CYBER INSECURITY

cybersecurity

The recent rash of  hack attacks, which caused only a little embarrassment to CENTCOM and  damage to the images of some SONY execs, has caused President Obama to initiate high-level discussions on the subject this week.  Channeling Johnny Cochrane on the 12th, the President said, ” If we are going to be connected, then we must be protected.”

 

We agree.  On  June 3rd in this space we posted the details of a Ukrainian-based malware scam that cost victims millions, and we strongly oppose people and organizations that terrorize the Internet.  The cyber security experts usually point at the endusers, chastising them about using passwords more effectively. The experts would have us believe that no site or web application can be made hack-free.   At a recent cyber security industry trade show, one booth featured many types of traditional locks, including some of the best home locks.  As a demonstration, each lock was picked.  The purpose of this was to show that–given enough time–even the best locks can be compromised, and to show  that any security we think we have in the physical  world is as elusive as it is in cyberspace. Then these experts ask you to hire them to help make your infrastructure more secure.  They have set a very low  expectation–easy to fail to  deliver security if it’s really impossible in the first place.   Blame it on all those users and their passwords.     Hopefully, the President’s efforts will push the discourse to a more accountable level.  The good news is that we CAN improve security.  The people who can most effectively push back the black-hat hackers are the people who build and deliver the products and services  that are getting hacked.  Improved security needs to be designed into the hardware devices and software applications, starting with server, smartphone, and personal computing devices, and the high-usage, apparently wide-open  ( are there any security folks  at Facebook and Twitter?) social media applications.  Hacking generates unusual traffic quantities and qualities.   It is possible today to build products and applications that monitor themselves for such unusual activity.

Self-monitoring software applications and Internet devices are necessary firstly to end the current level of black hat activity, but drastic improvement by manufacturers and service providers is most importantly needed to protect the nation’s financial infrastructure and to enable the Internet of Things and smart homes.   The billions of dollars  created by companies using the Internet to deliver their product or service are more than enough to fund a major effort to improve the most-ubiquitous, highly-used products and applications.   Google has the expertise to create a core group of “white hats,”  talent that could be used by manufacturers and very large endusers, like the federal government.    Perhaps providing developer/designer  resources  to hardware and software manufacturers would be a more valuable contribution from Google, for example, than a smart thermostat or smartglass.

Bill Patch, 01/15/

 

Net Neutrality May Survive

In a May 2014 posting we reported that the Chairman of the FCC, former Comcast lobbyist Tom Wheeler, was going to end net neutrality, and allow ISPs to treat different net content providers differently  and to charge them different rates—-essentially allowing providers to buy their way into premium “fast lanes  of service.  This would have a chilling, if not deadly, impact on the diversity of content and innovation of new content.

Today, President Obama urged obama-nret neutralitythe FCC to implement the “strongest  possible rules” to protect a free and open Internet.”   Perhaps his work this week with China on their closed Internet problem  inspired him to make sure that our freedom to produce and distribute content on the Web is maintained and protected.

 

Hopefully, this important part of our Freedom of Information will not become a partisan political football

 

 

 

 

Bill Patch 12/1/2014

Huge Hacker/Extortion Ring Busted

A U.S.-led operation , which included Australia, the European Cybercrime Center, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, and Ukraine, recently disrupted a network  of 500,000 – 1,000,000 computers that had been infected by a malicious software named “Gameover Zeus.”  The botnet  was used to gain control of bank accounts and extort money from victims.  One sub-program. named Cryptolocker, had infected more than 234,000 machines.  Cryptolocker encrypted bank account files, and then the gang demanded payments for release.  More than $27 million was paid  in its first two months operating.Zeus

 On May 7th, Ukrainian authorities seized  and copied Gameover Zeus command servers in Kiev and Donetsk.  Recently, about 300,000 victim units have been reclaimed. “We took control of the bots, so they could only talk to us,” said Brett Stone-Gross, a Dell expert who assisted the FBI. On June 2nd, a criminal complaint was filed in Nebraska against Russian Evgeniy Bogachev.

 

Source:  Business Insider

 *   *   *

Perhaps we are fortunate that the Ukrainian officials were still independent enough of Russia to cooperate with the group of nations that conducted this operation.   At the least, this incident illustrates how important global cooperation is to secure and protect the Internet.  The good guys beat the bad guys in this case because the cooperative effort included the equipment manufacturers and a  majority of the nations affected.

 With steady vigilance and  an effective balance of government and business expertise and cooperation, we can keep the Internet free and secure.

Bill Patch  06/03/14

 

Manufacturers Need To Improve Product Security

Business Insider posted an article on May 19th, reporting that Cisco CEO and Chairman, John Chambers, had written a letter to President Obama, asking him to stop the NSA from inserting  monitoring devices into Cisco equipment.  :

 

john chambers

 

The article included a copy of the letter, which is dated May 15th.   The timing of the letter is curious.  It says it is in response to photos which went viral last month after being published in Glenn Greenwald’s new book, “No Place to Hide”.  The photos show NSA operatives in 2010  opening packages of Cisco equipment and inserting devices into the equipment.

Last week Cisco also released  a quarterly earnings report, which showed orders were down in their developing nations region—Down 7% in the BRIC  Region  (Brazil, Russia,  India, China) , and down 13% in Mexico.  While  the publication of the photos certainly can’t be helping Cisco’ sales in the developing nations, Chambers’ letter stops short of making any specific link between the photos and the quarterly results. Chambers does point out the negative impact of the agency’s actions:

We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security.”

He’s right—customers trust Cisco to produce and deliver products that are safe to use; but that’s Cisco’s job, not the government’s. By now it’s clear that the pursuit of national security has led the NSA to engage in practices that  most people deem to be excessive and intrusive.  The leaders of most of the largest technology companies have written similar letters  on the subject. (  See:  http://www.washingtonpost.com/business/technology/tech-executives-to-obama-nsa-spying-revelations-are-threatening-business/2013/12/17/6569b226-6734-11e3-a0b9-249bbb34602c_story.html).   And as computer technology becomes even more ubiquitous with the coming IoT  (Internet of Things), security of the equipment is becoming increasingly important.

Also this week, five Chinese military officials were charged with hacking into the computer systems in U. S. firms, to give competing Chinese companies an advantage. Catching the five people involved was a great example of how the government can help secure our information technology resources, but equipment manufacturers such as Cisco need to design and deliver stronger, safer, more secure products.  Cisco needs to design routers that are smart enough to detect when an unauthorized part has been installed . All products need to have extensive self-monitoring capabilities, to detect intrusions or tampering, and to alert when the   unit is being used outside of expected ranges of processing ( for example, PCs that have been taken over by viruses and are being used for spam campaigns. or Denial-of-Service attacks.

*     *     *

We don’t have to accept a technology infrastructure that includes pervasive hacking as a given.  We need to expect–and demand –that hardware and software  providers make products that protect themselves—and us.   It should have been impossible for anyone—even the NSA– to open  and tamper with a product without being detected by the product itself.

Bill Patch    05/20/14     

 

 

 

 

 

 

 

 

 

 

 

 

 


FCC Ends Net Neutrality

Screen shot 2014-05-15 at 3.08.47 PM     On Thursday this week the FCC, led by former Comcast lobbyist, Chairman Tom Wheeler, proposed new rules that permit ISPs to charge content providers a fee  to get faster and more dependable service  than the other content that is being processed.    Netfix has already paid fees to both Comcast and Verizon.  This subject  gets complicated quickly, but what it comes down to is that content providers who have lots of money and lawyers will be able to get preferred service from the ISPs,   who  have a monopoly on the “last mile” connection to our homes and offices .    Comcast’s acquisition of Time Warner, which includes the old ISP AoL, will concentrate even more power in Comcast’s hands to leverage payments out of content providers.  Verizon, which was formerly Bell Atlantic, which was from your friendly old Ma Bell monopoly, is filled with managers and executives who know how to use monopoly power to manipulate markets.    At its simplest level:  If one party–or group of parties –can buy  preferred service from the ISPs, then other parties, who cannot pay the fees, will get degraded service.  On any given evening, your Netflix movie may be streaming quickly and clearly, but your Massively  Multiple Player world game may be stuttering, crashing and buffering.With this kind of power and control, the ISPs will be able to dictate  who can start up a content-proving service.  Facebook and You Tube are just a couple content providers that probably would not have made it if their service from the ISPs was slower and less dependable than the other content providers.    The days of a “free ”  Internet are over, if this FCC ruling stands.

 

 

Bill Patch

 May 15, 2014

SmartWatches Still Forecasted to Be a Huge Market by 2018

 

 

Screen shot 2014-05-01 at 4.18.40 PM

 

In September 2013, when Samsung and others had  first announced their wearable smartphone products (see our posting dated 09/12/13), the price was $300 per unit.      Business Insider Intelligence at that time was predicting the market for smartwatches would be $9 Billion by 2018.  We postulated that $300 per unit was a prohibitively high price, and doubted the unit volume in the BI forecast.   BI has now released a new market forecast, and it is based on an average per-unit price of $100.Nevertheless, the total market forecast remains constant at $9 Billion.    And now they’re beginning to talk about the importance of “attach rates,”  which refers to how many smartwatches can be sold as an extension of  its smartphone. ( Hardware manufacturers used to focus on he attach rates for maintenance agreements, especially on PC products, which had thin margins.)    People seem to dislike the bulky  size of the smartphones, so newer products will have smaller screens.  This puts  pressure on the development of apps that fit the smaller screen, so we may see a trade-off ratio of size and price versus functionality, and  the new cheaper models may not have enough value to justify even the  $100  price.  We’re still skeptical.

IoT Appliances Hacked

IoT ImageProofpoint, an Internet security firm, has announced the first reported incident of a security problem with connected, “smart,”  appliances, which are proliferating in the growing “Internet of Things (IoT).”   In this case hackers broke into over 100,00 consumer appliances, including  home-networking routers, connected multi-media centers, TVs, and at least one refrigerator, to send over 750,00 malicious emails during the period from 12/23/13 to 01/06/14.   The appliances were relatively easy to hack because they were set up poorly and/or used  the default passwords that came with the device (never a good idea).  The Proofpoint News Release stated,” As the number of  such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack  has significant  implications for device owners and enterprises.”   Yes… “Significant implications, ”  indeed…IoT networks need to have security.  Companies like Cisco need to provide security products and services for home and enterprise networks, and consumers need to use them.  Systems can include  monitoring software.  IoT products can be truly “smart,” and they can monitor themselves and provide security alerts.  If users and providers  include  security as a priority for their IoT systems, the risk of an IoT installation will be no worse than the average computer, and probably better than the average mobile device.

 

Google Makes a Strong Play into the IoT

In related news, this week it was reported that Google bought an IoT company, Nest Inc., for $3.2Billion.  Nest was founded by Tony Fallon, who is generally given lots of credit for the design and development of the iPad while he was at Apple, The company makes a smart thermostat and a carbon monoxide detector.  The company’s products are beautifully-designed, and the announcement of Google’s acquisition caused excitement in the technology industry.  $3.2 Billion is quite a commitment, even for Google.  The move validates the bullish forecasts for the IoT market, and it positions Google to be a major player in that market.

 

Bill Patch

01/17/14

The "Internet of Things " is Coming

IoT Image

If you haven’t heard much about The Internet of Things (IoT), you soon will.  Also called “The Internet of Everything,”  this refers to the connection of everyday objects to the Internet.  Once objects are wirelessly connected, using sensors installed in them, to the Internet cloud, then data can be transmitted from them and collected and  accessed by various devices, including smartphones, tablets, and personal computers. Appliance manufacturers like LG and computer network companies like Cisco are already installing hardware and software.  There are a bunch of companies, including an especially bright one named ” Evrything,”  that are producing software that collects data from the things and transmits it to the Internet.

Billions of Things, Trillions of Dollars

The technology is already in place to connect all the things in our life, and to start them communicating with us.  All that’s required are:  a) Sensors, which measure things like whether a door is open or closed, or the amount of electricity being consumed by an appliance, or whether a parking space is filled or empty; b)Connectivity, either through a base station or embedded in the device itself; and c) Processors, to parse incoming data from the sensor(s) and transmit it.  IDC, a respected technology market research firm, predicts there will be 30.1 billion installed autonomous things connected by 2020, when  the  IoT industry will generate $ 8.9Trillion revenue in products and services.  ( Source:  Business Insider,  “The 6 Basic Building Blocks for the Things in “The Internet of Things,’  12/31/2013.

Public Trust Is Needed

People close to the industry tend to treat the connection of everything through the Internet as a fait accompli–because it can be done, of course it will be.  They point to the obvious benefits, including public safety and more efficient buildings.  When gas lines can be constantly monitored for leaks, and bridges can be constantly monitored for dangerous wear and tear, and bodies can be monitored for early heart attack signs, and food can be monitored for freshness, and products can be tracked throughout their manufacturing life cycle, lives can be saved and products can be produced more efficiently.  However, in the current environment privacy concerns may slow the growth of the totally connected world.  Today, we see the top executives of some of the leading technology companies writing public letters and making public speeches  to the NSA, decrying the government agency’s misuse of data collected from them. Tim Cook,, Apple’s CEO,recently called them “malicious hackers.”  This self-serving, all-too-public, whining is coming from companies who previously cooperated silently with the collection of all sorts of data about their customers.

 If tech companies cannot protect their customers’ information better than they have thus far, people will not trust the IoT enough to achieve the kind of comprehensive connectivity the tech gurus envision.  Tech companies have to make stronger, safer products–ones that can protect us from malicious  hackers.  If care is taken to build secure systems and gain public trust, the IoT will arrive as a natural evolution.   

Bill Patch

01/01/2014

NAR: Use of Internet for Home Search by Buyers Hits All-Time High at 92%

According to an Inman News article posted on November 4th,2013, “Use of the Internet among consumers in the homebuying process continues to grow, but those buyers are more, not less, likely to use a real estate agent, according to an annual survey from the National Association of Realtors.”  NAR’s study, which  was based on 8767 people who purchased a home between June

 

 

Picture 3 2012 and June 2013 , reported that  92% of the buyers used the Internet to search for homes, up from 90% last year  and 71% in 2003.  The report also indicated that 88% of the buyers used an agent.  Interestingly, 42% said searching online was their first step in the buying process, while 17% said their first step was contacting an agent.  In summary, buyers are using the Internet to search and agents to help with the purchase transaction.  As various local markets lead the recovery in the real estate industry, realtors need to match the consumers’ requirements for technology and services.  Consumers understand that purchasing a home is a complex transaction, one  that requires expertise to protect against the risk of mistakes and to guide the process to a smooth and successful completion.  Most homebuyers are tech-savvy enough to use property search applications  to find potential homes to buy.  Successful  realtors  include both requirements in their marketing strategies, and they provide home search (IDX) programs on their websites, so  prospective homebuyers can search MLS listings and generate buyer transaction leads directly to the realtor. Successful realtors also  provide a full set of services for buyers, both to achieve client satisfaction with the purchase, but also to generate future business (81% of the sellers used a full-services broker, and 63% chose the broker via a referral).   Agents who used to think that representing buyers consisted of finding and showing them listings from the MLS  now understand that they can rely on a good IDX system for some of the finding process, and they focus instead on responding to leads generated by the IDX, showing homes, and  managing the purchase process for the buyer.

Blazing Systems helps hundreds of Delaware Valley realtors with marketing strategies, websites,  and an industry-leading

IDX home search.  Please contact us to arrange a free initial consultation.

     Bill Patch

12/03/13

 

 

 

 

 

 

Websites that WORK

Congratulations!  You’ve  invested the time, energy, and resources to design and develop a website for your enterprise.  You now have a “home “on the Internet—a virtual real estate.  Website addresses are called “domain” names, and there are many similarities between a website and a  home.  If your site has been well-built with strong programming and software, it will withstand attacks from hackers trying to blow the house down.  If it’s hosted in a high-quality server environment, this “good neighborhood” will provide uptime and security.  Your website creates a good image with your customers and your competitors, but the best thing it can do is to help build your business.  To do that, people have to find your site.  There are about 200 Million domains registered.   How do you get found among so many sites?

 

Organic SEO ( Search Engine Optimization) or PPC( Pay Per Click)?

Most people–including your prospective customers–find websites by using a search engine.  Google is the most popular, with about 400,000 searches per day.  As most people know, you can pay to have your website’s info displayed prominently  on the SERPs (Search Engine Results Pages),while the rest of the page is filled with info about websites that appear organically—the search has found them,  and no ad fee has been paid.  If you have paid to have your ad appear, you will be charged every time someone clicks on the ad , which takes the person to your site. Thus the name, PPC—Pay per Click.  The other websites listed–the organically-generated ones–will also take the person to their website, but there is no charge when that happens.  Search engines are smart, and they remember.  They’ll remember, for example, that today, when someone searched for “homes for sale in Montgomery County,” it found your site organically.  Next time somebody does that same search, it will quickly post your website’s info.  In fact, your info will gradually get listed higher and higher on the page.  Your website builds equity in the organic search!  If you use a PPC program, once you stop paying, you were not building equity—it’s like you were renting that spot on the page, not earning it.  Once the PPC payment ends, it’s like you are brand new and your info goes to the back of the line.

 

Make Your Website Work for YouScreen shot 2013-10-05 at 4.45.23 PM

You can improve the performance of your website on organic searches by making it easier for the search engines to find you.  Search engines are smart, and they  have “spider” programs that crawl around the web gathering information… Cute, eh?  Spiders crawling around the web?    Spider programs look for info that will help them link searches to websites.  So, they look for words and phrases that are typical of what people type into the search for box.  Most of the time, people type in pretty simple words or phrases that  are related to the target of their search.  We call these words “keywords.”  To make it easy for the search engines to find you, you need to place appropriate keywords in the content of your site.  Picture the spider program scanning the pages in your site, reading what it sees.  What words and phrases might jump out at it?  For example, you might want to have titles on your pages and paragraphs, and place keywords at the beginning of the title.  As you can see, the concept of keywords is simple.  Next some work needs to be done to develop a program. The first step is to determine what keywords in your business processes that people will be typing —those things for which we are seeking prospects and leads.  As we said above, for a realtor, it might be “homes for sale in Montgomery County,” or “homes for sale in Boyertown.”  Determine the markets , products, and services, in which you want to compete most aggressively.  What are our  priority strategic market targets?  Then, the next step is to imagine what words or phrases people would type into the “search for” box in the search engine to try to find websites for providers of those services or products—you and your competitors.

 

Put Your Website to Work

Once you have determined what keywords the prospects will enter, then it’s simply a job of placing the selected keywords in the content of your site.  As we mentioned above, you may want to use titles for pages or paragraphs, but just including them in the prose content will also get noticed by the spider programs.  You should not sacrifice the quality of the writing in your content to include the keywords.  The content has another, more critical job to do—-Attracting the prospect and motivating them to contact you.

Once you have added the keywords to your site, they will start to work for you, and they will continue to keep working, 24/7/365——your website is doing the work!  For Free!

 

Building Equity vs.  Immediate Results

For those of  you for whom instant gratification is too slow, however, there is one drawback to using an organic program as opposed to  a PPC–Like most things with genuine value, it takes time for the organic, equity-building program to work.  It can take up to 16-20 months for a keyword program to show results in where your info appears on the SERPs.  With the pay-now PPC programs, you’ll see your ad placed very quickly.  Expensive, paying a premium for immediate results vs, do it the old-fashioned  way and working hard for lasting results that take a while . Renting vs. owning and letting your website home do the work.

 

Make Yours a Website that WORKS

You can start today—Make a list of the keywords for your highest priority strategic markets.  That’s a valuable exercise anytime. You can also help your website with its organic SEO work  by  adding a blog to your site .  Keep your keywords in mind when writing the blog, which will act like hyper content for the spiders.  Adding links from other websites will also help.  Blazing Systems is a web services company.  Please call us to arrange a free consultation for help in making your website work for you.

 

Bill Patch

10/05/2013