ADS BY GOOGLE
From the Blogosphere

In every cloud survey, security consistently comes out as an inhibitor to cloud adoption. Even though this has been the case for several years, many feel that it is a temporary barrier which will be resolved once cloud offerings get more secure, mature, certified, and thus accepted. Bu...
Alan Shimel twitterbird posted a question as a blog post last week regarding the usefulness of anti-virus products on desktops. It was an intriguing question because no doubt many of us who are security savvy have asked ourselves the same thing – especially if our AV scanner is consum...
In the wake of attacks that disrupted service to many popular sites in December the question on many folks’ minds was: how do you prevent such an attack? My answer to that question was – and continues to be – you can’t. You also can’t prevent an SQLi attack, or an XSS-based attack, or...
Oh my gawsh! The embarrassment that the U.S. government must have felt (can a government feel?) when secret cables between the U.S. State Department and diplomatic outposts around the world surfaced in the global press. Among the revelations: German Chancellor Angela Merkel was label...
I’ve gotten some e-cards this holiday season from organizations that I know, and you might even receive one from F5. I just wanted to post a short reminder to be careful of these, especially if you get one from someone you don’t know. This is, and has been for several years, one of c...
Figured I’d write this now since many of you will be celebrating the holidays over the next couple weeks and who really wants to read a blog when you’re reveling with family and friends. It’s been an interesting year for information security, and for me too. I started the year with N...
Over the past two years I’ve interviewed dozens of government ICT managers in countries throughout Asia, the Caribbean, and Europe. One of the surprising items collected during the interviews is the large number of government employees – some at the highest levels, using public mail s...
I’m on a ID fraud kick lately and there are quite a few stories of late about identity theft. Here are just a few: House Approves Red Flags Exemptions – In January 2008, the Red Flag Rule went into existence which said that organizations (mainly banks and financial institutions) that...
When the US Government came for file sharing domains, I remained silent; I was not a file sharer. When they shut down Torrent Finder, I remained silent; I was not a Bit Torrent user. When they pressured Amazon to shut down WikiLeaks, I did not speak out; I was not a leaker....
As a brief follow up to yesterday’s Got a SSN I Can Borrow, I came across this story from The Red Tape Chronicles saying the odds that someone else has used your Social Security Number is One in 7. ID Analytics, a data collection and customer behavior analytics firm, works with organiz...
This holiday season, give your friendly neighborhood hacker (black or white hatted) a nice pat on the back. ‘Why?’ you may ask. ‘Aren’t they responsible for the nasty botnets, malware, SQL injections, stolen identities, government infiltration, Stuxnet, and all the malicious things y...
Whether working on user provisioning, password management, compliance, directory virtualization or meta-directory projects, the first step has always been about checking the data and making sure that it is clean. What constitutes clean data, and how do we get it that way? This is almo...
Yesterday at the Electronic Signature and Records Association Conference (ESRA) conference, Mr. Frank Zacherl, Partner at Shutts Bowen LLP presented how insurers can strengthen their legal and compliance position using electronic signatures. As the legal firm that represents one of the...
We were sitting and chatting with a fellow geek last night, and he was describing a corporate network he is familiar with. The description was like a tale from the old show “The Twilight Zone”. If it was a security vulnerability, it was present. If it was a standard and accepted securi...
Discussions typically associated with application integration – particularly when integrating applications that are deployed off-premise – are going to happen in integration-doom-signthe infrastructure realm. It’s just a matter of time. That’s because many of the same challenges the wo...
If you bank or shop online or otherwise use the Web to move money around, you need more protection for your accounts than just a simple username and password. Many of us reuse passwords on multiple accounts, and if a hacker or a malicious piece of software can obtain this information, ...
With the advent of Web 2.0 and onward, the rise of the terminology and concept we call Cloud Computing, coupled with an increase in the manner technologies are being used; not only by corporations but by individuals as well; comes an increased drive to ensure risk is managed,effective ...
When it comes to security, the highest standard to date is the Payment Card Industry Data Security Standard (PCI DSS), a set of requirements for businesses that process payment card information. Developed by Visa, American Express, Discover Financial Services, and other members of the...
I know some guys who are really good at external validation of enterprise security posture. There are some folks so good that nothing will totally stop them. The history of computer science makes me think world-class-best folks like that will always be with us and there will never be a...
On September, 14th I participated in a local IBM conference titled: Smarter Solutions for a Smarter Business. One of the most interesting and practical presentations was Moises Navarro's presentation on Cloud Computing. He quoted an IBM survey about suitable and unsuitable workload t...
Authentication is a growing requirement in this new era of heightened technology security. What is authentication and how can it be implemented in your environment to meet all of your application needs?  Running Time: 20:32  Read full white paper here.  And click here for more F5 Audio...
For me the real value for HP is in gaining a comprehensive platform and portfolio via ArcSight for total systems log management. Being able to manage and exploit the reams of ongoing log data across all data center devices offers huge benefits, even the ability to correlate business ev...
To put things into perspective, let’s analogize about some information technology related initiatives. In the realm of things, accounting is like a lake, integration is like a bay and cyber security is like the Pacific Ocean. The scope of understanding required to be a cyber security...
The security capabilities that Intel just acquired from McAfee can help them create game changing solutions for the cloud computing market. It took me a while to digest Intel’s acquisition of McAfee. Other than giving Intel an opportunity to improve the desktop architecture by integra...
The acquisition of Fortify Software by HP is not surprising, but has high market potential for HP as a platform-neutral vendor in the application lifecycle.
I sat down with with Andy Oehler, Product Manager for F5′s Secure Access Solutions, to chat about BIG-IP Edge Gateway and BIG-IP Access Policy Manager. From the F5 Summit in Chicago. ps Resources: Edge Gateway Access Policy Manager Technorati Tags: F5, infrastructure 2.0, integra...
Security is one of the major concerns of cloud storage users. Quite often it is one of the factor of whether or not to use a cloud storage and its related product. There are many benefits to backing up your data to Amazon S3, but how can users be sure that hackers, service provider em...
I get the chance to perform my ‘The Encryption Dance’ Live A Cappella during the Security and Control Session at the F5 Summit. The original blog entry with lyrics is here and you can download the mp3 Studio version of ‘The Encryption Dance’ here. Plus, the original Men Without Hat’s...
There are some topics that warrant the occasional revisit as time goes on, and application security is certainly one of those. As long as we have applications being developed and deployed, it seems we will have bad guys looking to exploit them. While I do believe that the Internet, lik...
Mr. and Mrs. President Bashar al-Assad: At the tender age of 17 months my severely ill daughter Sofia, an American citizen, was abducted by her mother on Monday, July 26, in Istanbul, Turkey, and taken to Syria. I was informed yesterday by Sofia's mother that she will not be comi...
I’m not a social scientist by any means, but it’s interesting to see and theorize on the cultural differences between countries and their attitudes on data security and privacy. One is the strict stance of the government there on data privacy. After World Ward II, Germany adopted stri...
Folks that know me know one thing about me for certain, I am a conflicted individual. On the one hand I detest encryption as a security mechanism and on the other I LOVE encryption as a privacy mechanism. In the same day, nay, sometimes in the same hour I can argue for and against SSL ...
With this post I would like to provide some personal thoughts on the key things organizations should be doing to enhance security, privacy and functionality of their IT.  This includes some specific recommendations for security solutions, including solutions I’m on advisory board...
The e-mail appeared to be an invitation from an old, junior high school friend. Yet when the hospital employee clicked on the link, it instead led her to a malicious site that installed a Trojan horse on her computer. In a little over a week, international cybercriminals used that ...
Even before the U.S. Cyber Command stood up there was wide-ranging speculation about what the command would do, the authorities it would be granted, and the powers it would wield. No amount of insight from those with knowledge of the command will be enough to assuage the concerns of th...
Last week in Brussels, Belgium, the Network Centric Operations Industry Consortium highlighted it's support of collaboration and interoperability through an information exchange session with the National Geospatial-Intelligence Agency (NGA) and an impressive lab interoperability demons...
While growing numbers of businesses understand the advantages of embracing cloud computing, they are more concerned about the risks involved, as a survey released at a cloud conference in Silicon Valley shows. Respondents showed greater concern about the risks associated with cloud com...
Service orientation is about agility. Without a resulting agility, there is no point of doing SOA. Unfortunately, enterprise SOA infrastructure initiatives sometimes fail in part because its security mechanisms and processes demolish any agility that was built into the SOA itself. This...
Security breaches and the cost of repairing and patching enterprise applications hang like a cloud over every company doing business today. HP is taking direct aim at that problem today with release of a security service that aims to prevent vulnerabilities and to bake security and rel...
Years ago I wrote a piece for Network Computing Magazine about the state of Utility network security and the issues it presents. I focused largely on SCADA security, but also looked at Automated Meter Reading (AMR) and the new issues it brought to the table. That article was not withou...


ADS BY GOOGLE