Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Enterprise developers and architects beware: OAuth is not the double rainbow it is made out to be. It can be a foundational technology for your applications, but only if you’re aware of the risks. OAuth has been silently growing as the favored mechanism for cross-site authentication in the Web 2.0 world. The ability to leverage a single set of credentials across a variety of sites reduces the number of username/password combinations a user must remember. It also inherently provides for a granular authorization scheme. Google’s announcement that it now offers OAuth support for Google Apps APIs was widely mentioned this week including Mashable’s declaration that Google’s adoption implies all applications must follow suit. Now. Stop reading, get to it. It was made out to sound like that much of an imperative. Google’s argument that OAuth is more secure than the Client... (more)

Weekly Roundup: SAP Business Suite Is Certified for AWS

Over the last week, the cloud world has witnessed a few important announcements from a couple of major cloud players. There were some new feature releases from Amazon and Microsoft. In addition, Amazon has announced the SAP Business Suite certification on AWS. Also, there was a ‘must read’ post published by Microsoft. Plus, ActiveState has announced about its significant revenue growth from the past year. Here’s a quick summary of cloud happenings over the last week. Beginning with the IaaS leader, Amazon has introduced the integration of Amazon Relational Database Service (RDS) with Amazon Simple Notification Service (SNS). This service allows a user to set up notifications for any RDS instances by creating an Event subscription. Next, Amazon has announced that AWS has been certified to host the SAP Business Suite environment in full production mode. Thus, increase... (more)

Move, Flex and Protect Your Workloads

Server, storage and site migrations have always been the elephant in the room. IT managers know that it is necessary to reduce costs and improve workload management but cringe over the potential impact to production. In the past, migrations have usually required significant planning, design and downtime, which is no longer acceptable. Now flexible, more efficient workload infrastructure is necessary to reduce costs. A few years ago virtual migrations were no different than any other server or storage migration: P2V products were complex and time consuming - and some P2V solutions haven’t changed. As with any migration, whether converting a physical machine to a virtual workload, new blades or centralizing data to iSCSI storage, once the workload is converted it is usually missing changes that were transacted during start of the conversion. So, this further complicat... (more)

OSSI Shares Its Open Source Vision Across Government Technology Systems

“Our common interest in open source solutions has enabled OSSI to put together an all-star team of Government, commercial and community partners,” said John Farrell of HP/Fortify, OSSI's volunteer chairman and Chief Information Security Officer, as OSSI named several new members to its Industry Advisory Board. “OSSI was founded in 2001 based on the idea that one day, the technological strength and efficiencies of the open source model would find its ideal fit within Government systems," Farrell continued. For more than a decade, said Farrell, OSSI has been sharing the vision of open source across government technology systems. He added: "I believe that time has come. It is truly exciting to be a part of the open source experience.”  New Board members include: Bill Bacci of HP Federal; Dr. William Grossmann of Global Projects Design; AJ Jaghori , former CTO of L-3 Stra... (more)

Tomorrow’s IBM “Smart Business” Cloud Computing Strategy

The NY Times broke IBM’s embargo this morning by publishing their story on IBM’s new cloud computing initiatives.  I’ve posted the full release here on CloudBzz. The diagram below gives a bit of insight into where IBM is today and where they are heading. IBM is also updating their collateral with a bit more detail.  Here is a fact sheet for their Smart Business initiative: Fact sheet: IBM Smart Business Smart Business is IBM’s commonly branded set of cloud computing offerings for business. This set of offerings gives clients three choices to deliver and consume cloud services to drive efficiency, productivity and control. Smart Business Services – cloud services delivered: 1: Private cloud services, behind your firewall, built by IBM. 2: Standardized services on the IBM cloud Smart Business Systems – purpose-built infrastructure 3. IBM CloudBurst: Pre-integrated har... (more)

Cisco Report Shows Security Threats 'Are Getting Down to Business'

Cisco has released the Cisco® 2009 Midyear Security Report, which shows that Internet criminals are increasingly operating like successful businesses, borrowing some of the best strategies from legitimate companies and forming partnerships with one another to help make their illegal activities more lucrative. The midyear edition outlines some of the most common technical and business strategies that criminals use to breach corporate networks, compromise Web sites, and steal personal information and money. In the report, Cisco offers recommendations for protecting against some of the newer types of attacks that have surfaced recently, recommendations that incorporate people, processes and technology as a holistic risk management solution. The report also advises heightened vigilance against some "old school" approaches that are just as sophisticated and prevalent as... (more)

Amazon Releases Virtual Private Cloud Service

Amazon Web Services announced today a limited public beta of Virtual Private Cloud (Amazon VPC), a service that makes it possible for customers to create their own logically isolated set of Amazon EC2 instances to connect to their existing network over a secured VPN connection. With this, Amazon is taking a major step in making its cloud computing services even more enterprise-friendly than they already were. Amazon CTO Werner Vogels published a detailed blog post regarding this service, in which he acknowledges that enterprises tend to find it challenging to transition applications and services to the cloud when they have often invested years of resources and tons of money setting up their own IT infrastructure (datacenters, networks, etc.). He also says ‘private clouds’, which are basically emulations of cloud computing inside private networks, are not true cloud... (more)

免费提升Windows XP, Vista和Windows 7的性能

新泽西州泽西市,2009年8月27日,给Windows 7用户的新消息:科摩多系统清理工具现已经为Windows 7 操作系统进行了优化。除了PC注册表功能之外,该软件还通过删除无用的数据和文件来提高Windows系统性能 该免费软件可以有效提高和改善运行Window XP 和Windows Vista的性能。PC用户可以下载科摩多系统清理工具2.0.1版本,该软件同时提供了免安装版本和直接安装版本。 ... (more)

Mobile Devices: Authenticate or Encrypt?

Two conflicting opinions crossed my desk today. Michael Hickins reported on Iranian Phone Spoofing, Fake Twitter Accounts And Trust in his blog at InformationWeek.  People are spoofing cell phone calls to his Iranian friends' phone accounts, to avoid sanctions for calling Iran.  "Cybersecurity expert Melih Abdulhayoglu, CEO of Comodo, tells me that content authentication is "the next big thing," Hickins wrote. I was already thinking about the insecurity of cell phone communications because Molly Dolesalek reported on them in Processor Magazine. "It's fairly easy to tap into a cell phone conversation, but the business world doesn't really understand that," Dunleavy says. For that reason, he believes that there will be more interest in voice encryption, including VoIP encryption," she wrote, quoting Mike Dunleavy, president of Diginonymous. Authenticate or encrypt?   ... (more)

Maybe Ubuntu Enterprise Cloud Makes Cloud Computing Too Easy

Cloud Computing on Ulitzer With just a few clicks you, too, can create a cloud computing environment. But if you’re like a lot of organizations, you may not know what to do with it after that. The latest version of Ubuntu Server (9.10) includes the Ubuntu Enterprise Cloud (UEC), which is actually powered by Eucalyptus. The ability to deploy a “cloud” on any server running Ubuntu is really quite amazing, especially given the compatibility of Eucalyptus with Amazon and the plethora of application images available for nearly immediate deployment. It supports both a public and private option, and a hybrid model, and comes replete with management tools designed to make building, deploying, and managing your own personal, private cloud a breeze. Private clouds offer immediacy and elasticity in your own IT infrastructure. Using Ubuntu Enterprise Cloud, you can experience ... (more)

Show Report: Reality Check at 4th Cloud Expo

Cloud Computing Expo on Ulitzer The talk at the 4th Cloud Expo this week in Santa Clara was all about enterprise cloud adoption. Is it real? Is it already happening? If so, who’s doing it, which applications are they running and which clouds are being tested? To a large extent, cloud computing is a victim of its own somewhat out-of-control hype cycle. Since so much has been written and discussed about the cloud in 2009, there is now a growing impatience for actual results. The fact that 2000 people showed up at the Cloud Expo in Santa Clara this week (double the number from last year’s show) suggests that at the very least, interest in enterprise cloud computing remains very real, and the need for practical solutions and use cases is growing more urgent. There was a growing concensus about a number of issues: 1. The hybrid model of on-prem data centers combined wit... (more)