Oracle
Roadmap to Enterprise Cloud Computing
Latest Blogs from Web Security Journal
 On 11 June 2012 the Cyber Physical Systems Virtual Organization will be holding a symposium on Moving Target Research. In this context, think of Moving Target as meaning the creation of a dynamic attack surface to adversaries done in a way that dramatically increases the work factor re...May. 14, 2012 07:00 AM EDT Reads: 433 |
 This week Ustream gets an injection of political reality, Apple fixes a critical encryption blunder affecting some of its users, FBI documents are leaked detailing their worries over Bitcoin digital currency, and Anonymous takes down more Governmental websites as part of its ongoing op...May. 14, 2012 06:30 AM EDT Reads: 1,010 |
 Here are today’s federal cybersecurity and information technology news: The Missile Defense Agency has issued a request for proposals for a new methods to identify counterfeit electronics. More here. The Federal Bureau warns travelers not to update software on hotel wireless netw...May. 10, 2012 05:15 AM EDT Reads: 549 |
 When developing your security architecture, look to the 500 year old medieval castle model to create layers of protection. And this best practice extends itself to the cloud as security-as-a-service.
One of the true benefits of the cloud is the ability to reconfigure and create a stro...May. 9, 2012 09:00 AM EDT Reads: 924 |
 Over the past decade, we’ve become much more robust in our approach to information security. We recognize that our company’s largest vulnerabilities have to do with its computer systems, and that data security is at the core of loss prevention, disaster recovery, and even normal operat...May. 5, 2012 08:00 AM EDT Reads: 1,123 |
 RPost’s latest integration with Esquire is called iScrub. This new product removes metadata from important “reusable” documents such as loan application forms. One of the questions raised by using a product like this is what effect metadata cleaning would have on evidence used in the...May. 3, 2012 07:45 AM EDT Reads: 746 |
 Today’s federal cybersecurity and information technology news: The White House has threatened to veto the Cyber Intelligence Sharing and Protection Act (CISPA) if it reaches the President in its current form. More here. The Office of Management and Budget agrees, asking President...Apr. 30, 2012 06:00 AM EDT Reads: 1,597 |
 According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access co...Apr. 26, 2012 08:15 AM EDT Reads: 991 |
According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access contr...Apr. 26, 2012 07:45 AM EDT Reads: 886 |
 According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access control...Apr. 23, 2012 03:54 PM EDT Reads: 1,043 |
 Symantec reported this past Wednesday that the number of total Flashback infections was down to approximately 140,000 from around half a million. However, the company has since revised its estimate to note that its method for detecting infected systems is reporting “limited infec...Apr. 23, 2012 05:00 AM EDT Reads: 382 |
 According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access control...Apr. 20, 2012 08:15 AM EDT Reads: 1,271 |
 I took great pleasure in reading the release below regarding the reconstitution of the Terrorism Research Center. The founders of the Terrorism Research Center (Matthew Devost, Brian Houghton, and Neal Pollard) are all highly regarded national security professionals and thought leaders...Apr. 20, 2012 05:00 AM EDT Reads: 498 |
 This blog post is part of the series on Windows Azure. There are very few organizations that apply as many security measures as Microsoft does for its Windows Azure service. Listed below are some of the precautions Microsoft has implemented for Windows Azure to secure your applications...Apr. 20, 2012 05:00 AM EDT Reads: 3,369 |
 According to the PCI SSC, there are 12 PCI DSS requirements that satisfy a variety of security goals. Areas of focus include building and maintaining a secure network, protecting stored cardholder data, maintaining a vulnerability management program, implementing strong access control...Apr. 19, 2012 07:00 AM EDT Reads: 1,219 |
 The IT Dog is waggin’ his tail today with this one. I love progress and the SSD revolution is certainly pushing the storage industry forward on many fronts. New products with SSD in every segment of the IT data chain from the server side SSD to SSD raid storage. SSD capabilities has...Apr. 18, 2012 09:15 AM EDT Reads: 984 |
 The idea that you might pay someone else to keep quiet a vulnerability while you fix it may seem a bit backward to some in computer security. It would also seem to invite attacks on infrastructure. It’s no surprise, then, that many companies with technological products don’...Apr. 18, 2012 06:15 AM EDT Reads: 404 |
| Anonymous claimed credit for taking down the Department of Justice and Central Intelligence Agency websites, as well at the website of MI6 in the UK. More here. The Defense Advanced Research Projects Agency has issued a request for proposals for more power-efficient processes in embedd... Apr. 16, 2012 03:45 PM EDT Reads: 876 |
 A recent article “Put Your Test Lab In The Cloud” outlined the pros, cons and considerations you must take into account when talking about hosting test labs in the cloud. Using the cloud for this purpose is not necessarily a new idea, and it’s one that certainly makes a lot of sense; R...Apr. 13, 2012 05:00 AM EDT Reads: 1,588 |
 600,000+ Mac Computers Infected While this kind of activity wouldn’t rouse much attention from those esconced in WinTel (Windows and Intel) architechures, it is much less common for Mac users to be impacted by infections on this scale so quickly. The infection, called Flashback, is in...Apr. 11, 2012 07:45 AM EDT Reads: 1,055 |
 PerspecSys is a privately held company based in Toronto, Canada that specializes in eliminating the security barriers that inhibit enterprise companies from embracing cloud computing. Many companies want to move to the cloud for operational business purposes but are concerned about how...Apr. 11, 2012 05:45 AM EDT Reads: 1,410 |
 I had the opportunity to write a post for SecureWorld Post’s site. You can view it at: http://secureworldpost.secureworldexpo.com/crawford-cloud-computing-turns-infosec-upside-down/Apr. 9, 2012 10:15 AM EDT Reads: 635 |
 Botnet takedowns make front page in this week’s security news in review This week saw a lot of activity on botnet control and disruption as several corporations struggled to disrupt or destroy major botnets and their command-and-control facilities. Apr. 2, 2012 05:45 AM EDT Reads: 1,145 |
 While I’m not the biggest fan of taking surveys, I sure love the data/reports that are generated by such creatures. And boy has there been a bunch of recent statistical information released on cloud computing, information security, breaches and general IT. Since this prologue is kin...Mar. 30, 2012 05:00 AM EDT Reads: 1,534 |
 I keep reading these stories about how various cloud service providers are building up their consulting practices around cloud computing mostly to address the enterprise market (see my previous post for some thoughts on that subject). These articles mostly read like it's a surprising r...Mar. 29, 2012 04:56 PM EDT Reads: 1,108 |
 As the bad guys get more sophisticated with launching online attacks on your business PCs, you have to get smarter about how you are protecting them. And in the past year, many of the traditional anti-virus vendors have improved their … Continue reading →Mar. 29, 2012 07:30 AM EDT Reads: 394 |
 Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use. But when looking at cloud security, and specifically encrypted cloud storage the picture is much more complex. Cloud security (in IaaS and PaaS scenarios) is a shared responsibility. The cloud pr...Mar. 28, 2012 08:00 AM EDT Reads: 1,761 |
 We have previously written about Kyrus Tech Inc and have highlighted their unique capability called Carbon Black. We have worked with the team of experts there in the past and I am very proud to have been professionally associated with Michael Tanji since we were both in government in ...Mar. 26, 2012 10:54 AM EDT Reads: 733 |
 Transparent Data Encryption (TDE), sometimes also called Transparent Database Encryption, is one way to encrypt database content. TDE offers encryption at a column, table, and tablespace level. This makes TDE one of the more highly configurable ways to encrypt database content, though ...Mar. 23, 2012 10:00 AM EDT Reads: 1,428 |
 Security is a pretty big word. It’s used to represent everything from attack prevention to authentication and authorization to securing transport protocols. It’s used as an umbrella term for such a wide variety of concerns that it has become virtually meaningless when applied to techno...Mar. 21, 2012 07:45 AM EDT Reads: 1,428 |
 We’ve always had a close relationship with cloud providers, such as Amazon Web Services and Red Hat OpenShift. Lately we have been hearing from an ever wider spectrum of the cloud provider industry, and their cloud data security requirements show a pattern.
Providers need to different...Mar. 17, 2012 08:00 AM EDT Reads: 1,563 |
 Stewardship is a term implying the responsible use of important resources. The concept of stewardship can be applied to a variety of domains and has long been part of human dialog on what is right and wrong. A great dialog on stewardship in cyberspace is now underway, and it just took ...Mar. 13, 2012 07:15 AM EDT Reads: 761 |
 Cyber security is a top priority for US government agencies seeking to protect critical information assets. As the number of attacks increases, so does the amount of data government needs to process. Federal agencies have therefore mandated support for stronger cryptographic keys and m...Mar. 13, 2012 02:00 AM EDT Reads: 622 |
 Exposing a virtualization weakness for data theft, Snapshotting your data, and the internal threat, are new cloud risks that didn’t exist when the data was stored between the four walls of your datacenter. Data encryption is a critical first step for any organization considering the ...Mar. 9, 2012 08:45 AM EST Reads: 1,391 |
 Last week, I had the pleasure of discussing REST access control patterns with Enterprise Architects and partnering technology folks. I also had the opportunity to present on this topic and one of the questions that came up afterwards was from a security architect who was unsure whether...Mar. 7, 2012 07:45 AM EST Reads: 409 |
 Is the US Patriot Act a red herring? Some European countries, as well as Brazil and China, have been using the U.S. Patriot Act as an excuse to set up barriers for the transfer of data into the U.S., but according to Business Software Alliance CEO Robert Holleyman, those countries have...Mar. 6, 2012 05:00 AM EST Reads: 2,213 |
 NASA was hacked 13 times last year, resulting in major breaches of sensitive government data. Hackers working from Chinese IP addresses gained full access to NASA’s files, employee credentials and system logs. Unencrypted laptops were also stolen containing codes for controlling the In...Mar. 6, 2012 04:00 AM EST Reads: 436 |
 Linode Hacked, Bitcoins Stolen: Linode.com, popular provider of virtual private servers (VPS) systems responded to a morning breach of it’s control panel software, which apparently enabled a malicious attacker to gain control over several virtual servers of a bitcoin service named Bitc...Mar. 5, 2012 08:00 AM EST Reads: 928 |
 This is the second post of a two-part blog post that discusses HTML5 WebSocket and security. The first post, HTML5 WebSocket Security is Strong, talked about the security benefits that derive from being HTTP-compatible and the WebSocket standard itself. In this, the second post, I will...Mar. 3, 2012 05:00 AM EST Reads: 1,142 |
 Startup Porticor (privately held) has released its “Virtual Private Data” solution for enterprises wishing to make more secure use of public cloud resources. Secure use of public resources requires encryption of data at rest and in motion, to minimize the possibility of eve...Mar. 3, 2012 03:00 AM EST Reads: 1,206 |
Subscribe to Web Security Journal Email News Alerts
Subscribe via RSS
