What is PicketBox?
PicketBox is a security framework for Java Applications.
It provides the following capabilities:
- Authentication.
- Authorization.
- Audit.
Team Members
- Stefan Guilhen
- Peter Skopek
- Darran Lofthouse
Blog Posts
This blog is a personal book on Security/ IDM related thoughts/opinions. The blog posts are a personal opinion only and neither reflect the views of current/past employers nor any OTHER person living/dead on this planet.- Can Big Data solve our Security Challenges?
- Oct 31, 2015 12:34 AM by Anil Saldanha
- On a daily basis, you hear about some company getting hacked or losing customer records.
This pattern has become so routine that the shock factor has gone away.
The world has come to the acceptance that we cannot be secure. There will be hacks and customer records will be compromised.
Is that the right thing?
Should we have a callous attitude toward these recurring news stories?- Do companies have a moral responsibility to keep their customer records safe?
- Do governments have an obligation to keep personal details of its employees and citizens safe?
There can be many such questions whose answers depends on the perspective and the person answering.You probably have now heard about the Ashley Madison saga.
If you need a refresher or the latest, google is the best source.There has been a lot of focus on using data to make networks and systems safer, in recent times. You may have seen presentations on these topics.
There can be Context Driven Authentication, Context Driven Authorization and Context Driven Audit in play. All these are critical for a secure system in operation.But without the proper infrastructure and processing in place, it will be hard to deal with the plethora of data.- Will Hadoop help? Isn't that more batch oriented?
- If Map Reduce Framework is suited for batch processing, will the new Apache Spark processing help in real time processing of security data?
- Do we need Lambda Architecture to tie in Near Real Time and Batch processing?
- How about machine learning? (http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/)
These questions may pop in mind when you think of using Big Data to solve security problems.
If contextual data is collected for security decision making, you will need petabyte scale storage and processing. The processing has to be near real time (NRT).It is encouraging to know that Apache Spark is petabyte tested at NetFlix.Maybe Spark processing with HDFS elastic storage is the way forward.
What are your thoughts?Can Big Data and Security Intelligence solve our challenges with customer data compromise?
- JBoss CommunityProjects (including WildFlyAs): OpenSSL HeartBleed Vulnerability
- Apr 9, 2014 1:33 PM by Anil Saldanha
- I want to take this post to summarize that "JBoss community projects including WildFly Application Server are not directly affected by the OpenSSL HeartBleed Vulnerability".
JBossWeb APR
JBossWeb APR functionality requires OpenSSL 0.9.7 or 0.9.8 which is not affected by this vulnerability.
https://docs.jboss.org/jbossweb/2.1.x/apr.html
I have consulted the Red Hat Security Response Team before posting this note. We continue to monitor the situation.
Feel free to report any anomalies using http://www.jboss.org/security
We do recommend taking the appropriate precautions.
Please use the links in the references section for gauging indirect exposure to the HeartBleed vulnerability.
Indirect exposure may be possible:- Maybe you have a web server in front of JBoss/WildFly Application Server that may be affected.
- Maybe your operating system on which the JBoss community projects are running may be affected.
- Maybe you have OpenSSL v1.0.1 used by your application infrastructure.
References
Please refer to the following articles for more information:
Official OpenSSL Official Advisory: https://www.openssl.org/news/secadv_20140407.txt
HeartBleed Information: http://www.heartbleed.com
Red Hat Official Announcement: https://access.redhat.com/site/announcements/781953
CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
Amazon Web Services Advisory: https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/Official Linux Distribution Pages
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://www.ubuntu.com/usn/usn-2165-1/
- View more blog posts