The morality of security: white hats, grey hats and Twitter
By Simon Bisson & Mary Branscombe in Editorial
Posted in People, Business, Security, Internet on
What’s the difference between a hacker, a security expert and someone looking for a job? Hackers play around with systems, find vulnerabilites and exploit them - for fun, fame, or profit. Security experts play around with systems, find vulnerabilites and report them to the vendor - which occasionally brings fame or profit. Both methods improve the system in question, but exploiting vulnerabilities instead of reporting them - even exploiting them to get vendors to pay attention - puts users at risk. You might be doing it for the best of reasons, but someone less altruistic now knows how to attack the system. Proving that you can get past security on live systems looks good on the CV, but what about the ramifications?
Twitter has had more than its share of attacks recently, many of them pure social engineering (was Jack Straw really stranded with no better way of asking for help?), others the good old virus-disguised-as-video. The 17-year old behind last weekend’s StalkDaily and Mikeyy worms turned his hacking into a job application and has been picked up by a Web development and hosting provider in the US, who presumably value the combination of tech ability and publicity nose more than any moral issues about whether recruiting black hat hackers quite so openly is a good idea. The spate of public messages the CEO has fired off to the founder of Twitter are a combination of disingenuous defence and more publicity seeking: “hope u understand Mikeyy did u favor and could have compromised personal information,” he says. Some favour…
Security companies have always hired hackers; usually white hat hackers who stuck to penetration testing and notification. Some black hats grow up and turn responsible. Frank Abergnale - whose story is far more interesting that the film (Catch Me If You Can) - went to the FBI; after his sentence and because he wanted to. Kevin Mitnick didn’t take consulting gigs until after he came out of jail.
Mikeyy (to whom I’d like to suggest that naming malware after yourself isn’t the way to stay undetected) has a new job. His new employers have plenty of publicity. And everyone who uses Twitter has to hope that the service patched all the holes he found so that someone looking for more immediate rewards can’t use them.
-Mary
Not yet rated
Loading ...
Girl Geek Dining
By Simon Bisson & Mary Branscombe in Editorial
Posted in People on
I used to work in the Countess of Lovelace’s town house.
The only reason I found out was the blue plaque on the fence outside. The company I was working for was a web consulting start-up, and I shared the news of our office’s auspicious history with my colleagues. Only a handful even knew who Augusta Ada Byron King was.
If I was writing the National Curriculum, I’d be making her the centerpiece of the technology lessons. There’s something inspiring in knowing that the first programmer was a woman, in a time when women of her class were expected to do very little. Her programs may not have run, but Admiral Grace Hopper’s did. Women have always been at the heart of computing and computer science – but it’s been an invisible heart.
Back when I did my engineering degree there were only two women on my course, and over 80 men. There’s something very wrong with those numbers, and it’s the way educate and the expectations we inculcate that push women away.
That’s why I’m blogging about the women who run London’s Girl Geek Dinners. Sarah Blow started the regular meetings after being one of very few women at one of London’s first Geek Dinner events. She released that there needed to be a place for women who work in technology to meet, to hear from other women, and to, well, just hang out and chill after a day in the office. She arranged sponsorship from many of the UK’s biggest technology companies, set up a web site and mailing list, and now, over three years later, there are Girl Geek Dinners all over the world.
I’ve been to a couple (yes, men are allowed, if they’re invited by a girl geek), and they’re inspiring events. I’ve heard great speakers, and met inspiring people who have given me new ideas and fresh insights. There’ve been sessions at Google, at Microsoft, and at Skype, London technology companies that have opened their doors and offered space and sponsorship. It’s a phenomenon that’s spread by word of mouth, by blog and by tweet. Each time I’ve been, there’ve been more and more women attending - women who are no longer the one or the two, but instead the many.
Girl Geek Dinners are a wonderful idea, and one that needs to be spread to every city and to every town. Technology isn’t just a place where women should be, it’s a place where they should be leading. Women were the first to build this IT-powered world – and it’s one that needs them working to inspire and educate and inform, turning the invisible heart into to the visible again.
–Simon
Not yet rated
Loading ...
Making your mark through user experience
By Simon Bisson & Mary Branscombe in Editorial
Posted in Navigation, People, Applications, Web browser, Microsoft on
Good design isn’t just for those fancy marketing advertising sites. It’s an important part of how you relate to your users – and how they work with your applications and services. A SAP line of business service needs just as much design as an ecommerce web site. Internal users need to love the applications they use just as much as they love eBay or LiveJournal or IT Pro…
Here at MIX09 Microsoft is evangelising user experience to designers and developers from all over the world. Microsoft Research’s Bill Buxton has provided dynamic and entertaining keynotes, and his ideas are showing up in the next generation of design tools that previewed here in Las Vegas this week. But the most interesting and inspiring keynote wasn’t the Silverlight 3 extravaganza, or the unveiling of Internet Explorer 8. Instead it was one woman standing on stage talking about prescription medicines.
I was tempted to save this story for Ada Lovelace Day next week, but Deborah Adler’s work with redesigning the prescription label shows just how good design can make people’s lives easier (and even save them), while also changing the public’s perception of a business.
It all started when her grandmother accidentally took some of her grandfather’s medicine. It’s not difficult for that to happen, as the standard packaging for pharmacy medicines all look the same: little orange plastic jars with badly printed labels. Adler was working on her master’s design thesis at the time, and took on redesigning the packaging as a task.
She used information architecture principles to redesign the labels, and came up with a packaging design that made it easier to view important information. The result was a clearer, safer view that could be personalized to avoid confusion, and which prioritised key pieces of information – the drug, the dose, and when it should be taken.
Of course that was just a college project, but Adler believed in what she was doing and felt that things should go a lot further than just being shelved in a college library. She took her ideas to regulatory bodies and to many of the large US pharmacy chains.
She ended up working with Target, where her ideas were refined, using more user research and industrial design. The resulting Clear RX system had redesigned packaging, with Adler’s new clear labels, as well as a new set of documentation to go along with the pill bottles – and the bottle included a magnifying lens to make the text even clearer.
Clear RX has now won many awards, and has also changed the perception of Target’s pharmacy – significantly increasing its market share. A new user experience has ended up not only saving lives, but adding business value.
Adler’s rules for design are a good set of guidelines for anyone designing an application, or a service:
1.Having a love affair with the customer and digging into their needs
2.Solve those needs humanly and humanely
Having a love affair with your users may seem a little odd, but it’s all about making a connection to your users and understanding what they need and how they need it.
Simon
At MIX09 in Las Vegas
Not yet rated
Loading ...
It was 20 years ago today…
By Simon Bisson & Mary Branscombe in Editorial
Posted in Cloud, People, Web browser, Server, Internet on
Tim Berners-Lee may not have been Sergeant Pepper, but his work at CERN has left the world with a vital and powerful communications tool.
CERN has chosen to mark today to commemorate the approval of the initial project that two years later became the public web. It’s been surprising to think just how quickly the Web became the stuff of everyday life, and the place (the cyberspace?) where millions of us work.
I’ve been using the web since a few days after the first public web server went live, with my first access through a university terminal and a little text browser. It was a year or so later that I sneaked into the old SCO offices in Watford on a Sunday afternoon to be shown the the glowing grey pixels of the first release of the Mosaic browser.
It was only a year or so later that Mary and I wrote a round up of all the web browsers then available. It’s hard to imagine in these days of IE, Mozilla, Chrome and Safari that there more than 20 different browsers - a pre-Cambrian explosion of the Web. Shortly after that I moved to Bath, to help found UK Online, one of the first web-based content services - a direct ancestor of the CMS systems that power IT Pro…
Time flies, and the Web has become all pervasive - on our phones, our TVs, even baked into the hardware in our homes. We work using web-based cloud services, and we shop and talk all across the Web.
So, in a flash of historical perspective, here is a picture of the first web server. It’s Tim Berners-Lee’s original NeXT Cube, now in a case in CERN’s small museum. And the sticker? “Do Not Power Down. This Is A Server.”
–Simon
(In Silicon Valley)
Rated: 100% (1 votes)
Loading ...
Facebook for children, Facebook for hackers and the identity solution
By Simon Bisson & Mary Branscombe in Editorial
Posted in Identity, People, Web browser, Security, Internet, Microsoft on
Set up a safe online network for children, or create a target for unwelcome visitors? Make it easy to share pictures, videos and food fights with friends, or create another avenue for malware? If you want an Internet that’s not full of dark backstreets disguised as well-lit safe places, we need identity rather than censorship.
The koobface attack has spread from Facebook and MySpace to Bebo and other social networks: the message from a friend telling you to see a funny video takes you to a Web page that tells you that Flash needs updating and once it’s installed the Trojan masquerading as a codec, it does actually take you to the social network site to lull your suspicion. Does standard email hygiene avoid this? That says never open a link in an email message, even if it’s from a friend - so you go to the Web site, being careful to type the URL correctly to avoid typosquatters, and look for the message there. And you keep your anti-virus up to date, which will catch most of these Trojans.
But mostly you wish there was some way of knowing when it’s OK to follow a link, because let’s face it - who has time to actually stop and type in every URL by hand? Facebook is always sending me messages from people with a link to click at the bottom to reply to them; LiveJournal does the same and I actually reply. Friends and colleagues send me email with interesting link: so does the Microsoft security newsletter.
Links are for clicking. Assuming you’re up to date with patches against drive by downloads, what you’re really struggling with is the arbitrary behaviour of even legitimate Web sites and the hoops they make you jump through, from typing in a username and password every time or every two weeks or next to a picture you recognise or standing on one leg whistling God Save The Queen. And the passwords are each made up of some uniquely different regular expression. Punctuation, case, sequential numbers, length: does enforcing or ignoring them make your password more secure, more memorable, or more likely to be written down?
What would work better would be a familiar and universally recognised ceremony, like putting a credit card in a reader or using the Windows security dialog or pressing the button at a pedestrian crossing: no two pedestrian crossing are the same, but you know the protocol to tell them you’re a pedestrian. If you’ve read any of my password rants before, you might have guessed I’m talking about information cards: if not I’m going to point you at this Gartner interview with Kim Cameron and Dick Hardt’s excellent (and short) Identity 2.0 presentation
Not yet rated
Loading ...
Email is the new smoking
By Simon Bisson & Mary Branscombe in Editorial
Posted in People, Enterprise, Business, Email on
Doing email has the same random gratification built in as playing the slots, with the added excuse that a lot of it is work-related and sending or replying to a lot of email and emptying your inbox feels like you’ve got a lot done. Usually though, you’ve either asked other people to do things or, in my case, confirmed what real work I’ll be doing when I can drag myself away from the inbox. After all, I have email in my pocket most of the time, I have a laptop in the bedroom….
Except. I check email on the go when I’m waiting for a message, or when I’m on a tube and don’t have a book. I use the bedroom laptop for email, LiveJournal (a mix of blog and social network), Web surfing
Not yet rated
Loading ...
Credit crunch doesn
By Simon Bisson & Mary Branscombe in Editorial
Posted in People, Enterprise, Business, HP on
It’s still about adding value according to HP’s software and services VP Tom Hogan. He was presenting to a group of 30 IT executives in London the other day and he thought he’d respect the mood of the moment. “I was very intentionally talking about cost reduction and efficiency because of all the uncertainty in the world economy. I wanted to pound the point on how IT can help save money,” he told us. But he’d read the mood wrong for the UK.
“It was interesting how many people said ‘Great, but we really don’t care about that. What we care about is how can we add more value in our line of business, because senior executives are still willing to spend more if they get the value from IT.’ It makes a point in this time of uncertainty. Ten years ago when the world was so unstable, IT would have been in shutdown. Now IT is so key that they’re still thinking about what to do next.”
Will what they do next include buying HP software? Take Mercury and Opsware and the ‘business technology optimisation’ tools that HP has built with them. They’re not tools for doing business with IT; they’re tools for turning IT into a business, for giving the IT department KPIs and scorecards they can track the way other business units do. Investing in IT that does IT might not be top of the shopping list tactically, but a real CIO does strategy these days.
Salesforce recently commissioned a survey of UK CIOs at small companies; Ian Parkes who conducted the research calls CIOs an endangered species. “They’re going to be rebranded as the chief operating officer or even removed. They’ve got to show value add, but they are not able to articulate it from the point view of looking for investment. Too often they do not have sufficient power to do what you would imagine a CIO would do, they are not board members and they don’t have that level of power or credibility within the organization.”
If you want to spend money on IT at the moment, you’re going to have to be able to explain the value and explain it in business terms.
-Mary
Not yet rated
Loading ...
Put a price on IT - and a value
By Simon Bisson & Mary Branscombe in Editorial
Posted in virtualisation, People, Applications, Enterprise, Server, Business, HP on
It’s time for IT to have its own ERP and CRM, according to HP. That’s what the business technology optimization tools it’s developed are for. Today that’s the product name, but it’s such a good phrase that Tom Hogan, the senior VP and global manager of HP software (and, since he bought EDS, services), is thinking of coming up with some other name so he can keep it as a description. It’s meant to make you think of business process optimization, where you discover the way your company does everything has been wrong all along and it’s going to take an expensive stint of consultancy to fix it.
The way most companies do IT is hand to mouth, piecemeal and manually intensive. Imagine a car assembly plant that hand-wrote scripts to control the robots every time a new part had to be made. If IT departments really were the cobbler’s children they’re often compared to, they’d have been barefoot so long they’d be placed in foster care. Most IT departments can’t add as much value to the business as the technology companies tell us their technology can deliver and that’s not just the gap between hype and reality. In a survey that the Economist Intelligence Unit just carried out for HP, an “overwhelming majority of both CEOs and CIOs” believe that “technology is integral to the success of their company” and 88% of CEOs and 90% of CIOs say they “share similar visions for how technology can deliver business outcomes at their company” - which is close enough that they must be at least on the same page. So what’s the problem? As usual, money.
The 70-80% of the budget most IT departments have been spending on maintenance rather than innovation has only just gone down to 60% according to a new survey in CIO magazine. If you’re doing really, really
Not yet rated
Loading ...
Breaking the code of a good cause
By Simon Bisson & Mary Branscombe in Editorial
Posted in People, Privacy, Security on
Step into the rooms of the National Museum of Computing at Bletchley Park and you’re taking a journey back in time. The whirr of paper tapes signals that the reconstruction of the Second World War Colossus is at work, cracking the same teletype codes it was designed to break at the height of the war.
Now it’s a museum piece, a mix of telephone exchange hardware and ancient valves. Even so, it’s still as fast as many of today’s desktop PCs - at least for the one specific task it was designed to handle. You can download an emulator, ready for most desktop PCs. Only the most recent PCs will be as fast - something that goes a long way to show the power of single-purpose computing hardware.
Code breaking may be the key that gets people in through the door, but it’s the rest of the museum’s collection that keeps ypu there for hours. In the rest of the rooms of the museum you’ll find old friends (and old enemies). Amigas sit next to Atari STs, while BBC Micros are ready for you to type 10 PRINT “HELLO”: GOTO 10 just like the old days. There are still plenty of gaps in the collection, but the biggest one is funding.
That’s why we were there today, to hear IBM and PGP announce that they were donating a hefty sum to the museum’s appeal. It’s still nowhere near enough. A new organisation, the museum doesn’t have the hefty bank balances other museums use to manage cashflow and property. They’d ideally like to raise seven million pounds - enough to cover the museum’s annual running costs from the interest. That’s only a pound or so per PC in the UK - something that’s easily affordable for most individuals and businesses. It’s not much to preserve the heritage of an industry that’s done more for the UK economy over the last few decades than anything else.
PGP and IBM have kickstarted a much-needed appeal - now it’s up to the rest of us (and the rest of the industry) to chip in and make sure that the birthplace of modern computing gets the museum it deserves.
Rated: 100% (1 votes)
Loading ...
Well, they would say that: fat, thin or green?
By Simon Bisson & Mary Branscombe in Editorial
Posted in Business, virtualisation, People, Windows Mobile, Hardware, Server, Networking, Microsoft on
A comment from Wyse popped into my inbox the other day, criticising the government for using desktop PCs instead of thin clients which are “inherently more energy efficient” (surprise surprise).
David Angwin, director of marketing for EMEA, claimed that “thin client computers give users exactly the same applications and performance as a PC and run on as little a tenth of the electricity.” Certainly, Wyse is one of the few thin client manufacturers who can claim to support a wide range of applications; I know one financial company who had to replace the first batch of thin clients they tried with Wyse kit almost within the week because the others couldn’t cope with video clips. But is that power figure the whole story?
Earlier in the year I was talking to Barry Goodall at the Royal Borough of Kensington and Chelsea. He’s spent a lot of time and effort greening the council’s IT and although he’s a big fan of server virtualisation, he has a much less positive view of the green credentials of thin clients after he disproved the figures in a Frauenhofer Institute report on green computing. “The report said we could save million of pounds by using thin clients, so we were quite interested in this! We looked at some of the details and things leapt out at us; in particular the power consumption of PCs was markedly higher than ours - we use Dell desktops.”
He was checking his Dells anyway, because Dell was claiming upgrading to model 745s would save as much energy as changing from CRT to LCD screens. “We have an electricity monitoring gadget from Maplin which I highly recommend: don’t trust anything the manufacturers tell you! It’s very easy and you need to measure it yourself.” His measurements showed the model 745s used the same 60 Watts of power as the Dell kit he already had; Dell’s 45 Watt figure assumed energy management features that weren’t turned on by default. “Energy saving features in the BIOS count for nothing unless you enable hibernation in Windows!”
But 60 Watts or 45, it was still a far cry from the 120 Watts that Frauenhofer was assuming for a desktop PC. That’s what you’d expect from a top-end home machine with a high-power graphics card for gaming; business desktops are rather more frugal.
That wasn’t the only place he felt the sums didn’t add up. “Although the report said in the text that they had accounted for PCs being turned on maybe ten hours a day, terminal servers are typically running 24/7. If you tot up the number of hours people work out of the year, even though it feels like you work all the hours God sends, it’s actually about 2,200 and the figures in their tables hadn’t taken that into account. When we plugged in the correct figures they supported the opposite arguments; with the number of clients per server they assumed, it was more expensive in terms of CO2 than a typical fat client environment. Thin client can be more energy efficient but you need to be clever and turn some servers off when demand is low; you have to be monitoring the workload so you can turn some servers off overnight and come the morning, start turning them back on again - though you’re running a little bit of a risk that maybe one or two servers won’t start up and you’ll struggle a little.”
When I talked to Jon Stewart at Cisco about security trends recently, he slipped in a few network arguments (as you’d expect from a network company). “I have a feeling [that] what you’re going to end up seeing is very thin, light application suites that are endpoint based and a very rich experience using massive network build out. It’s already started to happen; definitely BT has gone down this route. You’re basically saying the end point is going to matter less at a computational level. The display and the keyboard and the system that you interact with, is the most valuable. Think about Lufthansa going to wireless on their planes, they’re trying to solve the inability to do work when you’re mobile. Everything about handset mobility, you’re trying to solve work when you’re mobile. But each time it happens, less and less computational necessity exists on the device - you’re just getting the service on the device.”
But do we care less and less about devices? Again, you’d expect Steve Ballmer to favour the PC, but he told his audience at the Partner Conference that actually, all the devices that are getting attention are fat (we just need to make them easy too). “It’s ironic, people talk a lot about whether people want thin clients. And I don’t deny people want reduced cost, and complexity of management. I think we’re all hearing that from our customers. But people don’t want to really give up the richness and capabilities of a rich client. We even see that in phones. What’s going on in phones today? Phones are actually getting richer. That’s what Windows Mobile is, that’s what the iPhone is, that’s what Symbian is, that’s what Android is: all of these things are getting richer, and Windows PCs will be the richest, most capable device that most people ever own.”
Chatting with Peter Biddle, ex of Microsoft and now at UK enterprise social networking startup Trampoline, he suggested that as usual, what matters is both the device and the network. “Think about it; when did you last do any useful work without being online?”
-Mary
Not yet rated
Loading ...
Tag cloud
Archives
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
Most commented posts
- Java's SSVAGENT.EXE: training the monkey
128 comments
- When Windows 7 upgrades won’t hibernate (the solution)
- Do you need IPv6 for DirectAccess? Yes and No
- Chrome OS: what happens when "always connected", isn't?
- The ColdFusion Renaissance
- Make Adobe Acrobat Pro deactivate
- Is there a showstopper bug in Windows 7 CHKDSK?
- There’s a reason smartphones are locked down
- At sixes and Windows 7s
- The LHC isn
Highest Rated Blog Posts
- Songs of distant satellites (100%)
- Nobody knows what Web 2.0 really is (100%)
- Log in and lock in (100%)
- Top tips for speeding up Vista (100%)
- Mommy, why is there a home server in the office? (100%)
- Employees are our most valuable asset (snigger) (100%)
- Locking down IT or blocking creativity (100%)
- Consumer BlackBerrys are good for business (100%)
- HD Trek (100%)
- Join the (beta) community (100%)
