[SecurityRatty] tag: wily

Links List 10.10.08

Fri, 10 Oct 2008 17:15:00 +0000

You cannot turn around without bumping into another bad news story about the economy. From layoffs (10% of eBay’s workforce, 7.5% of HP’s) to the bailouts to the $7 billion loan the state of California needs to make payroll this month. Really, 7 beeeellllyon dollars? How many people shook their heads and felt sorry for the people working at financial services companies, all the while thinking that the tech sector was a pretty secure place to be (as long as you weren’t in the IT department at a financial services company)? Well, now apparently comes the wake up call for tech. Oh yeah, a bunch of those startups and not-so-young-anymore startups are FUNDED. They’re not making MONEY – or at least certainly not enough to actually be PROFITABLE, given the way they’ve been spending on payroll, sales and marketing to grow as quickly as possible. To get to that visibility and magic number of customers which means a big payoff for the investors and the founders. From the reports, it’s back to basics time, or at least that’s what the VCs are telling their portfolio companies. Cut costs. Layoff people. Focus on selling. And get profitable. Duh.

So can open source weather out the economic storm? Emerging from the dot-com bust, open source has matured, its legal framework and values are established, and serious players are in the game. But as this post on ZDNet points out, consolidation is on the way. “IDC renamed its LinuxWorld Show in San Francisco next year Open Source World – a clear shot across the bow at O’Reilly’s OSCON.” Will open source (from free to lower-cost alternatives to commercial software) flourish in a time of tightening budgets or will projects quietly go away for lack of funding (VC and that pesky business model thing) and, let’s face it, the “extra time” of IT pros tasked yet again to do more with less?

It’s October 2008 and Charles Babcock writes, “CA Embraces Virtualization As Future of Data Center Management”. Beyond keeping up with what competitors are doing, I enjoy this article for the masterful way it depicts the nightmare that is working with traditional frameworks. Too slow, too expensive, too complex, too many modules – it’s all in here. And somehow, I don’t think that was the point of it. So, $154,000 for CA Data Center Automation Manager – which can “consult” the CA CMDB (pricing starting at what do you think, something like $500K to a million – don’t forget those services) plus CA Wily APM (Introscope 8 and Wily Customer Experience Manager 4.2; pricing anyone?) metrics that get fed back into Data Center Automation Manager to help determine the virtual machine resources that are needed. Plus can also integrate info from CA Endeavor’s software change management tracking and CA SysView and in future with CA Management Suite for Mainframe Linux, potentially. I am not kidding about this list. And, we’ve been hearing this for a while – “Unicenter” the brand goes away and is replaced by “CA NSM”. The brand goes away. Why retire a successful brand? Ah.

I love this post on EMC, “Eleven Things You Didn’t Know About the World’s Largest External Disk Storage Company.” Although I guess I really don’t know much about Joe Tucci, since #11 says:

“Contrary to conventional thought, it is not true that the EMC President/CEO is the older, gentler brother of the fictional patriarch of HBO’s hit television series.” Hunh. I just googled him, thinking maybe it was a resemblance thing. Nope."

And on a much lighter note. A funny from Dell. 2 years later, I just stumbled across this Proprietaryville , Jibjab-ish video, called Dell the Journey. Legacy systems being escorted onto the Retirement Home bus. Michael Dell as knight in shining armor, singing no less. Joe Tucci and Larry Ellison showing up as heroes leading the charge against Proprietaryville (yes, funny in and of itself). And my favorite, “Now let’s go kick some proprietary apps.”

All Quiet on the CA Front

Wed, 01 Oct 2008 11:31:54 +0000

If you’ve read the blog, you know that we follow the Perils of CA with much amusement. Honestly, you couldn’t make up the stuff that Sanjay Kumar et al were and apparently are still making headlines with “35-day months”, accusations that founder Charles Wang knew and was part of the whole mess, a former US senator involved too, Sanjay’s unbelievable $1 billion in restitution…and the list goes on. (img from NYTimes.com)

But I am reminded that it’s not just the titillating stuff that’s of interest. CA is still one of the Big 4 and up until a couple of years ago making headlines with some major and strategic purchases in our space – such as buying Concord for its e-Health software in 2005 and Wily Technology in 2006.

I recently ran across a 451 Group report, “CA: ghosts of deals past” by Brenon Daly (if you haven’t read one of his takes on the M&A market, you don’t know what you’re missing) that showed quantitatively just how much the acquisitions had slowed down.

2003 – 4

2004 – 3

2005 – 6

2006 – 6

2007 – 0

2008 – 0 (so far)

Two or three years ago (I still have the slide in our presentations), it seemed like you couldn’t go a month or two without hearing about the latest acquisition by the Big 4 – to either fill gaps in their monolithic portfolios or take out a growing threat, which had built some good technology. This should sound very familiar to anyone (like me) who rubbed up against WorldCom. Growth (in revenue and technology) by acquisition. Buy your own revenue and don’t worry about the niggling details like integration.

But we’ve certainly seen the acquisition trend slow across the board. HP, after its mega-purchase of Mercury Interactive in 2005 for $4.5 billion, for example, went relatively silent on the acquisition front in our space. Perhaps, as it turns out, because they were too busy preparing for the even bigger purchase of EDS for $13.9 billion (and the layoffs, 24,600 and counting, which in this worsening economy are probably just starting).

Your ID may be stolen if you are dead!

Thu, 15 May 2008 10:00:34 +0000

Why cant people use their wily schemes for good?
Think of the positive possibilities that this planet could benefit from if criminals used their schemes to benefit mankind instead of sinking it further into the cesspool of humankind.
Sorry, It just stinks! Makes me mad.

clipped from blog.wired.com

Feds Charge California Woman With Stealing IDs From the Dead

Federal prosecutors this week charged a Southern California woman with aggravated identity theft and other crimes for allegedly using a popular genealogy research website to locate people who had recently died, and then taking over their credit cards.

Wily ways to get you to install Spyware

Sun, 20 Apr 2008 10:39:45 +0000

Its really a big business. Getting you to install it pays well. Unfortunately you dont reap any profits.

clipped from www.worldofsoftware.net

How To Remove Spyware

spyware Removal
It’s a little known fact to most people but viruses now a days are not as big of an issue as spyware. The above person may have a virus but the symptoms they gave are not for a virus but spyware. When you are getting pop-ups on your computer you can be certain you have spyware installed on your computer.

7 Seminal Security Books Every Security Wannabe Should Read

Mon, 17 Mar 2008 14:49:28 +0000

Today, there are more IT security books in the shops than ever before.

But what IT Security books can make a real difference to an aspiring Security Wannabe?

These are my Seminal 7…

Photo Credit: tanakawho

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage

The book that ignited my passion for IT security. Clifford Stoll stalks the wily hacker Markus Hess in a true edge of the seat thriller. Computer security books boring? Then you haven’t read this one. Be prepared to read in one sitting!

TCP/IP Illustrated, Volume 1: The Protocols (Addison-Wesley Professional Computing Series)

I remember the day I read that the author of this book - Richard Stevens - had passed away. I was shocked and saddened. This may sound strange as I’d never met him, nor had any correspondence with him. The reason is simple: through his writing, he had an uncanny ability to meet you where you were and take you on what feels like a personally guided tour of TCP/IP. Simply put, this is essential reading. I’ve read some great networking books since, but none that give you the feeling that the author wrote the book just for you. A revered classic.

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

The so-called bible of Crypto. With good reason too: Bruce Schneier provides a seriously comprehensive introduction to cryptography. Refreshingly, he starts at the ground floor - you don’t need a degree in maths to benefit from this tomb - its very accessible. Digest this and you will learn about the most important crypto protocols and algorithms in existence today. I still reference this book at least once a month - I’ve owned it for about 5 years now. How many books can you say that about?

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition

Ross Anderson teaches us how to avoid repeating the mistakes of those that went before us. Another author with real passion for the subject, his intelligence and pragmatism shine through. This book will introduce you to IT security as an engineering discipline. Don’t let those last two words put you off - Anderson is a master at telling you what you need to know, when you need it. The book itself underlines why effective security design is all about “the human element”. Fascinating case studies that will make you thank your lucky stars you don’t have to design security for prepayment meters or ATMs. Want to read online? Click here. Aside from the book, I highly recommend his papers on the Economics of Information Security.

Hacking: The Art of Exploitation, 2nd Edition

The majority of the security books on my bookshelf are pretty thick. Thick books give an air of authority - “wow, this must be a very serious book by a very knowledgeable author, if I read this, I will breathe in the knowledge of the gods and impress anyone willing to listen to me for long enough”. The author of this book - Jon Erickson - somehow manages to pack an incredible amount of content into less tree than most (he even manages to get root on the cover!). You will learn techniques that shave hours off exploit development time. A great introduction to blowing (precise) holes in software.

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

The holy trinity of Software Vulnerability Researchers deliver a mammoth treatise on why my eyes would bleed if I had to do what they do all day. This book will change the way you see software security auditing. If it doesn’t, you probably need to read it more carefully. This should be mandatory reading for people that get paid to do software vulnerability research. For more, check the Taossa blog.

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski is refreshing because (a) he does his own thing (b) those ‘own things’ tend to be interesting and (c) he enjoys the subtle/obscure/funny. And he can write! For a non-native English speaker he writes with great charm and wit. Reading this book is like stepping into the Matrix - everything we take for granted can be unwoven, refactored and turned inside out. Buy this book and read it cover to cover then go check out his lair, where he shares his ongoing digital experiments.

###

What security books would you recommend to an aspiring Security Wannabe and why? Tell us in the comments…