Neil MacDonald

A member of the Gartner Blog Network

Archives for March, 2010


Microsoft’s MIX Conference: Secure Development

by Neil MacDonald  |  March 26, 2010  |  1 Comment

Microsoft recently held its 2010 MIX conference for web developers in the US. As expected, there was a significant focus on Silverlight, the Windows Phone platform and IE9. An unexpected and welcome surprise was the number of sessions designed to get developers thinking about security and privacy in their applications. Check this out (the sessions […]

1 Comment »

Category: Application Security     Tags: , ,

Cloud Security and VPNs

by Neil MacDonald  |  March 25, 2010  |  4 Comments

I remember when Microsoft first introduced PPTP virtual private network technology and sparked a debate about whether or not the Internet could be securely used for remote access. Nowadays, we take VPNs for granted. If you think about it, with VPNs we’ve given up control of the pipe (the Internet), but it doesn’t mean we […]

4 Comments »

Category: Cloud Next-generation Security Infrastructure     Tags: ,

Another Hypervisor Hack

by Neil MacDonald  |  March 14, 2010  |  1 Comment

Stuck at the airport after two consecutive JetBlue flight cancellations (and hoping the third isn’t cancelled as well), I ran across this recent article on a publicly documented and confirmed hypervisor attack – this time on the hypervisor used in the Sony PS3 (in this cases using a hardware-based timing attack). A different exploit (not […]

1 Comment »

Category: Next-generation Data Center Virtualization Security     Tags: ,

Intelligent Hybrid Security is the Future

by Neil MacDonald  |  March 12, 2010  |  Comments Off

I blog quite a bit about virtualization and security. To address the security issues with datacenter virtualization, a large number of smaller, point solution vendors of virtualized security controls have appeared. This helps address the immediate issues (because the larger security vendors have been struggling with the potential disruption in embracing virtualization), but isn’t necessarily […]

Comments Off

Category: Cloud Next-generation Data Center Next-generation Security Infrastructure Virtualization Security     Tags: , , , ,

Another Zero-Day Attack on Internet Explorer: Time to Switch Browsers?

by Neil MacDonald  |  March 10, 2010  |  Comments Off

After yesterday’s patch Tuesday release, Microsoft also released this security bulletin affecting IE6 and IE7 (but not IE8). Similar zero day attacks on IE6 made headlines earlier this year when Google and other organizations were attacked and intellectual property stolen. With this latest zero-day, Microsoft reports that targeted attacks have been observed in the wild. […]

Comments Off

Category: Application Security Endpoint Protection Platform Information Security Microsoft Security     Tags: , , ,

MS10-015 is Back and Raises an Interesting Dilemma

by Neil MacDonald  |  March 9, 2010  |  Comments Off

I thought MS10-015 would be interesting. Microsoft had to stop distributing the patch because machines that were infected with a specific rootkit were blue-screening after application of the patch. Microsoft resumed distribution of the patch last week (2 March 2010). Now, the patch process looks to see if your machine is infected before applying the […]

Comments Off

Category: Endpoint Protection Platform Information Security Microsoft Security     Tags: , ,

Key Takeaways from RSA

by Neil MacDonald  |  March 8, 2010  |  Comments Off

I’m back and recovered from a hectic week at RSA. I had the chance to exchange ideas with a number of attendees and attend a few sessions as well as meet with several clients. Here are my key takeaways from the week. What was “hot”? No doubt, discussions of the Cloud and security dominated the […]

Comments Off

Category: Cloud Information Security Virtualization Security     Tags: , , , , ,

Getting Ready for the RSA Conference

by Neil MacDonald  |  March 1, 2010  |  Comments Off

As we kick off the US-based RSA security conference here in San Francisco, I will be sharing my thoughts and observations of the conference. Based on discussions with clients in advance of the conference, here’s what I expect to hear a lot about this week (and where vendors are really pressing to get you to […]

Comments Off

Category: Application Security Information Security Virtualization Security     Tags: , , ,