Gartner Blog Network

Posts from Date:   2010-3

Microsoft’s MIX Conference: Secure Development

by Neil MacDonald  |  March 26, 2010

Microsoft recently held its 2010 MIX conference for web developers in the US. As expected, there was a significant focus on Silverlight, the Windows Phone platform and IE9. An unexpected and welcome surprise was the number of sessions designed to get developers thinking about security and privacy in their applications. Check this out (the sessions […]

Read more »

Cloud Security and VPNs

by Neil MacDonald  |  March 25, 2010

I remember when Microsoft first introduced PPTP virtual private network technology and sparked a debate about whether or not the Internet could be securely used for remote access. Nowadays, we take VPNs for granted. If you think about it, with VPNs we’ve given up control of the pipe (the Internet), but it doesn’t mean we […]

Read more »

Another Hypervisor Hack

by Neil MacDonald  |  March 14, 2010

Stuck at the airport after two consecutive JetBlue flight cancellations (and hoping the third isn’t cancelled as well), I ran across this recent article on a publicly documented and confirmed hypervisor attack – this time on the hypervisor used in the Sony PS3 (in this cases using a hardware-based timing attack). A different exploit (not […]

Read more »

Intelligent Hybrid Security is the Future

by Neil MacDonald  |  March 12, 2010

I blog quite a bit about virtualization and security. To address the security issues with datacenter virtualization, a large number of smaller, point solution vendors of virtualized security controls have appeared. This helps address the immediate issues (because the larger security vendors have been struggling with the potential disruption in embracing virtualization), but isn’t necessarily […]

Read more »

Another Zero-Day Attack on Internet Explorer: Time to Switch Browsers?

by Neil MacDonald  |  March 10, 2010

After yesterday’s patch Tuesday release, Microsoft also released this security bulletin affecting IE6 and IE7 (but not IE8). Similar zero day attacks on IE6 made headlines earlier this year when Google and other organizations were attacked and intellectual property stolen. With this latest zero-day, Microsoft reports that targeted attacks have been observed in the wild. […]

Read more »

MS10-015 is Back and Raises an Interesting Dilemma

by Neil MacDonald  |  March 9, 2010

I thought MS10-015 would be interesting. Microsoft had to stop distributing the patch because machines that were infected with a specific rootkit were blue-screening after application of the patch. Microsoft resumed distribution of the patch last week (2 March 2010). Now, the patch process looks to see if your machine is infected before applying the […]

Read more »

Key Takeaways from RSA

by Neil MacDonald  |  March 8, 2010

I’m back and recovered from a hectic week at RSA. I had the chance to exchange ideas with a number of attendees and attend a few sessions as well as meet with several clients. Here are my key takeaways from the week. What was “hot”? No doubt, discussions of the Cloud and security dominated the […]

Read more »

Getting Ready for the RSA Conference

by Neil MacDonald  |  March 1, 2010

As we kick off the US-based RSA security conference here in San Francisco, I will be sharing my thoughts and observations of the conference. Based on discussions with clients in advance of the conference, here’s what I expect to hear a lot about this week (and where vendors are really pressing to get you to […]

Read more »