Yep – we are doing our very best to overload you with research this year. Here’s my latest. From the paper’s home page:
It’s that time of year again. Time to get ready for a week of mayhem, debauchery, and the hunt for tchotchkes. OK, there isn’t a lot of debauchery at the RSA Conference besides the Barracuda party at the Gold Club, which we hear is an establishment of high repute. Realistically, you’ll spend most of your week fending off sales droids, gawking at booth babes (much to the chagrin of the security echo chamber), and maybe learning something about what’s new and exciting in security.
I refer back to Rich’s Data Breach Triangle over and over again. It’s such a clear and concise way to describe a data breach – past or potential. And we continue to see examples of how focusing on breaking one leg of the triangle works. From How the RSA Attackers Swung and Missed at Lockheed Martin on Threatpost:
You have probably noticed some security issues with Java lately. Some vendors – including Apple – are blocking Java in order to close known and unforeseen security problems. And the claim that open source Java frameworks pose a business risk. But through this latest flame war, I have not seen an answer to the basic question:
Gartner’s Hype Cycle is one of my favorite market models. It very succinctly describes the ridiculous way PR and other external hype factors make more of a technology than it really is. When many of us show up at the RSA Conference at the end of the month, we will get our best view of the Hype Cycle in action. Most of the stuff very hyped at the show tends to be (roughly) 12 to 18 months from hitting, if it ever does.
Evad3rs releases an iOS 6.1 jailbreak for all devices.
Update: According to @drscjmm this will not work when a passcode is set, which means we are still in pretty good shape from a security standpoint.
This post will discuss the architecture and deployment models for identity and access management for cloud services. This is obviously complex – we are covering three different cloud service models (SaaS, PaaS, & IaaS); in three different deployment options (public, private, & hybrid); with a variety of communication protocols to address authentication, authorization, and provisioning. The Cloud Security Alliance has cataloged many different identity ‘standards’, but the fact that we…
As usual, one of our friends has succinctly captured the heart of an issue far better than we can. Gunnar, while flattered to be considered for a Security Blogger Hall of Fame award, takes the opportunity to discuss the drop in real conversation as the Tweeter has taken time and attention from many folks who used to hold those real conversations in blogs.
I was driving down the road the other day when I passed what I thought was a shipping container on the back of an 18-wheel truck. When I noticed data and power ports on the side, I realized it was a giant data center processing module. Supercomputing on wheels. Four trucks with two modules per truck, rolling down the highway. Inside reside thousands of stripped down motherboards stacked with tons of memory, packed side by side. Some of these are even designed to be filled with dielectric fluid…
Apple uses XProtect to block the Java browser plugin due to security concerns.
Draconian, but a good move, I think. Still, they should have notified users better for the ones who need Java in the browser (whoever that may be). You can still manually enable it to run if you need to. This doesn’t block Java itself, just the browser plugin. If complaint levels stay low, it indicates how few people use Java in the browser, and will empower Apple to make similar moves in the future.