|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Open source hippies and opinionated bloggers According to basic e-mail etiquette, mass-forwarding an e-mail message is annoying, inconsiderate, and just plain bad form. (And don’t get me started on those “REPLY ALL” scoundrels-- grrrr!). But I’m going to break with protocol here, because I simply must share a few choice words from Randall Kennedy, our Enterprise Desktop blogger. Kennedy and I had been trying to come up with a descriptive subtitle for his blog. To tell me about his approach, the ever colorful Mr. Kennedy sent me a deliciously juicy e-mail, which I excerpt below.  September 17, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT SMB technology: Replacing in-house software with applications in the cloud In the near future, there's only one way to go for SMBs when it comes to purchasing business software -- and that's out of house. Whether it's full-on SaaS (software as a service), where users access all facets of the application through a browser, or a hosted product (including hosted Exchange, where only the server component is off-site and users employ a standard desktop client such as Outlook), either model is simply too cost-effective for SMBs to ignore. August 20, 3:00 a.m. PDT Processors: Dividing chips into many virtual cores The current approach taken by x86 CPUs -- to stuff as many processor cores and as much cache memory as will fit on one chip -- will prove impossible to scale beyond a certain point. And adding more, big, hot processor cores may not be the best fit for server roles that call for managing large workloads over long periods of time. August 20, 3:00 a.m. PDT 'Hackers' deface U.N. site "Hackers" defaced the United Nations Web site early Sunday with messages accusing the U.S. and Israel of killing children. As of late afternoon, some sections, including the area devoted to Secretary General Ban Ki-Moon, remained offline. August 13, 11:31 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Mozilla: Security remains on front burner With the release of its latest Firefox 2.0.0.5 browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product. July 18, 3:26 p.m. PDT Applications security: Cenzic stands alone With a new product fresh out the door and its two largest rivals recently acquired by massive IT bellwethers, applications security testing specialist Cenzic contends that it's ready to reap the rewards of remaining independent. July 18, 4:34 a.m. PDT Mounting scrutiny for Google security Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment. July 12, 4:24 p.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT Vendors seek unity on identity protocols Microsoft will participate in a meeting later this month with vendors and organizations that are backing several different identity management systems, an indication that cooperation between the software giant and its peers is improving. June 6, 5:10 a.m. PDT Google at odds with the locked-down enterprise Security has been a bit of a black art at Google. Unlike rival Microsoft, which publishes detailed information on its monthly patches and has openly evangelized the steps it takes to secure software, Google has generally been quiet when it comes to talking about security, and it has kept the team that keeps Google's Web sites secure under wraps. June 5, 3:55 p.m. PDT McAfee: Search results can be dangerous The odds of a search engine directing you to a risky Web site are getting slimmer, but some companies are better at filtering out bad links than others, McAfee reported Monday. June 4, 12:07 p.m. PDT Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009. June 4, 7:24 a.m. PDT Researcher: Don't trust toolbars for Firefox Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. May 30, 5:00 p.m. PDT Garmin opens GPS data to Web site developers Garmin International has published some APIs for connecting to its GPS devices, making it easier for Web developers to write applications that use information about where consumers are located, the company announced Tuesday. May 29, 8:22 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Corporate data slips out via Google calendar It's not clear what gets discussed during McKinsey & Co.'s weekly internal communication meeting, but the dial-in number and passcode for the event can be easily found by searching with Google. April 17, 3:05 p.m. PDT Symantec takes initial step into SaaS Symantec took its initial step into the software-as-a-service market on April 17, introducing its maiden set of hosted applications for small and medium-sized businesses. April 17, 4:00 a.m. PDT Web 2.0 Expo draws startups, superstars If anyone knows about the potential of what has been dubbed "Web 2.0" it's the folks over at O'Reilly Media. Heck, company founder Tim O'Reilly himself coined the phrase back in 2003 to describe the emergence of a new generation of Web-based business models in the wake of the dot-com collapse. And if this week's first-ever Web 2.0 Expo in San Francisco is any measure, the Web 2.0 phenomenon is on track to exceed expectations. April 16, 4:00 a.m. PDT Google plans worldwide developer day Google hopes to woo more developers to its Web services software platform with a 27-hour-long "Developer Day" on May 31. April 11, 4:24 a.m. PDT Yahoo opens up Web mail APIs Yahoo is opening up its Web mail platform to external developers, so that they can create plug-ins, utilities and applications for the popular Yahoo Mail service. March 29, 4:46 a.m. PST ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST Portal aids development of identity-based apps A new portal has been launched to help developers who are building applications using identity management technology. January 23, 9:04 a.m. PST The smart business of diversity Carly Fiorina served as CEO of Hewlett-Packard from 1999 to 2005, the first woman to run a Fortune 20 company. After she was ousted, along with a $21 million exit package, Fiorina did what a lot of us would do if we had millions of dollars in the bank and some time on our hands: She wrote a book. In Tough Choices, published in October, Fiorina talks about rising to the top of a male-dominated culture. Fiorina spoke with InfoWorld correspondent Carmen Nobel for our upcoming feature on the issues women face in IT. January 22, 3:00 a.m. PST Liberty Alliance, Microsoft discuss identity protocols The Liberty Alliance, a consortium working on policy and technology issues for identity management, is discussing with Microsoft how to reconcile their competing sets of protocols for secure Web transactions. January 10, 4:38 a.m. PST Web services security standards aren't enough Enterprise professionals comforted by Web services security standards -- proposed or established -- may want to think again. Although useful for securing Web services messages, the specifications do little to safeguard against SOAP array overflow attacks and other ways of penetrating the back-end systems of an enterprise (see also "Shielding Web services from attack"). November 24, 3:00 a.m. PST Shielding Web services from attack Web services are almost irresistible. Every popular IDE makes them easy to build — to unlock the data and business logic in legacy systems, to provision common functions that can be shared across multiple platforms, or to provide partner organizations direct access to information or applications. And by their nature, Web services helpfully describe themselves, allowing one system to find and interact with another with little or no human intervention. November 23, 3:00 a.m. PST AOL to offer Web APIs for AIM AOL plans to give external developers a way to embed functionality from AIM into their Web sites, another step in AOL's efforts to encourage programmers to use its popular instant messaging service. October 19, 1:20 p.m. PDT Coghead unveils beta of hosted Web platform Startup Coghead is opening up the beta version of its hosted Web development environment to technically savvy users in small to midsized businesses (SMBs) who are keen to create their own applications. October 11, 7:40 a.m. PDT Technology with no past To the extent that it’s possible, I’m declaring today the beginning of recorded history in information technology. On this day, the phrase “information technology,” abbreviated IT, came into being as shorthand for electronic devices that aid humans in storage and sharing of, analysis of, protection of, and access to significant amounts of digitized content. Content? That’s anything you’re capable of holding in your brain for even a nanosecond. IT is not a department or a group of people. It’s a smart phone. It’s a room full of SPARC servers. A telephone headset? A keyboard? I don’t know. They’re new terms. We’ll work that out as we go. I do know that if we didn’t have such things, information technology would be inaccessible. September 20, 3:00 a.m. PDT Office 2007 creeps toward release Microsoft Corp.'s Office 2007 suite is nearing the end of its long testing process. Microsoft on Thursday will offer a refresh of beta 2, the last external test release of the product before it is released to manufacturing, the company said. September 13, 1:15 p.m. PDT Encryption fuels security trends Two new trends in data protection are using encryption to accomplish their goals: controlled rights and self-deleting data. September 1, 3:00 a.m. PDT Yahoo plugs Web mail security hole Yahoo Inc. has fixed a security vulnerability in its Yahoo Mail service that could have allowed malicious hackers to hijack accounts and harm users in a variety of ways. August 16, 1:04 p.m. PDT Yahoo worm demonstrates AJAX threat There are few of us in life who really want to dig into the nitty gritty details of how things work -- to visit the proverbial “sausage factory” that makes our favorite food, assembles our cars, or puts cheap gadgets on the shelves at Best Buy and Target. June 19, 3:00 a.m. PDT Reactivity adds Auto-Discovery What role should the network play in SOA? Every time that question comes up, the answer seems to get longer. A new tool from Reactivity promises to make it longer still. June 12, 3:00 a.m. PDT InfoWorld CTO 25: Andrew Nash During his 10-year stint at RSA security, Andrew Nash worked hard developing identity and access management technologies, wrote a book on PKI (Public Key Infrastructure), and co-authored several security standards. But one day, in the middle of an RSA presentation, he realized he was “bored to tears” and decided to focus on fresh security challenges better suited to an emerging Web services world. June 5, 3:00 a.m. PDT InfoWorld CTO 25 The top technology slot in the enterprise has changed. Once, forward-looking CTOs and CIOs scanned the horizon for new technologies that would improve the lot of IT. Today, as many of this year’s top 25 CTOs can tell you, technology leaders must also focus on understanding the business goals of the enterprise -- and then craft technology strategies to meet those objectives. June 5, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT VMware alliance will promote virtual desktops See correction below April 24, 3:00 a.m. PDT Product previews Sonic Software revs enterprise service bus Sonic Software today announced Sonic ESB 7.0, an upgrade to the company’s SOA platform. It brings the Sonic Workbench to the Eclipse IDE; incorporates support for advanced Web services standards WS-Reliable Messaging, WS-Security, WS-Addressing, and WS-Policy; and introduces a lighter-weight approach to high availability through a new mode in the Continuous Availability Architecture, which the company says provides highly reliable and available brokered communications without the latency of persistent messaging. Sonic ESB 7.0 will be available in April. Sonic ESB 7.0, Sonic Software March 27, 3:00 a.m. PST Update: Group backs new identity manager tool IBM and Novell announced their support Monday for an open-source project aimed at giving users more control over how information such as passwords and financial details are shared across multiple Web sites. February 27, 10:00 a.m. PST CA's Project SOA tackles Web services security CA Inc. is readying new software designed to help secure and manage systems using Web services software. February 14, 8:15 a.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Reining in SOA Want to immerse yourself in tech minutiae? Ask a developer about his company’s SOA (service-oriented architecture) plans. After all, service-enabling application components and combining them to make new apps is a complex business. Yet according to Contributing Editor Phillip J. Windley, author of “Governing SOA”, the most critical piece of the SOA puzzle calls more on social than on technical expertise. January 23, 3:00 a.m. PST Governing SOA SOA (service-oriented architecture) promises enterprises endless advantages: increased code reuse, reduced integration expense, better security, and -- the big payoff -- greater business agility. Whether you achieve those benefits, however, probably has more to do with your policies and procedures than the quality of your code. January 19, 3:00 a.m. PST 2006 Technology of the Year Awards: The winners' list See correction at end of article January 2, 3:00 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST Identity specification gains speed, group says The Liberty Alliance Project, a consortium of companies and organizations that works on standards for federated identity, announced Monday that products from several major companies have passed recent interoperability tests using the specification it backs. November 21, 4:27 a.m. PST Sabre's customer-driven SOA How does a technology-driven company with massive performance and scalability requirements -- and incredibly varied customer and supplier bases -- transition to SOA? For Sabre Holdings, the answer was a lot of in-house development and a complex interweaving of the old and new. November 7, 3:00 a.m. PST British American Tobacco builds SOA one step at a time For British American Tobacco (BAT), SOA success came early. The challenge now lies in determining how quickly SOA should be scaled across the enterprise, and for which functions. November 7, 3:00 a.m. PST Making SOA work Implementing SOA (service-oriented architecture) is one of the most daunting projects that an enterprise IT organization can undertake. Service orientation represents a whole new way of thinking and doing, one that changes the way developers operate and interact with the business. November 7, 3:00 a.m. PST New processes for Thomson Prometric "The biggest challenge we've faced in creating an SOA has been identifying exactly what a service is," says Christopher Crowhurst, vice president and chief architect at Thomson Learning. "Understanding what the business is doing, converting that to a set of services, and working out how to expose those services in a granular, extensible way so that you're not constantly breaking consumers' interfaces -- we learned that many people just can't do it." November 7, 3:00 a.m. PST Identity management in action Think you’re ready to deploy IDM (identity management) in your organization? John Aisien, vice president of marketing at IDM vendor Thor Technologies, won’t kid you about the realities. October 7, 3:00 a.m. PDT Federation takes identity to the next level When clients of advertising giant Ogilvy & Mather want to collaborate on budgets or watch rough cuts of commercials, they’re likely to log on to the company’s network and do it online. The process speeds delivery and saves on travel costs, but it can also add a big security and regulatory burden. October 7, 3:00 a.m. PDT Sprint rationalizes its infrastructure with SOA As far back as four years ago, Sprint’s IT staff was already headed toward SOA (service-oriented architecture). They just didn’t know it yet. September 12, 4:00 a.m. PDT IT's seven dirty words Remember the George Carlin routine “The Seven Words You Can’t Say on Television”? (No, I’m not going to print them here; if you’re really curious, Google ’em.) I got to thinking the other day that IT has its own set of dirty words. Try saying any one of these in polite IT company, and someone will hand you a bar of soap to wash your mouth out. My filthy seven: August 15, 5:00 a.m. PDT Open source identity A complete identity management solution comprises a number of components. As such, it would be difficult for any single open source project to offer a plug-and-play identity management system. There are, however, a number of projects that offer components of such a system, particularly in the area of federation and SSO (single sign-on). August 8, 5:00 a.m. PDT That Aha! moment You gotta love Greg Raleigh’s attitude. The man who invented the technology behind the forthcoming 802.11n Wi-Fi standard insists that solving problems is easy. The real challenge, he says, is “deciding what problems are interesting to solve.” August 1, 5:00 a.m. PDT Sonic’s ESB takes new approach to fail-over If the SOA movement had an official flag, on that flag would be a diagram of an ESB (enterprise service bus) — an open and distributed integration platform that provides interfaces to a wide variety of systems and applications and ensures reliable messaging among them. And if you dotted the flag with the logos of leading SOA vendors, Sonic Software’s would surely have to stand out from the rest. August 1, 5:00 a.m. PDT Enterprise service buses hit the road See correction at end of article July 22, 5:00 a.m. PDT Starwood nears end of SOA revamp Every major enterprise applications vendor has hopped on the SOA (services-oriented architecture) bandwagon and extolled the virtues of using standards-compliant software to expose business processes as Web services, reducing the pain of integrating heterogeneous systems. But for customers, implementing an SOA environment in their own data centers can be a complex and lengthy process. One chief technology officer nearing the end of a five-year SOA project says the results, though a long time coming, are worth it. July 20, 10:40 a.m. PDT Apache faces Web services security spec roadblock Apache officials hope to iron out licensing issues with Microsoft and IBM pertaining to the WS-Security specification, so that Apache can add the technology to its open source Axis SOAP stack. July 8, 4:05 p.m. PDT Cisco buys app accelerator Cisco plans to acquire privately held FineGround Networks, a Campbell, Calif., maker of bandwidth optimization appliances, for $70 million. May 27, 5:37 a.m. PDT IBM rolls out security apps for SMBs Hoping to address the two most pressing concerns among SMBs, namely security and compliance, IBM on Tuesday is rolling out a series of bundled solutions and managed services offerings to be part of its Express line of offerings. May 10, 5:00 a.m. PDT Astaro rolls out new spyware Astaro on Tuesday released an improved version of its Linux-based security package that now includes gateway-based spyware protection against malware and the ability to block and removed infected software already on a system. March 8, 4:00 a.m. PST Patrick Grady's calculated debut How did Patrick Grady manage to build his service when others have failed? How did he draw in big-name customers? In addition to his forceful personality, 10 years in high-tech venture capital gave him extraordinary access. In the early development phase, for example, senior technologists from Ariba, BEA, BellSouth, CommerceOne, Genesys Labs, Palm, and Sun got together once a week to advise him on architecture. That lends some credibility to Grady’s claim that his platform will become “the global de facto standard for how you describe and discover and deliver and transact for services.” February 28, 6:00 a.m. PST Liberty Alliance adds SAML 2.0 support The Liberty Alliance on Friday made available a draft release of ID-WSF 2.0, its set of specifications for identity verification for Web services. February 14, 4:35 a.m. PST On-demand apps demand a richer browser Can the browser meet the demands of on-demand? On-demand apps are by definition Web apps. That won’t come as a shock to enterprises because most of the latest internally deployed enterprise apps — besides a few client/server holdouts — already rely on the browser to deliver user experience. November 26, 3:00 p.m. PST Microsoft scales back Passport ambitions Microsoft is recasting ambitions for its .Net Passport identification system, saying the service now will be limited to its own online offerings and those of close partners. Microsoft no longer sees Passport as a single sign-on system for the Web at large, a spokeswoman said. October 20, 3:41 p.m. PDT Product Previews Netegrity Strengthens Identity for Web Services Netegrity has released TransactionMinder 6.0, the latest edition of its policy-based identity access management system that extends Netegrity's secure single-sign on, delegated administration, and federated identity and session management capabilities to include Web services and SOAs (service-oriented architectures). The new version offers full support for the WS-Security 1.0 standard out of the box, including XML encryption within the WS-Security framework and support for WS-Security authentication based on SAML (Security Assertion Markup Language) tokens. The product features a proxy mode, which lets TransactionMinder secure Web services running on application servers such as IBM WebSphere and BEA Weblogic. Additionally, XML agents can be deployed on Web servers such as Microsoft IIS or Apache. TransactionMinder is priced at $40,000 per CPU. TransactionMinder 6.0, Netegrity September 24, 3:00 p.m. PDT The five missing pieces of SOA The high concept of SOA (service-oriented architecture) continues to enthrall IT. Yet SOA’s promise of universal application integration is vague at best, confounding anyone who takes a closer look. Such scrutiny reveals major gaps -- in reliability, security, orchestration, legacy support, and semantics. September 10, 3:00 p.m. PDT Forum XWall provides powerful protection for Web services Safeguarding Web services is a lot like protecting your Web-based applications from attack. The current crop of application-layer security solutions can look for malformed Web traffic, URL tampering, and the like, but it does not look deep into SOAP messages or scrub XML for malicious content, thus leaving Web services exposed. September 3, 3:00 p.m. PDT Liberty Alliance preps technology demo The Liberty Alliance trade group announced several new members Monday, including Oracle Corp. and Sharp Laboratories of America Inc. The 3-year-old organization now boasts more than 150 members, with some of the IT industry's top vendors signing on for full participation in recent months, including Intel Corp. and Computer Associates International Inc. July 19, 12:12 p.m. PDT HailStorm was before its time Next time you're filling out a registration form on the Web, try this experiment. Enter only your last name and ZIP code (let's assume you're a U.S. resident), then click Submit. The form's handler will complain about a bunch of missing fields, including address, city, state, country, and phone number. Now visit Google and type a query based on this construction: phonebook: LastName,ZipCode. July 16, 3:00 p.m. PDT Interview: Symantec's John Thompson talks about big picture security In his first five years at the helm of Symantec, CEO and Chairman John W. Thompson has steered the company through a couple of major transformations including shifting its focus from selling consumer software to enterprise-class security software. What's more, he and his team did so at a time when almost every major software company was limping through the dot-com bubble burst and subsequent economic downturn. Under Thompson's charge Symantec doubled its revenues to over $1 billion. June 16, 7:00 a.m. PDT TechEd drills into IT challenges Microsoft trained its focus on concrete challenges facing IT at its TechEd 2004 conference last week, rolling out products designed to enhance security, productivity, and integration. May 28, 3:00 p.m. PDT Vendors team on WS-Federation standard Microsoft Corp., IBM Corp. and five companies that make identity management software are teaming to support the Web Services (WS) architecture and WS-Federation standard for sharing user identities across corporate extranets and the Internet, they announced Tuesday. May 25, 10:16 a.m. PDT Feds jump online integration hurdles Can services-oriented architectures help government agencies provide better self-service? In the race to provide online government self-service, integration is one of the biggest roadblocks. Most governments are heavily invested in custom legacy applications. Linking Web-based self-service applications to those systems is difficult for any organization, but for government agencies, the problem is compounded. May 14, 3:00 p.m. PDT Miami’s self-service push is ‘never-ending’ There’s no huge secret behind one of the most innovative government self-service portals, miamidade.gov. “A lot of analysis and homework,” says Miami-Dade County Senior Web Developer and County Webmaster Assia Alexandrova, referring to the ongoing effort to bring county services online in an integrated, easy-to-use fashion. “It’s still not enough,” she says. “It’s never-ending.” May 14, 3:00 p.m. PDT WS-Security receives official blessing from OASIS Web Services Security 1.0, the foundation specification for creating a security infrastructure around Web services, officially became a standard Monday, paving the way for corporate adoption. April 20, 6:15 a.m. PDT Proxy power My e-mail client pulls messages through a local proxy that checks RBLs (real-time blackhole lists) and tags offending messages with a special header. In Web services lingo we’d call that proxy a policy-driven intermediary. The protocol that’s intermediated, in this case, is POP3. The policy, set by me, is to check one or more RBLs. Because the proxy lives in the protocol layer, it works with any POP3 client and any POP3 server. April 16, 3:00 p.m. PDT OASIS approves WS-Security Web services spec WS-Security, a widely supported proposal for securing Web services, has been accepted by the Organization for the Advancement of Structured Information Standards (OASIS) as an official standard. April 8, 1:09 p.m. PDT A cautionary security tale Talk to any CTO or IT manager about his or her top day-to-day concerns, and security is sure to be at the top of the list. When I come into work each morning, I am never surprised to hear of a new worm, virus, Trojan horse, or phisher scam. March 26, 3:00 p.m. PST Web services, ID theft create new markets for RSA HANOVER, GERMANY -- RSA Security Inc. is looking into new technologies to secure Web services and protect consumers from identity theft, according to company president and chief executive officer (CEO) Arthur W. Coviello. March 19, 5:09 a.m. PST Application firewalls add Web services Web application firewalls are evolving to support XML- and Web services-based applications, and vendors Teros and NetContinuum are both driving upcoming product releases in that direction. March 8, 6:00 a.m. PST Novell touts services-oriented apps development Novell on Jan. 21 will ship its exteNd 5 suite for development of service-oriented Web applications, featuring boosts in security, productivity and Linux platform support. January 16, 5:00 a.m. PST SPI Dynamics untangles Web app security with remote assessment tool With the increased use of Web applications, businesses have had to peel back a layer in their perimeter defenses and give public network traffic access to internal applications. The result is a rise in network security problems, and an increase in the need to audit and thoroughly check publicly facing code for potential security vulnerabilities. Unfortunately, security expertise is in short supply. July 18, 3:00 p.m. PDT > Security > Web services |
|
|
||||||||||||||||||
