Facebook’s new chief security officer, Alex Stamos, has stated publicly that he wants to see Adobe end Flash.
Most of the internet will consider this a good idea. Not too sure about the Facebook bunch yet.
via: Slashdot
Facebook’s new chief security officer, Alex Stamos, has stated publicly that he wants to see Adobe end Flash.
Most of the internet will consider this a good idea. Not too sure about the Facebook bunch yet.
via: Slashdot
Containers, in particular represented through the hype around Docker, get a greater share of attention of the IT world for the past year or two. And it happens for good reason. Just like other virtualization techniques, containers allow for easier deployment, for better maintainability, for improved management of applications, for better hardware utilization and for a reduced TCO altogether. And cost in particular is likely the biggest reason for the popularity of container technology in the realm of virtualization, because lightweight technology does not only touch hardware and infrastructure, but also development and operations.
Auch Cyber-Security braucht modische Cyber Accessoires.
Leute, ernsthaft? pic.twitter.com/I8D7C3g0gU
— Nero (@HirteDerMeere) April 18, 2015
via: Schlecky Silberstein
Chip Fingerprinting Scheme Could Secure IoT Devices Against Malware.
Security in the context of the Internet of Things (IoT) is an area that is expanding, along with the growth of IoT itself. Fingerprinting schemes are an approach that didn’t go along with malware prevention in traditional computing, but IoT use cases may benefit from a combination.
via IEEE Spectrum.
A quick overview.
The purpose of security software is to make other software more secure. This is what the security industry claims, sometime with legit arguments, sometime the industry tries to chase unrealistic ideals, as a recently linked article suggest.
And I couldn’t agree more. The security industry approaches the problem from the wrong end, most of the time. With keeping in mind the principles of security, Integrity, Availability and Authenticity, security software helps mitigate threats in the class of Vulnerabilities, Exploits and malicious software and payloads. Products available to purchase can be considered in classes of, Encryption (Integrity and Authenticity), for data in rest (disk encryption, file encryption) or for data in transit (VPN or protocol encryption). Backup is clearly saving Availability, but most companies in the security industry consider this a different topic. Then there are products to limit access, e.g. Network Layer Firewalls, which have a very distinct functionality. Up to here, things are very clear and deterministic. When it comes to Application Layer Firewalling, e.g. Web Application Firewalls things start to get fuzzy.
Products that aim to protect from any unknown threat, malware or payload, like Anti Virus, Anti Spam, Intrustion Prevention and even Vulnerability Scanners, provide information that is know already.
Now that a particular exploit is know, protection for it can be provided in two distinct locations: the vulnerable software can be patched to remove the problem. Or, what the security industry offers, have another piece of software in place that tries to protect from something that is known already. And with that, raising system complexity and opening another vector for vulnerability.
The sustainable approach is to invest in secure software and architecture, that has built in encryption, authentication and redundancy. This is something the security industry can provide as technology vendors, rather than chasing the magical unicorn.
A intermediate CA, held by MSC Holdings, issued by CNNIC, the Chinese NIC, apparently issued certificates for unauthorized domains. The problem was detected by Google for their domains through pinned certificates in their browser.
Google Online Security Blog: Maintaining digital certificate security.