closest to executing the security processes.  For instance, 71% of executives interviewed believe that application security training is available and up to date but only 20% of technical staff felt the same.  Around 67% of execs feel they have a mature application security program, compared to 33% of technical staff and 75% of executives believe that a secure architecture exists in their organization verses 23% of technical staff.  Someone is either not communicating or many organizations do not yet consider the need to proactively do something about application security or even attempt to understand application security risks.

What is troublesome is that even with all the media attention and the afore mentioned malware stats, most organizations are not building nor testing their applications for security. According to the Ponemon report, only 43% of respondents say they have a process in place to test for vulnerabilities prior to release, and only 41% are using automated scanning tools to test applications during development. And just to pile on, only 42% push their applications to manual penetration testing by internal teams or from a third party.

So, threats are increasing (I feel like I say this multiple times a year) and it seems that organizations’ response to them are decreasing…or at least not taking them seriously enough.  In many ways, it is kinda like the real world.  We think, feel, believe that we’re safe until something happens…then we take all the precautions.  Many organizations need to do that yesterday.

Today’s technologies are awesome but every once in a while I do miss 4 TV stations (including PBS), typewriters, rotary phones, mimeograph machines, S&H Green Stamps and the hard wires of yesteryear.



Read the original blog entry...

About Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

Latest Cloud Developer Stories
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world's first provider of an Enterprise ...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter software prevalent in printing and related applications requiring rendering and/or conversion from one software language to another. Founded by renowned computer scientist Dr. L. P...
Blockchain has shifted from hype to reality across many industries including Financial Services, Supply Chain, Retail, Healthcare and Government. While traditional tech and crypto organizations are generally male dominated, women have embraced blockchain technology from its incep...
In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, as they represent yet another frontier...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers
Most Read This Week