Archive

Archive for the ‘-English-’ Category

Title changed to “Cloud & Telecom Security”

March 8th, 2010 Richard No comments

This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.

From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally.  I believe the new title can reflect the new focus better and hope you like it.

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

Cutting-Edge Network Behavior Audit Technology from BMST

December 14th, 2009 Richard No comments

Startup In China

November 19th, 2009 Richard No comments
Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English- Tags: , ,

Microsoft Tuesday Vulnerability Report of Nov.2009

November 12th, 2009 Richard 2 comments

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

HP Acquiring 3Com increases the oligopoly of IT arena

November 11th, 2009 Richard 6 comments

hpweb_1-2_topnav_hp_logoBy this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.

3comLogoThe vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective.  X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.

tplogo5Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses.  As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners.  The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

True or False: 70% of security incidents are due to insider threats?

November 10th, 2009 Richard 8 comments

security_new_schoolActually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.

It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?

Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.

This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud).  It is a good reference. In summary it told us two things that: Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

Comment to “Vulnerability assessment integration with web application firewalls”

November 9th, 2009 Richard No comments

That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.

However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

Gartner released Top 10 technologies at 2010

October 21st, 2009 Richard 1 comment

Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:

  • 1 Cloud computing. Cloud has been the top buzz-term in the past months. Gartner raised it from No.2 at 2009 to TOP1 at 2010.  With no doubt, this statement will be quoted by tons of articles and vendor solutions in the following seasons.
  • 2 Advanced analytic.  I would rather explain it as data correlation and data mining tech. This seems to be similar to “business intelligence” (No.9 at 2009).
  • 3 Client computing. Mostly client computing is critical for the security impact to the whole Internet.
  • 4 Greet IT. It was No.1 at 2008, and No.10 at 2009. Anyway, it’s a concept, containing a lot of technologies, customs, culture, etc.
  • 5 Reshaping the data center, with new designs and approaches that include building out incrementally in pod-based approaches, adding only power, chillers and generators to support initial needs.
  • 6 Social computing. It has been deeply involved into daily life. Facebook, Twitter, LinkedIn, etc.
  • 7 Security activity mornitoring.  A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. Personally,  I think this is similar to the No.2.
  • 8 Flash memory. It’s a new face to TOP 10.
  • 9 Virtualization for availability. While virtualization has been melted into cloud computing and other diverse areas, Gartner leaves “availability”.
  • 10 Mobile applications. No comments at this moment. There have been a lot of developers and app stores you can find at the web. It reflects the hotness. Read more…
Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

Twitter has performance issue now and again!

October 21st, 2009 Richard No comments

This morning Twitter seems to be in trouble of performance issue.  Actually, this is not first time to get the below screen:

Twitter performance issue again

Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English-, Cloud Tags: , ,

Wordpress 2.8.5 Release

October 21st, 2009 Richard No comments

Wordpress released its 2.8.5 today. At this release, Wordpress enhanced itself by:

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

At the same time, Wordpress 2.9 is in development and beta testing process.

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English- Tags:

CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China

October 19th, 2009 Richard 4 comments
CNCERT/CC 2009 Conference

CNCERT/CC 2009 Conference

CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004.  Here is the English agenda.

This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide.  You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English-, Security Tags: , , ,

China National Vulnerability Database gets online

October 19th, 2009 Richard 13 comments

Oct.18 2009(Beijing time), China CCTV news reported the release of national vulnerability database of China.

Along with the upsoaring of the Internet applications, the vulnerability number is also in a sharp growth. So the update and automation of vulnerability information is becoming more and more critical for the whole information ssytems. Vulnerability Database is used to research, collect, release, automate the lifecycle of vulnerability management, which is regarded the core of the related activities. Although there have been a series of open source vulnerability database(e.g. OSVDB, etc.), commercial maintained vulnerailibity database(e.g. CERT CVE, Bugtraq, NSFocus VDB, etc.), it’s still regarded very essential to setup one authoritive database for the industry, particularly for government and research organizations. Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks

Twitter tag cloud after the news of Nobel Peace Prize of President Obama

October 9th, 2009 Richard 1 comment

20091009122712320So yes, President Barack Obama was awarded the Nobel Peace Prize earlier this morning, and Twitter (and the rest of the Web) immediately blew up.

The diagram is the tag cloud at this morning.

It helps refect that how twitter has been closely penetrating into daily life at USA.

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English-, Cloud Tags: , ,

What would be Google’s next step after Sidewiki?

September 24th, 2009 Richard No comments

SidewikiAfter Google released its new Sidewiki service yesterday, it’s very interesting to imagine what would be Google’s next step.  You know, it’s not a new service to let users share comments for specific web pages. Digg, Slashdot, Reddit, delicious, and other peers have been providing this for a few years.  From the release note, the key point of Sidewiki is “direct”, ie. users don’t need to submit to somewhere else to share their comments. Sidewiki allows users share comments “directly”. Doesn’t “directly” mean shortcut to other page sharing providers? Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English-, Cloud, Telecom Tags: , , ,

NSFocus NIPS gets EAL3 certificate

September 21st, 2009 Richard No comments

Sept.16 2009, NSFocus, a leading information security company from China, got EAL3 certificate from the authority organization – ITSEC. This is the only NIPS product which gets EAL 3 certificate issued by ITSEC so far. The certificate, in conjunction with other certificates that NSFocus has gotten and is working on, is helping the company enhance its leadership at NIPS/NIDS market at China, even at Asia-Pacific area. Click here to see the news report in Chinese. Read more…

Share To:
  • Digg
  • del.icio.us
  • Google Bookmarks
  • Facebook
  • Slashdot
  • Technorati
  • Live
  • Reddit
  • LinkedIn
  • FriendFeed
  • Yahoo! Bookmarks
Categories: -English-, Security Tags: , , ,