Friday, August 19, 2011

HP shutting down WebOS


HP Is Shutting Down Operations for TouchPad and webOS Phones

A little over a year after buying Palm, HP announced today that it will "discontinue operations for webOS devices, specifically the TouchPad and webOS phones." This is not surprising considering the crowded mobile device/tablet space. With Andriod and IOS taking the majority of the market, HP with its WebOS was not only late to the party, but got there uninvited.
Although HP's press release says the company "will continue to explore options to optimize the value of webOS software going forward," owners of the TouchPad and smartphones like the Pre 3 probably don't have much to look forward to in terms of future development and support—at least from HP.
HP is also looking at spinning off its personal computing systems group, getting out of the hardware game altogether it seems. There's not much else known except the brief announcement, but for more commentary and background you can check out Mat Honan's post on Gizmodo.

Tuesday, August 16, 2011

Vulnerability Management Program - FAIL





Same Vulnerabilities on the same hosts every month ---FAIL
   Reports falling on deaf ears.
   Something fundamentally wrong with the program. Either the Application owners are not in the loop, or there is no management support for the whole program. Destined to FAIL



Same Category of Vulnerabilities show up every month -- FAIL
    being reactive, not proactive



Erratic Vulnerability Management program -- FAIL
   Response to Vulnerabilities should not be chaotic. Identify App owners, Identify failure mechanisms, and process to close out a Vulnerability.




Failed PCI scan after a Vulnerability Assessment. -- FAIL
  Always establish proper security Baselines.




No metrics to show the program is working -- FAIL
  If you don't know where you are going, then you are not making any progress. Metrics are the key to identifying if your Vulnerability MAnagement program is working or Failing. It will help you react quicker, before you hit the Point of No Return.




Vulnerability Scanner gives inconsistent results -- FAIL
  Work with your vendor and understand the Vulnearbility scanner's capabilities and limitations. Understand the network architecture, that you are scanning, and tweak it accordingly. This is very important to get consistent reliable results.


False +ves are legitimate Vulnerabilities -- FAIL
  If a manual test shows that the false +ves identified by your teams, are actual vulnerabilities, that shows some serious issues with the team.





Vulnerability Scanners are not supplemented with Manual Scans -- FAIL
Automated testing only goes so far. They still cannot think like humans (attackers) and a very good reason, why you should supplement the automated scans, with manual scans.