Neil MacDonald on Software Defined Security:
Here’s what I propose: “Software defined” is about the capabilities enabled as we decouple and abstract infrastructure elements that were previously tightly coupled in our data centers: servers, storage, networking, security and so on.
When in doubt, throw money at the problem. From the Washington Post, Pentagon to boost cybersecurity force:
The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials.
Apparently the folks at Twitter forgot the first rule of the Internet. As Avenue Q so elegantly stated, The Internet is for Porn. NetworkWorld points out a minor unintended consequence of Twitter’s new Vine video sharing application, Sex and NSFW clips flood new Vine app from Twitter. Will Apple respond?
Adam Gowdiak in [SE-2012-01] An issue with new Java SE 7 security features:
That said, recently made security “improvements” to Java SE 7 software don’t prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.
Rich constantly reminds us that “correlation does not imply causation,” relevant when looking at a recent NetworkWorld article talking about the decrease in spam, which concludes that botnet takedowns and improved filtering have favorably impacted the amount of spam being sent out.
Looking at my phone, I excused myself from the table and took the call; it was my brother.
Mike Mimoso has a very good article on active defense at Threatpost. (Yes, we are linking to them a lot today).
We all want security to be front and center in terms of decisions on new applications. We all follow the researchers who show time and again how mobile apps, or web apps, or pretty much anything, can and will be gamed. Yet all that doesn’t matter, as security cannot get in the way of business. Branden Williams did a great job digging into the economics of Starbucks’ stored value cards to make a pretty compelling case that this stuff will happen, whether security likes it or not.
Given the angst, conspiracy theories, and tinfoil hats around any network/security products built in China, it’s curious to see Krebs’ story on the backdoors in Barracuda products found by Stefan Viehboeck of SEC Consult Vulnerability Lab.
Will Hadoop be to NoSQL what Red Hat is to Linux? Will it become more known for commercial flavors than the open-source core? Lately I have been noticing similarities between the two life-cycles, with the embrace of packaged variants.