Skip to main content

RSA Conference Europe 2005 - 2nd Day Morning

Second report from RSA Conference Europe 2005 in Vienna. This morning I attended the keynote sessions which were again opened by David Taylor. He praised the speech of Arthur Coviello - to which I do not agree. Then Jayshree Ullal of Cisco introduced their Self-defending networks idea. I was rather disappointed by the lack of actual vision. She also confused in one slide the time to fix a vulnerability with the time a vulnerability is exploited in large scale (with regards to sober and nimda). The methods how Cisco wants to defend networks seem very similar to the not very successful methods we use today. They do have some vision regarding management of policies and networks, but integrating this into one common platform will yet create another new risk. Some of the stuff Jayshree talked about were mere buzzwords without further meaning: "http or https based attacks" or "XML applications" - what is that supposed to mean? Any application using XML? The best part was the picture she draw regarding pacman gobbling up bad packets inside network devices like switches and routers. I was really hoping for better and especially more in-depth information on how the current issues can be tackled, but the vendors just continued to promote their solutions as the one to solve all issues once they're ready. The very same critique applies to Nico Popp from Verisign which announced a partnership with Ebay and Paypal to promote OTP tokens for authentication to these services. The next session was a panel discussion between different CIOs on supporting the CEO agenda. The common sense was to create awareness for Information Security and then come up with compelling plans to implement effective measures.

Comments

Post a Comment

Popular posts from this blog

Sony is evil

I just so agree with Todd: Bad Company of the Year Award! : The company that I am putting at the top of my list is a 4 letter word so foul, that it has been banned from my home. I have asked my wife who is Japanese to refrain from buying any of their products for the next 5 years. The Bad company of the year is no other than SONY… Sony is just a big no-buy company. My girlfriend knows why Sony is evil and we both will rather buy a more expensive or less appealing product from a competitor. " Sony is evil " has only 726 hits on Google, but this will increase. Edit: More about the damage Sony does: Artists revolt against DRM Portable stereo's creator got his due, eventually
Post a Comment
Read more

Why did Microsoft cripple Groove?

I'm currently trying to use Microsoft Groove 2007 as a collaboration tool to gather requirements. What I like about tools like Groove is: - You can open and edit an entry without having to start an additional application (like word, excel) - You can copy and paste pictures (screenshots) directly into an entry - You don't have to save and re-attach changed files - You can work offline - Groove works inside and outside of our network out-of-the-box - We have (as a Microsoft Gold Partner) 100 licenses available What I don't understand about the current offering is that a lot of tools available in the last version have been removed: The following tools and toolsets are no longer available for adding to new or existing workspaces : Contact Manager, Discussion, Document Review, Outliner , Task Manager, Text, Tic- Tac -Toe, Web Links, Welcome Page, Advanced Project Toolset , and Mobile Workspace for SharePoint . (Source: Microsoft Office Groove Help) There is also a large set
3 comments
Read more

Two factor authentication outdated?

According to the article below from The Register (quoting Bruce Schneier), two-factor authentication seems already be outdated. I believe, we should take a careful approach here: Two-factor authentication is certainly better than just user-id and password. Especially online banking in the US has been using just user-id/password and now they are paying the prize for this lax security measure. Stepping up to use onetime passwords (such as RSA SecurID or Aladin tokens) is a first step against sniffing out passwords. However, there is no such thing as complete security. But two-factor authentication is a first step. As every Information Security Officer nows, user awareness is key to increase security. By giving user a device, this awareness increases dramatically. Link to original article. New threats need new response Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, accord
1 comment
Read more