tag:blogger.com,1999:blog-4088979.post1192313305618749690..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: The Security World Is Not Just a Webbed, Virtual, Fluffy CloudRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-42019781693252957672009-03-25T11:19:00.000-04:002009-03-25T11:19:00.000-04:00Just finished reading "The Security World Is Not J...Just finished reading "The Security World Is Not Just a Webbed, Virtual, Fluffy Cloud." Quite enjoyable. <BR/><BR/>Question, will you be writing more on Network Security or Virtualization? If so, would you be interested in having it showcased in our monthly newsletter? This would be free exposure for you.<BR/><BR/>Let me know if you are interested and we can talk more about it: <BR/><BR/>janderson@imninc.com.<BR/>http://blogsunlocked.wordpress.com/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-5997211880443896772009-03-16T21:38:00.000-04:002009-03-16T21:38:00.000-04:00Rich,Your losing touch. Attach the phrase "its the...Rich,<BR/><BR/>Your losing touch. Attach the phrase "its the new hotness" when describing one of the "outdated" areas, and suddenly everyone will focus on it again. :)John Wardhttps://www.blogger.com/profile/10741149622435353727noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-49036066841785594742009-03-11T13:11:00.000-04:002009-03-11T13:11:00.000-04:00Richard, web app and virtualization are stringent ...Richard, <BR/>web app and virtualization are stringent real problems that directly affect the business to a high degree and therefore they warrant answers. they are real, are here, being used on larger scale day by day, and we have to deal with them sooner than later. <BR/>indeed, salespeople abuse them way too much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-73964725322636482122009-03-09T21:37:00.000-04:002009-03-09T21:37:00.000-04:00@ Richard:Right on the spot. Is the security buzzw...@ Richard:<BR/><BR/>Right on the spot. Is the security buzzword phenomenon moving to the technical areas of security. I don't know why but I have reasons to expect the worse in terms of security. <BR/><BR/>You know, mainframes suffered with security issues from day 0, so people tried to define models that went into place and they finally "became secure"... so, from the late 80s, hacking exploded and more than a half of the security paradigms went to the space. <BR/><BR/>I think we are getting to the bottom of that wave, and people are starting to assume that this security stuff isn't that chaotic anymore, after-all we all learned that firewalls cannot protect the upper layers, that applications must be secure by design.<BR/><BR/>What f*cks the whole thing is that security is not a science is an art and creativity still one of the main tools of the attacking agent. While they have the advantage of being creative and attacking where we don't expect, we are stuck in buzzwords and dogmas...<BR/><BR/><BR/>@Andre Gironda:<BR/><BR/>WHAT?!?!?! "Unless your company specialises in DNS service offerings?!!?!?" Please, somebody stop the world 'coz I wanna to get out...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-72100740275485475162009-03-09T11:27:00.000-04:002009-03-09T11:27:00.000-04:00Actually, our industry has too much focus/emphasis...Actually, our industry has too much focus/emphasis on Windows buffer overflows; not webapp/cloud/virt.<BR/><BR/>While I agree that all of the things that you have mentioned are important, they probably don't require a dedicated person at each company. Unless your organization specializes in DNS service offerings (e.g. OpenDNS), BGP offerings (e.g. Renesys), MPLS services (e.g. AT&T), or non-traditional rootkits (e.g. Veracode).<BR/><BR/>Web applications affect um... everyone. Every organization that I know about, and one-hundred percent of users.<BR/><BR/>Some quotes for you before we leave:<BR/><I>The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical s<BR/>ervers. Virtualized servers will represent 14.6% of all physical servers in 2010 compared to just 4.5% in 2005.</I> - IDC<BR/><I>60% of production virtual machines will be less secure than their physical counterparts through to 2009.</I> - Gartner<BR/><I>On average over 70% of IT security budgets is spent on infrastructure, yet over 75% of attacks happen at the application layer</I> - Gartner<BR/><I>63% of developers are not confident that they write secure code</I> - Microsoft Researchdrehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.com