Category: Analysis

WHITELISTING: WHAT IS IT GOOD FOR? WELL, ACTUALLY QUITE A LOT, REALLY

In 2002, Defense Secretary Donald Rumsfeld gave a speech about a lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups. This speech was remarkable for one thing only, that being the inclusion of the phase “known knowns, unknown knowns, and unknown unknowns.” These concepts finally entered common parlance. True, those in the security arena, both physical and logical, already knew and understood the terms, but now laypeople did as well.

Let me explain myself. In the IT security world, people concern themselves with known knowns, known unknowns, and unknown unknowns all the time, and each area has its security tool of choice. For example, known knowns—worms, viruses, Trojans, and other malware and vulnerabilities we are aware of—are dealt with by firewalls, IPSes, IDSes, and antivirus software. The rules of firewalls and IDS and IPS products, coupled with the signatures of antivirus tools, deal with those issues that are known. For example, firewall rules allow only the traffic that is allowed to travel to navigate the network, and antivirus rules look for particular code patterns and vaccinate and protect against them. Known unknowns are dealt with by heuristic scanning and education. It is the altogether more difficult unknown unknowns that give IT security professionals sleepless nights.

Let’s see your Credentials. You’re OK, You’re on the whiteliest

Previously published on TVP Strategy (Virtualization Practice)

——- Read More ——

CHANGING THE GUARD: GOODBYE FLEX WEB CLIENT—HELLO HTML5, BABY

They’re changing the guard at Buckingham Palace. This is a major tourist attraction in London, and the changing of the guard happens every Monday, Wednesday, Friday, and Sunday, weather permitting. “Changing the guard” is also a well-known refrain used to signify the complete change of an environment. VMware is currently undergoing such a transformation with regard to its vSphere clients and the introduction of the HTML5 client.

Originally Published on TVP Strategy (the Virtualization Practice)

——– Read More ———–

What the Windows CCleaner did!

CCleaner, a program owned by Avast, is the center of a major security scare. Why should you be worried? Well, this product is used by millions of Windows users worldwide to run maintenance on their registry and file systems on their consumer Windows machines. The product has had over two billion downloads in its lifetime, and according to Avast, it gets downloaded over five million times a week. More worrying is that according to Avast’s own figures, the infected product was downloaded and installed on over 2.27 million devices. Avast has removed the infected download and replaced it with a non-affected version.

If you are a user of Avast CCleaner, it is imperative that you check your version and, if you are running version 5.33, upgrade your version immediately. The cloud version 1.07.3191 was also reported as being affected; this version too has been updated.

—– Read More —–

GDPR: What is it, and Why should I care?

GDPR is a new set of European regulations that, in a nutshell, set out to codify how a data holder should secure and protect any personal data that they hold. Further, it also codifies the rights of the individual regarding any data held about them. Of course, it being a European regulation, it is obviously a lot more detailed than that.

Firstly, it may be helpful to explain what the difference is between a European regulation and a European directive. Both are legally binding on member states. However, a directive leaves wiggle room for the member states to decide how the stated directive obligation is met, whereas with a regulation, the European Union (EU) dictates both the obligation and the method of fulfilling said obligation.

GDPR – The Clock is Ticking

—– Read More ——

Round One in Social Media and First Amendment Rights

I recently wrote an article about a potential class action court case being brought against the President of the United States by the Knight Foundation. In the article, I posited that public servants who use their private social media accounts to make work-related statements may run the risk of causing their accounts to become public domain, considered a government mouthpiece and subject to First Amendment protections. It seems that the first salvo has been fired with regard to legal matters concerning social media and the First Amendment to the US Constitution. In the recent case Brian C. Davison v. Loudoun County Board of Supervisors, et al, heard in the US District Court for the Eastern District of Virginia, it was held that a local politician had violated the free speech rights of a constituent whom she had banned from her Facebook page. The judge said the case raised important questions about constitutional restrictions that apply to the social media accounts of elected officials. It seems that US jurisprudence is moving in the directions I alluded to in my previous post.

—— Read More ——-

NotPetya: First Strike in a Cyperwar?

The law of international conflict is clear on when and how a state may invoke a state of armed conflict between sovereign nations. For example, in the US, the power to declare war is reserved for Congress, regardless of the President’s position as head of the US Armed Forces. It also dictates the reasons for which one nation may declare war on another. For example (and these are very limited), after the Second World War, the Allies, in an attempt to end the practice of armed conflict, created the United Nations. As one of the UN’s first acts, it invoked the United Nations Charter, which prohibits both the threat and the use of force in international conflicts. This has effectively made declaration of war a largely obsolete instrument in international relations. You may be wondering by this time what exactly I am blathering on about. I recently read an article in The Guardian, a UK media outlet, titled “NotPetya malware attacks could warrant retaliation, says Nato affiliated-researcher” [sic]. The title worried me, so I dove in and read the article.

—— Read More ——–

TWITTER AND THE RIGHT NOT TO BE BLOCKED

TWITTER AND THE RIGHT NOT TO BE BLOCKED

What follows in pure conjecture, and in no way constitutes legal opinion. It merely outlines one of many possible outcomes.

An article in the New York Post on June 6 reported on a potential legal case aiming to force President Trump to unblock users he has blocked from seeing or tweeting to his timeline, either directly or by replying. This raises an interesting legal conundrum. The President uses his personal Twitter account, @RealDonaldTrump, rather than the official @POTUS account that was created under President Obama’s tenure to handle presidential Twitter discourse.

Unintended Consequences
UNINTENDED CONSEQUENCES

———– Read More ————-

“NO THANKS, WE’RE TOO BUSY,” OR PAY BACK TECHNICAL DEBT?

“NO THANKS, WE’RE TOO BUSY,” OR PAY BACK TECHNICAL DEBT?

We have all heard this refrain. I bet many of you can even hear yourselves saying it. Over my many years in IT, I have often heard this from coworkers, bosses, and clients. I have even said it a few times myself. But what if we just stopped and listened? Who knows where that conversation could travel? Perhaps it could be the start of the next big thing. We now have a new term that relates to this message, and that term is “technical debt.”

No Thanks We’re too busy

———- Read More ———–

Privacy: it is such a personal thing, Part 1

This is the first in a series of articles that outline the legal position on an individual’s right to privacy with regard to personal data held across the world. There is an implicit assumption that every individual has the right to privacy. In fact, you could say it is a human right. This right to data privacy is being or has been codified into law across the globe. There is only one major exception in the free Western world, and that is the US, where there is no legally backed guarantee to data privacy. Yes, there is the common-law tort of invasion of privacy derived from English law and the 1974 Privacy Act. However, a guaranteed protection of data rights has never been codified into federal statute in the US, whereas more than eighty other countries and independent territories—including the EU; the UK; and the majority of Latin America, the Caribbean, Asia, and large parts of Africa—now have comprehensive data-protection laws.

—————— Read More ——————

Like Cloud and Virtualization, Serverless Computng is still someone Else’s Computer

Today, serverless is all the rage. In the beginning, we had the server. Then along came virtualization, and things were good. We saved money. We could purchase less tin but run more servers. We could easily see the benefits of moving in that direction: lower power requirements, less hardware needing cooling down in our computer rooms. This was an easy sell for engineers and salespeople alike. Techies loved the elegance, and the business types loved the financial savings. The messaging was easily understandable.

——————– Read More—————