Tom Henderson
Author Archives: Tom Henderson
- Home → Author's archive:
Tom Henderson
0
Citrix wins VDI shootout
Virtual Desktop Interface is becoming easier to do, with potentially killer graphics, reasonable port virtualization, fine-grained administrative control, and with potential hosts other than Windows.To read this article in full or to leave a comment, please click here(Insider Story)
0
Citrix wins virtual desktop interface shootout
Virtual Desktop Interface is becoming easier to do, with potentially killer graphics, reasonable port virtualization, fine-grained administrative control, and with potential hosts other than Windows.To read this article in full or to leave a comment, please click here(Insider Story)
0
The many dimensions of cloud value
Do you hear that grating sound of value clash among cloud providers? It’s the sound of attempted differentiation, that reason you buy Starbucks instead of Dunkin Donuts, Peet’s or perhaps Tim Horton’s brew. Brand thinkers want us to choose something we like because they know once we do, we will stay. We’re creatures of habit. We dislike the qualification process of choosing new vendors for coffee, as well as IT gear and services.Much marketing focus is going towards incremental services bundles that make one cloud vendor seem, or actually be, better than the offerings of another. Determine the value of the cloud services you need The first smoke cloud that obscures actual value of cloud services is the dizzying value calculator. This device, when present (and it’s often missing), allows you to plug in what you predict (you can predict, can’t you?) your ongoing costs will be for a particular set of data processing needs.To read this article in full or to leave a comment, please click here
0
Apple’s new Bluetooth security hole
When the iPhone7 ships, you’d best have your mobile device management (MDM) on the phone locked down. Apple’s self-described “courageous” move to warrant Bluetooth instead of wired headphone connectivity will give you nightmares. Part of the problem is the Bluetooth protocol itself; the other problem is that civilians leave it on and accessible. But you’ve already buttoned down all of that stuff, right? Like others in the tech press, I’ve taken out my Bluetooth analyzer and watched the count of responding devices in downtown Bloomington, Indiana, near the lab. It’s easy to do. To read this article in full or to leave a comment, please click here
0
Lessons learned from WordPress attacks
I traveled from VMworld to the lab last Wednesday, and during that time, something infected two websites I control.I suspect the servers were used as part of a Syn Flood attack. The servers, both using WordPress, would come up and serve their web pages, but then they would quickly run out of cache by processes that were difficult to track.+ Also on Network World: Analyzing real WordPress hacking attempts +They initially made contact with some IPs located conveniently in Russia, then lots of syn traffic, and interesting session waits and listens. It took about two minutes before the sites cratered from resource drainage, and the errantly injected processes dominated then effectively cratered the servers from their intended use.To read this article in full or to leave a comment, please click here
0
Lessons learned from WordPress attacks
I traveled from VMworld to the lab last Wednesday, and during that time, something infected two websites I control.I suspect the servers were used as part of a Syn Flood attack. The servers, both using WordPress, would come up and serve their web pages, but then they would quickly run out of cache by processes that were difficult to track.+ Also on Network World: Analyzing real WordPress hacking attempts +They initially made contact with some IPs located conveniently in Russia, then lots of syn traffic, and interesting session waits and listens. It took about two minutes before the sites cratered from resource drainage, and the errantly injected processes dominated then effectively cratered the servers from their intended use.To read this article in full or to leave a comment, please click here
0
Ubuntu 16.04 kisses the cloud, disses the desktop
With Ubuntu 16.04LTS (Xenial Xerus), Canonical has introduced incremental improvements to the popular server and cloud versions of its operating system, but if you were looking for exciting changes to desktop Ubuntu, this version isn’t it. The 16.04 release is an iterative, not necessarily massive improvement. But this is an Long Term Service (LTS) version, which means that there’s a team working on keeping it solid for five years. So, into the next decade, 16.04 gets patched and fixed, as other versions continue to be released on a regular basis. In this new release, Ubuntu further strays from the RedHat/SUSE/CentOS/Oracle school of software packaging by officially supporting an important new tool: Snap, a package manager.To read this article in full or to leave a comment, please click here
0
VMworld 2016: Clouds are commodities
VMware is poised to take you to the cloud, and it wants to prove its worth to be your cloud broker.During yesterday’s keynote address at VMworld in Las Vegas, CEO Pat Gelsinger talked about a new layer between the cloud and a data center. For purposes of discussion, I’ll call it the hybrid cloud control plane. It’s not quite an operating system and not quite compute as a service, but it’s close to both of these. It’s an intelligent brokerage system, designed to keep you loving VMware.+ Also on Network World: Hot products from VMworld 2016 +To read this article in full or to leave a comment, please click here
0
When your government hacks you
There was a time when Cisco routers were unstoppable, and their deviations into proprietary protocols and constructions were accepted because Cisco could do no wrong. They were the smartest kids in networking protocols.But there is a crack in their armor, a glitch in the Teflon. Cisco may not be the only networking infrastructure vendor to now face an attack ostensibly from their own government, just the largest.Just as the U.S. government has taken Huwaei to task for an accusation of hidden code benefiting the Chinese government, other governments across the planet now know that their Cisco infrastructure can be cracked open—and no, it’s not easy, and requires an additional step of having hacked in from some place else.To read this article in full or to leave a comment, please click here
0
When your government hacks you
There was a time when Cisco routers were unstoppable, and their deviations into proprietary protocols and constructions were accepted because Cisco could do no wrong. They were the smartest kids in networking protocols.But there is a crack in their armor, a glitch in the Teflon. Cisco may not be the only networking infrastructure vendor to now face an attack ostensibly from their own government, just the largest.Just as the U.S. government has taken Huwaei to task for an accusation of hidden code benefiting the Chinese government, other governments across the planet now know that their Cisco infrastructure can be cracked open—and no, it’s not easy, and requires an additional step of having hacked in from some place else.To read this article in full or to leave a comment, please click here
0
Where the monsters live
The monsters read your full network traffic flow if they have your keys or you used weak ones.The monsters are in the hidden partitions of USB flash drives left in parking lots and technical conferences.The monsters are in the weakened smartphone OS that most of your users own.The monsters are in the containers you used from that interesting GitHub pull.The monsters are in the Cisco router where the Zero Day lives waiting for the NSA.The monsters are in the fake certificates your user swallowed in their browsers.The monsters are 10,000 CVEs that you never, ever checked.The monsters live inside your kernel, watching for the network traffic that brings them alive from their zombie state.To read this article in full or to leave a comment, please click here
0
Where the monsters live
The monsters read your full network traffic flow if they have your keys or you used weak ones.The monsters are in the hidden partitions of USB flash drives left in parking lots and technical conferences.The monsters are in the weakened smartphone OS that most of your users own.The monsters are in the containers you used from that interesting GitHub pull.The monsters are in the Cisco router where the Zero Day lives waiting for the NSA.The monsters are in the fake certificates your user swallowed in their browsers.The monsters are 10,000 CVEs that you never, ever checked.The monsters live inside your kernel, watching for the network traffic that brings them alive from their zombie state.To read this article in full or to leave a comment, please click here
0
Your next 10 security pain points
Going to security conferences always stimulates my imagination. It makes me think outside of the box and remove the cruff that develops when I sit inside my lab too long—staring at vCenter monitors, 10 open bash sessions, security consoles, and emails from colleagues swallowing Xanax.+ Also on Network World: Cyber attacks are on the rise +If advanced persistent threats (APTs), certificate authorities (CAs) with IQs of 77, vendor patches bordering on oxymoronic, and hyper-aggressive agile development weren’t enough, I’ll summarize what I believe are your next 10 security pain points.To read this article in full or to leave a comment, please click here
0
Black Hat and DEF CON: The song remains the same
Yes, history repeats itself. I’m looking at the July 20-27, 2009, issue of Network World.The front page headlines are:- Black Hat to expose attacks- Microsoft’s embrace of Linux seen as strategic- Data Loss Prevention Clear Choice Test- Burning Questions:1) Are mobile Web apps ever going to grow up?2) How much longer are you going to hang onto that Ethernet cable?3) Do you have any idea how much money you’re wasting on international wireless services?I saw Network World's Tim Greene, author of the 2009 Black Hat article, sitting in the working press area, seven years later, typing furiously.To read this article in full or to leave a comment, please click here
0
Black Hat and DEF CON: The song remains the same
Yes, history repeats itself. I’m looking at the July 20-27, 2009, issue of Network World.The front page headlines are:- Black Hat to expose attacks- Microsoft’s embrace of Linux seen as strategic- Data Loss Prevention Clear Choice Test- Burning Questions:1) Are mobile Web apps ever going to grow up?2) How much longer are you going to hang onto that Ethernet cable?3) Do you have any idea how much money you’re wasting on international wireless services?I saw Network World's Tim Greene, author of the 2009 Black Hat article, sitting in the working press area, seven years later, typing furiously.To read this article in full or to leave a comment, please click here
0
What is a cloud access security broker and why do I need one?
According to analysts from Gartner and elsewhere, every enterprise with a significant cloud presence needs a cloud access security broker to protect cloud-based data. CASB products can sit either on-premises or live in the cloud, but they all have the same basic function – providing a secure gateway for data traveling to and from the cloud, particularly with respect to SaaS applications and common cloud storage services like Box or Dropbox.To read this article in full or to leave a comment, please click here(Insider Story)
0
CASB delivers must-have protection for your SaaS apps
Cloud Access Security Brokers are products that can be described as firewall plus identity management plus anti-malware plus DLP plus encryption control/implementation plus threat management.CASB products have becoming increasingly important as enterprises look to extend their on-premises security policies to their cloud-based assets. We looked at three products -- CipherCloud, Bitglass, and Netskope. Each one takes a different, yet ingenious, approach to the task of stopping unauthorized, inappropriate, or uncontrolled cloud asset access and manipulation.+ MORE ON CASB: What is a cloud access security broker (CASB) and why do I need one? +To read this article in full or to leave a comment, please click here
0
Russia hacks, plunders the U.S. No bullets fired
It seems so simple, and I hope it’s not: Russia has invaded the U.S. and assaulted the U.S. presidential election, and they haven’t fired a single shot.It would seem all roads lead to the Russian government having their fingers in the U.S. Democratic National Committee and the Democratic Congressional Committee. And WikiLeaks now becomes the New New Gun poised at the collective heads of U.S. politicians—by their revelations and their intent.+ Also on Network World: U.S. cyber incident directive follows DNC hack +To read this article in full or to leave a comment, please click here
0
Russia hacks, plunders the U.S. No bullets fired
It seems so simple, and I hope it’s not: Russia has invaded the U.S. and assaulted the U.S. presidential election, and they haven’t fired a single shot.It would seem all roads lead to the Russian government having their fingers in the U.S. Democratic National Committee and the Democratic Congressional Committee. And WikiLeaks now becomes the New New Gun poised at the collective heads of U.S. politicians—by their revelations and their intent.+ Also on Network World: U.S. cyber incident directive follows DNC hack +To read this article in full or to leave a comment, please click here
0
U.S. cyber incident directive follows DNC hack
One wonders if it took social media to finally motivate the White House to act on cyber incidents.The Democratic National Committee (DNC) was hacked, and the emails, many quite damning of the governance of the DNC, were released by WikiLeaks. Reports link the hack to the Russian government. Debbie Wasserman Schultz, head of the DNC, resigned—one in any number of political and government officials to fall on their swords after security breach exposés.Then on Tuesday morning, President Barack Obama announced a U.S. Cyber Incident Coordination Directive. If the directive is actually followed, expect several agencies to drown in complaints, even though private citizen complaints aren’t included. Commercial and governmental complaints appear to be the only complaints covered by the directive. To read this article in full or to leave a comment, please click here