Jim Rapoza


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Certificate Authority Hack Points To Bigger Problems

What with hurricanes, earthquakes and Kardashian weddings dominating recent media coverage, you may have missed the news about a recent security breach that clearly displayed a serious weakness in one of the core security mechanisms of the Internet.

Just a little over a week ago, it became clear that a major breach had occurred at Dutch certificate authority DigiNotar and that attackers had been able to issue fraudulent SSL certificates for a number of websites and government agencies (the story is in Dutch, the list is in English), including Google and U.S. intelligence agency websites. The breach actually occurred in mid-July but the extent of the breach only became apparent recently, and despite claims that DigiNotar had revoked the fraudulent certificates, it turned out that some, including the google.com certificate, had remained valid for weeks.

So what's the big deal? Well, for starters, SSL is the main way that things are secured on the Web, and one of the core methods for people to know that they are at the actual website they are visiting. That HTTPS connection in the browser makes people feel comfortable buying things with a credit card, and that bright green button, when the special Extended Validation certificates are present, on the browser address bar lets them know that it is actually their bank site and not a phishing site.

That is unless someone has issued a fraudulent certificate for that bank's website. Then the bright green button and the giant lock symbol on the browser bar mean nothing. And the fact that this happened in the Netherlands doesn't mean others should feel safe. The way the system is set up is that Web browsers accept the certificates issued by "trusted" authorities. This means that, if an attacker used the DigiNotar certificate for Google to stage man-in-the-middle attacks, then the attacker could have stolen the Google credentials of any users he targeted.

Right now it's not clear how far-reaching the effects of this breach are, and we might not really know for months. As we speak, most, but not all, major browser and operating system vendors have blocked the certificates involved in the breach. But that is really helpful only for users who regularly update. If you're still using an older browser, these fraudulent certificates could remain effective until you update or install a newer version.


Page:  1 | 2  | Next Page »


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers