what we're reading, week of 3/23

From Lori MacVittie’s Blog… Can the Cloud survive regulation? Lori MacVittie questions whether a more regulated cloud would survive new laws and regulations? Concerns have been raised by multiple industries on the reliability and security of the cloud in general. Until conflicts between security, regulations, reliability, and privacy are addressed, the cloud may be unsuitable for any organizational use. From around the Blogosphere… Since the CanSecWest conference there has been much buzz surrounding vulnerabilities and their price tag. Here are three different perspectives on the issue. ZDNet | Zero Day “No more free bugs”? There never were any free bugs Adam O’Donnell argues that vulnerabilities were never free, and that vulnerability researchers were always compensated some way. Adam continues his argument by briefly describing the history of vulnerability research, and how it has remained relatively the same. Matasano Chargen Vulnerability Research: Times They Are A-Changin’ Dave Goldsmith believes the trend of selling and buying vulnerabilities has changed. Dave outlines the different components which go in to research and describes how its changed over time. The Mac Security Blog Interview with Mac Hacker Charlie Miller Peter interview Charlie Miller, the security researcher who hacked a Mac in ten seconds at the conference. In the interview, Charlie vows he’ll never give a bug for...

what we’re reading, week of 3/23

From Lori MacVittie’s Blog… Can the Cloud survive regulation? Lori MacVittie questions whether a more regulated cloud would survive new laws and regulations? Concerns have been raised by multiple industries on the reliability and security of the cloud in general. Until conflicts between security, regulations, reliability, and privacy are addressed, the cloud may be unsuitable for any organizational use. From around the Blogosphere… Since the CanSecWest conference there has been much buzz surrounding vulnerabilities and their price tag. Here are three different perspectives on the issue. ZDNet | Zero Day “No more free bugs”? There never were any free bugs Adam O’Donnell argues that vulnerabilities were never free, and that vulnerability researchers were always compensated some way. Adam continues his argument by briefly describing the history of vulnerability research, and how it has remained relatively the same. Matasano Chargen Vulnerability Research: Times They Are A-Changin’ Dave Goldsmith believes the trend of selling and buying vulnerabilities has changed. Dave outlines the different components which go in to research and describes how its changed over time. The Mac Security Blog Interview with Mac Hacker Charlie Miller Peter interview Charlie Miller, the security researcher who hacked a Mac in ten seconds at the conference. In the interview, Charlie vows he’ll never give a bug for...

Secure Enterprise Solution now available

Today, NCP Engineering announced the launch of an end-to-end Secure Enterprise Solution. The idea is to combine IPsec and SSL management with strong policy enforcement in an integrated collection of VPN components. Components of the solution include: The NCP Secure Enterprise Management System A centrally-controlled software solution that provides network administrators with a single point of administration for a company’s entire IPSec and SSL VPN network, as well as full NAC management.  All status information is made graphically available on the system monitor in real time, and plug-in updates and configuration settings can be easily controlled and distributed.  User data can be imported via standardized interfaces from existing directory services and identity and access management systems (IAM).  Built-in transition software ensures redundancy systems guarantee high availability of the management system, avoiding costly downtime and loss of policy settings. The NCP Secure Enterprise Server A hybrid IPSec and SSL gateway that controls and monitors all VPN connections to and from the central data network.  It offers high availability clustering to maintain network performance speeds and allows administrators to run up to 10,000 concurrent SSL sessions.  Unique to NCP, the gateway provides one plug-in for full network access. The NCP Secure Enterprise Server supports the industry’s widest variety of endpoint platforms and any IPSec-based device, including the iPhone. The NCP Secure Enterprise Client A bundled client, personal firewall and dialer provide the most secure end-point connection for the industry’s widest array of platforms, including Windows-based (Mobile 5/6x, CE, XP/Vista 32/64-bit, 7 beta), Symbian (S60 3rd Edition) and Linux-based operating systems.  The universally-adaptable IPSec client is seamlessly compatible with any gateway on...

what we're reading, week of 3/16

From Tech Sanity Check… Smartphone shakeout: Android and Windows Mobile could get squeezed Jason Hiner outlines the smartphone market and analyzes the current market leaders. Jason also points out the intent to purchase are different between businesses and consumers, because there are more mobile OS systems to choose from than computer OS systems. Jason highlights the key aspects for business smartphone purchases—and security is definitely on the list. From Lori MacVittie’s Blog… Please fasten your seatbelts, there’s turbulence in that there cloud Lori MacVittie argues that the cloud is not ready to replace your entire data center. There is a lack of policy enforcement, application/data access and rules enforcement on end-users. Also, the level of difficulty of enforcing SSL in a ‘small footprint’ way for end-devices is too much. From ZDNet | Zero Day… BBC botnet buy: What were they thinking? Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab, did a guest blog post this week. Roel shares with us that a team within the technology department at the BBC bought a botnet as an experiment, and self-spammed themselves and DDoS-ed. Roel not only expresses his thoughts on this situation, but also his frustration in this...

what we’re reading, week of 3/16

From Tech Sanity Check… Smartphone shakeout: Android and Windows Mobile could get squeezed Jason Hiner outlines the smartphone market and analyzes the current market leaders. Jason also points out the intent to purchase are different between businesses and consumers, because there are more mobile OS systems to choose from than computer OS systems. Jason highlights the key aspects for business smartphone purchases—and security is definitely on the list. From Lori MacVittie’s Blog… Please fasten your seatbelts, there’s turbulence in that there cloud Lori MacVittie argues that the cloud is not ready to replace your entire data center. There is a lack of policy enforcement, application/data access and rules enforcement on end-users. Also, the level of difficulty of enforcing SSL in a ‘small footprint’ way for end-devices is too much. From ZDNet | Zero Day… BBC botnet buy: What were they thinking? Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab, did a guest blog post this week. Roel shares with us that a team within the technology department at the BBC bought a botnet as an experiment, and self-spammed themselves and DDoS-ed. Roel not only expresses his thoughts on this situation, but also his frustration in this...