There are a handful of assumptions that frequently come up when we read and talk about mobile performance. Today, I want to review the most common myths, discuss why they persist, and explain why they are incorrect.read more
What exactly is the Heartbleed vulnerability?
On April 7, 2014, the OpenSSL community announced that it found a critical vulnerability in the TLS Heartbeat protocol. The nature of such an attack is very similar to a buffer overflow attack, where a remote attacker can exploit the protocol by sending a malformed “heartbeat” request with a payload size bigger than the actual request. In response, the vulnerable server would return a heartbeat response that contains a memory block of up to 64KB in the payload. This memory block can potentially reveal confidential information, including SSL private keys, user passwords and more. The researchers that found this vulnerability have put together an informative micro site that explains all of this.read more
Windows XP support has ended and there will be no more patches.
This ongoing news story has repeatedly stressed that millions of computers that run the operating system Windows XP will no longer receive automatic security updates or protection against new viruses. This means that the 12 year-old system could leave behind security holes for users who haven’t upgraded.read more
As you’ve most likely heard, a very serious threat called CVE-2014-0160, commonly referred to as “Heartbleed” has been threatening the ultra-popular open-source OpenSSL package. Heartbleed is unique in the collateral damage it can create.
Heartbleed exposes the ugly side of open-source security components: In past events, where such Earth-shaking vulnerabilities were found, there was a vendor that would pay for the collateral damages that the vulnerability created. Who would pay for the collateral damages of this open-source vulnerability? It is likely be the users that are using OpenSSL.read more
Many Colocation, Hosting, and Cloud Providers include Infrastructure as a Service (IaaS) as part of their base offering. These Providers are under increasing pressure to deliver this basic service with high quality at the lowest possible price – while still maintaining reasonable margins for their business.read more
Every day at Radware we have customers and prospects asking us about the key determinants in sourcing and testing a DDoS protection service.read more
Last week I had the pleasure of co-hosting an InformationWeek webinar with Jim Metzler, a distinguished Research Fellow and also the Co-Founder at Ashton Metzler & Associates – whom I’ve known for years from various industry events and conferences. The webinar had over 400 participants and discussed why ensuring the SLA of websites and internal business-critical applications is extremely important to business functions and IT organizations. We also spoke about how Radware solutions can be utilized to deliver, monitor and manage application SLA, as well as drive web performance optimization, even during a cyber attack.read more
Recently, my colleague, Ehud Doron, who has been relentlessly promoting SDN, received recognition from the industry for his efforts. Taking home the “Outstanding Technical Contributor” award, Ehud’s ongoing contributions were recognized in the NBI working group of the Open Networking Foundation Summit.read more