Here are some of the technology stories that caught our eye today:
Roger Grimes warns of the dangers of having too many admin accounts. He discusses one company that gave application admin rights to every user of some applications, which he says adds to the risk that all the company’s user accounts could get compromised. He advises IT executives to do an audit of each application to determine how many admin users an application needs, and why.
EMC announced yesterday that their Syncplicity enterprise file management system will work on both public and private clouds in an update set for later this year. This allows enterprises to manage both general and sensitive data, on different clouds, through the software. Syncplicity will also be compatible with EMC’s new storage platform ViPR, also announced earlier this week at EMC World. The company also unveiled an update to their Isilon NAS platform and OneFS storage OS.
Last month, security researchers discovered a backdoor exploit that targeted web sites running on the Apache server. Now, researchers have observed this exploit infecting Web servers running nginx and Lighttpd. “This is the first time I've seen an attack that will actually target different Web servers, meaning the attacker is willing to create the backdoor for Apache, Lightttp, and nginx,” said Pierre-Marc Bureau, security intelligence program manager for the antivirus provider Eset. The exploit redirects users running Internet Explorer or Firefox on Windows XP, Vista, or 7 to a website that then infects the computer with a Blackhole exploit. Meanwhile, Nginx developers yesterday released a security update to patch an unrelated highly critical vulnerability.