| Recent
Articles |
Red Hat, Where's The Love For Hyperic?
Matt Aslett at The 451 Group reports: "Red Hat and GroundWork Open Source announced an interesting expansion of their partnership today that sees Red Hat offering 24×7 telephone premium support for...
HTTP Conditional Gets In ColdFusion
I've been working on performance updates to ColdFusionBloggers over the past week or so - and the primary area I'm working on is the aggregator. One item that has been recommended to me by multiple...
A DNS Puzzler
Here's an interesting puzzle involving DNS. It's about Windows, Linux, and OS X, and I don't have a complete answer yet, but I thought I'd share what I've found...
Lawrence On Embedded Virtualization
VMware and XenSource are moving to hardware near you: Virtualization: A feature of the hardware, not the OS?. It's not clear to me how much cost this will add - VMware ESX runs from $1,000.00 on up, but assuming...
Securing A Wireless Network Connection With WEP...
I have just set up a wireless connection at home - whenever I log on it says that the connection is unsecure - how do I secure it? I have a new Toshiba Laptop and a Phillips Router. I saw something about a WEP...
|
 |
|
11.19.07
Security Around Social Initiatives
By Dan Morrill
Read Write Web has a great digest of the entire last round of social applications, from open social to Facebook, android, Bebo and box.net.
Understanding these applications from a security viewpoint is important because not only are people coding around these application frameworks, but no programmer is perfect, errors and coding bugs are going to happen, and users on the corporate network are going to use them.
Not only are they going to use them, they will use them long before corporate security comes in and officially blesses or condemns the applications.
Platforms here, platforms there - everyone's launching a platform it seems. Today's newest platforms, a content storage platform from Box.net and a content publishing platform from social network Bebo, are just the latest. Facebook, OpenSocial, Android - who can tell them all apart? What is a platform? It's a technical welcome mat that allows developers from outside of a company tie their software to the software offering the platform. How's that for an explanation? Feel free to share your one-line explanation, too. Source RRW
Following the think evil act good viewpoint here is a quick image from RRW to put the whole thing into context.
Where security needs to be worried about is cross-site portability and identity. If someone can do a cross-site scripting involving any one of the open platforms, then the entire content or identity tree for that user can be compromised.
A coding error, buffer over/under run or other problem can also provide an entry point into the corporate network if they are tied not just to the browser, but also to a hybrid application like can be made with Adobe Air or SilverLight.
Looking at how the applications and platforms interact to secure data, identity, corporate data, and privacy information is important in working through the risk management process that any company has to go though when evaluating the newer applications and systems.
There is a lot of very good information at RRW to start working on how the company is going to use the new platforms to bring customers closer.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
