Defensio‘s blog spam web service aggressively and intelligently prevents comment and trackback spam from hitting your blog

There IS a limitation for a machine ability to analyze text and understand it. There are similar issues when humans (most of us) try to analyze political lingo.  Reading the Top 10 worst political speeches of all times, I thought that some of our spammer’s writers should be considering a career change. Take this post for example, it’s one of the “best” I have seen in a long time. I’m announcing it, STOD (Spam Of The Day):

To be honest, it seems that you completely seized the bona fide substance of the position circumferent. While many look to have escaped the important concept of it, when it was posited previous is unadulterated plus concise. I am not sounding out that I harmonise on all details; all the same, you managed to have minded me grounds to ponder numerous of the major premises that I reckoned that I guarded as unshakable opinions in that attentivenesses. said, and now for someone like myself to think a bit more on some of the major details. All together I would state it is clear that you have clearly stated what needed to be said.

A political writer must be woking with those guys…

Encryption != Security

I was reading “Enabling cloud Storage for the Enterprise” white paper from Emulex . First, I’d like to the compliment the unknown author. I’ve read (and wrote) many white papers. This document is among the best.

As always, I have some reservations about the Data Security arguments that were made.

First, the unknown authors claim that “When moving data outside of the data center, as is the case with public cloud storage, security concerns become a top priority” since “When data is kept within the confines of a data center, there are recognized methods for ensuring that it is kept safe”. While I totally agree that there are recognized methods to protect data inside the data center, I do not agree that placing data in the cloud is a top concern. In most cases the end user or even the organization that is placing the data in the cloud is unaware of its location and even if it does, security (unfortunately) is not a top priority. I’m saying that when we discuss security in the context of  ”the cloud” one should demand security. In the same way that business users are demanding secure systems today, they should demand it when “the cloud” is involved.

But there is a bigger problem with the security section of this document. A big problem. There is a logical flow with the main security assumption made in that section since the document assumes that IDA (Information Dispersal Algorithms) is good (“enough” ?) to be used as the method to secure the data.

I have an issue here since the white paper sets an agenda that encrypted data should be considered as secure, since ”To make use of the data in the cloud, a hacker or SSP employee would have to also gain access to a quorum of the data slices stored elsewhere” but we know – by way of living, that no encryption method is secure enough, as the problem is related to the application that will get hacked.

Indeed if the risk that Emulex writes about is related to employees stealing drives with data, then encryption might be good enough (depending upon encryption  management  and so many other factors).  But as we know, security issues are mostly related to the way that the application is accessing the data, which will not be encrypted since the application is required to access the data…  Just think about SQL injection and why it happens…

Bruce Schneier begins his book Secrets and Lies by saying “I have written this book partly to correct a mistake” that he made with his utopian vision of cryptography and algorithms keeping “your deepest secret safe”.  I will allow myself to paraphrase that when it comes to secure Cloud Storage ”Cryptography can’t do any of that”. I suggest that anyone that thinks that security=(only) cryptography will think again.

” … Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.”

BTW, IDA was developed by Michael Rabin that won the Turing Award in 1976 and the Israel Prize (in computer sciences) in 1995.

Image source: http://ulcercity.blogspot.com/

My friend Dean is inspired by military battle plans. Recently, he used some to explain competitive marketing tactics (sorry, you can’t get those secrets from me). I’m thinking that we shouldn’t stop there. Inspired by the way that Dean is recycling old battle plans (recycling and going green are still very trendy) I decide to find additional solutions.  Amazon’s “new” cloud platform is an ideal candidate.

It’s vulnerable, easy target and holds a lot of strategic value. Bring the Hawks

The Next Generation of Cloud Attack Prevention

Image source: http://www.aladad.org/HawkFiring.jpg

Seriously,