I hang with F5 Systems Engineer Joe Hermes for a cool demo showing the Username Persistence solution, which allows users to continue their VMware View session across devices. Pretty cool stuff, perfect for BYOD and an F5 exclusive. Apologies for my arm being in the way at times. 
ps
Related:
Technorati Tags: F5, vmworld, integration, Pete Silva, security, business, education, byod, application delivery, cloud, virtualization, vmware
| Connect with Peter: | Connect with F5: |
![o_linkedin[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png "o_linkedin[1]"){kind=small} ![o_rss[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png "o_rss[1]"){kind=small} ![o_facebook[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png "o_facebook[1]"){kind=small} ![o_twitter[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png "o_twitter[1]"){kind=small} | ![o_slideshare[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png "o_slideshare[1]"){kind=small} ![o_youtube[1]](https://devcentral.f5.com/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png "o_youtube[1]"){kind=small} |
I meet with Frank Strobel, F5 Business Development Manager about F5’s participation in the VMware Ready Program. We discuss the deep integration between F5 and VMware solutions. Dateline: Moscone Center - San Francisco.
ps
Related:
Technorati Tags: F5, vmworld, integration, Pete Silva, security, business, education, technology, application delivery, cloud, virtualization, vmware
| Connect with Peter: | Connect with F5: |
| | |
| Connect with Peter: | Connect with F5: |
| | |
With the promise of self-driving cars just around the corner of the next decade and with researchers already able to remotely apply the brakes and listen to conversations, a new security threat vector is emerging. Computers in cars have been around for a while and today with as many as 50 microprocessors, it controls engine emissions, fuel injectors, spark plugs, anti-lock brakes, cruise control, idle speed, air bags and more recently, navigation systems, satellite radio, climate control, keyless entry, and much more.
In 2010, a former employee of Texas Auto Center hacked into the dealer’s computer system and remotely activated the vehicle-immobilization system which engaged the horn and disabled the ignition system of around 100 cars. In many cases, the only way to stop the horns (going off in the middle of the night) was to disconnect the battery. Initially, the organization dismissed it as a mechanical failure but when they started getting calls from customers, they knew something was wrong. This particular web based system was used to get the attention of those who were late on payments but obviously, it was used for something completely different. After a quick investigation, police were able to arrest the man and charge him with unauthorized use of a computer system.
University of California - San Diego researchers, in 2011, published a report (pdf) identifying numerous attack vectors like CD radios, Bluetooth (we already knew that) and cellular radio as potential targets. In addition, there are concerns that, in theory, a malicious individual could disable the vehicle or re-route GPS signals putting transportation (fleet, delivery, rental, law enforcement) employees and customers at risk. Many of these electronic control units (ECUs) can connect to each other and the internet and so they are vulnerable to the same internet dangers like malware, trojans and even DoS attacks. Those with physical access to your vehicle like mechanics, valets or others can access the On-Board Diagnostic System (OBD-II) usually located right under the dash. Plug in, and upload your favorite car virus. Tests have shown that if you can infect the diagnostics tools at a dealership, when cars were connected to the system, they were also infected. Once infected, the car would contact the researcher’s servers asking for more instructions. At that point, they could activate the brakes, disable the car and even listen to conversations in the car. Imagine driving down a highway, hearing a voice over the speakers and then someone remotely explodes your airbags. They’ve also been able to insert a CD with a malicious file to compromise a radio vulnerability.
Most experts agree that right now, it is not something to overly worry about since many of the previously compromised systems are after-market equipment, it takes a lot of time/money and car manufactures are already looking into protection mechanisms. But as I’m thinking about current trends like BYOD, it is not far fetched to imagine a time when your car is VPN’d to the corporate network and you are able to access sensitive info right from the navigation/entertainment/climate control/etc screen. Many new cars today have USB ports that recognize your mobile device as an AUX and allow you to talk, play music and other mobile activities right through the car’s system. I’m sure within the next 5 years (or sooner), someone will distribute a malicious mobile app that will infect the vehicle as soon as you connect the USB.
Suddenly, buying that ‘84 rust bucket of a Corvette that my neighbor is selling doesn’t seem like that bad of an idea even with all the C4 issues.
ps
Related:
Technorati Tags: F5, integration, cloud computing, Pete Silva, security, business, education, technology, television, threats,appliances, context-aware, set top devices, web, internet, cybercrime, security, entertainment, identity theft, scam, email, data breach
| Connect with Peter: | Connect with F5: |
| | |
Ever since cloud computing burst onto the technology scene a few short years ago, Security has always been a top concern. It was cited as the biggest hurdle in many surveys over the years and in 2010, I covered a lot of those in my CloudFucius blog series. A recent InformationWeek 2012 Cloud Security and Risk Survey says that 27% of respondents have no plans to use public cloud services while 48% of those respondents say their primary reason for not doing so is related to security - fears of leaks of customer and proprietary data. Certainly, a lot has been done to bolster cloud security, reduce the perceived risks associated with cloud deployments and even with security concerns, organizations are moving to the cloud for business reasons.
A new survey from Everest Group and Cloud Connect, finds cloud adoption is widespread. The majority of the 346 executive respondents, 57%, say they are already using Software as a Service (SaaS) applications, with another 38% adopting Platform as a Service (PaaS) solutions. The most common applications already in the cloud or in the process of being migrated to the cloud include application development/test environments (54%), disaster recovery and storage (45%), email/collaboration (41%), and business intelligence/analytics (35%). Also, the survey found that cloud buyers say the two top benefits they anticipate the most is a more flexible infrastructure capacity and reduced time for provisioning and 61% say they are already meeting their goals for achieving more flexibility in their infrastructures.
There’s an interesting article by Dino Londis on InformationWeek.com called How Consumerization is Lowering Security Standards where he talks about how Mob Rule or the a democratization of technology where employees can pick the best products and services from the market is potentially downgrading security in favor of convenience. We all may forgo privacy and security in the name of convenience – just look at loyalty rewards cards. You’d never give up so much personal info to a stranger yet when a store offers 5% discount and targeted coupons, we just might spill our info. He also includes a list of some of the larger cloud breaches so far in 2012.
Also this week, the Cloud Security Alliance (CSA) announced more details of its Open Certification Framework, and its partnership with BSI (British Standards Institution). The BSI partnership ensures the Open Certification Framework is in line with international standards. The CSA Open Certification Framework is an industry push that offers cloud providers a trusted global certification scheme. This flexible three-stage scheme will be created in line with the CSA's security guidance and control objectives. The Open Certification Framework is composed of three levels, each one providing an incremental level of trust and transparency to the operations of cloud service providers and a higher level of assurance to the cloud consumer. Additional details can be found at: http://cloudsecurityalliance.org/research/ocf/
Clearly the cloud has come a long way since we were all trying to define it a couple years ago yet, also clearly, there is still much to be accomplished. It is imperative that organizations take the time to understand their provider’s security controls and make sure that they protect your data as good or better as you do. Also, stop by Booth 1101 at VMworld next week to learn how F5 can help with Cloud deployments.
ps
Related:
Technorati Tags: F5, federal government, integration, cloud computing, Pete Silva, security, business, fedramp, technology, nist,cloud, compliance, regulations, csa,internet
| Connect with Peter: | Connect with F5: |
| | |
Imagine getting a $20 parking ticket and then filing suit against the issuing municipality for exposing too much personal information on that ticket. That’s exactly what Jason Senne did after receiving a $20 parking ticket in 2010 for illegally parking his car overnight in the Chicago ‘burb of Palatine, Ill. His name, address, driver's license number, date of birth, height and weight all appeared on the ticket, which was placed on his windshield in full public view. Senne's complaint alleged that disclosure of his identity was in violation of the Driver’s Privacy Protection Act of 1994 (DPPA). DPPA requires that all states protect a driver's name, address, phone number, Social Security number, driver identification number, photograph, height, weight, gender, age, and specific medical or disability information. Congress passed the privacy legislation in response to the death of actress Rebecca Schaeffer. She was killed by a stalker who had gotten her unlisted home address through the California DMV. In Senne’s case, initially a federal judge found that an exception for law enforcement protected the village's actions, and a 3-judge panel of the 7th Circuit affirmed that last year. Senne pushed and the full federal appeals court agreed to rehear the case. Last week, the full federal appeals court decided Monday that ‘the parking ticket at issue here did constitute a disclosure regulated by the DPPA.’
In a 7-4 ruling, the appeals court said that it didn’t matter if someone walking by happened to notice the personal info – just the fact that it was exposed in such a public manner was enough. The earlier district court decision, in favor of Palatine Village, was based on the notion that a ‘disclosure’ was when an entity turned over information to someone else without consent and was not considered disclosure. In this case, there was no direct handoff, just the ticket flapping on the windshield/wiper blade in plain sight. In the overturned ruling, the divided court felt that there was real risk, safety and security concerns at stake. A stalker looking for a target could just hang out where overnight parking is banned and collect a bunch of potential victim’s info for future harassment. The recent court’s interpretation of the law might also expose Palatine to a hefty $80 million fine. Since there is a 4 year statute of limitations on private lawsuits and each privacy violation carries a $2500 penalty, all those tickets issued during that time frame with the protected info could be in play.
It’s an interesting case about privacy and how others, without malicious intent, may expose personal, sensitive details about an individual. While identity theft due to electronic means, like data breaches, is on the rise, stolen wallets or physical documents (dumpster diving) still account for a good percentage of ID theft crimes. Back in 2009, a Javelin study indicated that stolen wallets and physical documents accounts for 43% of all identity theft (pdf) which means we still need to shred our printed materials.
ps
References:
Technorati Tags: F5, smartphone, integration, byod, Pete Silva, security, business, education, technology, application delivery,ipad,mobile device, context-aware,android, iPhone, web, internet, security
| Connect with Peter: | Connect with F5: |
| | |
I chat with Joe Pruitt, Sr. Strategic Architect for F5's DevCentral Community. We have a great conversation about DevCentral, it's history, it's purpose and all the cool stuff, like iRules, forums and blogs, that you can find on DevCentral.
ps
Resources:
Technorati Tags: F5, big-ip, agility summit, cloud computing, Pete Silva, security, new york, times square, partners, network firewall,internet,dnssec, big-ip, irules, analytics, devcentral, video
| Connect with Peter: | Connect with F5: |
| | |
