Security Pie

The folks at consumerwatchdog.org are doing a very important job, keeping vendors honest and consumers alerts. The following video highlights some of the privacy issues with Chrome. I agree that Google should have warned Chrome users. I am sure that they will. Yet, I will continue to use Chrome (since I have nothing to hide). If I need to keep my privacy, I’ll use another tool.

Contrust, which I honored me as advisor, was selected as a finalist in LeWeb ‘08 startup competition. 

Here’s a short description of the company: 

ConTrust takes the Pain out of “User Generated Content” (UGC) moderation, Enables you to focus and monetize only on the content you can trust. 

As the social media market will bloom and reach a ~20 billion market cap by 2013, social media moderation will play a key role in its growth and monetization models; Companies will spend time and money to leverage the real value of UGC, whilst dealing with threatening, inappropriate and offensive contributed content on their platforms, thus try to create a trustworthy environment for their customers, partners and advertisers. 

Congratulations for getting selected, now it’s time to win!

Cisco is #1 in appliance sales

Network World published an interesting story about Cisco’s attempts to keep the number 1 spot in sales of network security gear. (note that I emphasise the words sales).

The article includes several security pies, the kind I like. it also include an analysis of best of breed versus good enough sales.

In my opinion the article is missing one important factors: The departure of Nokia from the network security appliance market.

Cisco is indeed the undisputed leader in sales for the security appliances market. It’s retired PIX firewall was all times best seller. People simply liked the way it worked. The more recent acquisition of IronPort gave it a powerful weapon in the e-mail security market and it also allows Cisco to claim some DLP capabilities. Cisco is also #1 in sales of IPS gear. Take a look at the left pie. While there’s a huge market share belongs to the “other” vendors, Cisco’s slice is bigger than the combined slices of Juniper, Check Point, Nokia and Microsoft!

The other pies show how Cisco rules the network security market (again, in sales).  While the article does not mention emerging market it focus on the main.

The Security Pie

Read the rest of this entry »

I guess that I’m writing this few months later than I should. As a Yahoo share holder I should have taken a more proactive approach. Unfortunately, I have this habit of buying stocks at their highest price just to watch them falling almost as fast as I’m falling during ski (I blame Assaf, he thought me how to ski .

As a service to the new CEO, here is an important lesson from Shpigler the Shark:

The below is a true story. Some of the names were changed to protect the innocent. Yes, there is a moral to this true story, but you’ll have to read all the way…

It was a typical day. Jose Arcadio was at his office in Los Gatos CA, probably planning the next perfect restaurant visit.  Consuela Martinez was (as always) at a random hotel. This time it was in Manila, the Philippines, just before bedtime. In Sunnyvale CA Porky Leibowitz was Blackberry-ing .

9:34 AM| Los Gatos CA|Jose: What the heck is wrong with Security Pie – It came up all jumbled.

1:46 AM+1 day | Manila, Philippines |Consuela: Looks fine to me. What exactly do you see, Jose?

9:48 AM |Sunnyvale CA|Porky : See how we see it here in the US: Chrome and FF (screen shoot added )

1:50 AM +1 day |Manila, Philippines |Consuela: Did anyone touch the style or the sidebar plugin recently?

10:51 AM |Sunnyvale CA|Porky : Not me…

10:52: AM |Los Gatos CA|Jose: Ok. So this morning it looked okay. But then I posted my post as a page (by mistake). I then reposted it as a post. It happened somewhere there. But I did not knowingly make any changes anywhere. Just wrote a blog item. But I can hear Silvester saying “did you touch it”? So it was probably me…

1:55 AM +1 day|Manila, Philippines|Consuela : Okay let’s backtrack. What is the sequence of operations that you did, precisely?

10:52: AM |Los Gatos CA|Jose: I think I did the following:

1. Clicked new page.

2. Wrote.

3. Clicked save and then post.

4. Couldn’t find it on front page.

5. Went back, looked around, found Hong Sin’s remark under moderation and allowed it, and then figured out it was a page and not post.

6. Copied the page to a post, named it the same and posted it. It posted corruptly.

7. Deleted the page (but not the post).

2:10 AM +1 day |  Manila, Philippines|Consuela: Okay fixed. The culprit was a <div class=”main”> tag that was somehow transferred with your post when you cut and pasted it. It isn’t visible in the “visual” view, only when you switch to “HTML” view. I suggest you style-edit your post, it contains this ugly link in the middle; I think you can have some text instead where the link is just the target.

What’s the moral?

There is always more one bug. There is always something that can go wrong and you can bet your pie that it would.  Paraphrasing Assaf, I have interest in PCI section 6.6 (don’t sue me).  As I wrote in another place, things will go wrong. The above example takes place every day in different places. Innocent mistakes that can go wrong. This time, nothing serious happened and our man in Manila was able to take care and fix the problem. Is your organization is as lucky as Securitypie ?

So yesterday we went for dinner at The French Laundry, an upscale restaurant located in Yountville in Napa valley. It is widely considered to be one of the best restaurants in the world, and definitively the best in the bay area. It was an exquisite dinner, with great company, good wine*, and excellent food.

And the most interesting dish just happened to be on the Vegetable Tasting menu. Very interesting indeed.

Hmmm. Delectable meal. Hmmm.

 It was a dish labelled: Chickpea “Croquette” – Sweet Peppers, English Cucumbers, Sesame Seed Yogurt and Eggplant Confit. Now Larousse Gastronomique defines a croquette as a “small savoury or sweet preparation…… Croquettes are shaped into corks, sticks, balls or rechtangles. They are usually coated with breadcrumbs, plunged into very hot oil and fried until they are crisp and golden…”.

So why is a Chickpea “Croquette” interesting to a group of Israelis eating at the French Laundry?

Read the rest of this entry »

In case that you were wondering, I said goodbye to the very cool and useful iPhone and I’m now using my old BlackBerry, which continues to serve me well. During the 4 weeks that I have used the iPhone I managed to type very fast, however I found it still inferior when it comes to sending emails. (Try to send iPhone emails while you are walking the dog or waiting in traffic on 101 South at the rush hour). Other than that, I only had issues with “spontaneous” calls that took place when I was placing the iPhone in my pocket without locking the device first. Unfortunately, my iPhone was calling home (3 times during a 5 day trip). Calling home at the middle of the day is nice, unless home’s time zone is PST and you are 10 hours ahead. To be honest, this problem is not unique to iPhone. Using BlackBerry, even when the keys are locked, I managed to call the emergency services (spontaneously of course) several times. The example below is clear (even though the picture was taken with an iPhone): 

BlackBerry, ready to call 911

Read the rest of this entry »

OK. So this blog is both not about security at all and all about security at the same time. That is like catching two stones with one bird.

My inbox today carried a fresh bit of news from CIO magazine. An opinion column by Eric Lundquist, labelled “We need a national CIO, not a CTO” stipulated that CIO are a better match for US national role than a CTO. To paraphrase Lundquist’s message, CIO’s are firmly planted in the business realities of the day, while CTO focus on technologies “looking for uses”. Reminds me of the old adage of “legs firmly planted” vs. “head in the clouds”.

I firmly disagree.

Read the rest of this entry »

Image found at http://www.global-report.com/drori/?l=he&a=342439

Proactive Security

2008 is almost over but still there are respectable and notable companies that act like security is non of their business. I find it very irritating that some companies that promote security as a product and company differentiators act in a non secure fashion.  Following the “no one want to see an obese promotes healthy food” analogy, I would expect companies nowadays to act in a secure fashion.  Most of the web sites will send you a thank you letter after registering at their web site, but as I discovered today, some will send you an email confirming your registration alongside your username and password in cleartext.

As a service for those who forgot, here’s how email privacy works:

How email works

And here’s the message that turned me mad (Identifiable elements deleted to protect the innocent):