My Best Articles

Archive of my preferred articles in my previous blogs

E-mail requirements change for a safe use in the post PRISM internet

Recently is mounting a serious concern about e-mail use and misuse, after PRISM the question is if e-mail can still be used as a safe communication media both for personal and enterprise use. This is a difficult question since e-mail has always been a low security- high risk area in the enterprise as well as in the private world. When talking about mail we should remember what email really is: Email is a simple method to transfer information from a computer to another, the used protocol SMTP is a plain text protocol that pass all the information in clear text….

is Free and investigative Journalism in danger?

I live in a country, Italy, where journalism is not a synonymous of freedom, objectivity or courage. In the past we have had great journalists able to put their life at the service of a profession that require total dedication, but today the market offer really a few example of journalism, most are just “the voice of the boss” as mr. Sallusti or mr. Belpietrto. I always seen that outside there were great journalists, free and brave ones. Journalists able to fight and find scandals or inconvenient truths, and this was accepted and even defended by their governments who considered…

Groklaw forced to close, another piece of freedom is leaving internet

Here I usually don’t copy other blogs article, but i will make an exception to this one that comes from an historical free blog Groklaw. is sad to read this blog article and knowing this is the last one, this is a sad moment for the internet, our capability to freely express our ideas is in great danger. Government have always tried to shut down or control the internet, we were clearly worried about china, north corea and even russia, but now PRISM made everything worse. But when  Journalists like Barret Brown risk 100 years in prison in USA, or…

Digging it up on Security Costs and Security Budgets – part1

In my previous article, security costs and security budget, I made some assumption to simplify an introductory analysis on how much we should spend on security. Some of those assumptions have been made to simplify out tasks. Today I would like to quickly analyse some of those simplifications. One of the biggest assumption I made on the previous article is that if a problem cost us X then we can find a number n that express the number of incidents I’m allowed to permit so that nX can express the cost I’m allowed to accept. This simplification was based on…

Security Costs and Security Budgets

When I’m talking about security with customers, partners or at an event the first question I usually receive is: “how much this will cost to me?” This is an understandable question, costs have to be monitored and expenditure have to be planned wisely, the problem of  how much I canshould spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seamed to be attracted more by strange inner believes than a empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that I’ve…

The unemployed mood

Today is not really an happy day. Although I’m fighting to find reason for a good mood is not always easy to smile when you’re still fighting to find a job, the economic situation is not nice and perspective are even worse. What can  a 47 guy looking  for a position do? They say that if this not kills you make you stronger, wish it is the truth but there are days where you feel as you live in the wrong world. I spent a lot of my life trying to be one of the best in what I do, and…

Diary of an acquisition part1

Ok I know many of us experienced this kind of trip once in a lifetime. I have travelled acquisition a lot of times, when mondadori informatica was absorbed  by the mother comany mondadori, when brightmail become part of symantec, when symantec acquired veritas software and moved all european management to veritas, and at the end when cisco systems acquired Ironport. All acquisitions means change and most of the changes are not well accepted, but I’m a long traveller on the seas of IT company and I’m quite used to changes so what has meant to me an acquisition? The last…

Is Big C missing the point on security?

Big company are really suited for security? This is what comes to my mind when we see what Cisco, HP and Co. do when we talk about security. Are they really able to focus on the innovation and development that security require? I  can talk about what I know so i will express my mixed feeling about Cisco and Security. For long times Cisco has not been perceived as a big player in the security space, beside the fact PIXASA is the most sold firewall in the world. But honestly we should not only consider the magnitude of the numbers but also why and how companies buy a product. Alas…

Anonymous vs BART (Simpson?) part2

Still I read a lot on Anonymous hacking group, even that they threaten children or declare war against UK for expenditure cuts, also Strauss khan seems to be threatened by Anonymous. Reading news seems that they’re an unstoppable force of nature… I left my thoughts last time on why internet and why now, and why  they’re so (in)famous. So about the first point: why internet?  If they’re a unstructured movement is natural that they choose, grow and move onto the media that makes communication most easier. The relatively growing of importance of social media, messenger and other communication systems made very easy recruitment and association on the met. We…

Spear Phishing: can it fool me?

Image via Wikipedia Recent articles in the news remind me that anyone can be fooled by a good scam. the problem is always the trust we gave to the communication we received. is not just a financial problem (you remember the Madoff scam?) but a problem that can hit anyone, even expert guys can fall.The most recent was the hack occurs at Oak Ridge National Laboratory, but it is just the last of an infinite series. Also the RSA securID breach  was prepared with spear phishing. What is spear phishing? Spear phishing is an e-mail spoofing fraud attempt that targets…

Posts navigation