Stories by Deb Radcliff

How to root out rootkits

If you want to know about the latest malicious rootkit, ask security researcher Dino Dai Zovi. He'll tell you all about his proof of concept rootkit called Vitriol that uses virtual machine instructions in Intel processors to hide a rootkit at the virtualization layer.

New security threats from every which way

As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility. More promising yet is the intertwining of these unique technologies.

Virtualization security needed -- now!

For years, Inttra, an e-commerce logistics provider to the world's largest cargo-shipping organizations, has been using virtualization on its back-end IBM mainframe and Citrix Systems servers in a secure environment. Now the Parsippany, N.J., company primarily uses IBM blade servers running virtual Linux machines. VMware's virtualization technology on an Intel platform powers this New Data Center infrastructure.

The skills that reap pay premiums

When Adam Quiggle upgraded his Cisco Certified Network Engineering certification to Cisco Certified Internetwork Expert, he boosted his pay by 35 percent. His new skills -- which command a 10 percent to 15 percent premium in most enterprises -- were particularly valuable to the network company that hired him, Multimax, because it was ramping up to build the Navy Marine Corps Intranet, the second-largest network in the world next to the Internet.

Watch out for PHP holes

In the first half of 2006, desktop filtering software maker Websense counted a 100 percent rise in Web sites that contained code potentially harmful to visitors. The company declined to reveal how many Web sites it tallied, but it did say that 40 percent of the sites were hacked -- that is, they had their site code altered by outsiders. Of those hacked Web sites, the vast majority (91 percent) were commissioned to install Trojan horses that take control of visiting computers to turn them into bots -- to relay spam, wage denial-of-service attacks or carry out ID theft schemes -- or use them as bases for spreading malicious programs such as worms and keyloggers inside the enterprise.

Fake network gear

Subnets began dropping off the MortgageIT network one after another. Entire bank branches went offline for days as Joe Bruner, network engineering manager there at the time, scrambled to purchase and install replacement parts.

Protecting data from cradle to grave

When attackers gained access to personal information on 19,000 students at Carnegie Mellon University last April, business and network administrators there began a systemwide review of data policies. As a result, the university drastically reduced its use of Social Security numbers (SSN) and implemented new security-management controls around its Oracle databases. But when it came to protecting data extracted from a database, Joe Jackson, system architect at the school, was at a loss.