Monthly Archives: February 2015

AVG

Is momentum gathering for women in tech?

Many of you who didn’t see the Oscars will have no doubt heard about Best Actress winner Patricia Arquette’s acceptance speech. In a rousing call to arms she demanded equal pay for women.

She said, in part, “To every woman who gave birth, to every taxpayer and citizen of this nation, we have fought for everybody else’s equal rights, it’s our time to have wage equality once and for all, and equal rights for women in the United States of America.” (For those who missed it, you can see a clip here.)

Her brief acceptance speech galvanized the Hollywood audience. Although I believe she had the right intentions, her after-Oscar remarks also earned criticism in some camps, specifically African Americans and members of the LBGT communities, who faulted her choice of words for being insensitive, and for not calling out “all” women specifically.

But the essence of the remarks resonated this week at the first-ever, sold-out “Lead On Conference for Women,” held in Silicon Valley.  It certainly resonated with keynote speaker Hillary Clinton, former Secretary of State and presumptive candidate for the U.S. presidency.

Said Clinton in her keynote, “She’s right — it is time to have wage equality once and for all.”

The one-day Lead On Conference had more than 100 speakers, including tech industry luminaries such as Kara Swisher of Re/Code, who interviewed Hillary, and others who have made their mark elsewhere, such as Jill Abramson, best known as the first female executive editor of the New York Times. The agenda was full of many more extraordinary women – and a few men sprinkled in as well :).

Hillary Clinton Lead On

Image courtesy of recode

 

But the killer keynote came from Clinton, giving her first public speech this year.

Clinton is no stranger when it comes to Silicon Valley and is a strong supporter of Girls Who Code, a national nonprofit dedicated to closing the gender gap in tech.

In her keynote, among other points, she voiced concern about the dearth of women in tech and the lack of a pipeline. She focused on the numbers, which do not lie: including the fact that currently, women receive only 18 percent of computer science degrees — which is, amazingly, less than half of those awarded in the 1980s, when women earned 38 percent of those degrees. “We’re going backwards in a field that is supposed to be all about moving forward,” Clinton said.

As for pay parity, both inside and outside of tech, it’s a big issue.  According to the most recent surveys by the BLS, women made 82 percent of the median weekly earnings of male full-time wage and salary workers.

For the tech industry, we see pay gaps and opportunity all around us. In fact, in a recent study last November, Glassdoor found that of 25 tech companies surveyed, “At most of these companies, men report earning a higher base salary than women for the same role.” (You can see a chart breaking compensation down by company and job title.)

It’s encouraging to be seeing momentum building for pay parity and a major political player who gets the importance of tech, and, moreover, the importance of women in tech. Bravo to both Clinton, and to Arquette.

Although we have a long way to go…there are baby steps happening!

As for myself, I am looking forward to continuing this conversation as a speaker at the 2015 SXSW Interactive program with a Core Conversation on “Boardroom or Baby” on March 14th.

For a preview take a look at the accompanying blog post. And, if you are going to be in Austin – join me there!

Title image courtesy of Chicago Tribune

Security

Suricata IDPE 2.0.7

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Security

SAP Business Objects Unauthorized Audit Information Access

Onapsis Security Advisory – It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.

Security

SAP Business Objects Unauthorized Audit Information Delete

Onapsis Security Advisory – It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it’s queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.