Tag: The

VMware and Trend Micro: Security for the Software Defined Datacenter – Trend Micro

Hello, I'm Steve Kwan[sp]. And I'm here with Adim Nahid[sp] And we're excited to do another year of a great partnership between VMware and Trend Micro. Over the last [xx] years our customer have been moving quickly to adopt cloud. And security is top of mind for them and I think the relationship has really …

The difference between software quality and security defects

Both quality and security defects are bugs,right.

They’re software defects at the end of the day.

It’s really the effect of thosedefects, and who can exploit them and in what way that makes them a quality or securityproblem.

Now, I think developers tend to be less well trained on security as a group.

Quality problems, they tend to be able to recognize better and be able to fix better.

But ultimately these are code level problems and as such, I don’t think there’s reallya clear line between the two.

If you look at many programs, and many programming languages,the exact same bug could be both quality problem and security problem.

And I that that blurringis not necessarily a bad thing, it’s a good thing, because it makes developers realizethat they need to look at the quality and the security of the software together, inorder to get it right.

Source: Youtube

Integrating with the Licensing API

Hi, my name is Carl and I am a Software Engineeron the Google Chrome team.

In this video, I will describe how to integrate with theChrome Web Store Licensing API.

Suppose you are creating a web app.

The ChromeWeb Store makes it easy to charge people to use that app wherever it is running.

Userswill purchase access to your app right from the Chrome Web Store.

To check whether a userhas paid for your app, use the Chrome Web Store’s licensing API.

The licensing API takes two inputs: the app ID and the user ID.

The app ID is the id the Chrome Web Store assigns to your app when you first createit in the store.

The user ID is the Google-provided OpenIDURL.

Typically, with OpenID the user ID is not shared unless the user explicitly grantspermission to the application; however, Google Chrome grants this permission automaticallywhen the user installs the application.

Users in other browsers will still see an approvalstep.

A number of OpenID libraries may be used todetermine the OpenID URL.

To see a comprehensive list of libraries justvisit http://wiki.

Openid.

Net/Libraries.

Some specific OpenID libraries you can exploreare the following: For Java you can try OpenID4Java.

For Python try using Google App Engine’s Django OpenID.

You can find more information on how to use OpenID in our documentation.

The Chrome Web Store doesn’t allow just anyone to call the licensing API.

The storewill check that the caller is authorized to make a licensing API check for a given app.

In this way we provide separation among the licensing data for various apps.

The developer that creates a web app in the Chrome Web Store is the only user with permissionto call the licencing API for that app.

In order to securely authenticate the ownerof an application, we use OAuth access tokens.

These tokens prove that you have the rightto call the API.

We automatically provide you with an OAuthaccess token in the developer dashboard for each app you own.

An OAuth access token isreally a token and a token secret, but I just refer to them as an access token.

To create a token, go to the developer dashboard and follow the link labeled “AuthToken”.

The next page explains what you need the token for and at the bottom of the page, you willsee a button to generate the OAuth access token.

When you click that button you will see the values for oauth_token and oauth_token_secretfill in.

Those tokens are scoped so they will onlywork to access the Chrome Web Store licensing API and cannot be used to access other informationfrom Google.

Please note that the Chrome Web Store willnot display these values more than one time for security reasons, so, don’t forget tocopy them to a secure location before you leave the page.

If necessary, you can returnlater to generate a new access token.

Now you should have all the data you needto call the licensing API: An OAuth access tokenA User ID and an App ID.

Let’s look at the details of calling the API using HTTP.

The licensing API endpoint is simply a URL containing the app ID and the user ID.

Theapp and user IDs must be URL-encoded.

To call the licensing API, you need to addOAuth signature parameters.

You can use an OAuth library to sign the HTTP requests.

Visit http://code.

Google.

Com/apis/gdata/docs/client-libraries.

Html for a list of libraries that may be used toperform these API calls in various web development languages.

The signing step needs the following pieces of data:The consumer key: This is always “anonymous”.

The consumer secret: This is also always “anonymous”.

The token and the token secret.

The consumer key and consumer secret are anonymousbecause you, the developer, are granting access to the application you own.

JSON is the default response format for API requests.

This response will indicate whetherthe user should be granted permission to use your app.

If you prefer the ATOM format, you can specify alt=atom in the URL.

To learn more about the Chrome Web Store and how to integrate with our licensing API, justvisit code.

Google.

Com/chrome/webstore.

Source: Youtube

GFI WebMonitor | Finding the antivirus and security engines

To access the antivirus features in GFI WebMonitor,click the Settings icon and navigate to the Security Engines option.

This page shows thesecurity engines that are monitoring both downloads and browsing.

You can switch theseengines on and off using the switch next to the security engine names.

We do not recommend disabling any of the securityengines to ensure that you always have the maximum protection levelspossible.

You can also enable and disable the update feature and the frequency.

Theupdate now button enables you to check for updates without waiting for thenext scheduled update.

You will also notice that some of the antivirusengines have a settings button next to them.

This enables you to configure additional featuresthat come with that Security Engine.

On the left hand side you will also noticethat by default you are notified via email when security engine updates aresuccessful.

To disable this feature un-check this option.

Any changes done in this screen are automaticallysaved.

Source: Youtube

Addressing the Broken Software Supply Chain – Improving Software License Compliance Management

Having worked in the technologyindustry for, I'm showing my age here, twenty plusyears I've been exposed to the way the large enterprises on aworldwide basis, you know the Fortune 2000, consume applications and technology products from the largest technology vendors,software companies, SaaS providers, even hardware and intelligent devicemanufacturers and I think it's interesting that this isprobably one of the most broken and dysfunctional supply chains there is in the world if you lookat consumer products, if you look at manufacturing all of these supply chains have beenoptimized and formalized and completely established over theyears whereas you look at this software supplychain and we still operate in 2013 in a world where the manufacturer that the softwareproducer isn't completely clear what they've sold to their customers andcertainly isn't clear on what the customer is using and then you translate yourself into theenterprise, you're the CIO of one of these large Fortune2000 enterprises and a game quite possiblyyou don't understand exactly what you've purchased from your software vendor and you certainly don't have a goodhandle on what you're actually using againstwhat you've purchased and so I think a huge opportunity forimprovement is just how to provide transparency andclarity to this overall supply chain and thatwould include providing to the producers of thetechnology capabilities and solutions thatenable them to understand exactly who are mycustomers, what have those customers purchased,how do those purchase rights change over time and how are my customers actually consuming my products and then on the flip side provide thatsame information ideally through a single repository tothe enterprise to the CIO organizationwithin the enterprise so that they clearly understand what have I purchased how am I actually using the productsthat I've purchased am I getting true value out of the money Ispent with my software providers and obviously this is a difficult challengeto resolve or it would have been accomplished more quickly but I think as the industry matures over the next 5-10 years we'll seesignificant improvements in this area.

The big challenge though forboth the producer of the technology and the enterprise is that their environments are actuallygetting more complicated when you factor in things likevirtualization, consumption of software through thecloud and mobility, bring your own devices,all of these end users now within the enterprise are using iPads, they're using Androiddevices, they're using iPhones.

The challenge only gets more complexso will see progress but againprogress will be made against a problem that's getting more and more complicated.

Source: Youtube

Antivirus vs Anti-Malware – The Big Question?

Hey Seekers! before actually watching this video do subscribe to our channel and hit the bell icon to receive the notifications of our future videos.

When I was having a small coversation with my friend he suddenly asked me what is the difference between antivirus and anti-malware.

Seriously I had know clue at that time.

Even most of us don't know what is the difference between antivirus and anti-malware and which one to use.

So I thought of making a video on this antivirus vs anti-malware.

We all think virus and malware are two different kinds of computer threats.

But the thing is malware is the root term and all the viruses, worms, trojans, adware, spyware come under malware.

Malicious software which is shortly called Malware damages the computer by multiplying the threats or sending the user information to hackers or blocking the user from accessing the PC or particular software.

To be specific, viruses multiply itself and then damages pc by corrupting the data or software or blocking the user from accessing particular software or PC itself.

An adware literally bullies with more ads and popups generating income for the author.

A spyware is a suspicious software which anonymously sends user data to third parties.

These third parties sell this information to business entities or hackers.

Similar to spyware, a Trojan is also a malware which sends sensitive data like user's login information credit card details to hackers.

They in turn steal our money.

So how does this malware enter our PC? For example if you are installing a software, suddenly you might you encounter a dialog box asking you to try another software.

If you install that software, Probably you might encounter malware problem in your PC.

In other cases you might receive a spam mail with a link to a spam software or you might receive a malware itself as an attachment.

When you click on a link or download that malicious software and install on your PC obviously you are giving access to potential threat.

An antivirus protects you from viruses alone.

Where as malware protects you from modern kind of threats like adware, spyware, worms and Trojans.

Having said that, we recommend you to use both antivirus and anti-malware to protect your PC from both viruses and malware.

I hope now you understood the difference between antivirus and anti-malware and the difference between virus and malware itself.

If you enjoyed watching our video, do like our video and subscribe to our channel.

And hit the bell icon to receive the notifications of our future videos.

l will catch you in my next video.

Thanks.

Source: Youtube