Recent Articles

Red Hat, Where's The Love For Hyperic?
Matt Aslett at The 451 Group reports: "Red Hat and GroundWork Open Source announced an interesting expansion of their partnership today that sees Red Hat offering 247 telephone premium support for...

HTTP Conditional Gets In ColdFusion
I've been working on performance updates to ColdFusionBloggers over the past week or so - and the primary area I'm working on is the aggregator. One item that has been recommended to me by multiple...

A DNS Puzzler
Here's an interesting puzzle involving DNS. It's about Windows, Linux, and OS X, and I don't have a complete answer yet, but I thought I'd share what I've found...

Lawrence On Embedded Virtualization
VMware and XenSource are moving to hardware near you: Virtualization: A feature of the hardware, not the OS?. It's not clear to me how much cost this will add - VMware ESX runs from $1,000.00 on up, but assuming...

Securing A Wireless Network Connection With WEP...
I have just set up a wireless connection at home - whenever I log on it says that the connection is unsecure - how do I secure it? I have a new Toshiba Laptop and a Phillips Router. I saw something about a WEP...


11.19.07


Security Around Social Initiatives

By Dan Morrill

Read Write Web has a great digest of the entire last round of social applications, from open social to Facebook, android, Bebo and box.net.

Understanding these applications from a security viewpoint is important because not only are people coding around these application frameworks, but no programmer is perfect, errors and coding bugs are going to happen, and users on the corporate network are going to use them.

Not only are they going to use them, they will use them long before corporate security comes in and officially blesses or condemns the applications.

Platforms here, platforms there - everyone's launching a platform it seems. Today's newest platforms, a content storage platform from Box.net and a content publishing platform from social network Bebo, are just the latest. Facebook, OpenSocial, Android - who can tell them all apart? What is a platform? It's a technical welcome mat that allows developers from outside of a company tie their software to the software offering the platform. How's that for an explanation? Feel free to share your one-line explanation, too. Source RRW

Following the think evil act good viewpoint here is a quick image from RRW to put the whole thing into context.

FREE Setup and FREE RAM! - Promotional Code:
OMIYM - Click here today!

Where security needs to be worried about is cross-site portability and identity. If someone can do a cross-site scripting involving any one of the open platforms, then the entire content or identity tree for that user can be compromised.

A coding error, buffer over/under run or other problem can also provide an entry point into the corporate network if they are tied not just to the browser, but also to a hybrid application like can be made with Adobe Air or SilverLight.

Looking at how the applications and platforms interact to secure data, identity, corporate data, and privacy information is important in working through the risk management process that any company has to go though when evaluating the newer applications and systems.

There is a lot of very good information at RRW to start working on how the company is going to use the new platforms to bring customers closer.

Comments


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.

NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com


-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact