SSL / TLS certificates and the certificate authorities that sign them are vital to online security. They’re responsible for two important aspects of secure online communication: encrypting network traffic and verifying the identity of sites. Any SSL / TLS certificate can be used to encrypt data, but only certificates signed by a certificate authority can be used to verify the identity of a site. If the identity verification system stopped working, there would be no way to stop a malicious site from pretending to be your bank, Google, or any other site.
Author Archives: John Mack
Businesses have more data available to them at any point in history, but simply storing a lot of data doesn’t benefit a business. To reap the rewards of data, businesses need data scientists to help them turn it into insights that can be applied to decision-making.
When I talk to companies with established legacy infrastructure on which their business depends, I often hear something like the following: “In theory, we’d love to use the cloud, but it’s way too complex and risky to move.” Their current infrastructure and the applications it supports are working now — however unsatisfactorily — and making the move would throw a cat among the pigeons, leading to potential operational disruption.
Back in the day, most applications were conceived and developed as monoliths. All of the application’s functionality was part of a single, inseparable unit. Many web applications are still developed in this way, especially in the enterprise, but, aided by cloud technology, some companies are embracing the benefits of a microservice architecture — with Netflix being a leading example.
A microservice architecture consists of multiple small, discrete units of functionality that communicate with each other via simple APIs. Microservice architectures have some unique benefits — and some unique drawbacks — when compared to monolithic design paradigms.
The Internet Of Things, the development of which is currently in its early stages, is likely to have a substantial impact on the way we do business. Or so goes the popular IoT narrative. Whether you believe the hype or not, there’s no doubt that organizations need to think carefully about the ever increasing number of connected smart devices — devices used by their employees and customers, by the organizations they have relationships with, and, potentially, by the business itself.
It’ll come as no surprise that many developers feel they are losing the battle against online criminals and data thieves. With ever increasing frequency, we hear of major security breaches at organizations users should be able to trust with their data. As more of the economy moves online, the potential rewards for hackers have increased exponentially. Developers feel beleaguered. In a reversal of the usual commonplace about criminals and those who fight them, hackers have the luxury of making as many mistakes as they need to before they hit on the right strategy. Developers pay dearly for any mistakes they make in the design and construction of secure systems.
Modern content management systems make it almost too easy to install new features. WordPress in particular has a plugin and theme ecosystem that encourages experimentation. Tens of thousands of developers contribute plugins to the WordPress ecosystem, and browsing through the plugin repository presents enticements at every turn. The temptation is to install plugins on a whim — after all, they’re free, so why not?
Unless you’ve been hiding under a rock, you’ll be well aware of the recent critical vulnerability discovered in the GNU C Library, a core component of the vast majority of Linux distributions. The vulnerable function was used in many thousands of Linux applications across potentially millions of devices, including servers.
The developers behind a popular desktop Linux distribution recently revealed that their site had been hacked. For several hours the link leading to one or more of the distribution’s direct downloads in fact lead to a compromised version of the distro with a backdoor installed. If users downloaded the distribution during that period, they may have installed an operating system that was wide open to an attacker. The attacker responsible, who goes by the name of Peace, claimed that he has control over several hundred machines running Mint.
It’s almost a little jarring, if you stop to think about it. Only two decades ago, the average size of a web page was 14.1 kilobytes. Anything larger was generally considered overdoing it.
As network technology improved and the Internet ingrained itself more and more into our lives, however, that number exploded – today, the average page hovers somewhere around 2 or 3 MB, and there’s no indication that this growth trend is going to stop anytime soon.