[SecurityRatty] tag: dream

I Dreamed a Dream of Clouds Gone Social

Wed, 05 Nov 2008 13:30:01 +0000

Can Marc Benioff live up to his own hype plus the hype around cloud computing? Maybe. (image from chris_lyb)

Salesforce.com’s Dreamforce conference takes place this week in SF. Billed as “The Cloud Computing Event of the Year”, the conference kicked off with a keynote by Benioff while people wearing puffy-white jackets and holding giant helium-filled cloud balloons stood outside.

Benioff announced partnerships with Facebook and Amazon.

Part 1: Force.com apps will be able to run on Facebook and leverage the Facebook users’ social network. An example shown was integrating “My Starbucks Idea” into Facebook. If a user submits an idea through Facebook, their friends can see it, comment or be prompted to submit their own.

Part 2: Force.com applications can now use Amazon’s cloud hosting services in addition to the public Force.com sites.

This is smart and a surprisingly non-megalomaniac way of doing things. Instead of trying to own the entire cloud stack (hmmm – someone just made a very different announcement), Salesforce looks like it’s focusing on what it does best – enabling application development in a hosted model. And letting Amazon take at least some of the future blame for any outages/interruptions in service (anyone who has Salesforce can say amen to that). That is smart.

U.S. Consulate in Northern Mexico attacked with guns and grenade

Sun, 19 Oct 2008 14:53:00 +0000

The motive for last week's attack on the U.S. consulate in Mexico is being investigated but there is still no clear cut reason for the unprovoked attack.

The attack had more in common with what we have come to expect in Iraq than from just below the Southern States of the U.S. News of the attack is making me think more about the article I read in one of the Gulf papers here in the Middle East a couple of days ago.

The article read; "Mexican workers leave the U.S. disllusioned with the American Dream". The story, like so many others these days, focused on the worsening U.S. economy. That made me think; could a returning mexican worker have launched the attack on the embassy due to his frustration at not being able to do as well as he had expected North of the border?

I hope for Mexcio's sake this is not the case. Mexico's dangerous crime rate is already a concern for many people deciding where to go to spend their holiday dollars.

In this current economic climate, visitors need to be encouraged and given a reason to spend their hard earned money in your country, not made to feel like targets.

Knock, Knock, Knockin' on Carder's Door

Thu, 02 Oct 2008 06:59:00 +0000

This video of Cha0's bust earlier this month in Turkey, is a perfect example of what happens when someone starts over-performing in the field of carding.

Try counting the desktops, and notice the "full package" a carder can dream of - the box full of ATM skimmers, the holograms, the plastic cards machine, the suitcase with the POS (point of sale) terminals, the house and swimming pool, and, of course, the hard cash.

Protect yourselves from identity fraud

Mon, 29 Sep 2008 09:32:18 +0000

Soon you’ll be seeing the infomercials on late nite TV.
Its becoming very profitable, easy set up, even tutoring.

clipped from news.cnet.com

Behind the scenes of online fraud

Fraudsters aren’t just targeting bank customers. They are also luring victims off social networks, where they harvest sensitive private information, and online gaming sites, where they steal accomplished avatars and accounts and sell them for money, Rivner says.

Online fraud tools have price tags just like any other software. For example, the Mpack Infection Kit costs $700, a Dream BotBuilder costs $500, and at just $350, the Limbo Trojan is practically a steal, according to Rivner.

For people who don’t have the skills to install, run, and manage their own Trojans and other tools, fraudsters are offering fraud software as a service for $299 a month, “which means anyone can do it,” he says.

While online attacks get the headlines, a bigger risk is from skimmers, fake faceplates for ATM machines that steal card data from the magnetic strip. The data is then used to make forged cards.

Of Planes and Ships

Sun, 28 Sep 2008 19:04:11 +0000

Tom Barnett is consistently the most interesting writer on globalization and econo-security seam. This weeks piece confronts a problem every security architect can relate to (emphasis added on the "nail it to the wall" quote at the end):

One of the main problems in counterterrorism today is that there are so many people and vehicles, and so much data and material, moving through globalization's myriad networks that it seems virtually impossible to track it all effectively. Nowhere has this problem been more acute than on the high seas.

In 2006, Adm. Harry Ulrich, then U.S. commander of NATO Naval Forces Europe, decided to do something about it. Despite having virtually no resources, his dream was to transpose the global air-traffic control system onto sea traffic.

Worldwide, aircraft are transparent, because they're all required to carry an identification beacon that allows them to be tracked leaving and entering airports, and monitored between airports, by a global network of sensors. Act suspiciously and somebody's fighter aircraft will soon be on your tail.

No such pervasive system currently exists globally for maritime traffic. While bigger ships carry an ID beacon similar to aircraft, without a shared monitoring network, that's like tracking only selected commercial jets and giving everyone else a pass.
So Ulrich, upon taking command, asked a simple question: "If we can do that in the air, why can't we do it on the sea?" He made a point of pioneering his sea-traffic-control effort first inside the Mediterranean, where NATO's southern naval forces have historically been concentrated, but his real target was waters off Africa -- the most ungoverned maritime space in the world.

Ulrich knew the U. S. Navy couldn't do it alone, much less bring Africa's meager coast-guard-like navies up to snuff so they could do it on their own. So he quickly created a network of assets -- both public and private -- to manage that space, modeling his monitoring system on international air-traffic control.

Ulrich began stitching together a network of shore-based sensors ringing the Mediterranean. His naval command then began initial monitoring by tapping into the International Maritime Organization's existing Automated Identification System, transforming NATO's ability to track ship traffic in the Med.

Almost overnight, NATO went from tracking dozens of ships on the Mediterranean to thousands, and instead of getting the data sometimes up to 72 hours late, now the contacts were being tracked in one to five minutes -- to an accuracy within 50 feet on the earth's surface.

When the classic big-firm systems integrators told Ulrich it would be too costly to pull it off, the admiral turned to the Volpe Center in Cambridge, Massachusetts, a U.S. Department of Transportation research center. Instead of hundreds of millions of dollars, Ulrich's initial network cost $900,000. The shore-based receivers are small, roughly the size of a radar dish you might find on a pleasure craft.

The strength of the system is a function of its reach: the more countries join, the larger the shared operational picture. By the time Ulrich retired at the end of 2007, he had enlisted 32 countries throughout the Mediterranean, the North Atlantic, along the west coast of Africa, around the Black Sea, and in the Pacific. Today, the network continues to spread around the planet.

With Ulrich's system in place, local police, coast guards, and border patrols catch most bad guys, obviating American military responses. As Harry told me for an article I wrote about his work in a fall 2007 issue of Esquire, "I don't do defense; I do security. When you talk defense, you talk containment and mutually assured destruction. When you talk security, you talk collaboration and networking. This is the future."

The admiral's legacy program, the Maritime Safety and Security Information System, earned the Volpe Center a prestigious "Innovations in American Government" award this month from Harvard University's Ash Institute for Democratic Governance and Innovation.

Security Collaboration + Networking = Federation. This is indeed the future - SAML came along just at the nick of time.

When you assume that to do access control you must have "Complete Mediation" in Saltzer and Schroeder's terms of the subject (users), the objects (data), the session, and the roles, then you are going to have an interesting life trying to deliver anything. And if you do it will mucho expensive.

if you take the federated autonomous nodes approach, agree upon an attribute schema plus a protection model for same, and basic protocol, you are then free to move about the country. Security doesn't have to equal centralization or high cost. Get the attributes from point a to point b securely.

Inc 500/5000 Conference Summary

Fri, 26 Sep 2008 14:00:44 +0000

It didn’t really sink in until after the final black-tie awards ceremony finished last Saturday night that I had a chance to comprehend how starting a company that achieves this list is a once in a lifetime experience.

When I walked up on stage and accepted the Inc 500 award, it hit me square in the face that this is a rare accomplishment, and even more difficult for a product company that started without the benefit of VC funding.

Dave with wife, Anne, at the awards ceremony
Over the 2 day period, I heard from some great speakers with entrepreneurial passion, many who never had accomplished making the list. It is so highly competitive and just plain hard to do.

I loved hearing some of the speeches during the conference and getting to know other entrepreneurs that attended the conference talk about how they created their niche and ultimately built a successful company from a good idea.

Because I enjoyed hearing some of what I like to call “golden nuggets of wisdom” so much, I thought in my conference wrap-up I would pass on a few to our blog readers:

Tom Peters – Author In Search of Excellence and The New World of WOW

“Only 7% of our great nation works for Fortune 500 companies. Small businesses and the entrepreneurs are the jet fuel that makes our country fly.”

“Brand is shorthand for a collection of experiences, memories of what it will be like the next time a customer deals with you. With the advent of blogs and consumer activism, Brand is impossible to fake; it is like the temperature in the room… it is there… it exists.”

Chester Elton – SVP Carrot Culture Group

“At the casino – they train the heck out of the Valet! Why do they spend 3 months on Valet training? Because he is the first and the last person to greet and interact with a visitor during their trip! Who is your company Valet?”

Paul Bennett – Chief Creative officer IDEO – speaking on — Creating a culture of optimism:

“You need to ditch B-B and B-C Need to become P-P Person to Person.”

“You don’t buy loyalty… you earn it… this is an interesting challenge, but small allows us to behave like human beings… Going off script and doing something human is a great place to start.”

“Stop obsessing about ROI and start obsessing about ROC! Return on Customer/Consumer is much more powerful than ROI!!!!”

“Happy people, unabashedly doing, happy things, makes for happy companies, which create happy businesses which enable happy cultures… IN WHICH THRIVE”

Marilyn Carlson Nelson – Chairman and CEO Carlson Companies – A family owned $40 Billion empire including TGI Fridays, Radisson Hotels…

“My leadership was tested terribly - after 9/11 the travel industry was particularly harmed. It was an extraordinary time for Carlson. “

“Put tactics around these strategic initiatives”

Whomever you serve, serve with caring
Whenever you dream – dream with your all
Wherever you go, go as a leader
And never, never give up
Whatever you do – do it with integrity

“That builds trust, trust builds relationships and relationships build results.”

=============================================

Actually, I took about 40 pages of notes throughout the two days… So I can’t say that this will be my last summary post on the Inc 500/5000 conference, but I can say that the conference did leave a strong impression about how I can help shape the future of ScienceLogic in an even more positive way.

Admins More Powerful Than Hackers

Tue, 16 Sep 2008 09:10:29 +0000

Do you trust your admins? We hope so.

The case of Terry Childs, the former San Francisco City Systems Administrator, is a good example of why you should be careful — Childs held the network hostage by withholding passwords and setting up a rogue access point. However in the court case, a supposedly expert witness testified that Childs posed no danger because the city could lock him out with simple steps.

Unfortunately, as Ira Winkler at RSA says, it’s not that simple –

…an administrator with a grudge can cause infinitely more damage than a “computer hacker” could ever dream of.

Given that Childs had his job for years, and purposefully kept a wide variety of critical network information from everyone else, it is impossible for them to lock him out of the network with “simple steps”. Of course soon after Tygar [the expert witness] filed his “expert” report, they discovered the rogue access point.

Read the full commentary here.

DC Young IT Scene Growing

Tue, 02 Sep 2008 14:45:14 +0000

The late 90’s IT boom represented everything great about the American dream. If you had a brilliant idea, knew how to put it into production and had some idea on how to market said idea, you could make it and many were indeed making it big in Silicon Valley.

This chance to “get rich quick” prompted many talented young entrepreneurs and IT specialists to move to the Valley, and in turn helped establish the area as a hip young center for the most talented people in the field.

The Beltway, (a.k.a. Washington, DC area) has always been known as a home for those wanting to enter into public service, or at least a career in grand gestures, however with the rapid growth of government-based IT needs, and the success of many IT companies in the area, it is slowly transforming into an IT hub of its own.

[Note: Dave and Julia disagree with my perspective on the slow growth of DC as a tech hub. In their opinions, it always has been with many great IT companies founded and run out of the DC area, including AOL, UUnet, and The Motley Fool, to name a few. The area was properly positioned as the “Silicon Valley of the East” in the 90’s and was able to successfully cultivate a large and prominent IT culture. BUT it’s interesting that Silicon Valley dominates in terms of popular perception, as I believe and so do many friends I’ve discussed this with.]

But perhaps that is changing. Dave wrote an earlier post about the lack of local tech coverage in the Washington Post. Recently, however, we’re seeing more relevant articles in the paper that highlight the growing DC young IT scene. Case in point, this article about LaunchBox, a DC tech incubator that will hopefully only serve to grow and enrich the community with more talented young IT professionals and big thinkers.

The question that remains is how the culture in this very traditional area will change with this growth.

Abandoned NASA Trailer wants to be mine.

Mon, 11 Aug 2008 11:07:40 +0000

Please call me so I can tell you where to deliver this baby too.

clipped from gizmodo.com

Abandoned NASA Trailer Found Roadside, Full of Retro NASA Awesomeness

Since it came about in the 1930s as the Army’s rocket research lab, the Jet Propulsion Laboratory has been a part of just about every major unmanned U.S. space mission to date. JPL also has a somewhat surprising history of running major missions out of modular trailers scattered around their Pasadena HQ, which are packed with all of the stuff you need to, oh, I don’t know, monitor a spacecraft on its way to Mars. Photographer Richard Harrington stumbled upon one of these trailers, abandoned on a dusty lot somewhere between L.A. and Las Vegas, and as you would expect, it’s a retro space-tech dream inside.

Baseball, baseball, baseball

Thu, 31 Jul 2008 12:13:20 +0000

It may be the dog days of summer, but it is the height of the baseball season and the trade deadline just passed. Not without some blockbuster deals going down though. The biggest one is the a 3 team deal involving the Dodgers, Pirates and the Red Sox. The BoSox give up the heart and soul of their championship team, future hall of famer, Manny Ramirez. In exchange they get from the Pirates, Jason Bay. A few other players involved, but who cares. Does this mean the Sox are giving up on this season? As a Yankee fan I can’t tell you how happy I am not to see Manny so many times a year. I also think Joe Torre will do a great job of managing Manny out in LA. Good luck to Manny. Though he killed us for years, I respected his talent.

Speaking of the Yankees, they have made a few moves for the pennant run. In addition to their own trade with the Pirates to get Xavier Nady and Damaso Marte, they pulled off a great deal yesterday getting Pudge Rodriguez to fill in as catcher for Jorge Posada. This could be a huge deal for the Yankees. They gave up Kyle Farnsworth, who while threw well this year, gave up home runs like candy. I am flying up to NY with my two sons tomorrow and will be at the Stadium tomorrow night to watch the Yanks play the Angels, who also made a big trade for the Braves Mark Teixeira.

Another future hall of famer, Ken Griffey, Jr was also traded to the White Sox today. Wow! What a day in baseball. I can’t wait to sit in the temple that is Yankee Stadium with my two boys tomorrow. It is like a dream come true, similar to taking them to a Steeler game last year. With all of the action going on around baseball it is also a great time to do it.