Vendors
Squinting at Security Drivers and Perspective-based Biases
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are in an organisation. I’ve spent some time on multiple fronts, security management (been audited, had CIOs push for priorities), security auditing (followed workpapers and audit plans), pentesting (broke in however we could) and security consulting (tried to help people fix stuff) and even dabbled with trying to sell some security hardware. This has given me some insight (or at least an opinion) into how people have tried to justify security budgets, changes, and findings or how I tried to. This is a write up of what I believe these to be (caveat: this is my opinion). This is certainly not universalisable, i.e. it’s possible to find unbiased highly experienced people, but they will still have to fight the tendencies their position puts on them. What I’d want you to take away from this is that we need to move away from using these drivers in isolation, and towards more holistic risk management techniques, of which I feel threat modelling is one (although this entry isn’t about threat modelling).
VMWare enters the cloud computing foray
BusinessWeek reports that VMWare has launched a new product aimed at establishing it as a competitor in the cloud computing space.
-snip-
Dubbed the Virtual Data Center Operating System (VDC-OS), the software creates a bank of computers, storage devices, and networking equipment that a company can tap at will, as computing needs arise—say, during a December spike in Web traffic for an online retailer.
-snip-
VMWare is the leet, so this should be interesting to watch…it should also be interesting as it is being spearheaded by some ex-Microsoft execs…
If you run Debian (or a Debian Derivative, like Ubuntu)…
Then you probably should get on this one… [Problems with Random Number Generator]
While it looks like an arb openssl bug, 2 seconds of reading should get you to:
-snip-
It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch.
&&
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections.
-snip-
Amazon SimpleDB – Outsource your database??
Amazon announced the beta of Amazon SimpleDB without that much fanfare, but it is an interesting trend to watch..
Essentially amazon are giving the power of a database to people used to excel and simple queries, backed by their massively optimised infrastructure. It will make popping up a web shop even more trivial than it has been in the past, and i guess continues along the growing trend of allowing “content to be king”. i.e. u dont need a sql geek in your corner, just a good idea .
The proof of the pudding ?
Royal pingdom did a quick check on what was running at some of the more popular sites on the Internet and end up with the following table:
Its intersting for a whole bunch of reasons that im currently too sleep y to write about.. (sleepy??? must be old age?)(or the flu pills im taking)
The first thing that was interesting to me was the suprising lack of BSD ? i like linux and have used it as a desktop machine forever (before becoming a macfanboy) but have always defaulted to FreeBSD for servers.. im not sure what this means and ill do a little netcraft digging tomorrow to see if its a general trend..
VMWare Fusion, i love you not, i love you…
ok.. some of you in the office would have heard me whine when vmware fusion recently started taking my whole machine down occasionally. The joy of it being the whole machine is that ive lost my firefox profile, and managed to turf my osx preferences twice since this started happening..
Through meticulous checking i tracked down that the problem started “the day i blogged about how much i love vmware fusion”. i spent a lot of time wondering if i rm’d the post if it would fix the problem…
VMware for OSX (Fusion) – Beta 4
VMware have just released beta4 of its Fusion product for OSX.
The initial beta was hard to justify and a little flaky, which allowed Parallels to take an early lead. We still have people in the office who swear by parallels.. But.. in my book VMware has just been such a life saver since we first started making heavy use of it (about 6 years ago) that i figured it was worth sticking it out..
Page 1 of 1