Posts Tagged ‘security’
I got an email from my bank yesterday telling me that they’re rolling out two factor authentication (2FA) to protect their my money from fraudsters. It looks like a pretty standard one time password (OTP) based scheme that will have a choice between mobile and physical tokens. They’re being pretty inflexible about the deployment model […]
Filed under: identity, security | 2 Comments
Tags: 2FA, banking, identity, NFC, online, OTP, security, twitter, user experience, UX
CohesiveFT video overview
For those of you wondering what I do in my day job:
Filed under: cloud, CohesiveFT, security | Leave a Comment
Tags: cloud, networking, security
My New Job
I’ve started a new job as CTO for CohesiveFT. It’s a great company with a great team and some great products and services. As I’ve known many of the people since before the company was founded this post could be subtitled ‘a brief history of CohesiveFT’. The people and pre-history Alexis Richardson was the instigator. […]
Filed under: cloud, CohesiveFT, technology | Leave a Comment
Tags: aws, deployment, factory, IBM. cloud, image, industrial design, management, multicast, network, open source, OpenStack, SDN, security, topology, virtual appliance, virtual machine, vpn
Bolting in security
This is a long overdue reply to Chris Hoff’s (@Beaker) ‘Building/Bolting Security In/On – A Pox On the Audit Paradox!‘, which was his response to my ‘Building security in – the audit paradox‘. Hopefully the ding dong between Chris and I will continue, as it’s making me think harder, and hence it’s sharpening up my […]
Filed under: cloud, security | Leave a Comment
Tags: @beaker, audit, bolt, bolt on, build in, Chris Hoff, cloud, control, Forecast, iaas, in, ODCA, paas, security
Firstly let me say that I like Linode a lot. They had a promotion running a little while ago which got me going with my first virtual private server (VPS), and I only moved off to somewhere from lowendbox after the promotion because my needs are small (and I wanted to match my spend accordingly)[1]. […]
Filed under: security | 4 Comments
Tags: admin, Bitcoin, console, iaas, Linode, management, password, security, SSH, VM, VPS
My friend Randy Bias very kindly came in and did a web conference presentation at work this week on his views of cloud computing (which are well summarised in a post he did at the end of last year). Inevitably the topic of security came up, and Randy, drawing on his past experience in the […]
Filed under: architecture, cloud, security, software | 6 Comments
Tags: audit, bolt on, build in, cloud, compliance, firewall, gateway, iaas, paas, schema, security, validation, xml
A few weeks ago I attended a summit on advanced persistent threats (APTs)[1] run by on of the major security vendors. So that people could speak freely there it used Chatham House Rules, so sadly I can’t attribute the piece of insight that I’m going to share here. About five or six years ago I wrote a security monitoring […]
Filed under: security | 1 Comment
Tags: APT, cones, eye, eyeball, monitoring, MSSP, rods, security, SEM, SIEM, sim, SOC
The wrong sort of radio
This post is about the madness of corporate web filters in the age of ubiquitous consumer devices with Internet connectivity. I typically see three types of connectivity in any given corporate setting: The company network. Usually wired, but sometimes with a wireless adjunct, this network offers the same liberty as an oppressive Middle East regimes[1]. This […]
Filed under: security, technology | 5 Comments
Tags: 3G, data, filter, filtering, HR, mobile, policy, security, social, time, web, wifi
Social Documents
Document management sucks! There – I said it. I challenge you to prove me wrong. I haven’t yet found a document management system (DMS) that’s fit for purpose, and I think I know why. It’s not about the technology. Documentum might hark from the client server era, and Alfresco trumps that with its SOA, but […]
Filed under: e2.0, security | 4 Comments
Tags: annotation, attribute, bookmark, dms, document, document management system, DRM, e2.0, enterprise 2.0, file, folder, role, search, security, social, social object, tag, tagging, tags
3D (in)Secure
It’s not news that the 3D Secure system that gets branded as ‘Verified by Visa’ is a steaming pile of something that should be scraped off shoes rather than presented on screens. Ben Laurie was the first serious voice of dissent (that I noticed), but then along came Ross Anderson and Steven Murdoch to ensure […]
Filed under: could_do_better, security | 2 Comments
Tags: 3D Secure, additional cardholder, cardholder not present, CNP, credit, credit card, joint account, liability, payments, phishing, security, Verified by Visa