Welcome!


Top Stories

UK-based mi2g, which has been collecting data on overt digital attacks going back to 1995 and sticking them in its Security Intelligence Products and Systems (SIPS) database, figures that SCO Unix, the Apple Mac OS and the HPQ Tru64 Unix operating systems are the least prone to hacker attacks and damage from viruses and worms. As near as we can figure out, it comes to that conclusion because they're virtually ignored by the bad guys. This year, so far the worst on record, SCO Unix has been attacked only 165 times (0.2%), Tru64 10 (0.02%) and Mac 31 (0.05%) whereas the guys wearing a bull's eye on their chest like Windows, Linux, BSD and Solaris have taken - in order of appearance - 54%, 30%, 6% and 5% of all attacks. For Microsoft that works out to 31,431 attacks and for Linux 17,218. It's unclear why mi2g doesn't also include SGI's Irix, IBM's AIX and Novell's Netw... (more)

Implementing J2EE Security With WebLogic Server

This month's article is the first in a two-part series on J2EE security. In Part 1 we'll discuss basic J2EE security. Part 2 will provide you with a model to set up and deploy a functioning security-enabled application. Resident J2EE security guru, Chris Siemback, has been kind enough to join me in coauthoring this series to contribute in-depth examples of J2EE security at work. Our discussions will cover securing both Enterprise JavaBeans (EJBs) in the business and data layers as well as JavaServer Pages (JSPs) and servlets in the web layer of a J2EE application. J2EE Security Overview Understanding the strong suits and weaknesses in the J2EE security model will help you determine the right security architecture for your application. A basic overview of J2EE security will help you compare its qualities to your security requirements. Let's come to grips with a few t... (more)

Wedgetail Communications and IBM/OTI Partner to Provide Enhanced Java Embedded Security Solutions

(Brisbane) - Wedgetail Communications, a global developer of security solutions for network devices, announced its Java technology partnership with Object Technology International, Inc. (OTI), a wholly owned subsidiary of IBM. Under the new agreement, Wedgetail Communications will provide embedded security software solutions for IBM/OTI's VisualAge Micro Edition. Wedgetail Communications' JCSI Micro Edition software will allow customers to have access to security profiles capable of securing real-world embedded solutions. "Pervasive computing will be a reality when data is secure across the IT infrastructure," said Gary Morgan, CEO of Wedgetail Communications. "The technology relationship with OTI builds upon our strategy to offer embedded Java security toolkits to help achieve this reality for enterprises and end users." OTI's VisualAge Micro Edition 1.4 is a deve... (more)

Gemplus 64k Java Card Technology Achieves Security Criteria Beyond The Legal Requirements for Digital ID

(San Jose, CA) –Gemplus, the world's number one provider of solutions empowered by smart cards, announced that its Java Card technology-based GemXplore `Xpresso, is the first to be certified Evaluation Assurance Level (EAL)5+ by the Common Criteria security standards body. This far exceeds current legal requirements. Common Criteria is rapidly becoming standard security for sensitive data; European digital signature laws currently require EAL4. Following September 11, the US National Security Agency and NIST (National Institute of Standards and Technology) are considering basing their security specifications around Common Criteria. By being awarded this exclusive level of smart card security, Gemplus has shown its technology leadership in the use of Java Card technology for smart cards. This major technological step may open new possibilities for trusted services in... (more)

Will Security Stand in the Way of Web Services?

(October 15, 2002) - Web services is gaining ground as a business strategy in Europe, where 54 percent of surveyed CIOs agree that Web services will fundamentally change how businesses use the Web. Most also state that the enabling technology, alongside security and application integration, will top their spending priorities for the year. The research, commissioned by BEA Systems and conducted by SWR Worldwide, polled 320 chief information officers and IT directors throughout France, Italy, Spain, Germany, the Netherlands, Sweden, Finland, and the UK. Fifty-nine percent of respondents stated that their organization "clearly sees the benefits of Web services." Web services are perceived as a way to build tighter relationships with customers and partners, improve efficiency and deliver services faster and cheaper, and improve enterprise agility. However, when all resp... (more)

Altova and DataPower Team to Deliver First XML Development Environment for Configuration of Web Services Security Policies

(March 17, 2003) - Altova, Inc.'s XMLSPY 5 XML development tool set is now integrated with the Datapower XS40 XML Security Gateway. Using XMLSPY 5 and the XS40 enterprises can for the first time centralize XML Web Services security functions in a drop-in, reliable network device while all security policies and access control are handled from an interface familiar to application developers. With the integration of XMLSPY 5 and the XS40, enterprises can substantially reduce the time it takes to secure and launch applications into deployment. While many application developers provide security functions deep within an application, many enterprises are centralizing XML Web services security in security gateways that allow a network operations group to secure and monitor multiple applications simultaneously. Security policies within the DataPower XS40 are completely XML-b... (more)

StarOffice/Tamino Add-on to Improve Productivity, Security, and Collaboration

(May 21, 2003) - Sun Microsystems, Inc. and Software AG have formed a business alliance to deliver add-on technology for Software AG's Tamino XML Server 4.1 to support Sun's StarOffice™ Software 6.1 productivity suite. The Tamino/StarOffice add-on delivers a cost-effective solution, increasing workgroup productivity and security by providing access to collaboration functionality, digital signature support, and connectivity with back-end applications. The add-on technology ensures interoperability and user ownership of data through adherence to open XML standards from W3C, the Internet Engineering Task Force (IETF), and OASIS. "Sun's StarOffice uses XML as its default file format; the next logical step was to create add-on technology in the Tamino XML Server allowing native XML data storage and data exchange of StarOffice documents." stated Dr. Peter Mossack, CTO an... (more)

JavaFX, startup time, and security dialogs

Sun released JavaFX yesterday, which has a lot of great technology in it, but unfortunately the user experience is tragically poor. From my own experience, the first time I loaded a JavaFX applet I was presented with four dialogs: one security dialog for the JavaFX runtime, another security dialog for the JavaFX samples, a JavaScript warning dialog, and a JavaFX license agreement acceptance dialog. The applet took over two minutes to load. ... (more)

SOA Security Vision

This will be the last [at least for a while] post in the SOA Security Series, and I want to conclude by sharing my vision and some recommendations and best practices (most of them fairly common sense) that I have noticed, stole and otherwise accumulated while working in this field. But before we start, I would like to fill the gap that I left in my earlier postings by never providing a Definition of Secure SOA Secure SOA is an approach to implement SOA which by design ensures trust throughout the SOA ecosystem (including services, consumers, composite applications and infrastructure) by addressing some or all of the following security aspects: Authentication Authorization Integrity Confidentiality Accountability (monitoring, logging, audit, non-repudiation) Identity (federation, provisioning, trust brokering) Security Policies It is also worth mentioning that I firm... (more)

SOA Security Vision

This will be the last [at least for a while] post in the SOA Security Series, and I want to conclude by sharing my vision and some recommendations and best practices (most of them fairly common sense) that I have noticed, stole and otherwise accumulated while working in this field. But before we start, I would like to fill the gap that I left in my earlier postings by never providing a Definition of Secure SOA Secure SOA is an approach to implement SOA which by design ensures trust throughout the SOA ecosystem (including services, consumers, composite applications and infrastructure) by addressing some or all of the following security aspects: Authentication Authorization Integrity Confidentiality Accountability (monitoring, logging, audit, non-repudiation) Identity (federation, provisioning, trust brokering) Security Policies It is also worth mentioning that I firm... (more)

IBM Solves Cryptographic Cloud Security

I usually don't post press releases, but this one sounded almost too good to be true. According to IBM, they have discovered a method to fully process encrypted data without knowing its content. If true, this could greatly further data privacy and strengthen cloud computing security. --- An IBM researcher has solved a thorny mathematical problem that has confounded scientists since the invention of public-key encryption several decades ago. The breakthrough, called "privacy homomorphism," or "fully homomorphic encryption," makes possible the deep and unlimited analysis of encrypted information -- data that has been intentionally scrambled -- without sacrificing confidentiality. IBM's solution, formulated by IBM Researcher Craig Gentry, uses a mathematical object called an "ideal lattice," and allows people to fully interact with encrypted data in ways previously thou... (more)

CloudEXPO Stories
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure for today even as you're forecasting for tomorrow.
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been designed around data privacy," explained Julian Box, CEO and co-founder of Calligo, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leading global enterprises use Isomorphic technology to reduce costs and improve productivity, developing & deploying sophisticated business applications with unprecedented ease and simplicity.
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.