It’s been a bit of a strange week on the security front, with good guys hacking a botnet, a major security vendor called to the carpet for some vulnerabilities, and yet another set of Adobe 0days. But being Cinco de Mayo, we can just margarita our worries away.
Kelly at Dark Reading posted an interesting article today, based on a survey done by BT around hacking and penetration testing. I tend to take most of the stats in there with a bit of skepticism (as I do any time a vendor publishes numbers that favor their products), but I totally agree with the first number:
If you’ve been following this series, we’ve highlighted some of the breaches of trusted sites that were, or could have been, used to attack visitors. There’s nothing like hitting a major media or financial site and using it to hack anyone who wanders by that day.
On Monday at the RSA conference I learned that Oracle is purchasing Sun Microsystems. I was so busy/exhausted from the conference that I forgot about it until this week. This is pretty exciting! Whether it’s really a good or a bad thing depends upon your perspective. Technology-wise it’s a good match, but the corporate cultures are very dissimilar. I have spoken with a few current Sun employees who are really worried about what life will be like at the Big-O. However I heard very much the same…
Last week I posted an outline for a patch management cycle to base Project Quant metrics on. Based on some feedback, I think we need to hear from those of you who actually do this for a living (you really don’t want to know the crappy process we used back in my sysadmin days).
On Thursday at the RSA Conference, I had the opportunity to attend a lunch with the conference advisory board: Benjamin Jun of Cryptography Research, Tim Mather of RSA, Ari Juels of RSA Laboratories, and Asheem Chandna of Greylock Partners. It was an interesting event, and Alex Howard of TechTarget did a good job of covering the discussion in a recent article.
Another interesting news item during the RSA show that I am just getting time to comment on is LogLogic’s announcement they have acquired Exaprotect. When LogLogic announced a partnership with Exaprotect a few months back, my initial reaction was “Who”? Actually, I had heard of the company, but knew very little about the technology. I had not heard any of the companies I speak with on a regular basis mention them, so I had not been paying very close attention to this small firm. When I went to…
Sometimes the most energizing thing you can do is absolutely nothing.
Last week at RSA was absolutely insane, in a good way. It’s kind of like being a kid and going to summer camp. You get to see all the friends who live in other towns, you all go nuts for a week with minimal supervision, and then everyone staggers home all excited. Between the Recovery Breakfast, 4 official RSA panels, a Jericho panel, my 160+ slide Friday morning session with Chris Hoff, and the nonstop speed-dating during the…
While we don’t plan on posting every Project Quant update here on the main blog, we will be cross-posting some of the more significant project updates, as well as other content we relevant to our broader readership. (For these posts we will turn off comments toconsolidate them all in the Project Quant area.)
With all the recent talk about cloud security, I’ve really been struck by the blatant deliberate confusion promulgated by various industry stakeholders. For example, last week around RSA I saw a nonstop stream of press releases containing the word “cloud” for products and services that were merely the same old beloved security tools, now rebranded to ride the froth of the cloud marketing wave. But ‘cloud’ is only the latest example – from NAC to DLP to GRC and other technologies of yore, we see…