Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

I was talking with Avanade’s Senior Director for Enterprise Security, Ace Swerling, earlier today. The conversation touched on a wide range of security and identity management issues that I’ll probably return to, but one of Ace’s comments brought my attention back to an issue that has been nagging at me for a while. As I’m sure we all know, security concerns often figure highly in discussions about moving Enterprise applications and data to the Cloud. Indeed, I spoke with other Avanade executives earlier this year to report on a survey they had commissioned that suggested just how significant these concerns can be for potential customers. In today’s conversation, Ace appeared to agree (as do I) with the frequent assertion that Cloud providers’ own systems will tend to be more secure than those that the majority of potential customers have in-house today. These ser... (more)

Why Is Reusable Code So Hard to Secure?

Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to secure the application it also makes implementing security more difficult. Over the holidays I had the opportunity to do some coding on my latest web application project. I won’t bore you with the details of what it is because it’s to support a hobby of Don and mine except to say that it’s running on a LAMP stack and heavily data-driven. But then what isn’t data-driven on the web these days? Now I’m an old skool OO (Object Oriented) programmer and a typical developer. That is to say that I’m basically lazy and hate to code and recode the same thing over and over so I employ every trick I can to avoid doing so. That means a... (more)

'Internet of Things' OWASP Top Ten

The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks and their OWASP Top 10 provides a list of the 10 Most Critical Security Risks. For each risk it provides a description, example vulnerabilities, example attacks, guidance on how to avoid and references to OWASP and other related resources. Many of you are familiar with their Top 10 Most Critical Web Application Security Risks. They provide the list for awareness and guidance on some of the critical web applications security areas to address. It is a great list and many security vendors point to it to show the types of attacks that can be mitigated. Now the Internet of Things (IoT) has its own OWASP Top 10. I... (more)

Apple Introduces Mac OS X Server Snow Leopard

SAN FRANCISCO, June 8 /PRNewswire-FirstCall/ -- Apple(R) today unveiled a Developer Preview of Mac OS(R) X Server Snow Leopard(TM), the next major release of the world's easiest to use server operating system. Snow Leopard Server is a full 64-bit UNIX server operating system based on open standards that is up to twice as fast as its predecessor.* Snow Leopard Server includes innovative new features such as Podcast Producer 2, for automating the creation and publishing of podcasts, and Mobile Access Server with secure access to firewall-protected network services for iPhone(TM) and Mac(R). Snow Leopard Server is priced more affordably than ever at $499 with unlimited client licenses and will ship in September 2009. "Snow Leopard Server is our best and fastest server operating system ever, and unlimited client licenses make it an incredible value for any size busine... (more)

Maybe Ubuntu Enterprise Cloud Makes Cloud Computing Too Easy

Cloud Computing on Ulitzer With just a few clicks you, too, can create a cloud computing environment. But if you’re like a lot of organizations, you may not know what to do with it after that. The latest version of Ubuntu Server (9.10) includes the Ubuntu Enterprise Cloud (UEC), which is actually powered by Eucalyptus. The ability to deploy a “cloud” on any server running Ubuntu is really quite amazing, especially given the compatibility of Eucalyptus with Amazon and the plethora of application images available for nearly immediate deployment. It supports both a public and private option, and a hybrid model, and comes replete with management tools designed to make building, deploying, and managing your own personal, private cloud a breeze. Private clouds offer immediacy and elasticity in your own IT infrastructure. Using Ubuntu Enterprise Cloud, you can experience ... (more)

Symplified to Demo SinglePoint Cloud Security at Cloud Expo

Symplified Demo at Cloud Expo Cloud Computing Expo - Symplified, the Cloud security company, announced a new user provisioning addition to its SinglePoint Cloud security platform that enables organizations to centralize the management of user accounts for multiple cloud applications from within their firewall or using the Salesforce.com platform. SinglePoint Cloud Identity Manager integrates with enterprise user directories to automate the creation, provisioning, modification, and de-provisioning of accounts that enable employees to access Cloud-based Software as a Service (SaaS) applications and data. Symplified to exhibit at Cloud Expo 2010, which will take place April 19-21, at the Jacob Javits Convention Center in New York City. Cloud Expo, with over 5,000 delegates and more than 200 sponsors, will be the most significant technology event of the year. With Sin... (more)

Microsoft and HP to Tap into Private Cloud Market

Microsoft and Hewlett-Packard have teamed up on a three-year $250 million partnership to bring about the “next generation computing platform” called HP private cloud. They will be working towards a combined cost effective IT solution encompassing varying levels of hardware, software, and professional services for business applications. The idea seems to be to bundle up a complete virtualization and systems management offering that would work in mega data centers and cloud providing centers. The joint stack would leverage existing products from both companies while plans are also underway for new ones. Microsoft which has already jumped head long into cloud with its public cloud services Azure, is now looking to take on private cloud with HP by its side. Private cloud is a proprietary network that implements cloud strategies behind a firewall and therefore protects ... (more)

Mashable Sees Double Rainbows as Google Goes Gaga for OAuth

Enterprise developers and architects beware: OAuth is not the double rainbow it is made out to be. It can be a foundational technology for your applications, but only if you’re aware of the risks. OAuth has been silently growing as the favored mechanism for cross-site authentication in the Web 2.0 world. The ability to leverage a single set of credentials across a variety of sites reduces the number of username/password combinations a user must remember. It also inherently provides for a granular authorization scheme. Google’s announcement that it now offers OAuth support for Google Apps APIs was widely mentioned this week including Mashable’s declaration that Google’s adoption implies all applications must follow suit. Now. Stop reading, get to it. It was made out to sound like that much of an imperative. Google’s argument that OAuth is more secure than the Client... (more)

Our B Review of Base CRM

We review small business CRM software all the time. Sometimes we find great systems. Sometimes not. More typically, we find systems like Base CRM, a well designed and promising system that’s almost there (but not quite). Read on for our full review. The Quick and Dirty Verdict Base is a web-based CRM built by Future Simple, a venture-backed, Chicago based software company. As small business CRMs go, Base is pretty damn good: it’s easy to use, includes some neat features (client spaces!), and boasts an awesome mobile app. Unfortunately, the expensive pricing scheme, lack of calendaring, and limited integrations are all serious drawbacks. We’re giving it an 85/100, a respectable “B” on our grading scale. Read on for details… Functionality = 28/30 Base’s feature list is quite good. Standout features include email integration (you can send and track emails from within... (more)

Security and the Cloud

By Steven Wolford, 6fusion Director of Information Security Is now the time to make the move to cloud services with all the current IT security concerns? Security and the cloud seems to be the topic of conversation for many businesses and IT groups today. As you prepare for that decision making process around your IT infrastructure security, remember to take a risk based approach to help ensure a sound decision from an information security perspective. Rather than spend months learning, digesting, and attempting to implement a structured formal risk management framework, regard your strategic security planning with these four pillars of risk management. Identify What can and should be moved to the cloud? Identify projects, programs or services that have high establishment costs, low utilization, or are expensive to run and operate, as candidates for the cloud. Consi... (more)

STEALTHbits Extends StealthAUDIT Management Platform for Active Directory With New Windows Server 2012 Capabilities

GLEN ROCK, NJ -- (Marketwire) -- 09/11/12 -- STEALTHbits Technologies, a leading provider of IT compliance, security, and operational management solutions for the Microsoft computing platform, today announced new capabilities for its flagship offering, the StealthAUDIT Management Platform (SMP) for Active Directory, which provides organizations with the freedom to choose the most appropriate architectural approach for implementing Windows Server 2012's new Dynamic Access Control (DAC) features as they migrate to Microsoft's latest platform. The release of Windows 8 and Windows Server 2012 represent a great advance in operating systems and organizations of all sizes are evaluating what will be required to transition their existing infrastructure to this new technology platform. Windows Server 2012 introduces features that can change the way companies manage file sys... (more)