Collection of useful, relevant or just fun places on the Internets for 10th July 2012 and a bit commentary about what I’ve found interesting about them:
Schneier on Security: So You Want to Be a Security Expert – Change “security” to “networking” and it’s everything still applies:
I’ve really said nothing here that isn’t also true for a gazillion other areas of study, but security also requires a particular mindset — one I consider this essential for success in this field. I’m not sure it can be taught, but it certainly can be encouraged. “This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail.
General Motors Will Slash Outsourcing In IT Overhaul – Global-cio – Executive insights/interviews – Informationweek – Early signs that the fashion for outsourcing is ending:
Today, about 90% of GM’s IT services, from running data centers to writing applications, are provided by outsourcing companies such as HP/EDS, IBM, Capgemini, and Wipro, and only 10% are done by GM employees. Mott plans to flip those percentages in about three years–to 90% GM staff, 10% outsourcers.
I’m seeing many signs of outsourcing fatigue. As a business practice it’s no longer working because the an outsourced business process always end up preventing change and that’s no longer an option. IT is a productivity advantage not a cost centre. Outsourcing didn’t fix IT or save money and the problems still exist when someone else runs the infrastructure and even harder to fix.
EC-Council Investigating Insider for Embezzlement | SecurityWeek.Com – Looks like the Certified Ethical Hacker certification is finished”
In a letter sent to partners, Jay Bavisi, President and CEO of the EC-Council, said that the company responsible for making Certified Ethical Hackers (C|EH) had launched an investigation after one of their own embezzled company funds.
If one of your own isn’t “ethical” then you can’t stand up for being ethical. Can’t see how CEH would recover from this.
HP says Itanium, HP-UX not dead yet | Ars Technica – yeah. right. “This parrot woudn’t _voom_ if you put forty million volts through it.” Itanium has been dead since 2003 when Intel stopped. HP has been paying Intel to continue to the CPU since then. Constrained finances means that’s over.
AOL’s Data Center Independence Day « LooseBolts – Astonishing infrastructure thinking from AOL. Build a no data Center architecture:
Obviously the inherent flexibility of the design allows us a greater number of places around the planet we can deploy capacity to and that in and of itself is pretty revolutionary. We are no longer tied to traditional data center facilities or colocation markets. That doesn’t mean we wont use them, it means we now have a choice. Of course this is only possible because of the internally developed cloud infrastructure but we have freed ourselves from having to be bolted onto or into existing big infrastructure. It allows us to have an incredible amount geo-distributed capacity at a very low cost point in terms of upfront capital and ongoing operational expense. This is a huge game changer.
Cisco’s cloud vision: Mandatory, monetized, and killed at their discretion | ExtremeTech – Look like Cisco is failing to execute once again. This time it’s the Linksys division forcing customers to upgrade to a version of code that steals your personal infromation and pulls a facebook on your personal information.
When owners of the E2700, E3500, or E4500 attempted to log in to their devices, they were asked to login/register using their “Cisco Connect Cloud” account information. The story that’s emerged from this unexpected “upgrade” is a perfect example of how buzzword fixation can lead to extremely poor decisions.
Why RSA is misleading about SecurID vulnerability « root labs rdist – EMC’s RSA division seems to be avoiding it’s responsibility:
There’s an extensive rebuttal RSA wrote in response to a paper showing that their SecurID 800 token has a crypto vulnerability. It’s interesting how RSA’s response walks around the research without directly addressing it. A perfectly accurate (but inflammatory) headline could also have been “RSA’s RSA Implementation Contained Security Flaw Known Since 1998“.
In short, RSA isn’t owning up to it’s mistakes and the author is suggesting that secure programming seems to mising from the corporate discipline.
