|
Top Stories
UK-based mi2g, which has been collecting data on overt digital attacks going
back to 1995 and sticking them in its Security Intelligence Products and
Systems (SIPS) database, figures that SCO Unix, the Apple Mac OS and the HPQ
Tru64 Unix operating systems are the least prone to hacker attacks and damage
from viruses and worms. As near as we can figure out, it comes to that
conclusion because they're virtually ignored by the bad guys. This year, so
far the worst on record, SCO Unix has been attacked only 165 times (0.2%),
Tru64 10 (0.02%) and Mac 31 (0.05%) whereas the guys wearing a bull's eye on
their chest like Windows, Linux, BSD and Solaris have taken - in order of
appearance - 54%, 30%, 6% and 5% of all attacks. For Microsoft that works out
to 31,431 attacks and for Linux 17,218. It's unclear why mi2g doesn't also
include SGI's Irix, IBM's AIX and Novell's Netw... (more)
This month's article is the first in a two-part series on J2EE security. In
Part 1 we'll discuss basic J2EE security. Part 2 will provide you with a
model to set up and deploy a functioning security-enabled application.
Resident J2EE security guru, Chris Siemback, has been kind enough to join me
in coauthoring this series to contribute in-depth examples of J2EE security
at work.
Our discussions will cover securing both Enterprise JavaBeans (EJBs) in the
business and data layers as well as JavaServer Pages (JSPs) and servlets in
the web layer of a J2EE application.
J2EE Security Overview
Understanding the strong suits and weaknesses in the J2EE security model will
help you determine the right security architecture for your application. A
basic overview of J2EE security will help you compare its qualities to your
security requirements. Let's come to grips with a few t... (more)
(Brisbane) - Wedgetail Communications, a global developer of security
solutions for network devices, announced its Java technology partnership with
Object Technology International, Inc. (OTI), a wholly owned subsidiary of
IBM. Under the new agreement, Wedgetail Communications will provide embedded
security software solutions for IBM/OTI's VisualAge Micro Edition. Wedgetail
Communications' JCSI Micro Edition software will allow customers to have
access to security profiles capable of securing real-world embedded
solutions.
"Pervasive computing will be a reality when data is secure across the IT
infrastructure," said Gary Morgan, CEO of Wedgetail Communications. "The
technology relationship with OTI builds upon our strategy to offer embedded
Java security toolkits to help achieve this reality for enterprises and end
users."
OTI's VisualAge Micro Edition 1.4 is a deve... (more)
(San Jose, CA) –Gemplus, the world's number one provider of solutions
empowered by smart cards, announced that its Java Card technology-based
GemXplore `Xpresso, is the first to be certified Evaluation Assurance Level
(EAL)5+ by the Common Criteria security standards body. This far exceeds
current legal requirements. Common Criteria is rapidly becoming standard
security for sensitive data; European digital signature laws currently
require EAL4. Following September 11, the US National Security Agency and
NIST (National Institute of Standards and Technology) are considering basing
their security specifications around Common Criteria.
By being awarded this exclusive level of smart card security, Gemplus has
shown its technology leadership in the use of Java Card technology for smart
cards. This major technological step may open new possibilities for trusted
services in... (more)
(October 15, 2002) - Web services is gaining ground as a business strategy in
Europe, where 54 percent of surveyed CIOs agree that Web services will
fundamentally change how businesses use the Web. Most also state that the
enabling technology, alongside security and application integration, will top
their spending priorities for the year.
The research, commissioned by BEA Systems and conducted by SWR Worldwide,
polled 320 chief information officers and IT directors throughout France,
Italy, Spain, Germany, the Netherlands, Sweden, Finland, and the UK.
Fifty-nine percent of respondents stated that their organization "clearly
sees the benefits of Web services." Web services are perceived as a way to
build tighter relationships with customers and partners, improve efficiency
and deliver services faster and cheaper, and improve enterprise agility.
However, when all resp... (more)
(March 17, 2003) - Altova, Inc.'s XMLSPY 5 XML development tool set is now
integrated with the Datapower XS40 XML Security Gateway. Using XMLSPY 5 and
the XS40 enterprises can for the first time centralize XML Web Services
security functions in a drop-in, reliable network device while all security
policies and access control are handled from an interface familiar to
application developers.
With the integration of XMLSPY 5 and the XS40, enterprises can substantially
reduce the time it takes to secure and launch applications into deployment.
While many application developers provide security functions deep within an
application, many enterprises are centralizing XML Web services security in
security gateways that allow a network operations group to secure and monitor
multiple applications simultaneously. Security policies within the DataPower
XS40 are completely XML-b... (more)
(May 21, 2003) - Sun Microsystems, Inc. and Software AG have formed a
business alliance to deliver add-on technology for Software AG's Tamino XML
Server 4.1 to support Sun's StarOffice™ Software 6.1 productivity suite.
The Tamino/StarOffice add-on delivers a cost-effective solution, increasing
workgroup productivity and security by providing access to collaboration
functionality, digital signature support, and connectivity with back-end
applications.
The add-on technology ensures interoperability and user ownership of data
through adherence to open XML standards from W3C, the Internet Engineering
Task Force (IETF), and OASIS.
"Sun's StarOffice uses XML as its default file format; the next logical step
was to create add-on technology in the Tamino XML Server allowing native XML
data storage and data exchange of StarOffice documents." stated Dr. Peter
Mossack, CTO an... (more)
Sun released JavaFX yesterday, which has a lot of great technology in it, but
unfortunately the user experience is tragically poor. From my own experience,
the first time I loaded a JavaFX applet I was presented with four dialogs:
one security dialog for the JavaFX runtime, another security dialog for the
JavaFX samples, a JavaScript warning dialog, and a JavaFX license agreement
acceptance dialog. The applet took over two minutes to load.
... (more)
This will be the last [at least for a while] post in the SOA Security Series,
and I want to conclude by sharing my vision and some recommendations and best
practices (most of them fairly common sense) that I have noticed, stole and
otherwise accumulated while working in this field. But before we start, I
would like to fill the gap that I left in my earlier postings by never
providing a
Definition of Secure SOA
Secure SOA is an approach to implement SOA which by design ensures trust
throughout the SOA ecosystem (including services, consumers, composite
applications and infrastructure) by addressing some or all of the following
security aspects:
Authentication Authorization Integrity Confidentiality Accountability
(monitoring, logging, audit, non-repudiation) Identity (federation,
provisioning, trust brokering) Security Policies
It is also worth mentioning that I firm... (more)
This will be the last [at least for a while] post in the SOA Security Series,
and I want to conclude by sharing my vision and some recommendations and best
practices (most of them fairly common sense) that I have noticed, stole and
otherwise accumulated while working in this field. But before we start, I
would like to fill the gap that I left in my earlier postings by never
providing a
Definition of Secure SOA
Secure SOA is an approach to implement SOA which by design ensures trust
throughout the SOA ecosystem (including services, consumers, composite
applications and infrastructure) by addressing some or all of the following
security aspects:
Authentication Authorization Integrity Confidentiality Accountability
(monitoring, logging, audit, non-repudiation) Identity (federation,
provisioning, trust brokering) Security Policies
It is also worth mentioning that I firm... (more)
I usually don't post press releases, but this one sounded almost too good to
be true. According to IBM, they have discovered a method to fully process
encrypted data without knowing its content. If true, this could greatly
further data privacy and strengthen cloud computing security.
---
An IBM researcher has solved a thorny mathematical problem that has
confounded scientists since the invention of public-key encryption several
decades ago. The breakthrough, called "privacy homomorphism," or "fully
homomorphic encryption," makes possible the deep and unlimited analysis of
encrypted information -- data that has been intentionally scrambled --
without sacrificing confidentiality.
IBM's solution, formulated by IBM Researcher Craig Gentry, uses a
mathematical object called an "ideal lattice," and allows people to fully
interact with encrypted data in ways previously thou... (more)
CloudEXPO Stories By Yeshim Deniz  Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
Dec. 12, 2018 05:45 PM EST | By Pat Romanski  On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure for today even as you're forecasting for tomorrow.
Dec. 4, 2018 02:30 PM EST | By Elizabeth White  "Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been designed around data privacy," explained Julian Box, CEO and co-founder of Calligo, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dec. 2, 2018 01:45 AM EST Reads: 5,154 | By Yeshim Deniz  Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web.
With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support.
Leading global enterprises use Isomorphic technology to reduce costs and improve productivity, developing & deploying sophisticated business applications with unprecedented ease and simplicity. Nov. 26, 2018 01:30 PM EST | By Elizabeth White  While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity. Nov. 26, 2018 12:00 PM EST |
|
|
|
|