Security Balancetrying to bring balance to the Force |
 |
It was written some weeks ago by Stuart King. I love it. Two key points for me: “Many “experts” preach the importance of working through risk models. It’s a load of tosh. No matter which way you try to do it, you’ll always come out with the answer you first thought of. You might as [...]
I was reviewing my notes about RSA to prepare a series of posts about what I saw there during last week. I’ve got a sense of disappointment since last Friday that was preventing me from writing anything good about it. I started to think about all this and also about some of the things that [...]
So, trying to do a quick review of the first day: Nothing really special from the keynotes. Funny to see that some people complained about Scott Charney, from Microsoft, doing a “vendor presentation”. Actually I found his presentation better than the others (RSA, Symantec), as he didn’t try to hide the fact he was talking [...]
That’s Google motto; however, there is really some room for thinking after watching the presentation from Ira Winkler. The most interesting thing is not only the huge amount of data that Google has, but their posture on inquiries and complaints about them. Still, they are usually seen as a “cool” company. As Ira said, what [...]
OK, a bit late, but here I am. I’ve just found time to write about RSA now, 40 minutes before the first keynote. I’m really curious about how the conference will look like after all this economic rollercoaster we’ve been through. It’s also my first time as “press”. That makes me feel a little more [...]
Run code on the host from a VM. That was something that everybody who had taken virtualization with a grain of salt when talking about security has been talking about. Today VMWare is releasing a patch for a vulnerability that allows that to take place. Scary. This is a reminder for you to avoid excessive [...]
IBM has scheduled a interesting webinar for April 15th. I don’t know if it will be entirely “see how nice our product’s features are”, but as I’ve been recently blogging about how middleware happens to be a frequent blind spot, that may be something interesting to follow. You can also see some interesting posts from [...]
Sometimes it’s funny to see the face of people when you ask that. Sometimes it is about an organization, sometimes about a product. Usually, the answer comes in form of a bunch of acronyms, standards and nice phrases like “risk management process”. Fun starts when there’s also stuff like “100% secure”, “certified against hackers” and [...]
I must say that I should be writing ten times more than I’m actually doing these days. The main reason is that the subjects that I’ve been interested in writing about are so great that I don’t want to just throw a simple post about them. I’m trying to give some room to my thoughts [...]
I’ve recently wrote about security blind spots, those things inside organizations that bring high risks but are usually not seen during risk and vulnerability assessment activities. Gunnar Peterson mentioned on his blog one of the most common blind spots for big organizations, MQ Series. This is related to the mainframe problem that I wrote about [...]
