Has Yahoo Mail been hacked? Or do we just need better password security?
Linda just sent out a single copy of the following spammy email (the URL was live in the original): Read more
Categories: Security and anti-spam | 11 Comments |
Good riddance to Secure Computing
McAfee has announced a takeover of Secure Computing, ending that company’s independent existence. To this I can only say: It’s about time! Early this century, I was asked to revive my old investment research career and find stocks to short. A promising candidate turned out to be Secure Computing, whose main product lines included:
- A high-end “proxy”-style firewall, which was widely used in the US intelligence and defense communities
- A two-factor authentication division
- A censorware division that, for example, had run Saudi Arabia’s web censorship since the late 1990s
- A firewall-on-a-board OEM deal with 3COM
The short idea was in large part that the firewall-on-a-board idea had caused great overoptimism, stoked by the company. On further digging, I found that CEO John McNulty’s resume, as stated for example in Secure Computing’s SEC filings, seemed inconsistent with his resume as stated in SEC filings of his prior employer. Nobody seemed to care much about correcting that, however. Read more
Early thoughts on outsourcing to Google Mail
Google doesn’t just offer free email of the form address@gmail.com. You can also outsource your own domain to them (free if you accept incoming ads, $50/year/mailbox if you don’t). I’ve chosen to do this, because:
- I need a mail host that can stand up under the kind of mailbomb/DDOS attacks that shut me down twice in the past year.
- Similarly, I want to diversify my email addresses among two providers, rather than leaving them all with my general web hosting company.
- David Ferris first wrote up Google Mail outsourcing, with a favorable view, last July. And some of his criticisms (e.g., lack of IMAP support) have already been rectified.
- What’s more — as I remarked last night, David and his associate Richi Jennings have been voting with their feet, and moving their own email to Google. That’s an impressive endorsement. Ferris Research is a serious rival to Gartner as an analyst firm covering email, and Richi — who evidently LOVES Gmail — has also carved out a non-trivial identity as an expert in his own right.
- Free sounds good, compared with the alternatives. Read more
Categories: Google, Online and mobile services, Security and anti-spam, Software as a service | 12 Comments |
Check Point Systems UTM-1 and Crossbeam Systems – resolving the confusion
When Check Point Systems first briefed me on their new midrange UTM-1 appliance, they neglected to mention that their hardware designs were first worked out by Crossbeam Systems. Actually, it turns out that they even buy the hardware through Crossbeam. It took a comment here from Crossbeam’s Chris Hoff for me to realize the true story. Today, I connected with Paul Kaspian of Check Point to straighten things out. Here’s the scoop. Read more
Categories: Check Point Software, Computing appliances, Crossbeam Systems, Hardware, Platforms, Security and anti-spam | 3 Comments |
Check Point caves in
Not long ago, I wrote of Check Point Software’s unusual appliance strategy. While a lot of their sales were on partners’ Type 1 appliances – custom boxes with standard parts — the only appliances they sold themselves were Type 2 – software-only.
However, that turns out to be wrong in two interesting ways. First, it was slightly incorrect all along; Check Point’s “Edge” product line has been Type 1 for almost five years. Second and more important, a few weeks ago Check Point announced that it was finally entering the Type 1 appliance mainstream market itself. Read more
Categories: Check Point Software, Computing appliances, Crossbeam Systems, Security and anti-spam | 3 Comments |
NoFollow does matter — a lot
Matthew Mullenweg, of WordPress fame, has posted the wistful thought that adding NoFollow tag support to WordPress didn’t really help with the problem of web spam. I emphatically disagree. Yes, it’s true that comment spam and the like is still a huge problem.* But while crude spam isn’t visibly affected, the NoFollow tag probably does a great deal to discourage something that would be even worse.
*Uh, Matt, can you do anything about increasing the 150 capacity limit of the Akismet spam quarantine? I run over it all the time, often in less than 24 hours.
Suppose it were still the case that spammers could get search engine ranking boosts from blog comment spam. Don’t you think they would be motivated to craft subject-specific comments that are very hard to distinguish from the real things? Search engine ranking algorithms are taking ever more accounting of the topics of pages that link to sites, the topics of the pages that link to THOSE pages, the topic of the text around the link, and so on. Few forms of search engine optimization are more valuable than “good” links. A comment that stayed up on a popular and topic-relevant blog would be of high SEO value — think $25-$250 in perceived value as a super-rough estimate — and great efforts would be devoted to getting them. The whole blogosphere might be corrupted in the process.
Blog software’s adoption of the NoFollow tag is a VERY good thing.
Categories: Online and mobile services, Security and anti-spam | 10 Comments |
Guide to my recent research on computing appliances
My recent flurry of research into computing appliances was spurred by a column I just submitted to Network World. In that column there’s a URL – pointing to this post – promising a guide to more details on that research. Thus, here’s a set of links to my posts of the past few months on computing appliances, both here and on DBMS2.
Half or more of the computing appliance vendors I’ve looked into follow very similar hardware strategies: They use mainly standard parts; they include uncommon but off-the-shelf networking (and sometimes encryption) accelerators; and they of course optimize the mix of those parts and general hardware architecture as well. (EDIT: I actually gave names to three strategies — even if they were just “Type 0”, “Type 1”, and “Type 2” — in this overview of data warehouse appliance vendors. And in another post I considered arguments about whether one would want a data warehouse appliance at all.) Examples I’ve posted about recently include – and I quote the forthcoming column – “DATallegro and Teradata (data warehousing), Cast Iron Systems (data integration), Barracuda Networks (security/antispam), Blue Coat Systems (networking), and Juniper (security and networking).” (ANOTHER EDIT: But I think DATAllegro’s strategy has changed.)
By way of contrast, there’s also a group whose stance is more along “hardware/schmardware” lines. Sendio and Proofpoint (in most cases) don’t really do anything special at all in their boxes; what’s more, Proofpoint actually has significant software-only deployments over VMware’s virtualization layer. Kognitio and Greenplum think their software-only data warehouse offerings are appliance-equivalents too; indeed, Greenplum’s software is sold mainly bundled with Sun hardware (to the extent it’s sold at all), and Kognitio is hinting at an appliance-like offering for competitive reasons as well. Check Point Software plays both sides of the field; it offers its own kind of “virtual appliance,” but also gets many of its sales through appliance vendors. Its most interesting such partner, if not its biggest, is Crossbeam Systems, which in my opinion may very well represent the future of appliance technology.
Crossbeam Systems — the future of appliances?
Crossbeam Systems is the closest thing I’ve found to what is – at least tentatively — my vision of the appliance future. It offers a blade-based computing box that differs from standard boxes in the same direction that appliances typically do. I.e., Crossbeam systems boast beefed up networking, maybe some beefed-up reliability as well, and maybe other beefed-up security processing in the future. Then they offer a software infrastructure (virtualization, robustness, etc.) to let various pieces of software – in Crossbeam’s case, security and security-like tools – run on the box. Read more
Check Point Software’s unusual appliance strategy
Check Point Software is the traditional leader in the firewall market, having seized large market share in its early days by innovating convenient, GUI-based policy management tools. Except in niches, its competitors today are mainly networking giants Cisco and Juniper. (Juniper acquired Netscreen in 2004.) Unlike most other security software vendors, Check Point continues to focus on being a packaged software vendor (but see below). Even so, almost all Check Point software is sold either on appliances or as a “virtual appliance.” I’ll explain.
Check Point started out selling software on Sun boxes and the like. Rather than get into appliances itself, it formed partnerships with hardware vendors who’d roll its software into appliances, and soon a lot of its business came from this channel, especially via Nokia. This strategy has continued, with Crossbeam Systems joining Nokia in providing large chunks of Check Point’s overall revenue.
While not liking to disclose much in the way of revenue breakdowns, Check Point admits that appliances dominate its business at the high end of the market, where high-speed networking, extra reliability, and so on are important (especially the reliability). Appliances also dominate at the low-end, where ease of deployment is crucial. (“Custom” hardware in this case is best represented by an accelerator card called “VPN-1,” made by Silicom, Ltd.) But in the big middle, packaged software is still highly competitive, accounting for (according to outside estimates that the company doesn’t laugh at) half or so of Check Point’s business.
But here’s the thing. Relatively little of that software is still, say, a firewall you can install on a Linux server. Rather, Check Point sells many more firewall/OS bundles, which are (it is claimed) super-easy to install on random Intel-based boxes. These are the “virtual appliances.”* Is this cheaper than a tailored appliance? Well, that depends a whole lot on whether you had an extra box lying around, or whether you have a master maintenance contract with a standard box vendors, and so on. Evidently, many customers think it is, while many other customers prefer physical appliances.
*Check Point also has VMware-based virtual appliances, but so far isn’t getting much uptake of those except for demo purposes.
Categories: Check Point Software, Computing appliances, Crossbeam Systems, Security and anti-spam | 3 Comments |
Juniper’s integrated appliance story
Juniper Networks acquired super-hot security appliance vendor Netscreen in 2004. At the time, Netscreen’s products were ASIC-based. But as of the 2006 release of its SSG product line, Juniper has come in line with what is pretty much the standard appliance vendor technical strategy. It builds its boxes from standard parts, with the exception of some unusual but still off-the-shelf networking accelerators (most notably an IPsec and encryption accelerator chip from Cavium). It has its own OS, with unneeded services left out both for performance and security. One cool point – Juniper’s security products and routers run in some cases on literally identical hardware, despite having different operating systems, let alone “application” software. The customer can, for example, keep one set of spares for both classes of product. Read more
Categories: Computing appliances, Juniper Networks, Security and anti-spam | 1 Comment |