Saqib Ali 2700018529 Tags:  twitter enterprise 2.0 diagrams software docs enterprise2.0 google media social e2.0 apps 4,669 Views
In response to: Twittering teens add hundreds of words to dictionary
I think it is a combination of both txt msg and twittering. But tweets have much more visibility ( and findability??) than one-to-one txt msg. The words prolly started with text messaging, and then the twitter gave them visibility.
Saqib Ali 2700018529 Tags:  access_control twitter risk password cloud_computing authentication 3,089 Views
Traditional (draconian??) e-security departments are having a field day with all the media buzz surrounding the insecurity of the Cloud Computing. They are missing the big picture.
Risk management is important. However what I am seeing right now is that these traditional e-security departments are just concentrating on the the Vulnerability component of the Risk equation:
They are completely leaving out the "likelihood of a event happening" from their analysis. Countermeasures are put in place to reduce the likelihood of an event, which minimizes the overall residual risk.
There is a common misconception that a move to Cloud Computing is inherently insecure. I don't think that is the case. For example, with Google App you can easily utilize multi-factor authentication, or make to it even more secure you can place the Security Assertion server inside your corporate firewall. This would require the user to be on the corporate network before accessing any of the Google Apps. However, this would also cause inconvenience for the mobile user who doesn't like to login into a VPN connection. It is all about trade-offs. My key point is that there is nothing preventing an organization from securing the Cloud Services.
I really don't think Cloud Computing is to be blamed for the twitter hack. The attack would have been possible even if twitter was using a in-house Exchange Server with some provisions for remote access and weak passwords. It is all about authentication and access control. If twitter had instituted proper access control using multi-factor authentication, this would never have happened.
NIST recently published a working draft of the Cloud Computing Security presentation. Some of the Security Advantages mentioned in the presentation are:
1. Shifting public data to a external cloud reduces the exposure of the internal sensitive data
I understand that these will depend on the actual implementation. It usually does for everything. For e.g. you can create world's most secure cipher, but the poor implementation is usually the weakest link.
But in theory, if cloud services are implemented properly, I think NIST's list of advantages hold true.
No amount of precautions can avoid problems that we do not yet foresee. Hence we need an attitude of problem fixing, not just problem "avoidance". An ounce of prevention equals a pound of cure, but that’s only if we know what to "prevent". If you’ve been punched on the nose, then the science of medicine does not consist of teaching you how to avoid punches. If medical science stopped seeking cures and concentrated on prevention only, then it would achieve very little of either.
The traditional Enterprise IT world is buzzing at the moment with plans on how to stop Cloud Computing from entering into the workplace. It ought to be buzzing with plans to reduce the security and privacy risks associated with Cloud Computing and improve data-portability and forensic capabilities. And not at all costs, but efficiently and cheaply. And some such plans exist, host-proof hosting, for example.
With problems that we are not aware of yet, the ability to put right - not the sheer good luck of avoiding indefinitely - is our only hope, not just of solving problems, but of making technological progress.
(the above is based on a talk by Professor David Deutsch on problem avoidance)
Saqib Ali 2700018529 Tags:  policy david_vladeck vladeck bureau_of_consumer_protec... google facebook advertisement google_ads ads privacy ftc twitter 2,758 Views
In an interview with NYTimes, David Vladeck, the Director of the FTC Bureau of Consumer Protection, said that he hopes to address the “notice and consent” framework that he considers “no longer sufficient”, as it has resulted in privacy disclosures that are rarely read or understood:
Mr. Vladeck said the FTC wants to establish new "principles, not prescriptive regulation," which might not be relevant as technology changes (Schatz, 2009):
Mr. Vladeck also plans to consider not only economic harm, but also the “dignity interest” that arises in online information collection. (Jacobs, 2009)
Schatz, A. (2009, August 5). Regulators Rethink Approach to Online Privacy. Retrieved August 8, 2009, from The Wall Street Journal: http://online.wsj.com/article/SB124949972905908593.html
Vladeck, D. (2009, August 3). An Interview With David Vladeck of the F.T.C. (S. Clifford, Interviewer) NYTimes.com.