Wednesday Nov 18, 2009

Twitter, Facebook Hacks Last Week Good Reminders Of Socialmedia Identity Security--Ugggh not Ugg Boots

Taken from CIO Ugggh....last week we were reminded of how social media platforms are vulnerable to identity security problems. Two colleagues of mine were hacked in the twitter and an add was posted to my facebook account via cross-posting feature in Facebook (I love uggh boots, I just didn't plan on advertising them on my Facebook account.  More about this later).  One of the powerful aspects of social media sites is the extended conversation that users can have with their friends, colleagues and communities that participate.  However, if social media sites don't work more aggressively to thwart security holes in their platforms they will undermine the credibility and trust they have worked hard to gain with the mobile IT generation.  This is not a new problem. 

The twitter hack is not a new one and in the short term can be rectified by changing one's password immediately.  However, with the simplicity of being able to acquire the password there seems to be a problem that the twitter team needs to plug immediately.  I have severely restricted my link clicking activities as a result of these vulnerabilities and tell family members not to click links when possible.  However, this takes the fun out of getting access to content quickly or participating in events that are happening immediately (e.g. conferences, concerts, etc.).  

As for the cross posting via Facebook, first let's talk about what constitutes cross-posting.  Cross-posting is a great feature if used properly.  It is a way for you to post to wider groups of people and this is useful as communities sometimes do not always overlap. Simply put, it is where a bot or user puts a comment in a blog that has been posted to Facebook or other social media site. Because a trust relationship has been established between the post and social media site comments are "retweeted" to the social media site it has been published. 

I have three options to ensure that this does not happen in the future.  One, do not post/share blog entries on Facebook; two, remove the trust relationship from Facebook to my blog; three, review all comments before allowing to be published to my blog. All of them are not good options.   I will probably choose the third because it allows me to still share my blogs with my friends on Facebook but yet maintain some level of control over what is "retweeted" to my friends.  Each of the blogging platforms allows a different level of control and easy access to the social media platforms so investigate and determine which is best for you.

Lastly, here is a quick overview of the top 8 social media hacks as of August, 2009 by Michael Eggebrecht from CIO Zone (thanks for the great picture top left).  He outlines the top 8 social media hacks so far (e.g. Koobface, Twittercut, Best Video, etc.).  If you are not reading Mashable  already then I suggest taking a peruse as they have great coverage of different events and issues associated with this emerging space.

Friday Nov 06, 2009

Google Dashboard and Identity Security

This week Google launched a new service called Google Dashboard which can be found in the account settings in top right hand corner under "personal settings".  The service is a great idea for a couple of reasons.  One, it served as a reminder (at least to this user) of all the services that I had actually signed-up for from Google over the years.  Which given the pace of their innovation and continuous beta approach and my propensity to try new things in the technology space was quite a few.  The second reason and arguably the most important was that it offered you the link to go and manage your privacy settings from the dashboard to the services you have subscribed.  This is critical and important for those customers and users that are interested in actively managing their identity at Google. Here are the reasons why!

In the world of Web 2.0, Mashups and Federation business's are constantly stitching together different applications to provide value to customer's and consumer's. Organization's need to give user's control of their privacy setting's to allow them to control what information they share when and where on the internet.  Most user's don't mind providing the information or more likely are unaware of what they are sharing. This is why the Google Dashboard feature is a powerful tool for user's to improve their security. The ability to access these privacy setting's existed in each of the services that Google offered. However, as I mentioned above, I had forgotten about all the different services I had signed up for within Google Land. This consolidation in one spot, gave me information, power and most importantly choice in one spot making my ability to make better decisions about how my identity is managed on the internet. 

Facebook has learned this lesson and has done a lot to put the power in user's hands of controlling how applications user their information.  I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means.  You can join the Facebook Security Fan Page to get updates on different steps they are taking to improve the choices users have to manage their identity data.  Another great step they have taken is also in the user experience they provide users in the pages that manage services and privacy by providing contextual help for users.  Big improvements that contribute to better user decision making.   

Click here and go check out your dashboard.  

Sunday Mar 01, 2009

Join OpenSSO and OpenDS at Community One EAST

March is going to be an exciting month with a number of events to help make it fun by joining us at one of the events listed below.  The month get's started with an Unconference in New York sponsored by the OpenSSO team.  The OpenDS team will be there as well leading a discussion on using LDAP and OpenDS as an identity repository.  The event is free and only requires you to sign-up at  Here is the link and you can see how many people are attending.  As of tonight there were 54 attendees.  Sign-up here.

At the wiki page for the event you can add topics that you would like to discuss.  There is already a suggested list that includes a presentation by Ludo on OpenDS as a datastore.  You can access the wiki here.

Wednesday Dec 10, 2008

Holiday Traditions: Smoked Salmon

The Holiday's are upon us!  One of the traditions my father introduced to our family was smoking salmon.  He would spend a couple of weekends prior to Christmas every year smoking salmon and delivering a plate to our friends and family for Christmas morning. Nothing is better than a cup of coffee, bagel and smoked salmon while your kids open presents from Santa. Here is his recipe for you or your family to enjoy. I will be making my first holiday batch this weekend.

Step 1: Buy the Salmon:
Costco has a great selection of Salmon at a reasonable price. If you are one who cares about farmed or wild, I am not sure if the Salmon at Costco is farm raised or fished from the sea.

Step 2: Prepare the Salmon in a Brine solution:
In order to create a moist and tasty piece of smoked salmon you will need to marinate the Salmon in a brine solution for 24-36 hours. I am told, there is not a lot of difference in the taste based on time after 24 hours but there is a noticeable difference if marinated less than 24 hours. Here is the brine solution that my father uses.

Brine solution
3/4 cup of sugar
1/2 cup of salt (Kosher salt is better)
Pint Jar with water with warm water not too warm because this will cook the salmon. Stir to dissolve the salt and sugar in the solution.
Put Salmon in dish and add solution
Add an additional pint of water to the dish
Cover the dish and put in the refrigerator overnight

Step 3: Prepare the smoker
Either a electric or charcoal smoker will do for smoking. However, if you want to obtain the right temperature and keeping your Salmon moist then use boiling water in the water bowl. You need to think carefully about which order your put things into the smoker. It is recommended that you get your charcoal or heat source working first, then the water and then place the Salmon on to the rack. You can use your window in the smoker to add wood chips once the fish is smoking. Otherwise you will have smoke in your face as you place the salmon onto the smoker. Make sure you soak the woodchips at least for 60 minutes prior to adding them to the fire. You don't want them burning immediately and you don't want them too wet that they cool your fire.

Step 4: Smoke the Salmon
You should check the salmon after 2 hours to ensure that things are going well. However, you don't want to keep checking very often because it will take the heat out of the smoker. The Salmon should take 4-5 hours to be complete. It should be done when the meat looks orange and flakes. The water should mostly be gone when you are done with the smoking. If it goes faster you may have too hot of a heat source.

Step 5: Serve
My father always served his smoked salmon with mini bagels and a lemon-onion cream cheese. Here is the skinny on where and how to make it. You can pick-up your mini-bagels at either Costco or Trader Joes. The cream cheese can be picked up at Smart & Final but you will also need onions and lemons to complete the recipe. Zest a lemon and combine cream cheese with onions into a mixer and blend the ingredients to taste.

Cut the Salmon up into 1/3 pieces. Place on a plate with the mini-bagels cut in half and serve with the cream cheese.

You can store the salmon in the refrigerator after smoking up to 2 weeks. Remember this is how they used to store meat in the old days.

Thursday Jul 03, 2008

Salesforce Supports SAML--Standards Matter announced recently that they will support SAML in their product.  You can read their blog post here.  This is great news for companies that have a Web Access Management solution like OpenSSO that has comprehensive support of the SAML standards.  As more companies use companies like to provide critical CRM functionality for their enterprise (Fortune 500 or SMB's) they can leverage their Single-Sign-On infrastructure to appropriately.  Why does this matter?

This announcement is important because it allows an enterprise to provide Single-Sign-On with important vendors like  It also allows enterprises to control which attributes it passes to these important vendors without sending their username or password via the internet to the partner.  This allows the enterprise to remain agile and pick vendors that provide competitive advantages like in the case of Saleforce or SugarCRM.  Most importantly, as relationships change more quickly this standards approach make changing and switching vendors when necessary for business reasons easier.  This allows IT to be an enabler of strategic relationships rather than a blocker in the enterprise. 

Standards matter!

Friday Jun 20, 2008

Mashed in London

I am in London for the Gartner Identity Summit this weekend and a good friend of mine Ant Miller who works for the BBC invited me to the Mashed08 at Alexandra Palace.  It is a fantastic event in a great location, well attended, supported by some great organizations (BBC, The Guardian, Channel 4 and Microsoft).

I will post some pictures shortly.

Thursday Jun 19, 2008

Interoperability---Project Concordia and Oasis adds SAML

As Federated Identity starts to take off in the Web Access Management market segment, there are a number of standards bodies that you need to stay in touch.  Of course, the manadatory OASIS and projects are great.  I am specifically impressed with the standards validation that the Drummond Group did on behalf of Liberty Alliance Project.  See the full report here.

Additionally, Eve Maler--XML Girl--facilitates a project called Concordia.  This project is focused on driving interoperability between the differrent standards bodies.  This built out of a passion and tremendous experience that Eve brings to the table as she has worked on behalf of Sun within the Microsoft partnership on interoperability.  There is some great work that has come out of that and you can read about it on Eve's Blog here.

Tuesday Jun 10, 2008

Discovery and Shuttle Crews say Goodbye

I have been following the NASA Space Shuttle launch via the NASA website.   The Shuttle is saying goodbye today and will begin it's journey back home tomorrow when it un-docks from the International Space Station.  How can you not get excited about space travel when you see images like this from space.

Tuesday Mar 11, 2008

Endeavour Soars into Space

Another great day for space exploration, science, and for those of us still look with wonder and awe at each space flight.  Endeavour launched successfully from Cape Canaveral this morning in a rare night launch. 

Here is a video on YouTube that shows the launch:


If you want to watch an animation of what the mission will attempt to accomplish you can watch it here


Friday Mar 07, 2008

The Final Frontier---thanks Mark Dixon

I follow a couple of blogs at Sun and Mark Dixon is one of the people that I get to read from time-to-time.  Today he has a blog entry that is fantastic.  I, like Mark, wanted to be an Astronaut.  I can remember reading about the Shuttle before it was launched on it's first mission and building a clay model in fourth grade to share my enthusiasm with my classmates.  One of the great honors in my life was meeting an Astronaut in person on the sidelines of one of my kids soccer games (you never know who you are going to meet at a soccer game).

 These pictures are inspirational and I can't wait to share them with my kids tonight.  Thanks Mark for sharing with all of us. 

Space Shuttle Photograph 

Take a look at all of the pictures here:

Here are some of my other favorite NASA and space related sites:

Mars Rover click here
Go see a launch of a real rocket in California at Vandenberg Air Force Base.  You can get information about these events or how to take a tour of the base and operations here


Monday Dec 17, 2007

Schoolboy gets detention for using Firefox

This was too funny to pass along.  Having worked in the education space I know that System Administrators don't like it when different applications are installed on machines which they have to manage.  But, surely someone has lost their perspective or view on what they should be managing in the classroom.

Read the entire story here 

btw....the language in the story could be cleaned-up but overall funny story.  


Monday Dec 10, 2007

OpenxVM Ops Center launches first project

OpenxVM launched it's first open source project today!  It is the first of a number of projects that the team at Sun will be launching to build a community around virtualization.  There are a number of existing projects already, most notably the work done by Open Solaris and the works derived from the Xen community here or the work done on LDOMS in Open Solaris here.  This is the first project in the community geared towards the management of the physical and virtual assets. 

The project is Sun's first project under GPL v3 and a number of roles are available for members who want to participate.  The project offers several pre-built binaries that will support work on Solaris x86, Solaris SPARC and Linux x86 platforms.   

We have too many agents consuming resources on servers today.  What if we could minimize the number and have one that provided all of the information or functionality we needed to manage physical and virtual assets.

 Take action: 

  • Get more information on the project here
  • Get involved here

A number of influential people are talking about ideas of things to come.  You should add these to your favorite reader and monitor our progress.


More information to come on the Common Agent Container. 

Tuesday Aug 28, 2007

Security Insight

It is not every day that you get to hear from one of the great thought leaders on Security.  At Sun we are lucky every day because we get to work with people like Whitfield Diffie all the time.  Whitfield Diffie is Sun's Chief Security Officer.  

In this article on Computer World he gives insight into one of the future growth areas in security.  He believes that outsourcing or your data managed by others is the biggest force of change in security over the next 5 to 20 years.  Companies like SugarCRM,, Amazon or Google provide global business with the ability to outsource business operations, IT functions all to more efficiently invest their resources to continue to innovate.  However, the challenge for us all is to ensure that the appropriate level of security is applied to the data that we want to protect.

Sun takes security seriously and that is why we have one of the leading Identity solutions in the market, Identity Manager.  Additionally, we offer a product called Sun Connection will allows companies to quickly and efficiently apply security updates to RedHat, SuSE and Solaris operating systems. 

Thursday Aug 23, 2007


Sun announces change in stock ticker from SUNW to JAVA, Google using OpenOffice in Google Pack and Sun Connection patches Linux as well as Solaris[Read More]

Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.


« June 2016