Welcome!

If everyone is thinking the same, someone isn't thinking

Lori MacVittie

Subscribe to Lori MacVittie: eMailAlertsEmail Alerts
Get Lori MacVittie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Lori MacVittie

One of the unintended consequences of cloud is the operational inconsistency it introduces. That inconsistency is introduced because cloud commoditizes the infrastructure we're used to having control over and visibility into. everything from the core network to the application services upon which business and operations relies to ensure performance, availability and security are often times obscured behind simplified services whose policies and configurations cannot be reconciled with those we maintain on-premise. You do not provision resources or deploy apps the same way in the cloud as you do in the data center. In fact, it's unlikely you'll provision resources or deploy apps the same way in cloud A as you do in cloud B. And even if you implement a private cloud, the way you provision resources and deploys apps will almost certainly be different than how you do it ... (more)

Knowing Is Half the Battle

There’s a difference between automation and orchestration, and knowing which one you’re really doing is half the battle in achieving a truly dynamic data center. Randy Heffner on CIO.Com wrote an excellent article on SOA and its value, “SOA: Think Business Transformation, Not Code Reuse.” The problem I had with the article was not in any way related to its advice, conclusions, or suggestions. The problem I had was that I kept thinking about how perfectly much of his article could be applied to data center orchestration, operational transformation, and automation. Simply replace ... (more)

Turning the Pushdo Bot into the Push-oh-no-you-don’t Bot

Options to put a stop to the latest mutation of the Pushdo trojan The Pushdo bot is a malevolent little beast that is nothing new to Infosec professionals. What might be new, however, is that it recently changed its code and now creates junk SSL connections. Lots of them. I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses. No you didn't read that wrong that is millions of hits and hundreds of thousands of IP addresses. This might be a big deal if you're used to only getting a few hundred o... (more)

Mashable Sees Double Rainbows as Google Goes Gaga for OAuth

Enterprise developers and architects beware: OAuth is not the double rainbow it is made out to be. It can be a foundational technology for your applications, but only if you’re aware of the risks. OAuth has been silently growing as the favored mechanism for cross-site authentication in the Web 2.0 world. The ability to leverage a single set of credentials across a variety of sites reduces the number of username/password combinations a user must remember. It also inherently provides for a granular authorization scheme. Google’s announcement that it now offers OAuth support for Go... (more)

Authorization Is the New Black for Infosec

Authentication is not enough. Authorization is a must for all integrated services – whether infrastructure components, applications, or management frameworks. If you’ve gone through the process of allowing an application access to Twitter or Facebook then you’ve probably seen OAuth in action. Last week a mini-storm was a brewing over such implementations, primarily regarding the “overly-broad permission structure” implemented by Twitter. Currently Twitter application developers are given 2 choices when registering their apps – they can either request “read-only access” or “read ... (more)