News, analysis and context on enterprise technology for the CTO
Bryan Halfpap is a technology analyst and writer and a driving force behind the evaluations of CTOlabs.com
[Editor's note: this analysis predates any official announcements by NASA] Recently, some news of a NASA hack-and-dump passed my twitter deck. I decided after watching a few of my friends re-tweet the news that it might be worth checking out. At least I'd see if I could perform some password analysis on any dumped credentials, or even test out the new Crucialpoint Cloudera Hadoop password cracker on any leftover hashes. What follows is a … [Read more...]
Editor's note: The tips Bryan Halfpap provides below really work. I stood up a working Hadoop Cluster in under 20 minutes, from cold iron to production ready, using just his guidance and a Rackspace account. bg I've been working with Apache Hadoop in my lab, spending much of that with CDH3 (the Cloudera Distribution including Apache Hadoop). As part of my examination of the best way to move from test/evaluation/prototyping to production systems I've … [Read more...]
A very interesting (OK, it was pretty cool) vulnerability in the TCP stack of Windows Vista and above (including 32-bit and 64-bit versions and Windows Server 2008) was recently announced and patched. This vulnerability is of particular note not just because of the wide range of products that it affected, but because of how the vulnerability worked. Microsoft published this in its advisory on the vulnerability: "A remote code execution vulnerability … [Read more...]
USB is a wonderful technology -- it allows us to be platform-agnostic, gives us compatibility, ease of use, and more durability than some previous connectors we have used in the past. It also presents a very difficult security challenge to security professionals. USB devices have become so ubiquitous, we don't think twice about just plugging one into a computer. We have USB plasma balls, drink refrigerators, coffee heaters, thumb drives, keyboards, … [Read more...]
Paranoia is good when it comes to cyber-security...or is it? Are we making ourselves paranoid? Like many computer security professionals, I tend to closely follow technology and security news, even though its often discouraging and depressing. It is routine to see articles disclosing general information about recent attacks and criminal successes (and sometimes criminal captures). I suppose that at this point it is fairly common to find "shocking" … [Read more...]
These days we hear a lot of terms thrown about like the “Consumerization of IT” and “Bring your own device” (BYOD), and “Network health”. This is because corporations are starting to warm up to the idea that maybe if they let you bring in your personal computing devices such as smartphones and tablets, they won’t have to pay to give you one. The flip-side of letting employees bring their consumer devices into the corporate fold is that … [Read more...]
Everything that you need to know about Duqu: Duqu was reported to antivirus vendors around the 14th of October, 2011, but it has been in the wild since November of 2010. Since then there have been varients (updated copies with additional features or upgrades to code) released. It has been billed as the next Stuxnet, the son of Stuxnet, or a Stuxnet clone. In reality, Duqu is actually more like a payload of Stuxnet rather than the entire attack … [Read more...]
What could you do if you had access to all of twitter all at once? What if you combined that with 75 million other data feeds? And combined it with an easy-to-use-tool and impressive visuals? What if it were a service software? That’s exactly what the Social Media Command Center from InTTENSITY is. It’s your social media and Internet war room -- replete with maps, calenders, lists of events and people. Its primary purpose: to allow users to … [Read more...]
Android is a great mobile computing platform. It’s extensible, fairly easy-to-use (considering its plethora of features), has a great application store with hundreds of thousands of applications, and connects back with everything in Google so that all of Google’s information and services are at the users fingertip. For developers, it’s a very extendable platform which is able to integrate code from a variety of languages, run C programs, and deploy … [Read more...]
Android has been plagued by malware, security vulnerabilities, and now, privacy issues. It started with HTC's logging application which over-zealously logged aspects of phone use in insecure ways which made that data accessible by any application, and more recently has come to a head with the discovery of the carrier IQ application. The Carrier IQ application is supposedly a diagnostic tool which sits on a variety of phones including Android, iPhone, … [Read more...]