The dominant theme at this year’s RSA Conference in San Francisco was actionable security intelligence, a term which can mean different things to different people. For example, do bad IP addresses, DNS fast fluxing information, and geolocation constitute security intelligence? Additionally, do malware campaigns and adversary tracking count as security intelligence?
The answer is yes for both questions, but it is important to note that these are not the only high-level indicators that can be considered security intelligence. The key challenge is understanding how to "apply" security intelligence in such a way that it is actionable. The following may be considered provocative and even go against the grain of opinion in Silicon Valley: In most approaches to security, there is too much emphasis on the adversary and not enough on understanding the attack surface.
Apple's 'good enough' security response: why it’s not going to change, isn’t fair, but doesn’t matter anyway
Apple’s handling of the recent "goto fail" vulnerability has brought about another round of the usual criticisms that we’ve heard from the security research community for years. In this most recent episode, Apple’s decision to provide security updates for iOS devices while leaving the vulnerability unpatched on Mac OS X for four days and giving no clear sign of the company's intentions has revived the oft-repeated criticisms that Apple isn’t transparent in its security response, isn’t timely, and doesn’t engage with the researcher community positively. Often the criticism will point to Microsoft as an example of what Apple doesn’t do and should.
I’m a ten year veteran of the Microsoft Security Response Center (MSRC), and I and my colleagues have said much the same things about Apple’s security response. In fact, one of my colleagues, Stephen Toulouse, made news in 2006 by calling on Apple to implement some of the many programs that Microsoft had put together. For us, it was always particularly frustrating to see Apple essentially get a pass on behavior that would lead to huge outcries if Microsoft did it. Think of the outcry if there was an SSL/TLS vulnerability that enables man-in-the-middle attacks affecting Microsoft Windows and Internet Explorer that’s unpatched for four days with no information from Microsoft. Now, compare that with what we saw with Apple. Forgive the pun but its Apples to oranges, really and Apple gets off easy every time.
In 2006, I co-founded Four Kitchens, a web design and development consultancy that specializes in working with open-source software. As an open-source business, we are frequently asked about the benefits of open source. The way I explain it to most people is like this: The open-source business model is service-driven, and the closed-source model is product-driven.
In an open-source model, your startup costs are zero and you need to expend capital -- your time, your company’s development cycles and your money to hire outside vendors, etc. -- to get the software to do what you need. In a closed-source model, your startup costs are usually quite high because you must purchase licenses, subscriptions and proprietary hardware, but the software more or less works out of the box. In the long run, I believe the open-source model is cheaper for two reasons:
No one could argue very convincingly that mobile isn’t one of the most disruptive, transformational factors in business -- and in life -- today. Consumers are armed 24/7 with ever more powerful smartphones and tablets. But most aren’t dying to download the app you paid handsomely to develop.
Most consumers are using their mobile devices to access the web while away from home and from the couch. They’re using them to read your opt-in emails, clicking on your links and forwarding your offers to friends. They’re comparison-shopping, pitting brick-and-mortars with online stores, and reading reviews as part of their decision-making process. They’re relating their experiences with ratings and photos in real time with their social networks.
With security breaches on the rise, such as the recent Target credit card theft, you can’t be too careful how and to whom you share your personal information. According to the US Department of Justice, 7 percent of US households reported being victims of some form of identity fraud and with financial losses totaling upwards of $50 billion, people have to be vigilant.
Nowadays it’s fairly easy to steal an identity by obtaining different bits of information about someone and piecing them together like a jigsaw puzzle. Things you may not even think about such as your zip code, maiden name, or date of birth. And it’s not just unknown entities who are procuring your personal information and using it for their nefarious gain, it’s people you may think are legitimate and trustworthy such as babysitters, housekeepers or your latest online crush.
Wireless carriers are opposing net neutrality because their networks have limited capacity and they need more flexibility to handle traffic. But they are missing an opportunity by not embracing spectrum sharing, a technology that could vastly increase the available bandwidth.
Net neutrality has been in the headlines following Verizon's recent Federal court win against the Federal Communications Commission's (FCC) open Internet rules. Also, AT&T is now courting corporate sponsors to help subsidize customer data plans. Some consumer rights groups view these events as a concerted effort to undermine the longstanding practice that compels service providers to treat all traffic equally. These events could all signal the beginning of a tiered-off Internet.
The app market has exploded but only a few apps will survive in the long haul. The ability to monetize will be the defining factor. Fortunately, innovations in mobile technology have emerged to make monetization possible with in-app advertising and in-app purchase models.
There was a lot of hullabaloo around Snapchat recently when its founders declined a US$3 billion buyout offer from Facebook. That raised the question of whether it was being grossly overvalued given its revenue deficit. Other popular apps make revenue but are losing money: music apps Pandora and Spotify are prime examples. Why, then, are the valuations so astronomical? It’s because they have an audience. But is that good enough?
Google Glass is about to end its prototype phase, yet popular opinion and the device’s app ecosystem are struggling.
This coming spring will see widespread consumer access to the much-hyped wearable computer, which will hopefully lead to an increase of intuitive apps. Analysts have stated that such technology will have trouble in the consumer space due to the lack of selection at the moment. Surprisingly, counter to the common progression of technology from consumers to the enterprise, wearable technology will potentially be more successful as a business tool than a consumer gadget.
There has been a lot of talk lately about Bitcoin, a digital currency that aims to provide the security of cash and is more convenient than a credit card. Just under a year ago, the "cryptocurrency" -- so named for its reliance on cryptography in order to operate -- was traded somewhere between $13–14. However, one year later, Bitcoin is now trading for over $800, with a peak somewhere in the $1,200 range.
Bitcoin’s rise to popularity has been sparked by its many advantages: it claims to be inflation-free; have low or zero transaction fees; anonymity for transactions; totally transparent transaction history; irreversible transactions (no chargebacks); protection from fraud; freedom from exchange fees; and does not require the acceptor to be PCI Compliant.
While not every company has technologically embraced the massive influx of multiplatform, multi-network mobile devices taxing its network, the inevitable power they give employees to access enterprise resources in any location and manage their own technology systems -- a phenomenon known to some as "the consumerization of IT" -- will undoubtedly dramatically and permanently change the face of the enterprise as we know it today. And while it is widely recognized that the continued consumerization of IT presents countless challenges for IT departments, I see 2014 as the year IT views these changes as opportunities and empowers its employees with the tools they need to maximize the incalculable power of their devices.
One of the major tools to which I refer? The enterprise app store.
A few minutes ago, I finished listening to a presentation in London by Andrew Morely, vice president and general manager of Motorola Mobility (UK), in which he announced details of the European version of the Moto X phone which was, until now, only available in North and South America.
The main difference from the North American version is that in Europe the phone comes only in two colors (black and white) and the Moto Maker service, which allows buyers to customize the front/back/accent colors as well as add a personalized message to the back of the phone, is not available here (at least for now).
Journal Communications, Inc. (Journal) is a successful century-old media company based in Milwaukee, Wisconsin, USA. Our company owns and operates 34 radio stations and 15 television stations. We produce 20 print publications including the Milwaukee Journal Sentinel. For many years, our IT infrastructure for all of those media stations and papers functioned as separate entities. Our small team relied on long personnel-hours, hard work and dedication to keep everything running -- and functioning on time. As the company grew, however, we realized that this was not a sustainable model.
Originally, we had 17 implementations and multiple versions of Microsoft Exchange and SharePoint with multiple servers for each of our locations, most of which were not backed up or redundant. The company managed for years without significant problems, but we knew there was a better way. As a newspaper and media company, it’s important for us to maintain the highest levels of efficiency and accuracy in all of our IT and business processes. To accomplish this, we needed the most effective operational approach we could use -- for total reliability across a disparate infrastructure.
It was a great 2013 for SOASTA. Out of the global $1.2 trillion dollars’ worth of business conducted online in 2013 across the globe, SOASTA, an established leader in website and app testing through the cloud, is trusted with protecting 10 percent of that figure -- or $150 billion. Based on the hundreds of brands SOASTA worked with and the challenges faced last year, here are five predictions that are pretty clear as we go into 2014. Hint: Simplify, the User Experience, and M-commerce will be buzz words for successful enterprises and e-commerce vendors.
My top five predictions for 2014 are as follows:
We're all ready for Christmas here at BetaNews. The "Santa Stop Here" signs are in place, all the last minute panic shopping and wrapping is complete, and the eggnog is flowing.
Hopefully you're all similarly prepared for the big day tomorrow, (even if you don't celebrate Christmas, we trust you've got something fun in mind to do) and we'd like to take this opportunity to wish you a merry Christmas, and are crossing our fingers that you receive all the tech treats you're hoping for.
I believe that every individual possesses within them the innate ability to be great. To me, being great means being yourself... to the power of 10. It means tapping into your full potential so that you can be all you can be.
In today’s digital era, there are a myriad of opportunities for expressing your inner greatness and allowing it to shine forth for all the world to appreciate. Self-publishing has become easier than ever, whether that be via personal blog, social media, website or ebook.