|By Navot Peled||
|August 18, 2009 07:30 AM EDT||
The repeated Twitter hacking exposes the complex and serious security issue on the web. Unfortunately for Twitter (Google Apps, Facebook, and others), the problems have unfolded in a public arena, forcing them respond quickly to calm users and resulting in a short term solution (that clearly has not been working!). What is unknown to many internet users is that the problem doesn't end with Twitter's band aid approach, nor is the intrusion limited to internet sites. The security issues don't start here - they start with the platforms and applications that don't enable software to be developed with the proper security. Fortunately for the software developers but unfortunately for the public, the greater problem has stayed out of the headlines of mainstream media outlets.
It's time to end the "if it ain't broke, don't fix it" attitude. It is broken, even if the public doesn't understand that! Any software technology that will be used by businesses or individuals, as well as by governments or militaries, must have proper security. The recent media attention about the Twitter hacking has generated a panic which is important because it will force the technological industry to start upholding the security standards that should have been in place long ago.
Everyone enjoyed the internet more when we weren't aware that we were being exposed and that our personal information was being compromised. But now that we have a real problem, let's talk about a real solution. There are 2 main issues that need to be addressed, and they both involve the dissemination of information.
First, internet users need to understand that they are vulnerable on the web; just because someone may be sitting in his or her own home doesn't mean that they are not on public display. It's like a one way mirror. You could dance around naked without realizing that a room full of people is watching you from the other side. Once you know it is a one way mirror, you may still choose to dance, but at least knowing you have an audience will allow you to make an informed decision about your behavior.
If the public chooses to use the same password on every site, use unsecure cloud applications, or visit sites that demand cookies, that is a chance they are taking, but at least they now know the potential threats and dangers, so that they could make an educated choice about their computer activities.
The second main issue is the responsibility of educating the public that there are secure technological options and they should utilize the applications and sites which hold by the highest standards. The public believes that technology is weak and penetrable because there is no alternative; unfortunately that is not true. Developers around the world are working around the clock to develop programs and applications that are fully secure, and they have been successful. Unfortunately, their success has been limited by companies like Twitter who simply refuse to use platforms that are adequately secure and which give a bad name to all developers. These irresponsible companies compromise on security at the expense of the public.
When there are physical dangers, we work to increase protection. Whether it is safe sex, safe driving, or safe health practices, the effort comes from both the top and the bottom - the public demands it, the government supports it, and industries comply. It's time for technology to have the same practices that other aspects of our lives do. Twitter has done a disservice for all of us by having low standards, while the hackers have done a great service is bringing the problems - and the solutions - to the public eye. Let's start rebuilding confidence in technology again.
|loresayer 08/17/09 06:45:53 PM EDT|
Kind of harsh on Twitter, aren't you? If some Russian hackers direct their bot-nets across the world in a DoS attack on your Web application, as they did against this one Georgian Twitter user, would any of us be able to withstand a torrent of requests from all over the Earth, from billions of PCs?
Twitter is built on simplicity, delivering 140 character messages, LOTS of them, to millions of users. So, it's not hardened like an army tank nor is that necessarily the right architecture for it to have.
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: S...
Oct. 26, 2014 04:00 AM EDT Reads: 2,734
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo, moderated by Ashar Baig, Research ...
Oct. 25, 2014 11:45 AM EDT Reads: 1,862
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, will focus on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud pla...
Oct. 25, 2014 10:00 AM EDT Reads: 1,743
StackIQ offers a comprehensive software suite that automates the deployment, provisioning, and management of Big Infrastructure. With StackIQ’s software, you can spin up fully configured big data clusters, quickly and consistently — from bare-metal up to the applications layer — and manage them efficiently. Our software’s modular architecture allows customers to integrate nearly any application with the StackIQ software stack.
Oct. 25, 2014 10:00 AM EDT Reads: 1,796
As Platform as a Service (PaaS) matures as a category, developers should have the ability to use the programming language of their choice to build applications and have access to a wide array of services. Bluemix is IBM's open cloud development platform that enables users to easily build cloud-based, creative mobile and web applications without having to spend large amounts of time and resources on configuring infrastructure and multiple software licenses. In this track, you will learn about the...
Oct. 25, 2014 08:00 AM EDT Reads: 1,820
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: ...
Oct. 24, 2014 09:30 PM EDT Reads: 1,469
Compute virtualization has been transformational, yet security policy implementation and enforcement has lagged behind in agility and automation. There are a number of key considerations when implementing policy in private and hybrid clouds. In his session at 15th Cloud Expo, Holland Barry, VP of Technology at Catbird, will discuss the impact of this new paradigm and what organizations can do today to safely move to software-defined network and compute architectures, including: How normal ope...
Oct. 24, 2014 07:00 PM EDT Reads: 1,555
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff hap...
Oct. 23, 2014 07:45 PM EDT Reads: 1,752
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accel...
Oct. 23, 2014 06:15 PM EDT Reads: 1,771
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customiz...
Oct. 23, 2014 05:45 PM EDT Reads: 1,663
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
Oct. 22, 2014 09:00 PM EDT Reads: 1,603
SYS-CON Events announced today that ElasticBox is holding a Hackathon at DevOps Summit, November 6 from 12 pm -4 pm at the Santa Clara Convention Center in Santa Clara, CA. You can enter as an individual or team of up to 10 developers. A New Star Is Born Every Month! All completed ElasticBoxes will then be sent to a judging panel - 12 winners will be featured on the ElasticBox website in 2015. All entrants will receive five full enterprise licenses for one year + ElasticBox headphones + Elasti...
Oct. 22, 2014 01:00 PM EDT Reads: 1,609
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT tranformation? In his session at 15th Cloud Expo, John Hatem, head of V...
Oct. 22, 2014 12:00 PM EDT Reads: 1,607
Cloud services are the newest tool in the arsenal of IT products in the market today. These cloud services integrate process and tools. In order to use these products effectively, organizations must have a good understanding of themselves and their business requirements. In his session at 15th Cloud Expo, Brian Lewis, Principal Architect at Verizon Cloud, will outline key areas of organizational focus, and how to formalize an actionable plan when migrating applications and internal services to...
Oct. 22, 2014 11:45 AM EDT Reads: 1,652
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, will discuss how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP ...
Oct. 22, 2014 07:00 AM EDT Reads: 1,764
Ixia develops amazing products so its customers can connect the world. Ixia helps its customers provide an always-on user experience through fast, secure delivery of dynamic connected technologies and services. Through actionable insights that accelerate and secure application and service delivery, Ixia's customers benefit from faster time to market, optimized application performance and higher-quality deployments.
Oct. 21, 2014 09:00 PM EDT Reads: 1,577
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals,...
Oct. 21, 2014 08:45 PM EDT Reads: 1,548
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue bu...
Oct. 21, 2014 06:00 PM EDT Reads: 1,641
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce t...
Oct. 21, 2014 05:15 PM EDT Reads: 1,743
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has dem...
Oct. 21, 2014 01:45 PM EDT Reads: 1,673