ADS BY GOOGLE
From the Blogosphere

A recent tweet about a free, Linux-based XML Security suite reminded me that we do not opine on the subject of XML security and its importance enough. Dec. 12, 2009 10:30 AM EST  Reads: 7,966

As I said (at length) in this post, you can enhance your security with a file virtualization appliance. Lock down the NAS boxes so they can’t be accessed except from the IP of the appliance (a good idea anyway, if files are changing and the appliance doesn’t know it, well an ARX can fi...
Sony Playstation Celebrates Its 15th Anniversary, Happy 20th birthday, Game Boy, Happy 10th anniversary, Sega Dreamcast! and November Marks the Launch Anniversary of Many a Gaming Platform.  Gaming has come a long way since the Atari 2600 and the Fairchild Channel F when we would ...
Stepping off the airplane last Tuesday at Tel Aviv's Ben Gurion Airport I knew I was in for a memorable business trip. As I left the airplane I was greeted by a young female Israeli government official who seemed to recognize me by sight. This was to be my first indication of what was ...
Written by: Matt Yonchak, Hurricane Labs If you’ve read our newsletters before, we’ve talked about securing things from networks to web apps and hopefully have given some perspective and tips for how to do so. Recently a colleague of mine (Rick Deacon) gave a talk here at our offi...
Security breaches or other unexpected interruptions can happen anytime to anyone -- whether you are a large enterprise or a small business. Fully maintaining communication network security is a demanding responsibility -- and typically not the best use of your limited IT resources, tha...

For cloud computing to gain traction in the enterprise, IT and security executives need to be certain that their company’s applications and data are safe. But when security is partly out of enterprise control, it becomes impossible to know if sensitive information has been acc...

I came across that number while reading a story about in Wired that reports on a Senate panel’s finding that 80% of cyber attacks can be prevented. According to the Richard Schaeffer, information assurance director for the National Security Administration (NSA), who testified before th...

The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or <insert powerful wizard you know her...

Today Security administrators deal with 10’s, 100’s, even 1000’s of servers but what happens when potentially tens of thousands of VM’s get spun up and they are not the same as they were an hour ago. Security assessments like Tripwire, while work, inject load and what if those servers ...
Numerous articles have been written lately on the massive rebound of stocks beginning on March 9, 2009. Most mutual funds have enjoyed a nice performance rebound as well. If your mutual fund is one of those enjoying this rebound in performance “How do you get “Discovered” in 2010?” ...
How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm at the doors? Just a few weeks ago I heard one young lady explain the alarm away with “it must have be the CD I bought at th...
Mac OS X is a multi-tasking operating system that allows you to execute one or more processes at the same time. In some situations, you need to restart your Mac computer to clear several system processes to free system resources. This is the best solution to prevent system freezing. Bu...
HFS Wrapper is a popular and reliable Mac OS X file system. The HFS+ volume could be made to contain within the HFS file system volume in a way that make it look like the HFS volume and not the HFS+ volume to your system
Back in July I wrote my post about databases in the cloud. The big surprise that I discovered at the time was that the only “Native” RDBMS offering in the cloud came from Microsoft. Microsoft SQL Azure (launching formally at the PDC in a few weeks) is a mostly-compatible SQL Server as...
The trigger for this post is a conversation I've had far too often with an IT executive who has an ambitious plan to leverage hypervisor virtualization to create a new data center infrastructure upon which his entire business would run. The goals are laudable; dramatic cost reduction...
Some of both, apparently.  A recent Ponemon Institute PCI-DSS Compliance survey revealed that 71% of companies actually admitted that data security is not a top priority and 55% say they are only protecting credit card data and not other sensitive information like bank account info, so...
The intent of the blogs is to provide the thought leadership for readers seeking to create a sound strategy for exploiting cloud computing for the enterprise. The other lesson we learned is the transfer and access of highly confidential data in a shared environment/multitenant cloud mo...
I’ve been doing a lot of work on private (internal) clouds lately – it’s a result of my new job with Unisys. Part of that work has been spending time with customers on their plans for cloud computing — internal and external. There’s some very interesting work going on in the private ...
This will probably be a short post since there are not that many security terms that begin with the 17th letter of our alphabet. However, keeping Quiet is a common theme in security. As mentioned numerous times, locking passwords, logins, and other sensitive information in your mouth ...
I really feel sorry for the modern consumer.  None of us, even those of us with computer science degrees, can really assess the security of our computer systems (at least not with any precision).  We can study historical trends and glean lessons on which operating systems are more secu...
n their report on Trusted Access to Communications Infrastructure, the NSTAC Vulnerabilities Task Force advises “”it is important to recognize that any one individual with malicious intent accessing any critical telecommunications facility could represent a threat. The threat of inside...
In a 15-page complaint to the FTC, the Electronic Privacy Information Center (Epic) said recent reports suggested Google did not adequately protect the data it obtained. It cited vulnerabilities that revealed users’ data in its Gmail webmail service, Google Docs online word processing ...
So here’s the rub, if MSSP’s/ISP’s/ASP’s-cum-Cloud operators want to woo mature enterprise customers to use their services, they are leaving money on the table and not fulfilling customer needs by failing to roll out complimentary security capabilities which lessen the compliance and s...
won’t disagree with the assessment of Ubuntu and its current state of maturity. It’s very nice, and I’m enjoying it immensely on my new laptop for a multitude of reasons and Don and I have always insisted that our children run a Linux distribution on their laptops just to minimize the ...
n 2005, a Preventsys (now McAfee) and Qualys survey found that 52% of companies rely on a ‘Moat & Castle’ approach to Network Security but also admitted, at the time, that once the perimeter is penetrated, they are at risk. I haven’t been able to find a more recent statistic but I’m st...
Every night at 11 pm, I posted a new question to my followers on Twitter...Then, for the next two hours, I'd sit there on the couch, reading the replies and cackling like a deranged person...In the end, I posed 95 questions. They generated over 25,00 responses...As you'll soon see, thi...
As I started this journey 13 topics ago, I mentioned that ‘security’ is really about managing risks and threats.  Most security experts would agree that the only way to be 100% secure is to unplug your units & it’s somewhat foolish to think that you are completely safe across the b...
Mandated by FISMA and OMB A-130, Certification and Accreditation (C&A) is the formal process of assessing the technical, operational and management controls for a given system, determining the residual risk, and authorizing the system to operate. “C&A Automation: An Integrated Approach...
For those of you who didn’t catch it on Twitter, I have recently taken a position at Unisys as the Director, Cloud Computing Portfolio. Great company, people and opportunity to participate in the cloud revolution taking over this large and storied IT vendors. The opinions expressed on...
According to various history sites, the earliest known lock to be key operated was from Egypt, some 4000 years ago.  It was wooden and actually used moveable pegs that fell into holes to secure the ‘bolt.’  The wooden key would move the pins back into place to allow the lock to be open...
In this post I will walk you through the high level of securing a normal tiered application running on EC2. First I will cover the basics of what EC2 provides and then briefly discuss how this can be used in a real life scenario. For Network security EC2 provides a security groups, s...
The Open Group is leading some of the top efforts to make cloud benefits apply to mission critical IT. To learn more about the venerable group's efforts I recently interviewed Allen Brown, president and CEO. Standards and open access are increasingly important to users of cloud-based s...
There's another piece out taking a look at the concerns and ramifications of the increasing use of biometric audience counting tech...
Which is safer – a digital shopping cart or a metal shopping cart?  Most (or many...some?) of us take great care to keep our personal Identity information safe.  We make sure we send sensitive info over an encrypted tunnel, we use strong passwords for our various digital vaults, and ot...
A new law signed into effect in February 2009 requires that health care providers and organizations subject to HIPAA notify af...
S-s-s-s  A-a-a-a  F-f-f-f  E-e-e-e  T-t-t-t  Y-y-y-y You can make the Big S while you sing along.* Data goes where it want to, It can leave your trace behind. Cause the web don’t care and if it don’t care, Well it’s exposing time. I say, data can go where it wants to, A place where...
In comedy, a hack is someone who steals material and re-tells the jokes or rides the coattails of another comedian (I still remember Kenny Bania telling Seinfeld, ‘That’s gold, Jerry. Gold!!)  In Information Technology, a hack can either mean a quick non-standard fix to make something ...

This week in San Diego, CA the US Navy held the initial planning conference for Trident Warrior ...
Twelve years ago, I was working for an ISP and one of my jobs was to vet Perl and ASP scripts for security holes. If the ISP let a customer host an insecure script, who was to blame? Or does it even matter who to blame, after the damage is done? If the script could tie up resources on ...


ADS BY GOOGLE