tssci security

Suggested reading this week

I've been real busy lately, but I came across several blogs and articles this week that I'd like to share, Andrew Hay style. =)

CEO Crime & Punishment -- Ben Horowitz, CEO of Opsware Inc., shares his thoughts on what entices executives to commit white collar crime. Is it for money? Or is there some other reason?

Warren Buffet once said that "marrying for the money probably isn't a good idea in any case, but if you are already rich, it makes no sense at all." The variation that applies to CEOs is "robbing investors probably isn't a good idea in any case, but if you are already rich, it makes no sense at all."

The Mainframe Conundrum -- There are many systems that power our economy, our infrastructure, and life on Earth -- mainframes, that are powered by COBOL, IBM Assembly, and others that also empower security mechanisms like RACF that researchers in the security community seem to have skipped. I've thought about the state of mainframe security and other critical systems, and it could be scary. I know machines that cannot accept a password longer than 8 alphanumeric characters, that power entire businesses. The amount of people who are skilled in systems like VAX/VMS, TPF, z/OS is dwindling... Who will review the critical applications that run on them?

Most large organizations have a 30-40 year investment in their applications and they're not going to re-write in a Johnny come lately language like Java or C# just because we can't review old code. There are literally billions of lines of COBOL out there, and it ... runs the world. There should and MUST be a way we can review this code.

Analyzing the Facebook Platform, three weeks in -- Marc Andreessen comments on the succesful launch of the Facebook API, that allows developers to create applications that add functionality to Facebook, but doesn't replace it. In it, he brings up the account of one successful application that took off in a viral sense, originally being hosted on two servers, now requires a couple hundred to keep up with the load users have put on it. "Success kills" is one way of looking at it. The developers of Facebook surely put a lot of time and effort into the design of the system. We'll see soon enough how the API stands up security-wise and the applications people write.

Maryland Professor Creates Desktop Supercomputer Prototype -- Uzi Vishkin, with the help of his students has created a prototype that utilizes 64 processors working in parallel, and is hundreds of times faster in some cases than modern desktop computers. I look forward to the advancements they make in this sector.

Red Hat Linux gets Top Government Security Rating -- Another Slashdot posting, I know, but the comments are worth reading. There's a lot that I forgot about or didn't know regarding the multitude of ratings various agencies can award systems that meet specified criteria. After reading the comments, I flipped through the Orange Book to refresh my memory. It's old, but still good!

Blog post to watch:

Joanna: We Can Detect Bluepill. Let Us Prove It! and We're ready for the Ptacek's challenge! -- I'm a huge fan of the research both Joanna Rutkowska and the guys over at Matasano have put out. Things will definitely get interesting as Black Hat nears... exciting :D

Posted by Marcin on Thursday, June 28, 2007 in News, Privacy, Security and Tech.

blog comments powered by Disqus
blog comments powered by Disqus