Chris Anderson from Wired always does a really nice job of encapsulating major Internet, media, and information technology trends and packaging them up into bite-sized but informative portions, and his view on the "new boom" is no exception.
His view on the Web Two-Point-Oh renaissance in Silicon Valley is that the new boom will bring some sanity to this turn on the dot com joyride, and that, despite the recent Google-hype, this bubble won't burst.
Why? Mainly, people learned their lessons from 1999 (did we really party like it was 1999?), and that this boom has a sturdy foundation driven by sound economic fundamentals.
Start-ups are taking the angel fund route versus VCs (i.e., more rational allocation of capital), and are watching their pennies like a hawk. They're also using open source technologies and outsourcing strategies, creating efficient businesses out of the gate which are driving profitable revenue streams early on.
I know, I know, we all miss the sock puppets and $20 million Super Bowl TV ads...those were the days. But reality has set in pretty much across the board...well, save for the part about where the owner of dog.com recently paid $1 million for Fish.Com.
Today, it's all about the innovation and organic growth, which is probably just as it should be.
But it is really nice to bask and reminisce about the boom of the Internet boom, when a good Media Metrix report meant another $50M in pre-IPO market cap and lots of expensive parties and boondoggles with the digerati.
And all those tchotchkes, with names long since forgotten, like PointCast. Excite...I can't remember the rest. All those tchotchkes that now sit around my cubicle like some dot com museum.
Except for the Google towel. That one I'm saving to sell on eBay. ;)[Read More]
Todd "Turbo" Watson -- IBM Corporation
How's that for timing? We release our feature on CyberCrime and a couple of days later the US Federal Trade Commission releases its Top 10 List of Consumer Fraud Complaints. Methinks there is a conspiracy afoot...
The FTC press release can be found here. The numbers fall out something like this (David Letterman drum roll...Paul , hold off on the keyboards just for a moment, please...)
No. 1: Identity Theft at 37 percent, and 686,683 complaints.
(Bloggers Note: Hmm, apparently that $100 investment in the Equifax Credit Watch service was a wise one after all.)
No. 2: Internet Auctions - 12 percent
No. 3 Foreign Money Offers - 8 percent
No. 4 Shop-at-Home/Catalog Sales - 8 percent
No. 5 Prizes/Sweepstakes and Lotteries - 7 percent
No. 6 Internet Services and Computer Complaints - 5 percent
No. 7 Business Opportunities and Work-at-Home plans - 2 percent
No. 8 Advance-Fee Loans and Credit Protection - 2 percent
No. 9 Telephone Services - 2 percent
No. 10 Other - 17 percent
Interestingly, Internet-related complaints accounted for 46 percent of all fraud complaints, although Internet auction-related fraud was down YOY, and child ID theft cases nearly doubled.
So, the moral of the story? Don't use the Internet, don't buy money orders, don't shop from home, don't play the lottery, and don't have any children (or least hide them somewhere so their identities can't be discovered) -- and you should be just fine.
I Know I Put My Identity Down Around Here Somewhere
In all seriousness, both the personal and economic devastation that can arise from Internet-related fraud is substantial. Last year, these consumer fraud complaints resulted in reported losses of some $680 million, a 5% increase YOY but a substantial increase from 2003 and 2004. 49 consumers reported losing more than $1 million or more!
Of the 430,000 identity theft crimes reported, about half involved using the Internet. The Net, then: Protect your information, online and off. To learn more, go to the FTC Web site and take the Consumer Identity Theft Quiz (I took the "ID Theft FaceOff," playing Jim, and regained my identity in no time...Check it out)
To learn more about how you can minimize your risk and, if you suspect you've been the victim of identity theft, learn what first steps to take, visit the FTC's ID Theft site.
Our Global Security Intelligence team released its "2006 Global Business Security Index Report" yesterday, and I had an opportunity to conduct an email exchange with my cybercrime sleuth colleague, David Mackey, about this year's survey results and the overall state of cybercrime. David is a lead with IBM Global Services' Global Security Intelligence Strategic Outsourcing practice and editor of this year's report, and provided some most intriguing and insightful observations about the state of information security.
Question: First of all, can you give us a little bit of background on the Global Security Intelligence Services team. What do they do, and how did their Top 5 Predictions come about? And building on that, how's their track record thus far?
Answer: The IBM Security Intelligence service started back in 2003 as a way to give both IBM and our customers more advanced warning about impending IT threats. We do that by monitoring: security monitoring data produced by IBM Managed Security Services, any manner of Web sites, blogs, RSS feeds and mailing lists dedicated to security topics, and discussions with organizations like FIRST and AVIEN. Part of our service is tracking vulnerabilities, malware outbreaks, and other threats as more of a tactical response to every day issues. The other portion of the service is to look back on a monthly basis to see trends, important news, and other important points in the discussion of IT threats. The annual report that's received some attention lately is our attempt to summarize the key points of 2005 and look forward to 2006. This is our second year in providing predictions, so it's too early to tell how powerful our psychic abilities truly are.
Question: Renowned bank robber Willie Sutton used to joke that he robbed banks because "that's where the money is." So where's the money these days? Is it all sitting on a server somewhere, and what are some of the typical scams or guises that cyber criminals employ to try and get to my money?
Answer: There is a vibrant underground economy thriving on acts of malice on the Internet. There are thugs, mules, money launderers, gangs and bosses. They just tend to be a little more geeky than the individuals we typically associate with organized crime. These folks steal information from computers using various forms of malware. They extort Web sites by threatening to cause a denial of service unless the miscreants are paid. They trick users into divulging financial information via phishing attacks. The crimes are various, diversified, and innovative.
Question: Okay, thx. I saw that "botnets" are going to be one of the biggest threats to the Internet, and that newer botnets are going to use different methods for command and control, including jumping into peer-to-peer and IM networks. Are botnets something that IBM customers should be increasingly concerned about, and if so, what precautionary measures can they take?
Answer: Bots and botnets have been around for at least five years. However, the more concerning fact is: in 2004 and 2005, the number of infected systems participating in these botnets increased significantly. Of particular concern was the arrest in the Netherlands of three botnet operators reported to have commanded 1.5 million compromised systems. These compromised systems may have carried out any number of orders from the bot operators, including: conducting denial of service attacks, logging keystrokes on vulnerable systems, and stealing other sensitive information. We think (peering into our crystal ball) that arrests like that will put botnet operators on edge. To avoid future detection, we think they'll avoid commanding large botnets and instead use smaller cells. Additionally, these compromised systems are currently commanded via IRC so IT organizations can monitor for IRC network traffic to help root out infected systems. Botnet operators may instead switch to using peer-to-peer communication and command models to further evade detection and use new MOs.
Question: Because security intrusions and virus attacks are the industry's dirty little secret that nobody really wants to talk about, it seems difficult to get a good read on the real economic impact. So, my next question is, do we have a glimmer of any idea on what that impact is in the US and around the globe? And as a follow-up, what would your 1 minute elevator pitch be to any senior-level LOB executive.
Answer: The real answer is no; we have no real tally of the impact. Almost all organizations are reticent to discuss security incidents. The best method to-date in estimating this data is by gathering information via anonymous surveys like the FBI/CSI survey. But the numbers are very subjective and the risk -- and thus, the number of security incidents -- varies greatly from organization to organization. As far as my hello-my-name-is-David-Mackey-let-me-help-you-with-security-speech goes, I really stress to companies that they need to do a valid risk analysis. What are the goals of the business? How does IT help them achieve those goals? Which parts of the IT environment are most valuable? How much does the organization stand to lose if attacked? It's a real mistake to start throwing money at security technologies until you've successfully answered these questions. Don't let a salesperson tell you differently.
Question: Denial-of-service (DDos) attacks seem to be increasingly prevalent as a form of data hostage taking. Are most of these attacks economic in nature, or are we also seeing cyber attacks as a form of political speech as well? Meaning, are organizations or groups using DDoS attacks as a way to further specific agendas as opposed to just holding groups up for ransom?
Answer: I'm sure there's some politically or socially-motivated attacks, but most DDoS attacks so far are financially motivated. It's worth noting here that cyber extortion takes a number of forms. There are the DDoS attacks you mention, but there are also instances where miscreants may steal data (or encrypt the data in place) and then demand money in return for the data. Additionally, many so-called "security researchers" may demand money in exchange for supposedly critical information about software or Web site vulnerabilities. We've seen a number of creative, but insidious, extortion techniques.
Question: If an IBM customer feels they have been a victim of some sort of cyber intrusion, should they call a law enforcement organization or their IBM rep?
Answer: Both. Law enforcement agencies -- especially the FBI in the US -- have made significant investments in forensic technologies and investigators in recent years. They are very sensitive in dealing with the investigation and protecting the anonymity of victim organizations. Law enforcement is a necessary stop if victims would like to prosecute the attacker(s). At IBM, we deal more with the business continuity aspect. We conduct an investigation in order to help organizations get the IT assets up and running ASAP. We investigate how and when the attacks took place and then help organizations protect against future attacks. Both methods have valid goals.
Question: Is there yet a cyber equivalent of the Corleone family? I know we've heard news stories in the past about Russian and former Soviet Eastern Bloc hackers being prevalent...moving into 2006 is there a particular region or organization that has demonstrated particularly deft hacking abilities? If so, what can companies/government do to protect themselves?
Answer: There are organized groups out there, but I don't think they cut off horse heads and leave them in beds -- yet. Most security monitoring points to individuals or groups in the US being the largest source of attacks. But I should mention that one of the most difficult issues we deal with in information security revolves discovering the true source of the attack. It's very easy to obtain the source IP address of an attack (either through our monitoring or forensics services) but it's incredibly difficult to determine who was behind the keyboard. Was the IP address spoofed? Was the source computer in the US actually compromised by an attacker in Germany? This is typically the domain of law enforcement to track technical information down to a real person.
Question: I use a Mac as well as a ThinkPad, and clearly with Apple's decision to move to Intel processors, you all have suggested that Macs will be more vulnerable moving forward as one of the 2005 predictions. What can/should I do to protect myself from cyber vulnerabilities on my iMac?
Answer: In our 2006 predictions, we predict that the number of attacks -- including malware -- will increase against the Mac platform. I'm extremely nervous that most readers will view our prediction as sour grapes from IBM since Apple dropped IBM chips in favor of Intel's. And as long as I work for IBM, it'll be difficult for me to prove my team's objectivity on the issue so just pretend I work for ________. Much of the vulnerability research and exploit development in recent years has revolved around PCs -- running either Windows or Linux. Part of this research involves heavy expertise with the Intel chipset and op codes. This same expertise can now be ported to trying to exploit OS X. I also think that Mac computers will be cheaper and become more popular because of the move. (I apologize profusely to any Lenovo readers.) Any time a technology gets more pervasive, the number of threats also increases.
Question: I'm probably more paranoid about identify theft than most people, and last year subscribed to one of the three credit reporting agencies' Subscriber Alert services that immediately informs me anytime someone tries to access or update my credit history. Am I being *too* paranoid or is this kind of proactive approach going to be increasingly necessary for consumers in the 21st century if they wish to fully protect themselves?
Answer: Me too! There are a lot of resources out there now to help guard against identity theft -- including the alerting services from consumer reporting agencies. I honestly believe you can never be too paranoid in monitoring your financial activities. But I also get paid to be paranoid, so take that with a grain of salt. I could rattle off an entire list of ways to protect your home PC from attack (antivirus, firewall, and regular patching to name a few) and I could recommend ways to protect physical data (effective home security, paper shredder, and comprehensive insurance come to mind). But if you do nothing else, closely monitor your financial statements and credit rating. The earlier you discover fraud, the more options you have in setting things right.
Question: Building on that, if I feel that I am the victim of identity theft online, what are the first measures I should take, and in what order of importance?
Answer: Issue a fraud alert to the financial and consumer rating organizations. Follow the advice from the US Federal Trade Commission or related local agencies.
Question: This is a blog, so we're not supposed to talk about all the great things that IBM's various security-focused experts are doing, unless we do so in a way that masks our intention of getting customers to subscribe to said services. So, we're going to do a product/service pitch in a not-so-subtle fashion that will be masked in the guise of one of our really funny TV commercials. That way, we're a blog pretending to be an advertisement pretending to be a pitch for IGS' security services. Okay, ready? Here we go: Pretend that you're a server from one of our TV commercials and I'm the bad cyber guy and I'm holding you hostage. I'm wearing a really cool mask that hides my identity (even my goatee), the server intrusion alarm bell is ringing really loudly in the background, and I'm got about 10 minutes to embezzle the equivalent of the GNP of a small but blossoming Southeast Asian country. You have one phone call to call for help. Who do you call and what do you say to them?
Answer: No phone call necessary. My server is made by IBM so the baked-in security keeps my data nice and safe.
Blogger's Note: To learn more about cybercrime, check out our recent Web feature "The Changing Nature of Crime" or our podcast on "The Future of Crime."[Read More]
This just in: Whoa, the Walt Disney Co. has agreed to buy Pixar Animation Studios Inc. for around $7.4B in an all-stock deal. Pixar Chairman and CEO Steve Jobs will take a seat on Disney's board and become the company's largest shareholder.
It wasn't long ago that the Disney/Pixar distribution partnership was on the ropes, but evidently Jobs and Disney CEO Bob Iger have mended their "Desperate Housewives" white picket fences and decided it was time to partner up for good.
Disney released this statement, in which Steve Jobs indicated that "Disney and Pixar can now collaborate without the barriers that come from two different companies with two different sets of shareholders." Instead, he said, "...Everyone can focus on what is most important, creating innovative stories, characters and films that delight millions of people around the world."
It's always good to see corporate protagonists kiss and make up, particularly those with such innovative and creative teams as Pixar and Disney have had in past episodes. But it does make me wonder if the traditionally analogue fabric of Disney and the digital DNA of Pixar can meld seamlessly into a movie that has a singular vision and a consistent and compelling story arc.
The key question is this: Will the merger result in Iger and Jobs partnering to become "The Incredibles," or will they instead just end up getting "Lost"???
I'm betting that it's the former, but then again, I've always been a "Chicken Little." ; )[Read More]
A follow-up to my previous post on the coming Blackberry freeze. The cold north winds just picked up, prepare to rest your thumbs.
In a ruling yesterday, the U.S. Supreme Court turned down a request to review NTP's patent infringment ruling against it. The case now reverts back to a U.S. district court for continued adjudication.
Can We Use Smoke Signals?
Before you go into thumberry withdrawal, know that there are options. Worst case, NTP's requested injunction forces RIM to go radio silent, which would negatively affect some 4.3 million U.S. subscribers. However, know NTP has agreed that such an injunction would NOT affect U.S., federal, state, or local governments, which had previously been a concern.
Best case? NTP and Research in Motion (RIM) settle, share their marbles, and enable the continued operation of of Wall Street analysts and traders everywhere.
RIM put this press release on its Web site and indicated that it had already prepared contingencies, none of which do, in fact, include reverting to smoke signals.
However, because I like burning things, I stand ready on my hill in South Austin prepared to convey messages to any disconnected downtown Austin Blackberryites who also happen to be IBM customers. Non-IBM customers will receive passed along messages via smoke signals on an as-available basis, but please understand in advance that my woodpile is not very large.
More details as they emerge...assuming the Blackberry service stays up long enough to deliver them.[Read More]
Orlando's a nice place to be this year, and judging from the news breaking from Lotusphere thus far, you won't find any flies landing on the Lotus team. In fact, my head's spinning from the announcements, so let me stop long enough to break it down into consumable fragments:
First, over 6,000 attendees saw the "Hannover" demo this morning. Slated to release in 2007, these next releases of IBM Lotus Notes and IBM Lotus Domino will include SOA support, activity-centric computing, composite applications, and server-managed clients to the IBM Notes and Domino platforms.
Next, expanded support Mac OS X, including for Lotus Notes 7 on the Apple Mac OS X Version 10.4 "Tiger" release. This will included integrated Lotus Sametime instant messaging and support for the new Intel-based Macs. IBM is also introducing Mac support for Domino Web Access via Firefox.
We're also seeing increased convergence of real-time collaboration technologies for the Lotus Sametime platform, including instant messaging, phone, VoIP chat, Web conferencing, and video conferencing (get out of those jammies!) in Lotus Sametime V. 7.5.
V 7.5 will also include new interoperability with other leading public instant messaging services, including Yahoo, AOL, Apple iChat, and Google Talk (That's what I'm talkin' about!)...And if you didn't already know where you were, V 7.5 will include location awareness and enhanced security and privacy, all built on the Eclipse framework intended to encourage open plug-in development.
Next, expanded support for SAP Solutions through the IBM Lotus Notes Suite for SAP Solutions (Hey, I don't make up these names...I just laboriously retype them!) and the new "Move2Lotus on Linux" program. On the SAP front, we include expanded integration into calendaring, time tracking, contact management, report generation, approval workflows, and other common business tasks, availability 1H06.
And with the "Lotus on Linux" program, we're providing IBM Business Partners with the tools, resources, and incentives they need to help their customers migrate off of competing messaging and collaboration systems to Lotus Notes and Domino on Linux. That's one small step for the penguins, one giant leap for global communications.
Real-Time Collaboration for Real-Time Business
Finally, we have announced enhanced support of click-to-call (to call in instant messaging or email contact directly from email and IM clients), click-to-conference (to instantly initiate a voice conference from within a client), and business-quality video into Lotus Sametime working with the likes of Avaya, Nortel, Polycom, Premier Global Services, Siemens, and Tandberg.
These new instant messaging, web conferencing, voice, audio integration and PC-to-PC technologies will help IBM customers keep their feet firmly on this flattening earth, and help ensure the right hand knows what the left is doing...or not doing, as the case may be.[Read More]
If it's late January, it's time to put on the yellow.
Lotusphere 2006 kicks off in Orlando this weekend, and judging from the enrollment and the early buzz, it could very well prove to be the biggest and best Lotusphere ever.
This year, we've worked to maximize attendees' time by balancing the coverage between product overviews and roadmaps with pragmatic specifics and case studies on how you can extract real business value from our upcoming technologies.
LotusphereBootCamp: Practical and Technical
We're also introducing a new program -- LotusphereBootCamp (say that three times quickly) -- which is a conference-long, highly technical curriculum aimed at the practical application of Lotus software.
To whet your appetite for all things yellow, check out this interview with new Lotus general manager, Mike Rhodin.
If you can't make it down to Orlando, but are interested in getting a ringside seat on the replay of our IBM Lotus Notes/Domino 7 launch event, check it out here.
Who Needs Denis Leary??
Finally, just so you know we recognize that all work and no play make for a dull Lotusphere, this year we're also kicking off the Lotusphere JAMFest, a two-night jam session where attendees are encouraged to bring their musical instruments and crank out some tunes.
Get jiggy with it by checking out the official JAMFest wiki, where you can build pages for the songs you'd like to perform -- or see performed -- and start to review the pending lineup. So far, highlights include requests for early Kansas, Meatloaf, David Bowie, Cheap Trick, Sammy Hagar, Styx (with two volunteer guitar players...has anybody seen Tommy Shaw?), and yes, even the Violent Femmes.
Anybody up for a little blisterin' in the Orlando sun? ; )[Read More]
turbotodd 100000388Y 2,627 Views
While it would be easy to have immersed one's self in the new Bin Laden audiotape news this A.M., a similarly disturbing story emerged from the mediasphere in a posting from the San Jose Mercury News.
"Feds after Google data."
You can read the entire story here. The net of it was this: The Bush administration has asked a U.S. federal judge to order Google to turn over a "broad range of material" from its extensive records as part of an effort to review an Internet child protection law struck down by the U.S. Supreme Court two years ago. Thus far, Google has declined to adhere to the request.
It would be inappropriate for me to speak here as to my personal opinion on the subject of a Big Brother government using the advances of the Internet and information technology to use that information to intrude upon the private lives of individuals under the guise of protecting them from themselves.
So let me just say this: Go Google.
This move should serve as a reminder as to the power and reach of the Internet, both online and off. Your private information is increasingly no longer private. Empower yourself with tools and technologies that limit the collection of these personal digital footprints off of your hard drive. Even if in this instance the government is not specifically requesting information that might tie you back to your individual searches on Google, it's a fast and slippery slope.
Your information belongs to you, and no one should use or abuse it without your express consent.
Amazon's New Deal: "Retailtainment" Starring Bill Maher
Meanwhile, back at the virtual movie studio, and in a strange twist of art imitation life imitating art, Internet broadcaster Yahoo! ran an AP story announcing that Amazon is going to be running Web entertainment at a virtual mall near you soon.
Amazon apparently intends to broadcast or, as the case may be, "Webcast" -- a new series starring comedian Bill Maher entitled the "Amazon Fisbowl With Bill Maher." It is intended to blend the excitement of entertainment with the adrenalin rush of visiting your virtual mall.
And most intriguing, because Bill Maher is the host, the U.S. federal government can be expected to watch the new Yahoo series -- and all its viewers -- very, very closely.
Let's just hope they don't use our credit card numbers to purchase the DVD edition. ; )[Read More]
turbotodd 100000388Y 2,566 Views
It's the beginning of a new year, which means it's time to think about taxes. I know, I know, death and taxes and all that, but I've learned from past experience that thinking about taxes earlier in the new year means less misery as April 15th (the tax filing deadline date here in these United States) looms closer.
I've already begun pulling together receipts and such, and the 1099s have already started showing up via the snail mail. Once upon a time, I thought about trying to figure out a way to "stick it to the man" -- kind of like that exec in the funny new Sprint TV spots -- but there's no sticking it to anyone when you're a single male with no dependents -- it is you who typically gets the sticking.
So, it was with great amusement that I ran across the story on C:NET posing the question as to whether or not virtual assets are taxable.
Now, when I say "virtual assets," I mean just that. In the world of online fantasy gaming -- particularly for what have come to be known as "massively multiplayer online games" (MMOs for short) -- multiplayer games like "Ultima Online" have fomented the creation of entire underground economies in which buyers and sellers trade imaginary goods. In fact, this market is estimated to be worth over $135M on the game Everquest this year alone.
Surely ye jest, Turbo, ye exclaims!
Ney, gaming warmonger. And while it may not have yet gotten the taxman's attention...yet...it is only a matter of time before the tax trolls awakeneth to these potential virtual tolls!!
So, Can I Depreciate That Arctic Ogre Lord?
So what are these potential tax evaders selling? In games like EverQuest, which has an estimated 450,000 subscribers, players are exchanging virtual goods, capabilities, and even skill levels worth real money (i.e., you can buy from someone else the acquired skill level that they spent several hours' attaining so that you can quickly jump into a higher level of the game).
Julian Dibbell, author of a recent article on the subject of virtual taxation in "Legal Affairs" magazine, indicated that he made some $11,000 in 2003 in selling virtual assets via eBay, but explained that his local IRS office was puzzled by the concept when he tried to explain it to them, and that they didn't quite know how to advise him.
My take? With the total GDP for the MMO marketplace being an estimated $800M this year alone, it's only a matter of time before someone at the IRS figures out how to initiate an audit on the ogres.[Read More]
Believe it or not, even though I work at IBM, I don't always know what's going on, and have to stumble upon things in the press like anybody else.
Today, I ran into a story on C:NET that I thought demonstrated a really intriguing use of our WebSphere Application Server software technology that I thought worth passing along.
We're currently working with Whirlpool and the U.S. Department of Energy on a project called "GridWise," studies intended to bring about a more intelligent power grid.
The basic premise of the studies and the technology is to use IBM Software to help alert customers how much energy they specifically are consuming based on real-time prices, and encourage them to lower usage during peak utilization and rates. This will allow them to take action to meet their personal energy budgets and save on overall energy usage before they get their bill.
The other study focuses on a clothes dryer that can sense instability in the power grid and shut itself down as necessary, saving on energy costs and potentially on maintenance. C:NET reported that the widespread adoption of these technologies across the nation could eventually save consumers up to $80 billion in 20 years by negating the need for the construction of new transmission substations and other power distribution equipment.
Now if I could just get a dryer to fold my clothes.[Read More]