Blogs

Facebook Twitter
Ben Tomhave Ben Tomhave Disclaimer: This is a personal blog post and is no way indicative of my employer's perspective, nor is it reflective of analysis or coverage as part of my routine job duties (which do not include wearable tech). For a full background and set of info on what "Quantified Self" is, please check out quantifiedself.com. In making my move to Gartner, I decided that it would be a good time to start making use of an activity tracker to help make sure that I get up and move during the day. In looking at the options back in June/July, I considered products from Fitbit and Nike.
Network Security Blog In the last couple of weeks Mikko Hyponnen from anti-virus company F-Secure announced that he won’t be speaking at the RSA Conference in San Francisco at the end of February. His reasoning is that the company, RSA, colluded with the NSA for a fee of $10 million in order to get a weakened version of a random number generator included in the public standards, a move that makes the whole suite of encryption standards easier to crack. As Mikko points out, RSA has not admitted to this accusation, but they haven’t denied it either. So Mikko has pulled his talk and has publicly stated that as a foreigner, he doesn’t feel right supporting the conference. Network Security Blog
David Kennedy — Posted: Saturday, March 29, 2014 Monday Microsoft released Security Advisory 2953095 announcing attacks on a previously unknown vulnerability in Word 2010, but also affecting Outlook. Microsoft reported “limited, targeted attacks.” The Security Research and Defense blog has the details. Both EMET and a Fix-it mitigate the risk. Verizon Business Security Blog Verizon Business Security Blog
Chris Hoff So-called Next Generation Firewalls (NGFW) are those that extend “traditional port firewalls” with the added context of policy with application visibility and control to include user identity while enforcing security, compliance and productivity decisions to flows from internal users to the Internet. NGFW, as defined, is a campus and branch solution. Campus and Branch NGFW solves the “inside-out” problem — applying policy from a number of known/identified users on the “inside” to a potentially infinite number of applications and services “outside” the firewall, generally connected to the Internet. They function generally as forward proxies with various network insertion strategies. Chris Hoff
Guy Kawasaki Amazon start selling the paperback edition of my latest book, APE: Author, Publisher, Entrepreneur. APE explains how to publish a book by breaking the process down into three stages: Author explains how to write a book. Publisher explains how to produce both ebooks and printed books.Entrepreneur explains how to market and sell your book with an emphasis on social media. You can order APE here: Guy Kawasaki

Steve Blank

Steve Blank For the last 75 years products (both durable goods and software) were built via Waterfall development. This process forced companies to release and launch products by model years, and market new and “improved” versions. In the last few years Agile and “Continuous Deployment” has replaced Waterfall and transformed how companies big and small build products. Agile is a tremendous advance in reducing time, money and wasted product development effort – and in having products better match customer needs. But businesses are finding that Continuous Deployment not only changes engineering but has ripple effects on the rest of its business model.
Craig Chamberlain's Blog
Ross Anderson It’s been a busy year for Capsicum, practical capabilities for UNIX, so a year-end update seemed in order: The FreeBSD Foundation and Google jointly funded a Capsicum Integration Project that took place throughout 2013 — described by Foundation project technical director Ed Maste in a recent blog article. Pawel Jakub Dawidek refined several Capsicum APIs, improving support for ioctls and increasing the number of supported capability rights for FreeBSD 10. He also developed Casper, a helper daemon that provides services (such as DNS, access to random numbers) to sandboxes — and can, itself, sandbox services. Ross Anderson
Responsibly (Heart)Bleeding By Mike Rothman Yeah, we hit on the Heartbleed vulnerability in this week’s FireStarter, but I wanted to call attention to how Akamai handled the vulnerability. They first came out with an announcement that their networks (and their customers) were safe because their systems were already patched. You see big network service providers tend to get a heads up when stuff like this happens, and they can get a head start on patching. Securosis Securosis
My portscanner, masscan, also does ARP scanning. Sure, there exists other ARP scanning tools (like arpscan), but I'm too lazy to learn how they work, so I just added the functionality to my tool. Here's how you use it. Right now I'm plugged into the local wired Ethernet. Robert Graham Robert Graham