This Java Threat Is Really Confusing
May 11, 2012
For several months, there were rumblings in the hacker underground about some serious threats to Java and Apple’s OS X. ComputerWorld reported in late February 2012 that a new variant of an exploit called Flashback was making its rounds of Macs by using the browser and Java to get in. CNN followed by reporting that […]
Migrating to the Cloud: Do You Need Assistance?
May 9, 2012
Cloud technology intimidates many organizations. The mechanics of setting it up are very different from the traditional model. Several companies offer services establishing and maintaining cloud architectures for their customers. Many people call these providers “cloud brokers.” To me, the term “cloud concierge” or “cloud butler” is far more descriptive. I guess I’m thinking of […]
What Is Computer Security?
May 8, 2012
What is “computer security”? When Adrian Bryan and I set out to write our Introduction to System and Network Security course for Learning Tree some years ago, we needed to start with a definition. It served as a sort of goal or guiding light in writing the course materials. The definition is from Simson Garfinkel […]
Why Must We Still Fear the BEAST, and What Can We Do?
May 7, 2012
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]
Nothing New Under the Sun (or in the Cloud)
May 3, 2012
I see a lot of misguided talk about cloud computing and its security as the New Big Thing. I was reminded of this the other evening when the local brewpub hosted a talk by Gene Spafford, the director of Purdue University’s CERIAS, the Center for Education and Research in Information Assurance and Security. Spaf spoke […]