Message queuing insecurity

I met with Maryellen Ariel Evans last week. She was in Israel on vacation and we had coffee on the Bat Yam boardwalk.   Maryellen is a serial entrepreneur; her latest venture is a security product for IBM Websphere MQ Series. She’s passionate about message queue security and I confess to buying into the vision. She […]

Weekly security lessons learned

We specialize in security and compliance for the health care and bio-med space, helping clients build  security into their products, instead of bolting it on later. There are plenty of challenges to go around and it often seems like you’re trying to drink from a fire-hose.  Lots of water,  a few drops into your mouth, […]

Securing Web servers with SSL

I’ve been recently writing about why Microsoft Windows and the Microsoft monoculture in general  is a bad idea for medical device vendors – see my essays on Windows vulnerabilities and medical devices here, here and here. It is now time to slaughter one more sacred cow: SSL. One of the most prevalent misconceptions with vendors in […]

Home alone, at work: 6 tips for independent consultants

A good friend of mine, who was a senior manager at IBM, is now working as a freelance consultant – as he put it: I’m discovering the good (and the bad) of “freelance life” – plenty of free time – but not always when (or where) I want it One of my in-laws has a […]

Using DLP to prevent credit card breaches

I think that Data Loss Prevention is great way to detect and prevent payment card and PII data breaches. Certainly, all the DLP vendors think so.  Only problem is, the PCI DSS Council doesn’t even have DLP in their standard which pretty much guarantees zero regulatory tail wind for DLP sales to payment card industry […]

Rising the level of trust associated with identity in online transactions

Obama’s National Strategy for Trusted Identities in Cyberspace In April President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) which charts a course for the public and private sectors to collaborate on raising the level of trust associated with identity in online transactions. NSTIC focuses on upgrading outdated password-based authentication systems and […]

A strategy for combating cyber terror

Instead of getting some real work done this morning,  I started collating some thoughts on cyber security strategy. I guess it’s a lot easier to think about strategies than to fix buggy, risky code. For most people – there are two worlds, the cyberspace world and the physical, people-populated world. This dichotomy of two separate spaces […]

Lies of social networking

Is marketing age segmentation dead? My sister-in-law Ella and husband Moshe came over last night for coffee. Moshe and I sat outside on our porch, so he could smoke his cigars and we rambled over a bunch of topics, private networking,  online banking and the Israeli stock market.  Moshe grumbled about his stock broker not […]

Why Microsoft Windows is a bad idea for medical devices

I’m getting some push back on LinkedIn on my articles on banning Microsoft Windows from medical devices that are installed in hospitals – read more about why Windows is a bad idea for medical devices here and here. Scott Caldwell tells us that the FDA doesn’t rule “out” or “in” any particular technology, including Windows […]

Offensive security

I have written several times in the past here, here and here about the notion of taking cyber security on the offensive James Anderson, president of Professional Assurance LLC, says that there is no evidence that governments can protect large firms from cyber attacks. “National security authorities may not even acknowledge that their interests align […]