Big Data is redefining the Multi-Billion Security industry

Security

A recent study by ASIS International and the Institute of Finance and Management (IOFM) called “The United States Security Industry: Size and Scope Insights, Trends, and Data” published some very interesting stats:

  • $350 Billion market breaks out to $282 billion in private sector spending and $69 billion in federal goverment spending on homeland security
  • The number of full-time security workers is estimated to be between 1.9 and 2.1 million.
  • Operational (non-IT) private security spending is estimated to be $202 billion with expected growth of 5.5 percent in 2013; IT-related private security market is estimated at $80 billion with growth of 9 percent projected for 2013

I’m interested particularly in the Tech market, focused in three key sectors: Cloud Security, Mobile Security and Network Security. I have written some posts about Security, because I enjoy to study this market, and with the increasing interest for enterprise and personal privacy; I know that this market have the potential to grow exponentially.

Continue reading “Big Data is redefining the Multi-Billion Security industry”

Advertisements

Why Red Hat need partnerships with Cloudera, MapR, Intel and OpenDNS

partnership

Yes, I know. I´m a little crazy young man, saying to Jim Whitehurst, current Red Hat CEO and their management team all these ideas, but who knows? Perhaps, some of these ideas are not so crazy, and they could be implemented. But I will let that responsibilities to the board.

My ideas are focused on two key needs for many organizations and companies today:

  • Apache Hadoop: the de-facto platform for Big Data Analytics and its relationship with Cloud Computing
  • Internet Security: a serious problem today for companies, governments, and global organizations
  • Apache Hadoop’s Security: a very discussed topic by customers, developers and System Engineers which needs a solution right now

Continue reading “Why Red Hat need partnerships with Cloudera, MapR, Intel and OpenDNS”

Umbrella by OpenDNS: Where Big Data and Security walk together

Umbrella by OpenDNS

Like I said in a post before, Crime As A Service grows everyday exponentially in every country of this world, and everyday new kind of attacks, new kind of ways to steal information come to the light.

There is an amazing battle between organizations, companies and hackers around the globe; and of course, to win this war, you have to choose wisely your tools. I blogged about Splunk Security; today it’s the turn for another big player in this field: Umbrella by OpenDNS.

Continue reading “Umbrella by OpenDNS: Where Big Data and Security walk together”

Fighting Cybercrime with Splunk Security Analytics

Splunk

There are many industries which are in total explosion: Real State, Marketing Analytics, Retail, Recruiting Services, Big Data Analytics; but these are the good guys. There are other guys which are using its deep knowledge about Security, Hacking, Cracking, Phishing to take advantage of the popularity of these industries to cut a big slide of the pie and make money from that. A new kind of business have born: Crime as a Service (CaaS).

Continue reading “Fighting Cybercrime with Splunk Security Analytics”

Address Bar Spoofing in iOS 5.1


iOS 5.1 is vulnerable to Adress Bar Spoofing attack

David Viera-Kurtz, of MayorSecurity has discovered a new form to attack iOS 5.1 based devices, where the address bar of Apple Webkit/534.46 can be changed based on the use of the JavaScript function “window.open”. This failure could be used for a remote attacker to change the address bar, and in that way to cheet to the user showing like the current page by a different URL actually visited: in short to give some realist phishing attacks.

Viera-Kurtz has published a concept test which he shows this failure, and any user that visit with his terminal, the http://www.majorsecurity.net/safari-514-ios51-advisory.php URL, wil see that the URL can actually appears in the Safari browser is http://www.apple.com.

There is not a avalaible patch for this, so, It’s recommended that you don’t visit important URLs with the Safari browser in iOS 5.1 throught of a link that is not trusted.

Happy Hacking !!!

10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS…
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION

http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci

PostgreSQL 9.1 in the Coverity Scan 2011: Open Source Integrity Report


PostgreSQL: the amazing blue elephant

PostgreSQL is one of my favorite Open Source projects for so many reasons:

  • It was one of the first Open Source projects that I knew (I’m a proud user since its version 8.0)
  • The PostgreSQL is simply amazing: the core developers, sysadmins, all guys work together to build and promote the best Open Source Database Management system
  • It was the main topic of my thesis in 2009, building a Open Source application to migrate Oracle 10g databases to PostgreSQL 8.3 using Python and Qt (It was a amazing time)
  • And now, I’m working everyday with PostgreSQL, acting like Sr. Software Engineer focused on helping to our customers to build high availability PostgreSQL environments on Unix/Linux platforms. It’s a awesome position that I enjoy everyday.

PostgreSQL 9.1

The last stable release of PostgreSQL is the 9.1.3; due to security update from yesterday announced by Selena Deckelmann in the pgsql-announce@postgresql.org mailing list. This release is one the best releases ever because, it brings a lot of good features, many of them only present in closed-source Databases systems like Oracle and IBM DB2. Some of these features, I will try to explain them here quickly:

  • Allows synchronous replication
  • Added support for foreign tables
  • Added per-column collation support
  • Added extensions which simplify packaging of aditions to PostgreSQL
  • Added support for unlogged tables using the UNLOGGED option in CREATE TABLE
  • Several updates on the PL/Python server-side language
  • Added a SECURITY LABEL command and support for SELinux permissions control
  • and a lot more

PostgreSQL is improved everyday, and many companies and organization trusts on it for its security features, stability, performance and extensibility. Hi5, InMobi, NTT, Skype, Research in Motion, Cisco, Vmware, Disqus, Urban AirShip

PostgreSQL 9.1 in the Coverity Scan 2011: Open Source Integrity Report

Coverity Scan is the largest public-private sector research project in the world focused on open source integrity, originally initiated in 2006 with the U.S Department of Homeland Security. Coverity has worked with over 300 of the most widely adopted open source projects over the past 6 years — including Linux, PHP, Apache HTTPd Server, Android and Firefox to automatically scan, or test, their software code during development.

The numbers of PostgreSQL 9.1 are simply amazing:

Lines of code scanned Defect Density (as of 12/31/11) Number of outstanding defects (as of 12/31/11) Number of defects fixed in 2011 Number of outstanding defects (as of 1/1/11)
1,105,634 0.21 233 78 247

Final Thoughts

I let to you to think about this amazing report. King regards

Happy Hacking !!!

Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com

PostgreSQL 2011-12-05 Update Release

PostgreSQL releases updates

Today on morning, Josh Berkus, in belhalf of the PostgreSQL Global Development Group, sent a message to the Annoucements Maliling list explaining the reason for the release updates for versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23 (this is the last update for this version).

Completed message from Josh

The PostgreSQL Global Development Group today released updates for all active branches of the PostgreSQL object-relational database system, including versions 9.1.2, 9.0.6, 8.4.10, 8.3.17 and 8.2.23. Users of any of the several affected features in this release, including binary replication, should update their PostgreSQL installations as soon as possible.

This is also the last update for PostgreSQL 8.2, which is now End-Of-Life (EOL). Users of version 8.2 should plan to upgrade their PostgreSQL installations to 8.3 or later within the next couple of months. For more information, see our Release Support Policy: http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy

The features affected by this update include: binary replication and hot standby, GIN indexes, the citext Extension, pg_upgrade, window function aggregate sorting, self-referential foreign keys, PL/perl, and general Extension handling. Users of these features should apply the updates right away.

This release contains 52 fixes to version 9.1, and a smaller number of fixes to older versions, including:

  • Fix bugs in information_schema.referential_constraints view**
  • Correct collations for citext columns and indexes**
  • Prevent possible crash when joining to a scalar function
  • Prevent transitory data corruption of GIN indexes after a crash
  • Prevent data corruption on TOAST columns when copying data
  • Fix failures during hot standby startup
  • Correct another “variable not found in subplan target list” bug
  • Fix bug with sorting on aggregate expressions in windowing functions
  • Multiple bug fixes for pg_upgrade
  • Change Foreign Key creation order to better support self-referential keys**
  • Multiple bug fixes to CREATE EXTENSION
  • Ensure that function return type and data returned from PL/perl agree
  • Ensure that PL/perl strings are always UTF-8
  • Assorted bug fixes for various Extensions
  • Updates to the time zone database, particularly to CST6

Changes marked with ** above require additional, post-update steps in order to fix all described issues. See the release notes for each version for a full list of changes with details of the fixes and steps: http://www.postgresql.org/docs/current/static/release.html

 

As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Perform post-update steps after the database is restarted.

Download new versions now:

So, if you are a PostgreSQL user, I recommend to you that update your systems with the last versions available on its downloads’s page.

 

 

Happy Hacking !!!