Virtualization Security

Cloud Security: A New Level of Trust

root — Thu, 08 Jan 2009 03:15:27 -0700

For the most part, I’ve avoided talking about the current state of security in the cloud. For one, there are many, many smart people and great bloggers already talking about it and I love reading what they write (and almost always agree with it, almost ). And two, I spend a good bit of my day job (and have for the past 3 years) focused on the ideas around contextual-based access and security: security has different meanings and requirements depending on the context of how a particular service is accessed or invoked. Now that’s some cool stuff, and the cloud access model i

Security Researchers Find Hole in Intel's vPro

root — Wed, 07 Jan 2009 18:45:38 -0700

A pair of researchers are claiming to have sussed out how to circumnavigate the security protections in Intel's vPro remote management technology. Rafal Wojtczuk and Joanna Rutkowska, both of Invisible Things Lab, plan to demonstrate their findings with a proof-of-concept at the Black Hat DC conference, to be held next month in Washington.

Securing Virtual Machines Starts With Sound Policies

root — Wed, 07 Jan 2009 10:45:21 -0700

The ease and speed of deploying a virtualized environment has allowed some IT professionals to overlook security concerns that may be brewing up in the cloud.

VMware Hosted Products and Patches for ESX and ESXi: Critical Security Issues Resolved, bzip2 Updated

tludwig — Fri, 02 Jan 2009 08:45:35 -0700

VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. (via VMblog)

On the nature of perimeters and shifting defenses to endpoints and data

Tue, 30 Dec 2008 17:45:34 -0700

Analysts contributing to this blog post: Dan Blum, Eric Maiwald, and Phil Schacter

A recent TechTarget article prompted a discussion within the Burton Group security analyst team that we wanted to share with our blog readers. The discussion centers around the notion that network perimeters are losing their effectiveness as a primary enterprise defense mechanism, and this trend focuses more attention on securing desktop and other mobile devices that access protected IT assets.

Eric responded to the article with this statement:

The New IT Reality, Security and the Role of Vendors

Tue, 30 Dec 2008 17:45:34 -0700

Bloggers this week: Eric Maiwald, Phil Schacter, Dan Blum, Trent Henry, Ramon Krikken This week’s blog post features another discussion between Burton Group security analysts on the new IT reality and how this impacts security. Eric kicked off the discussion with this thought-provoking list of questions for the team to consider.

Yes, Trust In The PKI Is Broken

tludwig — Tue, 30 Dec 2008 13:45:36 -0700

The trust in digital certificates relies on the fact that the certificate authority issuing the certificate has validated the identity of the person or company making the request and that the digital certificates can’t be forged. New research from presented at the 25th Chaos Computer Congress shows that forging digital certificates is possible and practical. Trust in the SSL is now broken.

Virtualization? So last Tuesday.

tludwig — Sat, 27 Dec 2008 15:45:34 -0700

This post contains nothing particularly insightful other than a pronounced giant sucking sound that's left a vacuum in terms of forward motion regarding security and virtualization.

HP Bolsters Virtual Protection Tool, Desktop Linux Offering for SMB Customers

tludwig — Sun, 21 Dec 2008 22:45:36 -0700

HP Bolsters Virtual Protection Tool, Desktop Linux Offering for SMB Customers

Avoid high-risk data comingling with VMware virtual networks to prevent security vulnerabilities

ehowton — Wed, 17 Dec 2008 13:45:31 -0700

Running VMware in an environment that involves converged networks causes data comingling, which, although intrinsically harmless, can be harmful if the wrong data is comingled. Network convergence happens because not many people use 100% of a 10 Gigabit Ethernet network bandwidth; many people do not even use the full bandwidth of a 1 Gigabit Ethernet link. The goal is to use the unused bandwidth for other aspects of networking as laying new cable is often not possible due to a lack of network interface cards (NICs), and it's expensive and time consuming.