Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
The Malware Mess
Android-based malware marked a 35% growth rate not seen since early 2012

A couple weeks ago McAfee Labs released the McAfee Threats Report: Second Quarter 2013, which found that Android-based malware marked a 35% growth rate not seen since early 2012.  They also found twice as many new ransomware offerings in Q2 as in Q1, bringing the 2013 ransomware count higher than the total found in all previous periods combined.  Everything was in play – SMS stealing bank malware, infected legitimate apps, malicious apps in sheep’s clothing, along with fake dating and entertainments apps.  A lot of areas that we spend a good portion of our mobile time.

In addition to mobile threats, Q2 also saw a 16% uptick in suspicious URLs and a 50% increase in digitally-signed malware samples.  Attackers are showing that they can adapt to the criminal opportunities and continue to infiltrate the ever changing infrastructure.  Ransomware, a very popular and profitable scheme, where pop-ups or other messages threaten the user unless they pay a ransom, doubled from Q1 to Q2.  Hey, if it works, might as well.  Malware signed with legitimate certificates increased 50% to 1.2 million samples.  You think you’re getting the safe code due to the certificate’s authentication but that cozy blanket gets cold quick.  Malware also continues to find life with infected URLs according to McAfee.  The total number of suspect URLs found reached 74.7 million or a 16% increase over Q1.  The Indexed Web is at least 3.82 billion pages so around 2% of the web but still.  I might suggest, ‘watch what you type, don’t click suspicious links, avoid porn sites,’ and other rather obvious actions but these days it could be delivered through an ad loading on a popular news site.  Almost no one is immune.  SPAM continues to hog email servers accounting for almost 70% of all global email volume.  That’s nuts.  Think about it all the legitimate email we send over a month and it only accounts for 30% of all email?!?  What a waste of resources.  Other highlights included cyber espionage campaigns and attacks on digital currency.

These threats come at a time where there seems to be a disconnect between executives and their technical teams.

The Ponemon Institute’s most recent research shows that when it comes to locking down enterprise infrastructure, the application layer is responsible for more than 90% of all security vulnerabilities, yet more than 80% of IT security spending continues to be at the network and endpoint layer.  According to Ponemon, ‘Most Organizations are Woefully Behind in Application Security.’  For it’s ‘Current State of Application Security Report‘ , they asked 642 IT professionals (both executive & engineering) 20 questions concerning tools usage, development team knowledge and security best practices to better understand the maturity of an organization’s application security program in comparison to the core competencies of high-performing organizations.  They found that a much higher percentage of executive-level respondents believe their organizations are following security procedures through the lifecycle of application development than do the engineers who are closest to executing the security processes.  For instance, 71% of executives interviewed believe that application security training is available and up to date but only 20% of technical staff felt the same.  Around 67% of execs feel they have a mature application security program, compared to 33% of technical staff and 75% of executives believe that a secure architecture exists in their organization verses 23% of technical staff.  Someone is either not communicating or many organizations do not yet consider the need to proactively do something about application security or even attempt to understand application security risks.

What is troublesome is that even with all the media attention and the afore mentioned malware stats, most organizations are not building nor testing their applications for security. According to the Ponemon report, only 43% of respondents say they have a process in place to test for vulnerabilities prior to release, and only 41% are using automated scanning tools to test applications during development. And just to pile on, only 42% push their applications to manual penetration testing by internal teams or from a third party.

So, threats are increasing (I feel like I say this multiple times a year) and it seems that organizations’ response to them are decreasing…or at least not taking them seriously enough.  In many ways, it is kinda like the real world.  We think, feel, believe that we’re safe until something happens…then we take all the precautions.  Many organizations need to do that yesterday.

Today’s technologies are awesome but every once in a while I do miss 4 TV stations (including PBS), typewriters, rotary phones, mimeograph machines, S&H Green Stamps and the hard wires of yesteryear.

ps

Related:

Read the original blog entry...

About Peter Silva
Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

Latest Cloud Developer Stories
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distr...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent bus...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relatio...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lesso...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they mus...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE