John Pescatore

A week off always causes me to assume the merry-go-round will have slowed down while I was away, but noooooooo – I’ve spend the first 3 hours today just digging out from under email and administrivia. So, for today just some short comments on events that I didn’t delete as I shoveled email into the [...]

[Read more →]

From Merriam-Webster:

Main Entry: knack
Pronunciation: \ˈnak\
Function: noun
Etymology: Middle English knak
Date: 14th century

1 a : a clever trick or stratagem b : a clever way of doing something
2 : a special ready capacity that is hard to analyze or teach
3 archaic : an ingenious device; broadly : toy, knickknack
synonyms see gift

Back in 2003, Gartner started writing about “Scan and block“:
.

Enterprise systems are being infected by [...]

[Read more →]

I love the FTC. It is an independent agency founded way back in 1914. It seems like regardless of who is president or what the state of the economy is, the FTC stays focused on its mission of consumer protection. The FTC doesn’t seem to need new laws or more money, it just keeps fighting [...]

[Read more →]

It is just about time for high school seniors and returning college students to pack up and head off to college. Every year Beloit College puts out a “mindset list” that documents what they call the “cultural touchstones” of the incoming freshman class. It basically lays out what common experiences the current crop of 18 [...]

[Read more →]

Choose ISPs, search engines, browsers that block (or adequately differentiate) bad stuff.

[Read more →]

I’m participating this week in the National Cyber Leap Year Summit, run by The White House Office of Science and Technology Policy (OSTP) and the agencies of the Federal Networking and Information Technology Research and Development (NITRD) Program. Good concept, hard to execute on – but if no one charges the hill periodically, you [...]

[Read more →]

Two interesting security/privacy related news bits this week:

Researchers at UC Berkeley reported that Quancast, one of the biggest traffic measuring and online tracking firms, was using Flash cookies to track users even after the users had deleted browser cookies. Once outed, Quancast claimed to stop this practice.
Palm was outed for the Palm Pre secretly sending [...]

[Read more →]

I do a lot of calls with Gartner clients on the various aspects of protecting their corporate Internet-exposed web servers. Web server security is a tough problem – web servers are like the parking lots outside of sports stadiums. You basically have to let everyone in, let them tailgate (party) and have a good time [...]

[Read more →]

Avivah Litan and I just published a research note “Using Tokenization to Reduce PCI Compliance Requirements.” Tokenization does not replace encryption, but in many scenarios it can help reduce the number of places that card data (or any other type of sensitive data) is stored – which is invariably a good thing.
However, tokenization is just [...]

[Read more →]

I’m continually having conversations with Gartner clients along the line of “We are getting pressure to use cloud computing services, what are the security issues?”
As I mentioned here, 90% of the time it turns out the pressure is really to consume some application as a service, not really cloud computing. 9.9% of the remaining conversations [...]

[Read more →]