Stories by Daniel Blum

Cyber Spaces: PatchGuard and Windows security circus

Here's a metaphor for the future of Windows security: Microsoft and the industry are two acrobats on a tightrope with no net. The trick is to meet in the middle, shake hands and manoeuvre around each other.

Imperfect storm needs full-spectrum defense

Defense in depth is failing. As cybercrime mounts and attackers exploit the spectrum of technical and managerial weaknesses, companies must adopt a full-spectrum defense.

Demand higher-quality software

I just read a report that concluded: "Most of the significant cyber-incidents . . . have had at their root cause defective and readily exploitable software code." This comes at a time when escalating threats, regulatory creep, increased software re-use and dramatic cost increases associated with a seemingly endless cycle of patches and vulnerabilities have made software quality, or surety, a critical issue.

Out of the desert, into OASIS

July 2003 ushered in a strong Microsoft offensive on the identity management and Web services standards front. In partnership with IBM and other vendors, Microsoft released WS-Federation specifications for federated sign-on, attribute services and pseudonym services - specifications that partially conflict with standards from the Organisation for the Advancement of Structured Information Standards and Liberty Alliance. In addition, Microsoft and IBM let it be known that they reject Service Provisioning Markup Language, which OASIS produced and most identity management vendors have adopted. What should we make of these hardball manoeuvres?

Plan on SAML for identity mgmt.

The Security Assertion Markup Language interoperability bake-off and release of an eagerly awaited specification from the Liberty Alliance last month mark historic steps forward for Web services, security and distributed applications.

Don't Get Lost in Active Directory Forests

Microsoft Corp. Windows 2000 rollout is one of the most important deployment initiatives most organizations will undertake in the next two years. An important design decision is whether to go with single or multiple Active Directory "forests" for your production intranet.

Explore Your E-Business Directory Mgmt. Options

Companies are finding e-business directories to be a whole different kettle of fish than internal directories. Whereas intranet directories manage information about employees and long-term contractors, e-business directories are used to manage trading partner relationships. External directories contain information about your customers, suppliers and trading partners. A human resources system will help you keep track of personnel changes within your corporation, but you probably don't have a good handle on employee changes at other companies.

Easy-to-use PKI is Key to Cryptography's Success

No longer the exclusive province of mathematicians, cryptography is moving into the mainstream. According to one survey, there are now almost 1,600 cryptographic products on the market worldwide, and export controls are being removed. But before cryptography actually can become a commodity, there are still a few challenges to overcome.