This week, Facebook fell victim to hackers who managed to deface Mark
Zuckerberg’s page, no doubt earning the perpetrators tremendous props
within their own social community. Facebook quickly closed the door on that
particular exploit, but by then of course the Internets were abuzz and the
damage was done. The company quickly followed up with some unrelated security
distractions: HTTPS, good for countering Firesheep (I love that name); social
authentication instead of CAPTCHAs (this is actually interesting and plays to
their strengths); and an announcement that this Friday is “Data Privacy
There aren’t many details available on the hack (the Guardian has a great
investigation examining some of the clues that were left behind), but it
appears that one particular API didn’t perform sufficient authorization on
a POST. This is a common problem when you don... (more)
Earlier this fall, Anil John put out the following Twitter challenge:
“@Vordel, @layer7, @IBM_DataPower If you support REST, implement support
for URI templates in XML Security Gateways”
Somebody brought Anil’s tweet to our attention this week, and Jay Thorne,
who leads our tactical group, put together a nice example of just how to do
this using SecureSpan Gateways.
URI templates are a simple idea to formalize variable expansion inside URI
prototypes. A receiving system can then trivially parse out substituted
components of the URI and use these as input. There’s an IETF submissio... (more)
Cloud is now mature enough that we can begin to identify anti-patterns
associated with using these services.
Keith Shaw from Network World and I spoke about worst practices in the cloud
last week, and our conversation is now available as a podcast.
Come and learn how to avoid making critical mistakes as you move into the
Christian Perry has an article in Processor Magazine that I contributed some
quotes to. The article is about the ongoing debate about the merits of public
and private clouds in the enterprise.
One of the assertions that VMWare made at last week’s VMWorld conference is
that secure hybrid clouds are the future for enterprise IT.
This is a sentiment I agree with. But I also see the private part of the
hybrid cloud as an excellent stepping stone to public clouds.
Most future enterprise cloud apps will reside in the hybrid cloud; however,
there will always be some applications, such as... (more)
What is the cloud, really? Never before have we had a technology that suffers
so greatly from such a completely ambiguous name. Gartner Research VP Paolo
Malinverno has observed that most organizations define cloud as any
application operating outside their own data centre. This is probably as
lucid a definition as any I’ve heard.
More formalized attempts to describe cloud rapidly turn into essays that
attempt to bridge the abstract with the very specific, and in doing seem to
miss the cloud for the clouds. Certainly the most effective comprehensive
definition has come from the ... (more)