Tom Olzak

Archive for the ‘security’ Category

Cloud Security Standards Excuse

In Application Security, Business Continuity, Cybercrime, Project Management, security, Windows 7 on March 23, 2012 at 15:03

I keep reading articles about how the lack of cloud security standards keeps companies away from cloud services. Isn’t this just an excuse? We have security standards for our own organizations… or we should. We also know what is and is not considered best practice. Further, we should by this time understand how trust works and the controls to implement, monitor, segregate, and secure various trust zones. Isn’t the cloud just another trust zone?

Securing the cloud requires the same diligence we use when securing our data centers. The difference lies in oversight requirements. How do we ensure the service provider is achieving the security outcomes we expect? There are cloud service providers that do get it, providing mechanisms for customer oversight, audits, etc. If the provider in your conference room trying to sell her proposal can’t provide the necessary security assurance methods, find someone else..

Don’t use lack of cloud standards to prevent the potential business benefit of hosted infrastructure or applications.

Android security…?

In Application Security, Certificates, Cybercrime, Data Security, Hacking, malware, Mobile Device Security, security, Security Management on March 6, 2011 at 20:09

A recent blog, Frequency X Blog, examines the latest Android malware, DroidDream.  The hole that allowed this is as big as they get.

Emergency patch for ASP.NET vulnerability

In Cybercrime, Data Security, Hacking, security, Security Management on September 29, 2010 at 14:28

According to H Security, this ASP.NET vulnerability should be patched as soon as possible.  The patch, MS10-070, is available from Microsoft as of 2/28/2010.

The vulnerability can be remotely exploited to read specific ViewState values and cookies and to download files from a server without possessing the necessary authority. The Padding Oracle Exploitation Tool (Poet) is able to take advantage of this kind of vulnerability. Affected products include Microsoft SharePoint 2010, SharePoint Foundation 2010, Microsoft Office SharePoint Server 2007, Windows SharePoint Services 3.0 and Windows SharePoint Services 2.0.

via Emergency patch for ASP.NET vulnerability on its way – The H Security: News and Features.

%d bloggers like this: