Archive

Category Archives for "Security"

At VMworld, Get An Inside Look at a Modern Bank. Learn How Wells Fargo and Other Top Brands Reduce Risk While Fostering Innovation.

This blog was co-authored by Jared Ruckle and Jonathan Morin.

 

VMworld is one of the seminal weeks in enterprise IT. You gather with your peers to learn and discuss the challenges of the day. And what are those challenges? Three stand out:

  1. Rising consumer expectations. Your customers expect to interact with your brand on their terms. Self-service, mobility, and speed are table stakes. If you don’t deliver a responsive and engaging user experience, you’re irrelevant.
  2. Increased competition from startups and incumbents. Your competitors aren’t only your peers in the FORTUNE 500. Startups all over the world are looking to take your market share.
  3. Constantly evolving security threats from every direction. Speaking of table stakes: security. In an era where attacks can be launched for pennies – by anyone, from anywhere – you have take a different approach to InfoSec. You need to move faster. Speed and velocity aren’t just for development teams. It’s a crucial for a modern InfoSec mindset too.

 

Sound familiar? It should if you’re an IT leader. No matter where you are on your journey to get better at software, it’s always fun to learn from others. We want to highlight a few sessions Continue reading

Announcing the Online Trust Audit & Honor Roll Methodology for 2018

The Online Trust Alliance (OTA) is an Internet Society initiative that aims to enhance online trust, user empowerment, and innovation through convening multistakeholder initiatives and developing and promoting best practices, ethical privacy practices, and data stewardship. One of OTA’s major activities is the Online Trust Audit & Honor Roll, which promotes responsible online privacy and data security practices and recognizes leaders in the public and private sectors who have embraced them. This morning, we released the methodology we’ll use for this year’s audit.

The report will analyze more than 1,000 websites on consumer protection, site security, and responsible privacy practices. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll.

Building largely on past criteria, this year’s updates include GDPR compliance and other security and privacy standards and practices, as well as adding a healthcare sector. From the press release:

Key changes to this year’s Audit include:

  • Consumer Protection (email authentication, domain security and anti-phishing technologies) – more granular assessment of Domain-based Message Authentication, Reporting and Conformance (DMARC) support, and increased weight for use of opportunistic Transport Layer Security (TLS), which Continue reading

There’s a Techlash. The G20 Should Listen.

The Internet is at risk. Once thought of as the global equalizer, opening doors for communication, work opportunities, commerce and more – the Internet is now increasingly viewed with skepticism and wariness. We are witnessing a trend where people fare feeling let down by the technology they use. Fueled by unease and uncertainty about the growing scope of threats to security and privacy that come with an always-on, tech-driven world, people are now looking for ways to disconnect and are placing greater emphasis on values and human interaction.

The way we live our lives is now inextricably linked to the Internet – which is estimated to contribute US$6.6 trillion a year, or 7.1 percent of total GDP in the G20 countries by 2020. In developing nations, that digital economy is growing steadily by 15 to 25 percent a year. Yet the Internet essentially is under attack. Large scale data breaches, uncertainties about how our data is being used and monetized, cybercrime, surveillance and other online threats are impacting Internet users’ trust. We are at an important crossroads for the Internet and its healthy development is at stake.

It is our collective duty to find a response to the Continue reading

Getting To The Root Of Security With Trusted Silicon

The increasingly distributed nature of computing and the rapid growth in the number of the small connected devices that make up the Internet of Things (IoT) are combining with trends like the rise of silicon-level vulnerabilities highlighted by Spectre, Meltdown, and more recent variants to create an expanding and fluid security landscape that’s difficult for enterprises to navigate.

Getting To The Root Of Security With Trusted Silicon was written by Jeffrey Burt at .

DeGrasse Tyson: Make Truth Great Again

Neil deGrasse Tyson tweets the following:
When people make comparisons with Orwell's "Ministry of Truth", he obtusely persists:
Given that Orwellian dystopias were the theme of this summer's DEF CON hacker conference, let's explore what's wrong with this idea.

Truth vs. "Truth"

I work in a corrupted industry, variously known as the "infosec" community or "cybersecurity" industry. It's a great example of how truth is corrupted into "Truth".

At a recent government policy meeting, I pointed out how vendors often downplay the risk of bugs (vulnerabilities that can be exploited by hackers). When vendors are notified of these bugs and release a patch to fix them, they often give a risk rating. These ratings are often too low, in order to protect the corporate reputation. The representative from Oracle claimed that they didn't do Continue reading

Securing The Server, Inside And Out

Computing is hard enough, but the sophistication and proliferation of attacks on IT infrastructure, from the firewall moat surrounding the corporate network all the way down into the guts of the operating system kernel and deep into the speculative execution units on the physical processor, make the task of computing – with confidence – doubly difficult.

Securing The Server, Inside And Out was written by Timothy Prickett Morgan at .

How Cloudflare protects customers from cache poisoning

How Cloudflare protects customers from cache poisoning

A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers. While any web cache is vulnerable to this attack, Cloudflare is uniquely able to take proactive steps to defend millions of customers.

In addition to the steps we’ve taken, we strongly recommend that customers update their origin web servers to mitigate vulnerabilities. Some popular vendors have applied patches that can be installed right away, including Drupal, Symfony, and Zend.

How a shared web cache works

Say a user requests a cacheable file, index.html. We first check if it’s in cache, and if it’s not not, we fetch it from the origin and store it. Subsequent users can request that file from our cache until it expires or gets evicted.

Although contents of a response can vary slightly between requests, customers may want to cache a single version of the file to improve performance:

How Cloudflare protects customers from cache poisoning

(See this support page for more info about how to cache HTML with Cloudflare.)

How do we know it’s the same file? We create something Continue reading

VMware Cloud on AWS: Advanced Networking and Security with NSX-T SDDC

Announced in AWS Summit in New York last month and also briefly mentioned on the prior blog, Announcing General Availability of VMware NSX-T Data Center 2.2.0, NSX-T networking and security is now available in Preview Mode for new SDDC deployments on VMware Cloud on AWS. Please reach out to your sales/SE contact for more information.  In this blog post, I give an overview of the advanced networking and security functionality provided by NSX-T within VMware Cloud on AWS. Continue reading

1 80 81 82 83 84 178