Posts Tagged ‘security’
A few weeks ago I attended a summit on advanced persistent threats (APTs)[1] run by on of the major security vendors. So that people could speak freely there it used Chatham House Rules, so sadly I can’t attribute the piece of insight that I’m going to share here. About five or six years ago I wrote a security monitoring […]
Filed under: security | 1 Comment
Tags: APT, cones, eye, eyeball, monitoring, MSSP, rods, security, SEM, SIEM, sim, SOC
The wrong sort of radio
This post is about the madness of corporate web filters in the age of ubiquitous consumer devices with Internet connectivity. I typically see three types of connectivity in any given corporate setting: The company network. Usually wired, but sometimes with a wireless adjunct, this network offers the same liberty as an oppressive Middle East regimes[1]. This […]
Filed under: security, technology | 5 Comments
Tags: 3G, data, filter, filtering, HR, mobile, policy, security, social, time, web, wifi
Social Documents
Document management sucks! There – I said it. I challenge you to prove me wrong. I haven’t yet found a document management system (DMS) that’s fit for purpose, and I think I know why. It’s not about the technology. Documentum might hark from the client server era, and Alfresco trumps that with its SOA, but […]
Filed under: e2.0, security | 4 Comments
Tags: annotation, attribute, bookmark, dms, document, document management system, DRM, e2.0, enterprise 2.0, file, folder, role, search, security, social, social object, tag, tagging, tags
3D (in)Secure
It’s not news that the 3D Secure system that gets branded as ‘Verified by Visa’ is a steaming pile of something that should be scraped off shoes rather than presented on screens. Ben Laurie was the first serious voice of dissent (that I noticed), but then along came Ross Anderson and Steven Murdoch to ensure […]
Filed under: could_do_better, security | 2 Comments
Tags: 3D Secure, additional cardholder, cardholder not present, CNP, credit, credit card, joint account, liability, payments, phishing, security, Verified by Visa
Digital 9/11
This post is probably going to get me into trouble, but this stuff needs saying. There’s been a sudden outburst of sanity today about this topic, so I feel obliged to throw in my 2¢. A few weeks back I heard somebody say that we hadn’t yet seen a ‘digital 9/11’. I think what they […]
Filed under: security | 2 Comments
Tags: 9/11, cyber, intelligence, movie plot, response, security, terrorist
The MAC hullabaloo
Kim Cameron has had lots of interesting things to say over the past few days about the security and privacy implications of harvesting MAC addresses in the wake of Google being somewhat caught out with their activities in this area. Today though he has a piece where I think he’s crossed over the Chicken Little line. In […]
Filed under: identity, security | Leave a Comment
Tags: cardspace, information card, Kim Cameron, MAC, MACs, privacy, security, streetview, wifi
A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps[1]. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and […]
Filed under: identity, security | 2 Comments
Tags: authentication, google, identity, saas, security, strong authentication, tricipher, verisign, vip
Two wishes granted – an API for XACML, and OpenID from Google Apps. Wish three – strong(er) authentication for Google Apps to make SaaS more secure.
Filed under: identity, security | 1 Comment
Tags: directories, google, identity, idm, ldap, ldif, OpenID, saas, security, strong auth, strong authentication, twittergate, xacml
Security conferences
Having dragged James into the debate about Pamela’s post, and having spent most of the week at a security conference I thought I’d throw some of my own thoughts into the ring. Let’s start with attendees, or ‘plankton‘ as Pamela calls them, and the idea that attendees learn something by going to conferences. I think […]
Filed under: security | 4 Comments
Tags: conference, security
Persona – one year on
It seems that the term Persona is finally finding its way into common usage, and I’m encouraged by the recent posts by Nishant Kaushik and Mark Dixon.
Filed under: security | 2 Comments
Tags: digital identity, idm, llp, persona, security, trust
Chris Swan's Weblog 