Thursday, May 14, 2015

Venom vulnerability: toxic threat or hissing hyperbole?

Reports of the undoubtedly serious 'Virtualized Environment Neglected Operations Manipulation', or 'Venom', vulnerability have suggested that cloud security is now broken and even that this is a perfect spy tool for the National Security Agency (NSA). But putting the Heartbleed-level hyperbole aside for one moment, just how real a threat is venom to the virtual machine environment?

Windows 10: Patch Tuesday is not dead

There has been a lot of reporting regarding the announcement at the Microsoft Ignite conference that Windows 10 will introduce an "Update for Business" system for maintenance updates. The notion of incremental updates courtesy of a shift towards Platform-as-a-Service surprises nobody who is even the slightest bit informed. The thought of constant "rolling upgrades" would be enough, however, to send most enterprise sysadmins and CISOs into terminal shock. Hence, Update for Business which allows the enterprise to determine what is updated and at what time and, importantly, retain full integration with existing management software suites. WUFB, as this is being called by everyone in my circle of work colleagues, will apparently operate using the Windows 10 peer-to-peer update delivery mechanism, although exactly how this will be achieved in a fully secure manner is still somewhat open to question.

New spam tricks revealed; look a lot like old spam tricks

It's all too easy to think that spam is an old problem, and one that has largely been dealt with. Certainly, many people will tell you that they see very little evidence of spam in their mailboxes. This, however, has less to do with the demise of the spammer and everything to do with the effectiveness of spam filters. The latest Kaspersky Lab analysis of the spam and phishing threat landscape for the first quarter of 2015 suggests that some 59.2 per cent of email traffic was actually spam, which is good news in as far as that number is six percentage points down on the previous quarter. It's also a pretty good reflection of my own incoming email, which currently sits on around 55 per cent spam. Not that I see it unless it's that time of the month when I pay my spam folder a visit to check for false positives, and they are rarer than rocking horse poop these days.