November 10, 2014

Google releases tool to test apps and devices for SSL/TLS weaknesses
The tool includes a client component for Android and Linux systems that tells the MitM component what specific tests to run. The client is also important for tracking which applications that run on the tested systems opened certain SSL/TLS connections, something that can be hard to determine just from the MitM side. Nogotofail can check for weaknesses like vulnerabilities in third-party SSL/TLS libraries, susceptibility to attacks that strip the SSL/TLS or STARTTLS encryption and improper certificate validation, a widespread problem in applications.

How enterprises will use the cloud for big data analytics
Compatibility, security, and performance concerns have kept enterprise organizations from being completely comfortable with the idea of moving their complex core applications to the cloud. Without a seamless application migration blueprint, the project can seem more like a headache — and a risk — than it’s worth. This report, which is based on a survey by Gigaom Research and sponsored by Cazena in September 2014, reviews the different considerations when moving some or all big data-analytics applications to the cloud. The report is will give guidance to CxOs, IT and business leaders, and decision-makers at software as a service (SaaS) companies and cloud service providers.

Linux Foundation: Open Source is Eating the Software World
There is a wholesale shift in the enterprise software world from using a little bit of open source code here and there to an 80-20 split, where 80 is the open source portion, he said. The reason for the shift is quite simple: software has become a way for an enterprise to add value, and open source is the best way to use a lot of software. “There is too much software being written for any organization to write that software on their own,” Zemlin explained.

Become a great listener
To succeed in today’s business world, leaders must be proactive, skilled listeners. Leaders who make themselves accessible for conversation and listen regularly are well-informed of the goings on in their workplaces. They better understand others’ opinions and attitudes and are able to take this information into consideration when making decisions. There are other benefits to listening well. One is building trust. Effective listening conveys a sense that the leader cares about her people, their thoughts, opinions and concerns. A leader also builds stronger commitment within others when people feel that she cares about them personally as well as in how they fit within the organization.

The Half-Life of Data [INFOGRAPHIC]
Radioactive substances have a half life. The half life is the amount of time it takes for the substance to lose half of its radioactivity. Half life is used more generally in physics as a way to estimate the rate of decay. We can apply exactly the same principle – the rate of decay – to business information. Like natural materials, data is subject to deterioration over time. In science, the half life of a given substance could be milliseconds. It could be many thousands of years. The half life of data has been measured, and it may be shorter than you were expecting.

Security Think Tank: Guidelines for dealing with Shellshock
It is useful to know that there are many other shells that may be utilised in Unix deployments. However, bash is the default shell for both Linux and Mac OS X. The use of both of these operating systems is popular for enterprise and home applications. This vulnerability has been present in Bash for around 22 years. Chet Ramey a senior technology architect at Case Western Reserve University in Ohio, has been maintaining the Bash open source project and believes Shellshock dates back to a new feature introduced in 1992.

Emerging tech under standards scrutiny
We want the standard to support that sort of rapid development. In the public cloud, you can spend small amounts of money to get a prototype working, and then think about rollout and production – that's the point at which you should be thinking about long-term interoperability and questions like ownership and data recovery." In every aspect of the Open Platform 3.0, security is a concern, along with related topics of identity and privacy. Says Harding: "Security is a key concern, and so is identity. You need a framework to identify who owns the data, who is trying to access it.

Raids cast doubt on integrity of TOR
This makes it unclear whether these authorities have broken Tor to the point that it can no longer mask the location of its infrastructure or whether they found them using other intelligence. Tor relies on volunteers who host nodes of the network. Traffic bounces around within Tor in order to disguise where it comes from, but exit nodes and entrance nodes would yield the most useful information about actual IP addresses connecting to Tor. “Law enforcement could try to get in that first layer and see the sources and therefore try to reduce the anonymity as much as possible,” says Ben Johnson, chief evangelist at Bit9+Carbon Black.

Look out OpenDaylight, there's a new open source SDN controller
"It's a distributed core that runs on multiple servers," Appalaraju said. "Each instance is identical and they cooperate together to form a single system. If you need more control plane capacity, you add more servers. It also has high availability. If an instance fails, the workload is seamlessly distributed to other systems." ONOS also has carrier-grade persistence. The state of the entire control plane is stored on every instance at once, which enables hitless updates. Like OpenDaylight, the southbound abstraction layer of ONOS uses multiple protocols, including OpenFlow, to interact with network infrastructure.

Leveraging Three Tiers of Health Data
With Meaningful Use, you have to be able to email patients and share data among and between other physicians, et cetera. People are getting certified for MU, but if you actually look at the rules they don't say you have to do it 100 percent of the time. They say you have to have an electronic medical record with a problem list on x number of patients, and that keeps escalating over the years. The same is true with with email. I think we're about halfway there. In my experience it's not there, but I know what MU is about and that people are getting certified.

Quote for the day:

"The best strategy for building a competitive organization is to help individuals become more of who they are." -- Marcus Buckingham