Tag: security

Penny wise and pound foolish

Saving money on technology is often a bad investment as the V8 Supercars found

“We were penny wise and pound foolish” says Peter Trimble, Finance and Systems director of the V8 Supercars, about the IT setup he found when he started with the motor sport organisation 18 months ago.

The V8 Supercars were like many businesses who had outgrown their basic IT setup and were struggling as a result.

A touring organisation – “a travelling circus” as described by CEO David Malone – with 15 races in Australia, New Zealand the US has some fairly unique challenges as contractors, teams and a dispersed workforce put demands on the businesses which a basic small business system struggles to cope with.

What Trimble found at the business were employees struggling with cheap internet connections and antiquated, inadequate servers.

Focusing on the pennies and missing the bigger picture is a common problem when managements skimp on technology which leaves their staff spending more time on IT problems than getting their jobs done.

Basically the $80 a month home internet connection doesn’t cut it when you have more than two or three workers and the server that worked fine when those people were in the same office becomes a security risk when a dozen a people are trying to login over the Internet.

It wasn’t surprising the V8 Supercars management decided to go with a cloud computing service – in this case Microsoft Office 365 – and invest in proper, reliable internet connections.

What the Supercars found that being penny proud and pound foolish with IT doesn’t work for a business, office tech is an essential investment.

Paul travelled to the V8 Supercars in Launceston courtesy of Microsoft Australia. 

Similar posts:

Microsoft’s China crisis

Microsoft’s Chinese partner is blocking Skype messages and possibly passing user details onto PRC authorities. This security concern could damage both Microsoft and Skype.

That the Chinese Public Security Bureau is blocking your messages – and may even be reading them – would make anyone pause before they used a service.

Bloomberg Businessweek reports Microsoft Skype is doing exactly this with its Chinese customers. Anything deemed inappropriate is censored and referred to servers belonging to TOM Online, the company that runs the Skype service on behalf on Microsoft in China.

The Bloomberg story goes onto detail how one Canadian researcher is reverse engineering the Chinese blacklists, giving us a wonderful insight into the petty and touchy minds of China’s censors and political leaders.

What raises eyebrows about this story is how nonchalant Microsoft is about this issue, in a wonderful piece of corporate speak the software giant answered Bloomberg’s question with the following bland statement;

“Skype’s mission is to break down barriers to communications and enable conversations worldwide,” the statement said. “Skype is committed to continued improvement of end user transparency wherever our software is used.”

Microsoft’s statement also said that “in China, the Skype software is made available through a joint venture with TOM Online. As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws.”

Microsoft have to fix this problem quickly, glibly saying the Chinese government eavesdropping on conversations is a matter for partners is not going to be accepted by most customers.

It would be a shame should Microsoft’s Skype investment fail – Skype is a very good fit for Microsoft, particularly when the technology is coupled with the Linc corporate messaging platform, so squandering goodwill over protecting users’ conversation seems counterproductive.

One of the great business issues of this decade is the battle to protect users’ privacy. Those who don’t do this, or don’t understand the imperatives of doing so, are going to lose the trust of the marketplace.

Twenty years ago, Microsoft could have risked this. Today they can’t as they struggle with a poor response to their Windows 8 operating system and their mobile phone product.

Losing the trust of their customers may be the final straw.

Similar posts:

Would you know if you’ve been hacked?

With 200,000 new malware threats each day, keeping ahead of the online bad guys is impossible. We need to be smarter.

“I report to head office in Moscow” is a line which either means you’re in a James Bond movie or at a lunch briefing with the Russian security company Kaspersky.

While the James Bond movie would be fun, the Kaspersky lunch was an interesting briefing on their new security product.

A notable aspect of the discussion was the explosion in malware – there are over a hundred million malicious programs circulating on the internet with over 200,000 new threats every day.

“We struggle to keep up,” says Kaspersky Lab ANZ Managing Director, Andrew Mamonitis.

That a security company with 2,700 specialists struggles to keep up with the evolving threats emphasises the scale of the task facing a network administrators and IT managers.

It’s a task beyond all but the biggest companies.

Sometime ago I suggested every computer user should assume their computers are compromised and managers should work work on limiting what intruders can do to system.

With staff bringing their own devices to work, those risks are multiplied as some devices will almost certainly be infected with malware.

There are some basic things that computer users should do to make their systems harder to break however it’s almost impossible to protect against a zero-day exploit or the efforts of a sophisticated and determined hacker.

With our homes and motor cars, we realise it’s almost impossible to keep determined thieves out, so we take precautions like alarms, immobilisers and basic security such as keeping valuables out of plain view.

That attitude is what we now need with our computer technology, any hope of keeping your office server impregnable from outside attack is long gone.

Similar posts:

Exciting but vague

A blank page for everyone is how Tim Berners-Lee sees the World Wide Web, this opens opportunities for inventors from all walks of life.

On Tuesday Tim Berners-Lee rounded off his Australian speaking tour with a City Talks presentation before 2,000 people at a packed Sydney Town Hall.

After an interminable procession of sponsor speeches, Berners-Lee covered many of the same topics in his presentations at the Sydney CSIRO workshop the previous week and the Melbourne talk the night before.

These included a call for everyone to learn some computer coding skills – or at least get to know someone who has some, wider technology education opportunities, more women in computing fields and a warning about the perils of government over-surveillance.

On government monitoring Internet traffic, Berners-Lee has been strident at all his talks and correctly points out most of our web browsing histories allow any outrageous conclusion to be drawn, particularly by suspicious law enforcement agencies and the prurient tabloid media.

Who owns the ‘off switch’ is also a concern after the Mubarak regime cut Egypt off the Internet during the Arab Spring uprising. The willingness of governments to cut connectivity in times of crisis is something we need to be vigilant against.

The web’s effect on the media was discussed in depth as well with Sean Aylmer, editor-in-chief of the Sydney Morning Herald, saying in his introduction that Berners-Lee’s invention had been the defining feature of Aylmer’s career.

While the web has been traumatic for a generation of newspapermen, Berners-Lee sees good news for journalists in the data explosion, “how do we separate the junk from the good stuff?” Asks Tim, “this is the role for journalists and editors”.

One person’s junk is another’s treasure though and the web presents one of the greatest opportunities for people to “write on their blank sheet of paper.”

When asked about what he regretted most about the web, Berners-Lee said “I’d drop the two slashes,” repeating the line from Melbourne the night before.

At each of his Australian speeches Berners-Lee has paid homage to his mentor at CERN, Mike Sendall. After Sendall passed away, his family found the original proposal for the Hyper Text Markup Language (HTML) which formed the basis for the world wide web.

“Exciting but vague” was the note Sendall made in the margins of Berners-Lee’s proposal.

Vague and exciting experiments was what drove people like James Watt and Thomas Edison during earlier periods of the industrial revolution. Tomorrow’s industries are today’s vague and strange ideas.

Similar posts:

Sharks patrol these waters

You can’t expect an anti-virus program to fully protect IT systems, the risks are far more pervasive.

The announcement that the New York Times was attacked by Chinese hackers after exposing the financial details of the nation’s Premier doesn’t come as much of a surprise to anybody following either China or computer security issues.

One of the realities of modern computing is that systems are constantly being compromised, the complexity of IT networks is so great that even the best security experts can be caught off guard.

Securing our networks

In such an environment the normal business and home computer user has little chance against sophisticated criminal or government sponsored attacks, by the Chinese or any other spy agency.

One example of how badly wrong things can go for an organisation is the hacking of security advisory firm Stratfor in 2011, this illustrated how small business practices of having relatively open networks and poor password security can have serious consequences.

The issue is not how we fortify our systems against intruders, but how we manage the risk. A useful analogy is how supermarkets deal with shoplifters – they can’t eliminate the problem, but they can manage it in ways that control losses.

Businesses, governments and home users have a range of things they can do to make it harder for hackers to get into a system and limit what they can access if determined one gets in.

The limits of anti-virus

Another aspect in the story that doesn’t surprise is the poor performance of the New York Times’ anti-virus software. According to Forbes, Symantec only caught one malware program out of the 45 installed by the hackers.

I have an entirely rational hatred of Symantec. While running an IT support business, their products were the bane of our lives and we encouraged users to choose alternative security software because of the unreliability of many of Symantec products, particularly the once proud Norton brand that was aimed at home and small business users.

At the time of the great malware epidemic in the early 2000s, Norton Anti-Virus had a huge market share and it proved to be worse than useless against the various forms of drive by downloads and infected sites that were exploiting weaknesses in Microsoft Windows 98 and XP systems.

Windows weaknesses

The common culprit was Windows ActiveX scripting language that Microsoft had introduced to standardise its web features. While a good idea, Microsoft made ActiveX a fundamental part of Windows and gave the features full access into the inner workings of the system.

Sadly Symantec made the decision to run all their security software on ActiveX as well.

As ActiveX was the main target for malware writers it meant that Norton AntiVirus or their Security suite would crash in a heap once a computer became infected and the Symantec software would actively interfere with attempts to cleanup a compromised system.

Making matters worse was Symantec’s subscription policies which cut customers off from vital updates and their bizarre policy of not including important upgrades in their automated updating function.

The failures of tech journalism

All of these factors made Symantec a loathed product in our office. It wasn’t helped by a generation of tech journalists who wrote gushing stories about Symantec, gave their products favourable reviews despite the company’s lousy reputation and consulted their employees for expert comment.

It wasn’t tech journalism’s finest hour. What really grates is the number of these folk still peddling nonsense about IT security and anti-virus software.

That distrust of Symantec continues to this day and those of us who struggled with their products a decade ago are not surprised at their poor performance on the New York Times’ network.

State sponsored risks

In defense of Symantec, the Chinese hackers are very good and its unlikely any security software would stand up to a sustained and determined attack from them or their counterparts in the US and Israeli governments.

We should also note that government agencies trying to get into systems is not just something done by the Chinese, US and Israelis; every government in the world is engaging in these activities against foreign businesses and their own citizens.

So we have to accept that these breaches and attacks are a real threat to any computer and any organisation. It may well be should build our security strategies around the assumption the bad guys are already in the system rather than believe we can build a giant electronic fort to keep the bad guys out.

One thing is for sure, you can’t rely solely on anti-virus software to secure your IT systems.

Similar posts:

What happens when software is wrong

A phone company software glitch puts one man’s life and the safety of thousands at risk. It reminds us that computers are not always correct.

The Las Vegas Review Journal yesterday told the story of Wayne Dobson, a retiree living to the north of the city whose home is being fingered as harbouring lost cellphones thanks to a software bug at US telco Sprint which is giving out the wrong location of customer’s mobile devices.

While it appears funny at first the situation is quite serious for Mr Dobson as angry phone owners are showing up at his home to claim their lost mobiles back.

Making the situation even more serious is that 911 calls are being flagged at coming from his home and already he has had to deal with one police raid.

While the local cops have flagged this problem, it’s likely other agencies won’t know about this bug which exposes the home owner to some serious nastiness.

That a simple software bug can cause such risk to an innocent man illustrates why we need to be careful with what technology tells us – the computer is not always right.

Another aspect is our rush to judgement,  we assume because a smartphone app indicates a lost mobile is in a house that everyone inside is a thief. That the app could be wrong, or we don’t understand the data to properly interpret it, doesn’t enter our minds. This is more a function of our tabloid way of thinking rather than any flaws in technology.

The whole Find My Phone phenomenon is an interesting experiment in our lack of understanding risk; not only is there a possibility of going to the wrong place but there’s also a strong chance that an angry middle class boy is going to find himself quickly out of his depth when confronted by a genuine armed thief.

For Wayne Dobson, we should pray that Sprint fixes this problem before he encounters a stupid, violent person. For the rest of us we should remember that the computer is not always right.

Similar posts:

Privacy is not someone else’s problem

Modern technology tools have made privacy an issue for everyone

Early this year a storm broke out about privacy in the United States when a computer rental company was caught spying on its customers.

Technology website Ars Technica has an excellent story describing what the company was doing and the software they were using.

What the story of PC Rental agent shows is that even small businesses have the tools to run serious surveillance on their customers and some will do so simply because they can.

The days when privacy could be dismissed as the concern for a few sensitive celebrities, sports people and politicians with something to hide are over – privacy is now your problem.

Similar posts: