Cloud & Telecom Security

This morning, you might have noticed that the blog title was changed to “Cloud & Telecom Security”. Yes, it’s true.

From one or two years ago, my interests and focus have changed to around cloud computing and telecom or ICT security, while P2P was touched very occasionally.  I believe the new title can reflect the new focus better and hope you like it.

By this acquisition, HP enters enterprise networking market with strong threat management product line from Tippingpoint.

The vulnerability and threats research of DVLabs will greatly improve HP’s capability and image at these areas, so that HP’s competition against IBM will become more effective.  X-Force of ISS is one of the critical advantages of IBM over HP, at overall one-stop IT arena.

Historically, after the acquisition of an independent security company, their selling model and focus will change to more aligned with major businesses.  As for HP’s scenario, their security product lines, including the IPS/UTM, focuses on their global enterprise customers and outsourcing partners.  The security department, mostly, will lose some momentum to find and obtain new customers, instead, they will be more interested at existing customers, bundled within other bigger IT/service orders. Read more…

Actually, the whole thread was originated with a message at discuss@securitymetrics.org “Request for ideas” by Dimitrios Stergiou. Dimitrios likes to have some recommendations for his master program. By a sudden idea, I dropped him a message to recommend him to work on this true or false problem at security metrics.

It’s true or false: 70% of security incidents are due to insider threats?
I just read one book, “The New School of Information Security”, by Adam Shostack, Andrew Stewart, Addison-Wesley, 2008, where I found one interesting argument by the authors. The authors doubt the statement that 70% of security incidents are due to insider threats. You know, many consultants and books, articles regard this statement as one basic hypothesis at security. What’s your idea about it?

Completely a surprise, I found Adam, Andew, Dan and many experts jumped in to this discussion thereafter. A lot of fresh ideas emerged at discussion threads. In order to get more experts into this topic, I submitted a discussion at SecurityMetrics group, LinkedIn.

This RSA/IDC report has some information related to this topic – Insider Risk Management: A Framework Approach to Internal Security(Thanks to Hammud).  It is a good reference. In summary it told us two things that: Read more…

That’s an excellent post on the vision of WAF and vulnerability assessment. I agree to the points that “accuracy” should be the top priority of remote web assessment and integration between VM and WAF.

However, this gives us another hint – we need a commonly adopted standard format to exchange the message – similarly what the industry did on IDMEF before. It’s not an optimistic goal from historical perspective. So in short term, before that standards, integration inside one single vendor and product alliance will be the pioneer on the automation/ integration between VM+WAF.

Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:

• 1 Cloud computing. Cloud has been the top buzz-term in the past months. Gartner raised it from No.2 at 2009 to TOP1 at 2010.  With no doubt, this statement will be quoted by tons of articles and vendor solutions in the following seasons.
• 2 Advanced analytic.  I would rather explain it as data correlation and data mining tech. This seems to be similar to “business intelligence” (No.9 at 2009).
• 3 Client computing. Mostly client computing is critical for the security impact to the whole Internet.
• 4 Greet IT. It was No.1 at 2008, and No.10 at 2009. Anyway, it’s a concept, containing a lot of technologies, customs, culture, etc.
• 5 Reshaping the data center, with new designs and approaches that include building out incrementally in pod-based approaches, adding only power, chillers and generators to support initial needs.
• 6 Social computing. It has been deeply involved into daily life. Facebook, Twitter, LinkedIn, etc.
• 7 Security activity mornitoring.  A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. Personally,  I think this is similar to the No.2.
• 8 Flash memory. It’s a new face to TOP 10.
• 9 Virtualization for availability. While virtualization has been melted into cloud computing and other diverse areas, Gartner leaves “availability”.
• 10 Mobile applications. No comments at this moment. There have been a lot of developers and app stores you can find at the web. It reflects the hotness. Read more…

This morning Twitter seems to be in trouble of performance issue.  Actually, this is not first time to get the below screen:

Read more…

Wordpress released its 2.8.5 today. At this release, Wordpress enhanced itself by:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

At the same time, Wordpress 2.9 is in development and beta testing process.

CNCERT/CC 2009 Conference

CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004.  Here is the English agenda.

This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide.  You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…

Oct.18 2009(Beijing time), China CCTV news reported the release of national vulnerability database of China.

Along with the upsoaring of the Internet applications, the vulnerability number is also in a sharp growth. So the update and automation of vulnerability information is becoming more and more critical for the whole information ssytems. Vulnerability Database is used to research, collect, release, automate the lifecycle of vulnerability management, which is regarded the core of the related activities. Although there have been a series of open source vulnerability database(e.g. OSVDB, etc.), commercial maintained vulnerailibity database(e.g. CERT CVE, Bugtraq, NSFocus VDB, etc.), it’s still regarded very essential to setup one authoritive database for the industry, particularly for government and research organizations. Read more…

So yes, President Barack Obama was awarded the Nobel Peace Prize earlier this morning, and Twitter (and the rest of the Web) immediately blew up.

The diagram is the tag cloud at this morning.

It helps refect that how twitter has been closely penetrating into daily life at USA.

After Google released its new Sidewiki service yesterday, it’s very interesting to imagine what would be Google’s next step.  You know, it’s not a new service to let users share comments for specific web pages. Digg, Slashdot, Reddit, delicious, and other peers have been providing this for a few years.  From the release note, the key point of Sidewiki is “direct”, ie. users don’t need to submit to somewhere else to share their comments. Sidewiki allows users share comments “directly”. Doesn’t “directly” mean shortcut to other page sharing providers? Read more…

Sept.16 2009, NSFocus, a leading information security company from China, got EAL3 certificate from the authority organization – ITSEC. This is the only NIPS product which gets EAL 3 certificate issued by ITSEC so far. The certificate, in conjunction with other certificates that NSFocus has gotten and is working on, is helping the company enhance its leadership at NIPS/NIDS market at China, even at Asia-Pacific area. Click here to see the news report in Chinese. Read more…