Thursday, October 27, 2011

Trend: nosql

Tuesday, October 25, 2011

What holds you from moving to the cloud?

The following list of concerns are from 2008. Has it changed in 2011 or still the same??

What is the top use of cloud computing?

Remote storage is the top use of cloud computing for small and medium businesses!


Reference: Source

Cost is the #1 barrier for cloud security

Cost is the #1 barrier affecting customer deployment of new security solution:


Reference: Source

Thursday, October 6, 2011

Secure programming tips - reduce attack surface

The attack surface in software refers to the code an unauthenticated user can run. (What can an unauthenticated (malicious/untrusted) user do without having access to the system?)

For web forms,
- ALWAYS validate user inputs
- ALWAYS use the least possible privileged access to the resources (if a database connection only requires read only user, make sure that the web forms are connected to the database through a read only database user that read only from a specific database.)
- NEVER show exceptions on the browser as they may reveal useful information to an attacker to look for different attack vectors.

For any code,
- ALWAYS implement whitelisting approach (i.e. always give access based on the credentials users have)
- WEAR the "untrusted user" hat when writing code
- ONLY use libraries that are known to be secure
- THINK about the attack surface from the first line of code

If it is a service interface,
- Have the bare minimum number of functions (this will reduce the number of entry points for an untrusted user) - if a function is not going to be used by any user, just remove it.

Wednesday, October 5, 2011

Smart Meters and Privacy

In case you haven't heard about smart meters, they are the next generation electric meters. Unlike the traditional electric meters, the provide two way communication. The goal of smart meters is to allow utility companies and consumers to better monitor the energy consumption and control electricity. Smart meters act as surveillance devices. Having such a surveillance device at your home could seriously invade your privacy though. It can be a security threat as well. Here are a couple of possible threats:
- It allows a third-party to see what equipments you are using, what time of the day, how long, how often, etc.
- An insurance company inferring what kind of medical problems you have based on the devices use and what time.
- A producer marketing products that go along with your equipments or suggest different equipments
- It gives information to a burglar to figure out a best time to break in. (Low consumption may be linked to empty house.)

The question is how much information utility companies need in order to better manage electricity while protecting the privacy? In other words, how can we balance the benefits of smart meters and the risks of using them?