Gartner Blog Network

Showing results for "0":

Gartner Security Conference Reflections

by John Pescatore  |  June 29, 2011

The calm before the storm – Gartner Security Symposium 2011 before the opening. Last week was a busy week at the 17th annual Gartner Security Symposium, my 12th with Gartner, and my 14th overall. At the conference several attendees asked if I was going to resume blogging and I said I would give it a […]

Read more »

Twelve Word Tuesday: Using the Cloud to Attack the Cloud

by John Pescatore  |  May 17, 2011

Most cost-effective attack launch platform: Amazon Free Tier EC2 or homegrown botnet? Bloomberg reports Amazon EC2 used in Sony Playstation Network attack.

Read more »

Twelve Word Tuesday: Seventeen Years of Browser Cookie Tracking Drives Need for Do Not Track Features

by John Pescatore  |  May 10, 2011

The real Y2K disaster: RFC2965 kills RFC2109 and Internet user privacy implodes.

Read more »

Twelve Word Tuesday: Are You Building Your Web Site Below the 10 Year Hacking Line?

by John Pescatore  |  May 3, 2011

Using cloud without verifying security: building headquarters lower than the tsunami markers. International Herald Tribune: “Ancestral Markers Warned Japanese of Tsunamis“

Read more »

Some Things About Security Are Global, Many Are Not

by John Pescatore  |  May 2, 2011

Two weeks ago I traveled to Tokyo and spoke at Gartner’s Information Security and Risk Summit.  We surveyed the 300 attendees after the earthquake/tsunami/nuclear power plant disasters and they still wanted to attend the conference, so we were glad to hold it. (Gartner also had a Data Center conference last week in Tokyo, as well.) […]

Read more »

Lawrence Orans Guest Post: DNSSEC – Still Flying Under the Radar

by John Pescatore  |  April 1, 2011

Today we have a guest post from Gartner analyst Lawrence Orans: Yesterday, Verisign announced that the .com domain now supports DNS Security Extensions.  This development paves the way for the 90 million domains within .com to adopt DNSSEC and extend the chain of trust.  DNSSEC should be appealing to any organization that cannot afford to […]

Read more »

Twelve Word Tuesday: Whatever Happened to Oracle and “Unbreakable”?

by John Pescatore  |  March 29, 2011

MySQL.com hacked by SQL injection is like cash injection compromising an ATM. MySQL website falls victim to SQL injection attack

Read more »

SSL: Panacea, Plague or Eyewash?

by John Pescatore  |  March 25, 2011

Back in early 2007, after the CA Browser Forum introduced Extended Validation Certificates, Vic Wheatman, Avivah Litan, Greg Young and I wrote a Gartner Research Note “Extended Validation SSL Certificates: A Big Step Forward, but More Progress Is Needed.” In that note we said: The success of phishing attacks has generated demand to make SSL […]

Read more »

Twelve Word Tuesday: Adobe Flash is to 2010 as Microsoft IIS Was to 2001

by John Pescatore  |  March 15, 2011

When automobile tires or software are > 50% patches, time to replace. Yet more attacks in the wild exploiting yet more Adobe Flash vulnerabilities.

Read more »

Should We Look Gift Cookies In The Mouth?

by John Pescatore  |  March 14, 2011

In about two months, the European e-Privacy Directive on Web cookies will take effect, essentially requiring explicit consent from European users before any form of tracking is done via cookies. The upside of this is, of course, an increase in privacy for web surfers. Opponents, however, are claiming major negative impacts: Without persistent cookies, your […]

Read more »