Israeli software innovation
Saw this item on the Israeli Export Institute Web site – unfortunately the article quoted on redorbit.com doesn’t exist anymore. Someone didn’t pay their advertising bill? As a special tribute to the Israeli software industry, while the state of Israeli celebrates its 60th anniversary, the redorbit.com website sums up some of the major achievements of […]
Myths, Bugs, and Ephemeral Limitations
Pop quiz – what is the limit on a HTTP GET request or HTTP PUT request? Does it have to do with the server/browser or RFC2086? Check this
Digital Terrestrial TV in Japan
A year ago, I worked with Joel Isaacson on a VOD / IPTV project – and I’m still pretty interested in whats happening in digital media – especially since we got to say “I told you so”. (we predicted the death of Blu-Ray and the rise of video download two years ago). This note is from […]
Using threat modeling to select and justify security purchases
Hot humint straight in from the field of data security. I don’t have Symantec’s marketing budget and head count or Gartner reports telling me that enterprise concerns about high impact data loss events are up. By my clients, data security awareness is up, but budgets are down and out. I think that vendors with strong […]
Facebook-the wisdom of crowds is the security of crowds
Facebook management are correct in their policy of not vetting applications and letting the wisdom of crowds become the security of crowds. The best security countermeasure is a lot of eyeballs and 3 people tackling a terrorist in an airplane is the cheapest and most effective anti-terrorism measure. Fifteen years ago when I worked at […]
Preventing intellectual property abuse
One of my pet peeves with security vendors like Symantec, Vontu, Websense and Checkpoint is marketing collateral that totally disregards the basics of security – it’s like they hired an English major straight out of school and told them to start writing. Sensitive assets, confidential assets, proprietary assets – you can make a total mishmash […]
Orange Israel customer service sucks
I have been an Orange mobile subscriber for over 10 years – since they launched and I’m generally very happy with the operation of the network but it’s clear that if they managed their mobile network with the same incompetence that they manage their online services – Partner would have gone bankrupt years agao. Orange […]
Microsoft browser vulnerabilities and the police
The Polish Police did an IT modernization project in 2008 for installing mobile terminals in police cars. The software in the mobile terminal uses Microsoft IE. Since the mobile terminals use Microsoft IE – it should be possible to attack the mobile terminal using one of the known IE software vulnerabilities
2009 CWE/SANS Top 25 Most Dangerous Programming Errors
I’ve been telling customers for years that most security exploits are caused by a small number of software defects (you can download my white paper on Software Security and see how to mitigate enterprise software vulnerabilities systematically using Business threat modeling Still it’s amazing how the trade press are gushing on this – must have […]
The worst bugs are the simplest bugs
It is a truism of security that the worst vulnerabilities are usually the simplest – many are configuration bugs or simple design flaws like leaving temp files world read. Many Open Source projects such as Open Clinica use the excellent PostgreSQL database. You get 90% of Oracle at 10% of the weight and for free. […]
