It’s been so long, I had been involved with multiple Smartcard/PKI projects particularly supporting integration of Sun technologies for use with National eID, US Federal (HSPD-12 / PIV cards) and DoD CAC projects. There is no secret sauce, but unfortunately I did’nt find time to put together a trustworthy documentation addressing the technical aspects of using Smartcard based PKI credentials… Read more »
Last night, I had the opportunity to present at an OWASP event @Hartford, CT. James McGovern, a long-time buddy of mine organized this event at one of the Hartford skyscrappers – What a great view ! I had contributed code artifacts to OWASP projects before, but it was the first time I had a chance to attend an OWASP event…. Read more »
IT Security, Compliance Auditing and Governance has been on my focal areas for many years now…but I did’nt have a chance to explore it more closely due to my hands-on technical focus on implementing security solutions. Ofcourse, you can’t practice IT security implementation and compliance auditing together as a job – that certainly defeats the fundamental principles of security. So… Read more »
Security is the paramount challenge of Cloud computing – Ofcourse, what is the point of scaling out if your data is available naked on the Internet ? It comes as no surprise to me, to find out the recent IDC research survey revealed Security as the top concern – critical to the success of Cloud adoption. For more details of… Read more »
Not a shameless promotion – I came to know from multiple feedback and praises from the people who took the Sun Certified Enterprise Architect exam. Core Security patterns is overwhelmingly suggested as a reference text for “Section 8 – Security” of Sun Certified Enterprise Architect for Java EE5 exam. Section 8: Security Explain the client-side security model for the Java SE environment,… Read more »
A month ago, I had a chance to meet with John Beveridge (Deputy State Auditor at Office of the State Auditor of Massachusetts) at an ISACA event in Boston. During a casual chat, he briefly mentioned about the upcoming regulation highlighting “Mass 201 CMR 17.00 – Massachusetts Standards for Data Protection of Personal Information” and it’s compelling security requirements ! … Read more »
It’s been a while, I had been hearing a lot of talk about unified biometric credentials and using then for convergence of physical and logical access control systems – Like me, you might’ve heard a lot of high-level marketing or analyst’s stuff … so here is some realities from my hands-on experience ! Frankly, there is no magic silver bullet… Read more »
I had been involved with multiple Biometric ISV providers and its integration with Sun technologies particularly OpenSSO, IdM, Sun Rays and Solaris. I also had the opportunity to deploy Biometric solutions to few govt organizations that starts with “D” and “N”. Believe it or not…we have few of them in production. Now, getting down to the specifics – Putting it… Read more »
It’s been a while, MD5 has been known for its several weaknesses and multiple proven attack scenarios showing how it can be compromised – For those known reasons, a lot of us try our best to stay away from using MD5. Last week at the Chaos Communication Congress Conference – Berlin a bunch of researchers disclosed this eye-raising MD5 collision… Read more »
I had my chance to play with JavaFX and its samples. Wow ! unbelievably cool stuff and JavaFX raises the bar for other RIA API tools. In my experience, JavaFX eats AJAX and other RIA scrApting tools for lunch ! JavaFX offers an easy to understand declarative API for building RIA applications that can include Media, Graphics, XML Web Services… Read more »