|By Hurricane Labs||
|October 5, 2012 10:32 AM EDT||
Adobe is the New Microsoft: Maintaining Multi-Platform Security in 2012
By: Bill Mathews
I distinctly remember writing an article for a local journal back in the 90’s. In it, I discussed Microsoft’s special responsibilities concerning software security. If I recall correctly, my point was that since they were the dominant player in the operating system space, they had a duty to make their ecosystem resilient to attacks and compromise. Look, no company is ever going to be perfect at it, but some handle it a lot better than others. Fast-forwarding roughly 13 years after that article and Microsoft has gotten quite a bit better. Not necessarily for locking down their ecosystem, but for making it more resilient. Maybe even more importantly, for having an efficient response plan in place when bad things do happen. Are they perfect? Of course not! But they’re putting in the effort and it is showing some considerable gains.
Enter Adobe. I could fill a book with all the severe Adobe vulnerabilities that have valid exploits out there. And yet they simply don’t seem to take it all that seriously. More recently, their code signing infrastructure was compromised. If you’re unfamiliar, it’s basically the stuff that makes your computer trust Adobe’s software. They’ve found some pretty nasty utilities out there signed by their valid keys. Now nevermind that they’re blaming a build server compromise for this (which strains credulity) – nevermind that they claim they’ve now revoked all the keys involved – how does something like this happen and go undetected until active attacks start occurring?
The answer, sadly, is a simplistic one. They simply don’t take the security of their software, or apparently infrastructure, seriously. Code signing is a really important thing these days (Do I think it’s useful? Let’s save that for another post.) So why can, even a compromised build server, just randomly sign some piece of code not actually found in your ecosystem without detection? Simple: You weren’t paying attention to it. All systems can be compromised, the trick is knowing when it happens (monitoring) and dealing with the aftermath (response). Knowing about it and responding to it after it’s out in the wild is probably too late.
You might ask why I’m comparing Microsoft of the 90’s to Adobe of today, a fair question. Adobe has the same special responsibility today that Microsoft had (and still has) and one that Apple needs to wake up to in the mobile space. When you are ubiquitous and on pretty much every device, as Adobe is, you have a duty to your customers and yourself to focus on security and pay attention to those little details. It is no coincidence that once Microsoft started really paying attention to security that their code started getting a bit better and a little more stable. One man’s random crashing is another man’s buffer overflow waiting to happen.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Feb. 24, 2017 03:00 AM EST Reads: 1,800
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Feb. 24, 2017 02:15 AM EST Reads: 13,179
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
Feb. 24, 2017 01:45 AM EST Reads: 9,518
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
Feb. 24, 2017 01:00 AM EST Reads: 1,887
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, introduced the technologies required for implementing these idea...
Feb. 23, 2017 11:30 PM EST Reads: 6,290
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Feb. 23, 2017 11:00 PM EST Reads: 7,009
Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, represent...
Feb. 23, 2017 10:00 PM EST Reads: 4,598
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
Feb. 23, 2017 09:15 PM EST Reads: 1,517
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Feb. 23, 2017 08:45 PM EST Reads: 1,291
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Feb. 23, 2017 08:30 PM EST Reads: 1,451
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
Feb. 23, 2017 07:45 PM EST Reads: 3,386
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Feb. 23, 2017 06:45 PM EST Reads: 1,454
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningf...
Feb. 23, 2017 06:30 PM EST Reads: 6,292
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
Feb. 23, 2017 06:30 PM EST Reads: 1,723
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Feb. 23, 2017 06:00 PM EST Reads: 13,054
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
Feb. 23, 2017 06:00 PM EST Reads: 1,508
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Feb. 23, 2017 05:45 PM EST Reads: 1,223
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Feb. 23, 2017 05:30 PM EST Reads: 1,976
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
Feb. 23, 2017 04:45 PM EST Reads: 2,552
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you...
Feb. 23, 2017 03:45 PM EST Reads: 1,664