Welcome!


There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web...
Among both users and industry professionals, there is no shortage of discussion about mapping application types to the different cloud domains (public, private, hybrid, etc.). In my experience, quite a bit of this discussion centers on breaking down the characteristics and traits of th...
When it comes to my technical expertise in IT security, I’m generally familiar enough to know I should not pretend to be an expert. However, that has not kept me from getting a lot of valuable insight at the RSA conference this week. RSA has provided me the opportunity to hear a lot ab...
I had a different name for this blog entry but just ‘Jump Drive’ is an awful blog title. They go by many names; jump drive, USB drive, flash drive, memory stick and a few others, but removable media is a serious threat to IT organizations. Graduating from floppy disks, as early as 20...
Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure ser...
Single sign-on was developed with the idea of making life more convenient for the user, but you may have to put a little more work into it to make that convenience a reality.
It's a problem as old as networked computing. Consider two applications. They negotiate a level of trust. How can that trust - or security context - be transferred to a third application, one that may exist in an entirely different security domain from the first?
With the rise of asynchronous messaging comes the need for securing message flows in WebSphere MQ. This article discusses the architecture of WebSphere MQ, along with some options available for securing an asynchronous communications infrastructure.