A few months back, Gartner placed big data at the peak of its hype cycle for
cloud computing, meaning most big data products are solutions looking for a
problem. I always find this bad entrepreneurial habit to be one of the most
frustrating of our industry. Having recently joined Meltwater as head of
marketing and product (BTW Meltwater is hiring marketing and product
managers!), I think a lot about big data and how to unleash it’s value to
solve important business problems, because that is our business. How does big
data go from “so what” to “must have”?
The Big Data Challenge
Big data is a by-product of the Internet and the ever increasing power of
computers. Kind of like petroleum sludge. We know there must be great value
buried within this vast, raw resource, but the challenge lies in figuring out
how to turn it into something useful like plastic, or the other th... (more)
Cybercrime saw significant growth in 2009. It increased in prevalence and
geographic spread. The only thing that didn't grow was the skill level
required to participate. It was easier for non-skilled attackers to conduct
sophisticated attacks because of the availability of toolkits. The increase
in manpower has led to an increase in most areas of cybercrime.
The growth of cybercrime has come despite a global recession that has stunted
the growth of almost every other industry. The growth of cybercrime has been
fueled by an increase in Internet users, especially those in developing
However, businesses can protect their information from these pervasive
dangers. Understanding the threat landscape is the first step. The following
highlights from the Symantec Internet Security Threat Report XV can help
organizations understand just what they're up against.
While you spend your time arguing over where application security belongs,
miscreants are taking advantage of vulnerabilities. By the time you address
the problem, they’ve moved on to the next one.
Dmitry Evteev @ Positive Technologies Research has discovered (yet) another
method of exploitation that allows for the injection of malicious SQL into
sites and databases.
A method that I discovered today in MySQL documentation struck me with its
simplicity and the fact that I haven’t noticed it before. Let me describe
this method of bypassing WAF.
MySQL servers allow one to use comments of the following type:
/*!sql-code*/ and /*!12345sql-code*/
As can be noticed, SQL code will be executed from the comment in both cases!
The latter construction means that "sql-code" should be executed only if the
DBMS version is later than the given value.
As I have been repeatedly asserted ... (more)
Cloud Expo on Ulitzer
Step 1- Determine the Bad and Good "Candidates" for the Cloud
First, start by taking a broad look at the applications and other IT
resources and systems under your "control" (both existing ones and planned
ones); categorize them into mission-critical (i.e., if it goes offline your
company will not "survive") and non-mission-critical.
Both mission-critical and non-mission-critical can be further sub-categorized
into core business practices (those that provide competitive differentiation)
and non-core practices (typically internal activities such as HR services,
Then apply the following rules of thumb:
1. If mission-critical and non-core, then the application is a good candidate
for deployment in the public clouds
2. If mission-critical and core, then definitely keep it behind the firewall
(you may choose to put them in a private cloud or non-... (more)
Oracle Journal on Ulitzer
Recently I blogged about Upgrading WLS using the Oracle Smart Update utility.
We discovered that while this utility will happily patch our developers'
machines, we had h3lls own trouble trying to get it to work on our server.
After much head scratching, gritting of teeth, yelling, begging and sobbing
at our firewall administrators, without a solve, we decided a new approach
As per Andreas Koop's comment in that original blog post, you can in fact run
the Smart Update utility in offline mode, which implies you can download the
patches and install them from the utility locally without directly connecting
to the Oracle web services. However what I couldn't see was how to run the
Maintenance Patch option in offline mode. Yet given the offline mode support
it seemed reasonable that you could download a patchset from somewhere, and ... (more)
The Open Web Application Security Project (OWASP) is focused on improving the
security of software. Their mission is to make software security visible, so
that individuals and organizations worldwide can make informed decisions
about true software security risks and their OWASP Top 10 provides a list of
the 10 Most Critical Security Risks. For each risk it provides a description,
example vulnerabilities, example attacks, guidance on how to avoid and
references to OWASP and other related resources. Many of you are familiar
with their Top 10 Most Critical Web Application Security Risks. They provide
the list for awareness and guidance on some of the critical web applications
security areas to address. It is a great list and many security vendors point
to it to show the types of attacks that can be mitigated.
Now the Internet of Things (IoT) has its own OWASP Top 10.
…all this and more in this week’s compendium of open source news!
Two Steps Forward, One Step Back
Sounds like a Strauss Waltz? Almost. After 10 years the city of Munich’s
love affair with open source may be coming to an end. Despite saving $16
million by using the custom Linux distribution LiMux, the city is considering
switching back to Windows due to user complaints. Read more about the
motives surrounding the discussion at Network World.
Governments on GitHub
Governments across the globe have long been dabbling with open source
software. Use of Open Source products like OpenOffice, Linux and Drupal are
becoming commonplace. To further this trend, many governments are beginning
to open source their own code as illustrated by the 10,000 active government
users on GitHub. You could argue that since it is our taxes, then the code
should be open. Read more abo... (more)
Lastline, an advanced malware defense platform provider, has raised $10
million from new investors Dell Ventures and Presidio Ventures, as well as
existing investors Redpoint Ventures and e.ventures. With the new round of
funding, Lastline will continue to focus on serving its rapidly growing,
global enterprise customer base as well as new and existing partnerships to
improve information security and threat intelligence worldwide.
This round of funding adds to the $13.7 million raised in earlier rounds to
bring total funding raised to nearly $24 million since the company’s
founding in 2011.
“Today's strategic investment in Lastline expands our commitment to bring
innovation and breakthrough technology to our customers,” said Victor
Chang, Director of Dell Ventures. “Combining Dell IP with Lastline
technology positions us to deliver differentiating solutions to help ... (more)
ARLINGTON, Va., Aug. 15 /PRNewswire/ -- Cyber Security Industry Alliance
(CSIA), the only public policy and advocacy group dedicated exclusively to
cyber security, today released a report that summarizes key findings and
conclusions from a conference held to discuss the adequacy of guidance given
on IT security in Sarbanes-Oxley. Today's announcement follows a Sarbanes-
Oxley compliance initiative that began in 2004 with a CSIA report outlining
the implications of Section 404 for information security.
Attendees at IT Security and Sarbanes-Oxley Compliance: A Roundtable Dialogue
of Lessons Learned, addressed whether the statutory and administrative
materials governing Section 404 provide enough guidance on IT security to
enable management and auditors to carry out their compliance obligations.
"The conference proceedings and subsequent announcements from the Securities... (more)
Security on Ulitzer Jersey City, NJ, July 28, 2009 - "People who should know
better think that by avoiding porn and gambling sites, they can avoid getting
malware on their computers," said Melih Abdulhayoglu, CEO and President of
Comodo. "Not today."
"People who do know better know that there are some basic requirements
everyone needs to have before they even think of using the Internet. One of
those requirements is malware protection."
Comodo distributes free award-winning antivirus and firewall protection. More
than 18,000,000 copies of Comodo security software have been installed on
computers around the world.
"If your computer is compromised, you may not even know it. You could be like
a polio carrier, with no symptoms. But your PC harbors the disease and
spreads it to other users. Like a vaccine, using security software benefits
you, of course. It also benefit... (more)
I was talking with Avanade’s Senior Director for Enterprise Security, Ace
Swerling, earlier today. The conversation touched on a wide range of security
and identity management issues that I’ll probably return to, but one of
Ace’s comments brought my attention back to an issue that has been nagging
at me for a while.
As I’m sure we all know, security concerns often figure highly in
discussions about moving Enterprise applications and data to the Cloud.
Indeed, I spoke with other Avanade executives earlier this year to report on
a survey they had commissioned that suggested just how significant these
concerns can be for potential customers.
In today’s conversation, Ace appeared to agree (as do I) with the frequent
assertion that Cloud providers’ own systems will tend to be more secure
than those that the majority of potential customers have in-house today.
These ser... (more)