|
|
|
|
Seen and heardMarch 13, 2008
Thursday, March 13, 2008 5:23 PM/EST
IBM identifies enterprise single sign-on in EncentuateIBM announced its acquisition of enterprise single-sign-on vendor Encentuate on March 12. Ian Yip has interesting analysis of the deal here. I've been following Passlogix and Encentuate for years and I have to agree with Ian on the business analysis. Also what this means for IBM customers who bought ESSO from IBM.... March 7, 2008
Friday, March 07, 2008 5:23 PM/EST
Autodesk DWG file handling troubles userRay Sirois, IT manager for water engineering firm Wright-Pierce has a problem with Autodesk's AutoCAD 2008. Sirois took the unusual step of issuing a press release announcing that his company would stop work on any upgrade plans until performance problems are resolved. The backstory is that in 2004, my former colleague Henry Baltazar wrote a review of Riverbed Technology's Steelhead application acceleration/WAN bandwidth optimization products. Baltazar also wrote a case study featuring Sirois and Wright-Pierce, one of the first U.S. customers of Riverbed. Then, Sirois was a very satisfied customer. Today, he's frustrated at what he calls a lack of communication and corrective action from Autodesk. For the record, he remains a very satisfied customer of Riverbed. Today, according to Sirois, when a user saves a file in AutoCAD 2008, the contents of the DWG (the native format for AutoCAD drawings) file are reordered. This reordering makes the file appear... March 4, 2008
Tuesday, March 04, 2008 5:38 PM/EST
Cisco ASR 1000 and IOS XE on the Short ListMy colleague Michael Vizard covered Cisco's announcement of the ASR 1000 at CeBIT. I'm anxious to get a look at Cisco's new ASR 1000 Series Aggregation Services Router with Cisco IOS XE. The platform is supposed to be able to offer high availability for IPsec VPN, firewall services, NetFlow event logging, and DDoS detection and mitigation without stopping. Like I said, very interesting and I'm looking forward to getting a look at the device. In the meantime, poking around on Cisco's site yielded this gem for IT managers: a significant change in Cisco's maintenance policy for IOS XE. In the Cisco IOS XE Software End-of-Life Strategy document Cisco will start releasing IOS XE software every four months instead of waiting for a feature queue to fill as is the case for IOS. The good news is that this means network managers will be able to schedule maintenance on a predictable... February 21, 2008
Thursday, February 21, 2008 1:21 AM/EST
Redirecting Aging DNS InfrastructureIt was said of the Chicago stockyards that they used every part of the pig except the squeal. The same can be said of the Internet search industry. For some time, ISPs and others, including no-cost DNS provider OpenDNS, have been squeezing every last penny out of Internet search by providing alternative suggestions when users misspell the domain name of their intended Web destination. While often problematic, as Steve Loughran writes, for some client systems, it's hardly nefarious. Search is now a well-established commercial activity. For example, no-cost OpenDNS does a good job of offering corrections to users' fumbled keystrokes and otherwise makes a good college try of getting users to their intended Web sites. What is highlighted in this case is the ubiquitous and aging DNS infrastructure. WiscNet and eWEEK Labs recently teamed up to look at several vendors, including Alcatel-Lucent, BlueCat Networks and InfoBlox, to update and better... January 29, 2008
Tuesday, January 29, 2008 12:04 PM/EST
Welcome to my iTunes Privacy MountainHow did the Apple store get my e-mail address when all I bought was a case for my iPhone? Several readers of this blog pointed out that I gave Apple my e-mail when I registered for iTunes. And that is true. I also now believe that AT&T didn't give my private information to Apple. And here's why I still think it's disturbing. All I gave the clerk at the Apple store was my credit card. It seems that in order to smooth my customer experience with Apple, the company has linked my credit card number, iTunes account and Apple's wireless point-of-sale check out devices. What bugs me is that I still haven't been able to wade through the 60-plus pages of license and terms of service that I had to accept to get iTunes and my iPhone activated. I think this is an example of Fleet of Lawyers vs. Average... January 23, 2008
Wednesday, January 23, 2008 12:28 PM/EST
My New iPhone, My Disappearing PrivacyMy loss of privacy all started at a company-sponsored health and wellness fair in October. I got my blood pressure tested and my flu vaccine and I entered a drawing for an iPod Shuffle being given away by AC Transit. I occasionally take the transbay bus to work at the Ziff Davis Enterprise office at 2nd and Mission in downtown San Fran and I was mostly interested in getting the free four-ride passes the representative was handing out. As it turned out, I won, and in the mail I received an out-dated, 1GB iPod. Well, to use it I had to get iTunes. And after I got iTunes, I got an iTunes gift certificate for Christmas. And after I loaded up my iPod with the great dance hits of the '80s my beloved Treo started having problems. Readers of this blog know that when I personally bought my Treo 650... December 19, 2007
Wednesday, December 19, 2007 4:27 PM/EST
Anti-Malware Testing Working GroupAnti-Malware Testing Working Group is a group of vendors and test organizations that plan to release methodologies for testing security products. Brian Prince, one of my news colleagues, has more on the story here. The question Brian asks, "Why has testing lagged so far behind the threat landscape?" is a good one, but one that's got an easy answer. It's very expensive to do this type of testing. In many ways it's like testing spam ... you have to have a fresh crop of malware every time you test, so it's practically impossible to repeat the tests. BAD (Behavioral Anomaly Detection) software, which is supposed to be superior to signature-based anti-malware systems because it can catch zero-day attacks, usually requires some type of user interaction (such as signing up for mail lists, interacting with a system or clicking on a call-to-action to activate the malware). At a recent Symantec security... December 18, 2007
Tuesday, December 18, 2007 6:36 PM/EST
Idaho Power Gets SarbOx ComplianceI had the pleasure of speaking with Alex Tatistcheff, information security manager for Idaho Power, on Dec. 12 about his implementation and use of nCircle's CCM (Configuration Compliance Manager). Anyone interested in compliance management, especially for servers, would do well to take a look at the case study. There's also a review of nCircle's product and a slide show of CCM in action. There is also a related case study on the Denver International Airport's PCI compliance steps. Idaho Power is primarily using nCircle for Sarbanes-Oxley Act compliance and Denver International's project was aimed squarely at PCI compliance. I'd like to circle back to both organizations in about a year to see if they've expanded the use of their auditing tools to other compliance projects. My guess is that they will. IP was talking about NERC (North American Electric Reliability Corporation) infrastructure protection regs for which it might use nCircle.... December 12, 2007
Wednesday, December 12, 2007 6:29 PM/EST
Security Reviewers WorkshopI attended a Symantec endpoint security reviewer workshop in San Francisco Dec. 11. These workshops are always an interesting mix of "head fixing" on the part of the workshop sponsor (Symantec is far from the only company that holds such events) combined with often feisty reviewers on the other side. Our wrangles yesterday ranged from what constitutes malware (does a piece of malware have to be active to be considered a threat?) to what constitutes a good test for false positives in a behavior analysis tool (Symantec says the minimum test harness configuration should include 500 legitimate applications to get a meaningful test of a behavior-based threat prevention tool.) We didn't spend that much time on virtualization except to say that some malware turns itself off if it detects a VM because virus makers know how much the security industry relies on VMs to expedite the testing and detection process.... December 10, 2007
Monday, December 10, 2007 6:03 PM/EST
Just find a hosting company with good security ...For most small and midsize organizations, use the following formula to find a Web host provider: Price (where low is good and high is bad) divided by services (where more is better) equals "our decision." There are some nonintuitive factors that must now be brought into play to get the best hosting provider for your organization. But first, let me set the stage for this discussion with a real-life example. I'm on an e-mail thread started by Diane Steinhauser, the executive director of the TAM (Transportation Authority of Marin). This thread, along with several long phone calls that I've had with Diane reveal that business leaders must also consider hosting security as part of the selection criteria. The problem is that there isn't an independent rating system or licensing body for Web host providers. Thus, picking a "good" hoster now also means asking a lot of questions about reputation and... |
|
|
|
|
