October 22, 2013

Hack in the Box: Researchers attack ship tracking systems for fun and profit
AIS protocol “was designed with seemingly zero security considerations,” but is a mandatory tracking system “for all passenger ships and commercial (non-fishing) ships over 300 metric tons.” AIS works “by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installations, i.e. harbors and traffic control stations, and Internet tracking and visualization providers.” By 2014, it is estimated that AIS will be on one million ships.


Lowering the cost of private cloud software
One of the biggest long-term costs in virtualization and private/hybrid cloud environments isuncontrolled, unmonitored growth in computing demand. Costly growth occurs when users, empowered by self-service provisioning, deploy and scale workloads and then eventually abandon unneeded workloads within the private cloud without scaling down or decommissioning them.


Winning ‘the War to Keep Your Employees’ Requires Re-Recruiting Your Top Talent
Much like married couples can re-energize their marriage by renewing their vows, managers should periodically change and update what the company has to offer during the re-recruiting process. Re-recruiting is necessary because even if your top performers are loyal and have not actively applied for a new job, they are still constantly being identified, assessed, and contacted by corporate recruiters and by employees seeking out potential employee referrals.


AngularJS on top of ASP.NET: Moving the MVC framework out to the browser
Mixing .NET code with HTML in views can soon get very messy. Wouldn’t it be nice if the presentation layer (HTML) could be pure HTML? Also, in the ASP.NET MVC model, some of the business logic invariably resides in the controller. It is tempting to use an anti­pattern like the one shown above ... In this article we will see how Angular JS, a new JavaScript framework by Google can be used effectively to build web applications where: Views are pure HTML; Controllers (in the server sense) are pure REST based API calls; and The presentation layer is loaded as needed from partial HTML only files.


5 Tips for Managing Clouds at Scale
At a recent panel of cloud users, one thing became clear though: Managing a public cloud deployment at small scale is relatively straightforward. The problem comes when that deployment has to scale up. "It gets very complex," says IDC analyst Mary Turner, who advises companies on cloud management strategies. "In the early stages of cloud we had a lot of test and development, single-purpose, ad-hoc use case. We're getting to the point where people realize the agility cloud can bring, and now they have to scale it."


Rakuten’s CEO on Humanizing E-Commerce
When people talk about “social shopping” or “social commerce,” they’re referring to the fact that people like to connect with others for advice about purchases. Some people think that friends—whether in real life or on social media—have a big influence on what we buy. I don’t believe they’re that powerful. The curators running our shops know quite a bit more about products and are a much better source of recommendations. If you want to buy a tennis racket, do you ask a friend or the pro at the shop? If you want to learn about wine, do you ask a friend or a sommelier?


Passing PCI firewall audits: Top 5 checks for ongoing success
If you are an information security professional whose organization handles credit card information, then unless you have been living under a rock since PCI DSS was first introduced in 2004, PCI compliance is a fact of life. Many love to bash the standard as the "low bar" for security, but when it comes to "Requirement 1: Install and maintain a firewall configuration to protect cardholder data," special attention to these five components


Managing virtualization machine security for in-house IaaS deployments
Many virtualization platforms offer specific controls for securing virtual machines; organizations should certainly take advantage of these. For example, VMware Inc.'s virtual machines have configuration settings that specifically prohibit copy and paste between the VM and the underlying hypervisor, which helps prevent sensitive data from being copied to hypervisor memory and clipboards. Platforms from Microsoft and Citrix Systems offer similar copy-and-paste restrictions.


Fighting Shadow IT: 10 Best Practices to Prevent Enterprise Data Leaks
Businesses are struggling to securely share files because employees are turning to consumer services outside the network to get the job done themselves without bothering to communicate to IT. Easy data access will win just about every time if it comes up against corporate policy. Since the single biggest cause of data leaving the network is a company's employees, guidelines need to regulate how corporate information is shared.


PCI SSC 2013 Community Meeting Takeaways
For PCI DSS v3.0, where segmentation is used to reduce scope and limit the network boundaries of the cardholder environment, penetration tests will be required to test the effectiveness of network boundaries. This means that internal penetration tests will need to include the internal network not just on the inside of the cardholder environment but also on the outside of the cardholder environment, from the vantage point of internal network zones that face the cardholder environment.



Quote for the day:

"Winning becomes easier over time as the cornerstones of confidence become habits" -- Rosabeth Moss Kanter