Profile of Mike FrattoFormer Network Computing Editor
News & Commentary Posts: 96
Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.
Articles by Mike Fratto
posted in July 2008
VeriSign has been very active in beating the Extended Validation certificate drum. I just have a real problem with EV certificates being sold as "better" than regular EV certificates. EV certificates don't change the security features of the resulting SSL connection. The green or red address bar doesn't tell us whether a Web site is trustworthy or not. But the green bar adds greenback to you
One thing is true about the security research community, it is populated by people that don't like to be told what to do or how to act. Halvar Flake thought the way the DNS disclosure was handled was OK, but didn't think the discussion blackout would be useful. So setting off as a DNS novice, he spent a few hours figuring out the problem. He got pretty close, too. So then Matasano Security
I will be giving an hour-long Webcast Wednesday, July 23, 2008, at 11 a.m. PT / 2 p.m. ET, on InformationWeek's 2008 NAC Survey. We asked information professionals about their plans for NAC; why they were embarking on a NAC project; what they expected to achieve; and what their concerns were. We compared these results to past surveys t
Since the CERT announcement yesterday about the new vulnerabilities in DNS, there has been a lot of speculation that what Dan Kaminsky found is old news. Thoman Ptacek from Matasano, in an interview with Nathan McFeters at ZDNet, pretty much dismisses the vulnerability as old news and therefor unimportant. That sentiment is echoed on mailing lists and message
CERT has issued an advisory, short on details about the exact nature of the problem, about a fundamental flaw in the DNS protocol which allows an attacker to poison a DNS cache. Working with the person who found the flaw, Dan Kaminsky, CERT notified vendors of the problem and is coordinating a publication of the patch. If you run a DNS server, check with your vendor to see if a patch is available.