Security Balancetrying to bring balance to the Force |
 |
I was reading this article from NetworkWorld about “Virtual Server Sprawl” and the problems it causes to security. Well, while I agree with the point of view presented there, I also think the the ease to deploy a new server brought by virtualization can also help us to control an old security problem: servers with [...]
I was extremely happy to read this post from Richard Mogull, where he says:
“Data Classification Is Dead
I know what’s running through your head right now.
“WTF?!? Mogull’s totally lost it. Isn’t he that data/information-centric security dude?â€
Yes I am (the info-centric guy, not the insane bit), and here’s the thing:
The concept that you can run around, analyze, [...]
Alan Shimel has blogged about a very common situation, that where a networking (or anything else) guy becomes the new security guy.
I’ve lost count of how many times I’ve seen that! The problem is, it’s not only common but it’s also impressive that several of these guys believe they know all about security from the [...]
I was reading about the strike of the federal custom auditors here in Brazil. They are not inspecting cargo coming through the ports, so the containers arriving can’t be unloaded. Ok, it shouldn’t be a problem for exporting goods, as the problem is with imported goods, right?
Not necessarily. The strike is causing problems to exportations, [...]
I really love the concept of Windows Server Core – an installation that includes only the minimal components needed to make Windows work as a Server – that Microsoft will include in WIndows Server 2008. The advantage of it is obvious, reducing the attack surface.
However, just now I found an interesting piece of data, someone [...]
In times when we are talking about flaws in Adobe Flash, Apple Quicktime and so many others, it’s good to ask how are we doing to ensure that we are not running software with known vulnerabilities. Last August I blogged about Secunia PSI. I’m using it since them and it’s impressive how hard is to [...]
A few days ago a new Adobe Flash vulnerability was found (in a very interesting work, I must say). I blogged about my concerns on ubiquitous software, like Flash players. We have been seeing the dangers of security vulnerabilities on this kind of software for years, beginning with Microsoft. Now that Microsoft is doing a [...]
Mr. Alan Karp mentioned this piece of research from HP Labs during a RSA session:
“Polaris is a package for Windows XP that demonstrates that we can do better at dealing with viruses than has been done so far. Polaris allows users to configure most applications so that they launch with only the rights they need [...]
The panel about the CyberStorm II exercise on RSA wasn’t very good on content (in fact, it was terrible), but there was one thing that caught my attention. There were other countries participating on the exercise, Australia, Canada, New Zealand and UK. Did you notice that only English speaking countries participated?
Last year I saw Mr. [...]
I took note of some interesting comments during RSA sessions. The most interesting are from the “Groudhog day”. I was planning to write a post with comments and thoughts about each one, but I’m too tired and busy and RSA is already becoming too old news. So, I think a quick list of quotes will [...]
