Domain: zscaler.com
Stories and comments across the archive that link to zscaler.com.
Comments · 4
-
Re:Apparently, applets only
What, so they're going to hard-code the acceptable root CAs into the JVM? So entities like the Federal Reserve Bank who run their own CAs (including folks using Microsoft Certificate Services) won't be able to use Java to connect to their secure resources? Providers like zScaler that offer cloud-based security whose entire model is MITMing all SSL/TLS (with the device owner's permission) won't be able to provide 0-day protection against hostile Java code?
Don't forget that the CAs whose keys are trusted by Java today have agreed to stop issuing "internal server name" certificates -- so usage of technology like Microsoft Certificate Services will only increase! In the next few years, the only reasonable way to make https/SSL/TLS work within internal networks will be to roll your own CA and certs.
I wish I could say that I thought there was no way that Oracle would be so stupid as to make it impossible to operate an internal CA. I mean, self-signed is not the same as signed-by-a-CA-not-vetted-by-Oracle. Self-signed traditionally means signed-by-a-CA-not-in-the-OS/runtime-list-of-trusted-root-CAs. But I wouldn't put any bets on this, since the historical data suggests that Oracle is one of the two stupidest, least trustworthy software vendors in the world.
-
Re:He didn't do his research.
It's basically the same version, but the iPhone edition is labeled 3.1, while the iPod edition is 3.1.1. I don't think there's a major difference in the actual software.
Still, it's quite curious that it works for me but not for you. This would explain Michael's more recent observations. -
Did they break the law?
The question is, did they break the law? http://research.zscaler.com/2009/03/botnets-for-everybody.html
-
Trusting the Cloud
http://research.zscaler.com/2008/09/trusting-cloud.html When leveraging cloud based apps, in this case webmail, security is vital not only in the cloud but during transmission to the cloud. While this is often the responsibility of the enterprise itself, here is a situation where Yahoo! was responsible for all components (client and server) and still didn't get it right. Cloud computing will not succeed unless enterprises are able to trust those making online services available to them. Situations such as this, where security was clearly an afterthought, do not help to build the trust required for cloud computing to succeed.