Today signals the kickoff of the RSA Security Conference in San Jose, California. This year's conference will see more than 275 exhibitors and a host of speakers, including IBM's Doug Conorich, who will head a session on "Lessons Learned from Network Break-Ins." Doug works with IBM's Managed Security Services organization.
Also speaking at RSA from IBM will be Anthony Nadalin, a distinguished engineer with our Tivoli software team. Anthony will be providing an overview of "Model Driven Security Architecture," which takes a business application lifecycle management approach to building in layers of security and authorization for a service-oriented architecture. (Get a deep dive in this article from the IBM Systems Journal.)
C:NET provides some setup overview coverage here, citing that this year's conference agenda dutifully acknowledges that security has moved out of the server room and into the boardroom.
Todd "Turbo" Watson -- IBM Corporation
There's been quite a bit of blogosphere bluster about Google's new release of the Google Desktop beta, specifically around their new "Search Across Computers" feature.
If you haven't used Google Desktop, know that it includes a very powerful desktop search capability, one which I use to find presentations and other files all the time. But in examining the fine print around the "Search Across Computers" feature, it does give one pause with respect to one's privacy.
As explained on the Google site, the new "Search Across Computers" function allows one to search documents and view Web pages across all your computers. Specifically, you can search your Web histories in all the major browsers, as well as Microsoft Word, Excel, and PowerPoint documents, and also PDF and Text files.
You Have Nothing to Hide...Do You?
Here's the issue: To do so, all that information must be uploaded and stored on a Google server. That means Google could potentially have copies of any and all documents that contain your very personal information: tax returns, medical and financial information, anything that you store on your desktop. (Enterprises beware, that could also include sensitive and proprietary business data as well.)
The Electronic Frontier Foundation pointed out in a press release yesterday that this makes users' personal data "more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password."
The EFF release goes on to point out that the government could then demand users' files with a subpoena, and not the search warrant that would be required to seize information from your computer otherwise.
As powerful and useful as the Google Desktop feature has been, I've not yet flipped the switch to turn on -- nor do I plan to -- the "Search Across Computers" feature.
The way I see it is pretty simple: What they can't host won't hurt me.[Read More]
The Web Two Point Oh resurgence continues, both in terms of innovation, as well as breaking down barriers and aggregating information that once-upon-a-time was locked away in some county tax assessor's office -- information freely available to the public, but not acquirable without some major effort on the part of the consumer.
The culprit this time around? Zillow.Com, a Seattle-based start-up that lets you look up the value of your boss's nice big house on the other side of town.
Zillow's beta site launched this week and allows users to look up estimated home valuations, along with other detailed information. It also provides "Zestimates": the estimated maretking value of a home; and a "Zindex": a housing index which provides the median "Zestimate" housing value for a given geographic area on a given day.
C:NET calls Zillow the "Kelley Blue Book" for homes...I call it a plain, powerful Web Two Point Uh-Oh application that's likely to send realtors scrambling for their cell phones.
Apparently, it has already sent the Zillow folks scrambling for some new server capacity due to a virtual Oklahoma land rush when the site launched...
(Blogger's Note: I am happy to put the folks at Zillow into contact with one of our iSeries sales reps. Just email me at the address in my bio above)...with C:NET reporting that the site was underperforming yesterday due to overwhelming interest: interest from overleveraged sellers with adjustable rate mortgages charging them entirely too much interest.[Read More]
turbotodd 100000388Y Tags:  cio information_management media ibm_software 7 Comments 4,125 Views
The feature on this week's ibm.com home page is "The Future of Sports," and as I read through drafts of some of the story's components -- including listening to the excellent future of sports podcast - it dawned on me that there may have never been a better time to be an athlete or a sports fan.
Full disclosure: My name is Todd, and I'm a sportsaholic. I grew up in north Texas, near Dallas, where football was as close to a religion as one could get without going to church, and where Little League baseball diamonds were a fixture permanently etched into the landscape. In my adolescence, I played both baseball and football, and also dabbled in soccer, basketball, cross country, golf, and even rodeo (yes, we do consider rodeo to be a sport...same with NASCAR...but more on that later).
I was never a star player, particularly in team sports, but I relished the opportunity and experience of playing both organized team and individual sports, and my participation taught me no end of lessons: teamwork, collaboration, cooperation, sacrifice, perserverance, how to throw my golf putter into a lake with style and finesse but also with the appropriate amount of anger...all qualities that I would inevitably call upon in later years for my business life.
Sporting Solutions for a Small Planet
In my travels for and work experiences on behalf of IBM, I've been most fortunate to have escaped the boundaries of my own geography and culture, and witnessed what sports means around the world, both virtually and up close.
Instant replay: On one of my international business trips, to Munich, I watched in fascination at the complete preoccupation of my European colleagues with the 1998 World Cup, and realized that no matter where in the world you are, football is football...except in Europe, where soccer is football, which my European colleagues were quick to point out...but my real point in mentioning it was this: sport is sport around the globe, certainly even as one man's sport is another man's bore.
I also learned that sport, like politics, is mostly local, even as it plays a crucial and necessary role in shaping national and even state identity...but it's mostly local. My tribe...err, I mean my team, is always better than your team, except when my team loses, in which case it's time to elect a new president...err, I mean hire a new coach.
Yet with the dramatic changes in technology over the past decade, what was once local has become instantaneously global.
Just this past weekend, by way of example, I watched as Tiger Woods played (and eventually won) the Dubai Desert Classic, a golf tournament halfway around the world -- sometimes in real-time and at others in instant replay. I had no end of options to read about or follow it closely, including the IBM-sponsored PGATour.Com But the best part was that I had any option at all, something avid sports fans didn't have when growing up with Jim McKay and ABC's "The Wide World of Sports."
The agony of victory and thrill of defeat was all well and good in the wide world of sports, up until about the time the shackles of broadcast commercial TV delayed replays or blackouts and forced you to miss the one game you really wanted to see in that not-very-wide-world-after-all. Call it the agony of oligopoly, where the channels of opportunity were limited by the scarcity of broadcast spectrum and, in turn, the limited number of sports media outlets. The endless capacity of the Internet precludes that from being an issue for the virtual world of sports.
IBM: Helping Fans Get Closer to the Action
Sport has always been very much an "on demand"-oriented endeavor, especially in terms of the need for instantaneous information and results. Thus, the global and individual accessibility of the Internet pairs nicely with the required immediacy of sports.
IBM's innovation in bringing technology to sports occurred early on in the Internet game, beginning with our early IT sponsorships of the U.S. Open, the Masters and PGA Tour, the Olympics, and others. In those experiences, we learned a great deal about the utility and applicability of our technology and the unique power of the Internet to address some very time-sensitive business problems, the lessons of which informed and shaped our product development.
These efforts helped us more effectively address other customers' problems through the lessons we learned from these sports sponsorships, some harder than others. Like the 1996 Olympic Games in Atlanta, when IBM stumbled onto the javelin after being unable to deliver a critical scoring results feed to the news media, who were using the timely information in that feed to inform the rest of the planet. Lesson learned.
That very same year, IBM delivered live results of Tiger Woods' historic and relentless march up the fairways of Augusta to take his first green jacket. The Java-based Internet scorecard developed expressly for the Masters was the first of many innovations in our sports coverage efforts (read my account of a more recent one about the "Point Tracker" from last September's U.S. Open).
And from what I can surmise as I scan the fast-changing digital media landscape, this game is just getting rolling. IP-based digital media online is probably the most recent and important evolution for sports coverage in recent years, and is opening up whole new opportunities for athlete and fan interaction. You've also got fantasy sports leagues, online and console gaming, IPTV...all putting fans closer and closer to the action, and sometimes even directly into the driver's seat.
Gentlemen, Turn On Your Remotes
Take NASCAR, as an example. Just recently, Time Warner Cable sent me an invitation to subscribe to its new "NASCAR In Car" digital cable offering, which will allow me to watch "6 drivers on 6 in-car camera channels with live team audio and real-time in car-data." Does that mean I also get to experience driving into the wall of the Texas Motor Speedway at 180 MPH??? (Read a recent story in CIO magazine to learn how technology is changing NASCAR and helping it build its booming business.) Without the ability to provide multiple feeds through an IP-based broadband pipe, such a feat would have been impossible even just a few short years ago.
The point is this: Moving forward, no matter where in the world you may be, technology is going to allow you to follow your favorite team or athlete no matter where in the world they may be at the moment of, at - and even after -- the event, and increasingly via the device of your choice (Anyone see those ESPN Mobile TV ads in the Super Bowl last night? You thought people talking on the phone at the movies or restaurants was an etiquette issue? Just you wait until you can watch them jump up and down cheering at your cousin's wedding when the Steelers go for two and make it.)
People's behavior and the technology opportunity will certainly have to catch up with one another and make some adjustments, but the best news of all is that fans are going to be able to become a more integral partner in the experience, making the convergence of technology and sports the new team to watch.
I'm personally very much looking forward to the day when I can play in a virtual 3-D foresome with Ben Hogan, Jack Nicklaus, and Tiger. Until that time, I'll keep practicing my course management on the X-Box.[Read More]
Greetings. As we head into SuperBowl weekend, it seems that from all reports, the Kama Sutra worm couldn't find any love, which is a very good thing. I, personally, wasn't looking forward to rebuilding all the PowerPoints, Word docs, and related intellectual capital I'd worked so feverishly on under such tight deadlines for the past 15 years. And I was glad to have been given the kick in the derriere I needed to update my antivirus update. I hope all of you out there fared as well. Meanwhile, it's time to gear up for that favorite American pasttime, the SuperBowl.
Since my Dallas Cowboys went off their winning streak in the mid 90s, my favorite thing about the SuperBowl has been the TV ads, particularly those $20 million 30 second spots featuring monkeys and sock puppets. Ah, the good ol' days of dot com advertising. I look forward to counting advertising dollars wilting away by the millions per minute on Sunday, and am hoping for some real marketing genius this year. And also wondering what that one big surprise will be.
Fourth and Long
The National Football League (NFL) and IBM recently partnered on an initiative to help the NFL better bring you even better coverage through their NFL Films division by leveraging IBM's digital media technologies. Growing up, I was a huge fan of the NFL Film shows.
Every weekend, I would wait intently for the previous week's recap show -- remember, this was long before ESPN recaps -- and watch and wish that I would grow big enough to play in the NFL someday. Alas, I ended up playing more golf than football, but I can still hear the crunch of helmets and shoulder pads and that narrator's voice.
Next week, after the knee pads and Astroturf have been put away, and the winning quarterback has jetted off to Disneyland, my colleagues at ibm.com and I will take a closer look at the future of sports. Being a sports junkie, nothing is sacred. Golf, NASCAR, the Olympics...it's all fair game and it's all being changed by technology.
Until then, enjoy the game...and the commercials.[Read More]
If your Web server traffic starts spiking tomorrow, just remember that it's probably not due to a U.S. Valentine's Day race for the roses. Rather, it will likely be due to a different kind of love, one we'll all be best served to avoid entirely.
The Kama Sutra worm (which also crawls around under the aliases Nyxem.E, MyWife, and Blackworm) is programmed to start going on a file-deletion rampage tomorrow. Kama Sutra is a mass-mailing worm that also tries to spread itself using remote sharing.
According to F-Secure's Virus Information Page on "Nyxem.E, Kama Sutra's love stun also tries to disable security-related and file sharing software and destroy certain types of files.
Which ones, you might ask? Uh, the ones most of us business-oriented users use day in and day out. You know, PowerPoint, Word, Excel, PDF, etc.
If you haven't updated your antivirus software -- nor used it to scan your computer lately -- sometime today would be a good time, preferably sometime before midnight.
F-Secure's Web site reported that Nyxem.E was at the top of its virus list, with some 300K infections and 21.7 percent of all reported infections. Don't be one of the unlucky ones to catch it next.
How? First, don't open suspicious emails, many of which will likely have references to pornography in the subject line (yes, this includes most spam, which is all the more reason not to be tempted to open those emails).
Second, update your antivirus software and scan, detect, and, if infected, remove the virus
Third, go back to using a typewriter.
Just kidding. FYI, I'm talking my walk and walking my talk as I type, having just downloaded the Symantech LiveUpdate and now running the scan.
Kama Sutra is just the kind of love I don't need right now. I seriously doubt you do, either.[Read More]
It's a marvelous thing when things converge and the universe seems all zenlike and magical...and...oh, you know what I mean.
For example, as I was reading more coverage again today about the coming Blackberry blackout, I stumbled across a story about the global warming pigeons in San Jose, California.
Have you yet heard about the global warming pigeons? New Scientist magazine reported that these pigeons are going to be outfitted with backpacks -- yes, you read that right, backpacks -- which will include a GPS satellite tracking receiver, air pollution sensors, and a basic mobile phone (but NOT a Blackberry -- pigeons, after all, don't have thumbs).
This convergence of contraptions will then send back text messages on air quality in real time to a special pigeon "blog," which will be accessible to all of us on the Internet, and where you will be able to monitor their progress via an interactive map. (BLOGGER'S NOTE: If the smog blog pigeons happen to fly across the Pacific Ocean to mainland China, please be aware that they will likely not show up on Google Maps.)
I haven't figured out yet what the tagging phrases most apropros for these pigeons will be for the blogosphere just yet -- the pigeons have yet been released into the atmosphere -- so I'm going to play it safe and add "smog pigeons" and "heat-seeking feathered vertebrates" to my own tagging lists so that these brave creatures don't feel short-shrifted.
They are, after all, the ones flying like Icarus fearlessly into the ozone to help us find out how much longer we're all going to be able to breathe.
The man who brought us "Survivor," Mark Burnett, is panning for gold with a new reality game show entitled "Gold Rush." But don't look for it on CBS...it will air via the Web.
The real-life reality treasure hunt will air exclusively on AOL.com...how weird did that sound?...and will track "real-life challengers searching for hidden treasure across the U.S."
Clues will be placed throughout AOL.com, AIM.com, Moviefone.com, and MapQuest.com, and will also be promoted on other media, including TV, print, and wireless.
Burnett made a pretty bold statement in the press release and in an interview on CNBC's "Power Lunch": "The time slot between 9 am and 5 pm is the new 'prime time'."
My hats off to AOL. Finally, finally, finally, a major media property is going to lead with the Web and use the unique interactivity and involvement it can create with a mass audience.
I don't know Jack about the game other than what I read in the press release and online, but I already predict another hit for Burnett. Such a move is way overdue, and the only inevitable downside is the dramatic decrease in American worker productivity once the "Gold Rush" is on![Read More]
Both Robert Scoble and Om Malik had posts today about finding peoples' phone numbers, email addresses, etc.
Scoble was writing about how easy it was to find his info via search engines because he put his email on his blog, and Malik was exploring how to synch his Yahoo personal information manager and iCal address book.
These are two separate threads that will ultimately need to converge, either in that great Google database in the sky or on your desktop or somewhere in between. And I don't know about you, but I, personally, desperately need this convergence to occur, and soon.
A major time suck in my job each day is looking for folks' phone number and email addresses, particularly folks inside IBM (We're a small country at 300,000+ employees, so excuse me if I can't remember every IBMer's phone number or email address!)
I also communicate with a lot of people outside IBM, for whom there is no real central directory (again, save for Google). And I am actually a stickler for always taking someone's email or phone number and adding it to my PIM after we've had a virtual encounter.
Can Somebody Please Get That??!
Which brings me to the conundrum...is it better to try and keep all those peoples' names, phone numbers, email addresses, blog addresses, etc. in some centralized personal information manager, or in your dominant email client, etc?
Plaxo has certainly been one attempt to keep such information connected and up to date, but if you don't have the right email client (i.e., Outlook, Outlook Express, Thunderbird...NOT Lotus Notes) it's not very helpful.
Me, I use ACT! (The explanation point is part of the product name, not me yelling in excitement). I've found ACT! to be the perfect combination of PIM and personal calendaring (including triggered alarms). So if someone at sage software is reading this: love your product, love the feature/functionality, but haven't upgraded recently, so feel free to send me a newer version because I'm a loyal customer and am happy to tell everyone how great it is.
However, here's the problem: Even with ACT! it's difficult for me to synch with other devices. Like, my mobile phone, for example. Fuddedaboudit -- yet, when you think about it, that is exactly where I need to store a lot of those phone numbers! I just don't want them locked up in the phone and only in the phone.
Case in point: Last summer, I went river rafting on the Guadalupe River just south of Austin and took my Samsung phone with me. Hey, you never know when you might need to make an emergency phone call on the river, right?
The Next Best Thing to Being There
Turns out the 911 call I ended up needing to make was to my carrier to buy another phone! The Samsung wasn't nearly as water-impermeable as my iPod nano.
In fact, of all the phone numbers that were stored in the Samsung, only some of them had been had stored in ACT!...the others were completely landlocked...err, waterlocked...and I had no way of getting them back.
Call me lazy, but Vonage is the best thing going. Using their Click-2-Call feature, I no longer have to dial the phone while working from my home office. I simply highlight a nine-digit phone number in my PIM, hit the "F6" key on my keyboard, then wait for the phone to ring.
I answer the phone, wait another moment, and the next thing you know, the number I selected is ringing on the other end. It's magic, and it has saved me beaucoup time.
Time I can now spend on Google looking up the numbers of all those people who got lost in my waterlogged cell phone.
If the phone doesn't ring, it's me. -- Jimmy Buffet[Read More]
I mentioned last week that entrepreneurs and start ups looking to come out of the gates lean and mean are increasingly turning to low-cost or open source technologies to help them do so.
We at IBM are trying to do our part to help. This morning, we announced a free version of our DB2 database, DB2 Express-C. You can download it here, and this FAQ will help you learn whether or not it's for your environment.
The FAQ indicates that Express-C was designed with the developer and partner community in mind, and is designed to be up and running in minutes. This free download includes an unwarranted license to use on 32 or 64 bit, Linux or Windows systems with up to 2 CPUs and 4GB of memory.
It's also scalable should your startup sprout into the next Amazon or eBay and you later require a more enterprise-oriented edition. Applications developed with the DB2 Express-C version are fully compatible with other DB2 Universal Database editions.
You're on your own for writing the business plan.[Read More]
Chris Anderson from Wired always does a really nice job of encapsulating major Internet, media, and information technology trends and packaging them up into bite-sized but informative portions, and his view on the "new boom" is no exception.
His view on the Web Two-Point-Oh renaissance in Silicon Valley is that the new boom will bring some sanity to this turn on the dot com joyride, and that, despite the recent Google-hype, this bubble won't burst.
Why? Mainly, people learned their lessons from 1999 (did we really party like it was 1999?), and that this boom has a sturdy foundation driven by sound economic fundamentals.
Start-ups are taking the angel fund route versus VCs (i.e., more rational allocation of capital), and are watching their pennies like a hawk. They're also using open source technologies and outsourcing strategies, creating efficient businesses out of the gate which are driving profitable revenue streams early on.
I know, I know, we all miss the sock puppets and $20 million Super Bowl TV ads...those were the days. But reality has set in pretty much across the board...well, save for the part about where the owner of dog.com recently paid $1 million for Fish.Com.
Today, it's all about the innovation and organic growth, which is probably just as it should be.
But it is really nice to bask and reminisce about the boom of the Internet boom, when a good Media Metrix report meant another $50M in pre-IPO market cap and lots of expensive parties and boondoggles with the digerati.
And all those tchotchkes, with names long since forgotten, like PointCast. Excite...I can't remember the rest. All those tchotchkes that now sit around my cubicle like some dot com museum.
Except for the Google towel. That one I'm saving to sell on eBay. ;)[Read More]
How's that for timing? We release our feature on CyberCrime and a couple of days later the US Federal Trade Commission releases its Top 10 List of Consumer Fraud Complaints. Methinks there is a conspiracy afoot...
The FTC press release can be found here. The numbers fall out something like this (David Letterman drum roll...Paul , hold off on the keyboards just for a moment, please...)
No. 1: Identity Theft at 37 percent, and 686,683 complaints.
(Bloggers Note: Hmm, apparently that $100 investment in the Equifax Credit Watch service was a wise one after all.)
No. 2: Internet Auctions - 12 percent
No. 3 Foreign Money Offers - 8 percent
No. 4 Shop-at-Home/Catalog Sales - 8 percent
No. 5 Prizes/Sweepstakes and Lotteries - 7 percent
No. 6 Internet Services and Computer Complaints - 5 percent
No. 7 Business Opportunities and Work-at-Home plans - 2 percent
No. 8 Advance-Fee Loans and Credit Protection - 2 percent
No. 9 Telephone Services - 2 percent
No. 10 Other - 17 percent
Interestingly, Internet-related complaints accounted for 46 percent of all fraud complaints, although Internet auction-related fraud was down YOY, and child ID theft cases nearly doubled.
So, the moral of the story? Don't use the Internet, don't buy money orders, don't shop from home, don't play the lottery, and don't have any children (or least hide them somewhere so their identities can't be discovered) -- and you should be just fine.
I Know I Put My Identity Down Around Here Somewhere
In all seriousness, both the personal and economic devastation that can arise from Internet-related fraud is substantial. Last year, these consumer fraud complaints resulted in reported losses of some $680 million, a 5% increase YOY but a substantial increase from 2003 and 2004. 49 consumers reported losing more than $1 million or more!
Of the 430,000 identity theft crimes reported, about half involved using the Internet. The Net, then: Protect your information, online and off. To learn more, go to the FTC Web site and take the Consumer Identity Theft Quiz (I took the "ID Theft FaceOff," playing Jim, and regained my identity in no time...Check it out)
To learn more about how you can minimize your risk and, if you suspect you've been the victim of identity theft, learn what first steps to take, visit the FTC's ID Theft site.
Our Global Security Intelligence team released its "2006 Global Business Security Index Report" yesterday, and I had an opportunity to conduct an email exchange with my cybercrime sleuth colleague, David Mackey, about this year's survey results and the overall state of cybercrime. David is a lead with IBM Global Services' Global Security Intelligence Strategic Outsourcing practice and editor of this year's report, and provided some most intriguing and insightful observations about the state of information security.
Question: First of all, can you give us a little bit of background on the Global Security Intelligence Services team. What do they do, and how did their Top 5 Predictions come about? And building on that, how's their track record thus far?
Answer: The IBM Security Intelligence service started back in 2003 as a way to give both IBM and our customers more advanced warning about impending IT threats. We do that by monitoring: security monitoring data produced by IBM Managed Security Services, any manner of Web sites, blogs, RSS feeds and mailing lists dedicated to security topics, and discussions with organizations like FIRST and AVIEN. Part of our service is tracking vulnerabilities, malware outbreaks, and other threats as more of a tactical response to every day issues. The other portion of the service is to look back on a monthly basis to see trends, important news, and other important points in the discussion of IT threats. The annual report that's received some attention lately is our attempt to summarize the key points of 2005 and look forward to 2006. This is our second year in providing predictions, so it's too early to tell how powerful our psychic abilities truly are.
Question: Renowned bank robber Willie Sutton used to joke that he robbed banks because "that's where the money is." So where's the money these days? Is it all sitting on a server somewhere, and what are some of the typical scams or guises that cyber criminals employ to try and get to my money?
Answer: There is a vibrant underground economy thriving on acts of malice on the Internet. There are thugs, mules, money launderers, gangs and bosses. They just tend to be a little more geeky than the individuals we typically associate with organized crime. These folks steal information from computers using various forms of malware. They extort Web sites by threatening to cause a denial of service unless the miscreants are paid. They trick users into divulging financial information via phishing attacks. The crimes are various, diversified, and innovative.
Question: Okay, thx. I saw that "botnets" are going to be one of the biggest threats to the Internet, and that newer botnets are going to use different methods for command and control, including jumping into peer-to-peer and IM networks. Are botnets something that IBM customers should be increasingly concerned about, and if so, what precautionary measures can they take?
Answer: Bots and botnets have been around for at least five years. However, the more concerning fact is: in 2004 and 2005, the number of infected systems participating in these botnets increased significantly. Of particular concern was the arrest in the Netherlands of three botnet operators reported to have commanded 1.5 million compromised systems. These compromised systems may have carried out any number of orders from the bot operators, including: conducting denial of service attacks, logging keystrokes on vulnerable systems, and stealing other sensitive information. We think (peering into our crystal ball) that arrests like that will put botnet operators on edge. To avoid future detection, we think they'll avoid commanding large botnets and instead use smaller cells. Additionally, these compromised systems are currently commanded via IRC so IT organizations can monitor for IRC network traffic to help root out infected systems. Botnet operators may instead switch to using peer-to-peer communication and command models to further evade detection and use new MOs.
Question: Because security intrusions and virus attacks are the industry's dirty little secret that nobody really wants to talk about, it seems difficult to get a good read on the real economic impact. So, my next question is, do we have a glimmer of any idea on what that impact is in the US and around the globe? And as a follow-up, what would your 1 minute elevator pitch be to any senior-level LOB executive.
Answer: The real answer is no; we have no real tally of the impact. Almost all organizations are reticent to discuss security incidents. The best method to-date in estimating this data is by gathering information via anonymous surveys like the FBI/CSI survey. But the numbers are very subjective and the risk -- and thus, the number of security incidents -- varies greatly from organization to organization. As far as my hello-my-name-is-David-Mackey-let-me-help-you-with-security-speech goes, I really stress to companies that they need to do a valid risk analysis. What are the goals of the business? How does IT help them achieve those goals? Which parts of the IT environment are most valuable? How much does the organization stand to lose if attacked? It's a real mistake to start throwing money at security technologies until you've successfully answered these questions. Don't let a salesperson tell you differently.
Question: Denial-of-service (DDos) attacks seem to be increasingly prevalent as a form of data hostage taking. Are most of these attacks economic in nature, or are we also seeing cyber attacks as a form of political speech as well? Meaning, are organizations or groups using DDoS attacks as a way to further specific agendas as opposed to just holding groups up for ransom?
Answer: I'm sure there's some politically or socially-motivated attacks, but most DDoS attacks so far are financially motivated. It's worth noting here that cyber extortion takes a number of forms. There are the DDoS attacks you mention, but there are also instances where miscreants may steal data (or encrypt the data in place) and then demand money in return for the data. Additionally, many so-called "security researchers" may demand money in exchange for supposedly critical information about software or Web site vulnerabilities. We've seen a number of creative, but insidious, extortion techniques.
Question: If an IBM customer feels they have been a victim of some sort of cyber intrusion, should they call a law enforcement organization or their IBM rep?
Answer: Both. Law enforcement agencies -- especially the FBI in the US -- have made significant investments in forensic technologies and investigators in recent years. They are very sensitive in dealing with the investigation and protecting the anonymity of victim organizations. Law enforcement is a necessary stop if victims would like to prosecute the attacker(s). At IBM, we deal more with the business continuity aspect. We conduct an investigation in order to help organizations get the IT assets up and running ASAP. We investigate how and when the attacks took place and then help organizations protect against future attacks. Both methods have valid goals.
Question: Is there yet a cyber equivalent of the Corleone family? I know we've heard news stories in the past about Russian and former Soviet Eastern Bloc hackers being prevalent...moving into 2006 is there a particular region or organization that has demonstrated particularly deft hacking abilities? If so, what can companies/government do to protect themselves?
Answer: There are organized groups out there, but I don't think they cut off horse heads and leave them in beds -- yet. Most security monitoring points to individuals or groups in the US being the largest source of attacks. But I should mention that one of the most difficult issues we deal with in information security revolves discovering the true source of the attack. It's very easy to obtain the source IP address of an attack (either through our monitoring or forensics services) but it's incredibly difficult to determine who was behind the keyboard. Was the IP address spoofed? Was the source computer in the US actually compromised by an attacker in Germany? This is typically the domain of law enforcement to track technical information down to a real person.
Question: I use a Mac as well as a ThinkPad, and clearly with Apple's decision to move to Intel processors, you all have suggested that Macs will be more vulnerable moving forward as one of the 2005 predictions. What can/should I do to protect myself from cyber vulnerabilities on my iMac?
Answer: In our 2006 predictions, we predict that the number of attacks -- including malware -- will increase against the Mac platform. I'm extremely nervous that most readers will view our prediction as sour grapes from IBM since Apple dropped IBM chips in favor of Intel's. And as long as I work for IBM, it'll be difficult for me to prove my team's objectivity on the issue so just pretend I work for ________. Much of the vulnerability research and exploit development in recent years has revolved around PCs -- running either Windows or Linux. Part of this research involves heavy expertise with the Intel chipset and op codes. This same expertise can now be ported to trying to exploit OS X. I also think that Mac computers will be cheaper and become more popular because of the move. (I apologize profusely to any Lenovo readers.) Any time a technology gets more pervasive, the number of threats also increases.
Question: I'm probably more paranoid about identify theft than most people, and last year subscribed to one of the three credit reporting agencies' Subscriber Alert services that immediately informs me anytime someone tries to access or update my credit history. Am I being *too* paranoid or is this kind of proactive approach going to be increasingly necessary for consumers in the 21st century if they wish to fully protect themselves?
Answer: Me too! There are a lot of resources out there now to help guard against identity theft -- including the alerting services from consumer reporting agencies. I honestly believe you can never be too paranoid in monitoring your financial activities. But I also get paid to be paranoid, so take that with a grain of salt. I could rattle off an entire list of ways to protect your home PC from attack (antivirus, firewall, and regular patching to name a few) and I could recommend ways to protect physical data (effective home security, paper shredder, and comprehensive insurance come to mind). But if you do nothing else, closely monitor your financial statements and credit rating. The earlier you discover fraud, the more options you have in setting things right.
Question: Building on that, if I feel that I am the victim of identity theft online, what are the first measures I should take, and in what order of importance?
Answer: Issue a fraud alert to the financial and consumer rating organizations. Follow the advice from the US Federal Trade Commission or related local agencies.
Question: This is a blog, so we're not supposed to talk about all the great things that IBM's various security-focused experts are doing, unless we do so in a way that masks our intention of getting customers to subscribe to said services. So, we're going to do a product/service pitch in a not-so-subtle fashion that will be masked in the guise of one of our really funny TV commercials. That way, we're a blog pretending to be an advertisement pretending to be a pitch for IGS' security services. Okay, ready? Here we go: Pretend that you're a server from one of our TV commercials and I'm the bad cyber guy and I'm holding you hostage. I'm wearing a really cool mask that hides my identity (even my goatee), the server intrusion alarm bell is ringing really loudly in the background, and I'm got about 10 minutes to embezzle the equivalent of the GNP of a small but blossoming Southeast Asian country. You have one phone call to call for help. Who do you call and what do you say to them?
Answer: No phone call necessary. My server is made by IBM so the baked-in security keeps my data nice and safe.
Blogger's Note: To learn more about cybercrime, check out our recent Web feature "The Changing Nature of Crime" or our podcast on "The Future of Crime."[Read More]
This just in: Whoa, the Walt Disney Co. has agreed to buy Pixar Animation Studios Inc. for around $7.4B in an all-stock deal. Pixar Chairman and CEO Steve Jobs will take a seat on Disney's board and become the company's largest shareholder.
It wasn't long ago that the Disney/Pixar distribution partnership was on the ropes, but evidently Jobs and Disney CEO Bob Iger have mended their "Desperate Housewives" white picket fences and decided it was time to partner up for good.
Disney released this statement, in which Steve Jobs indicated that "Disney and Pixar can now collaborate without the barriers that come from two different companies with two different sets of shareholders." Instead, he said, "...Everyone can focus on what is most important, creating innovative stories, characters and films that delight millions of people around the world."
It's always good to see corporate protagonists kiss and make up, particularly those with such innovative and creative teams as Pixar and Disney have had in past episodes. But it does make me wonder if the traditionally analogue fabric of Disney and the digital DNA of Pixar can meld seamlessly into a movie that has a singular vision and a consistent and compelling story arc.
The key question is this: Will the merger result in Iger and Jobs partnering to become "The Incredibles," or will they instead just end up getting "Lost"???
I'm betting that it's the former, but then again, I've always been a "Chicken Little." ; )[Read More]
A follow-up to my previous post on the coming Blackberry freeze. The cold north winds just picked up, prepare to rest your thumbs.
In a ruling yesterday, the U.S. Supreme Court turned down a request to review NTP's patent infringment ruling against it. The case now reverts back to a U.S. district court for continued adjudication.
Can We Use Smoke Signals?
Before you go into thumberry withdrawal, know that there are options. Worst case, NTP's requested injunction forces RIM to go radio silent, which would negatively affect some 4.3 million U.S. subscribers. However, know NTP has agreed that such an injunction would NOT affect U.S., federal, state, or local governments, which had previously been a concern.
Best case? NTP and Research in Motion (RIM) settle, share their marbles, and enable the continued operation of of Wall Street analysts and traders everywhere.
RIM put this press release on its Web site and indicated that it had already prepared contingencies, none of which do, in fact, include reverting to smoke signals.
However, because I like burning things, I stand ready on my hill in South Austin prepared to convey messages to any disconnected downtown Austin Blackberryites who also happen to be IBM customers. Non-IBM customers will receive passed along messages via smoke signals on an as-available basis, but please understand in advance that my woodpile is not very large.
More details as they emerge...assuming the Blackberry service stays up long enough to deliver them.[Read More]
Orlando's a nice place to be this year, and judging from the news breaking from Lotusphere thus far, you won't find any flies landing on the Lotus team. In fact, my head's spinning from the announcements, so let me stop long enough to break it down into consumable fragments:
First, over 6,000 attendees saw the "Hannover" demo this morning. Slated to release in 2007, these next releases of IBM Lotus Notes and IBM Lotus Domino will include SOA support, activity-centric computing, composite applications, and server-managed clients to the IBM Notes and Domino platforms.
Next, expanded support Mac OS X, including for Lotus Notes 7 on the Apple Mac OS X Version 10.4 "Tiger" release. This will included integrated Lotus Sametime instant messaging and support for the new Intel-based Macs. IBM is also introducing Mac support for Domino Web Access via Firefox.
We're also seeing increased convergence of real-time collaboration technologies for the Lotus Sametime platform, including instant messaging, phone, VoIP chat, Web conferencing, and video conferencing (get out of those jammies!) in Lotus Sametime V. 7.5.
V 7.5 will also include new interoperability with other leading public instant messaging services, including Yahoo, AOL, Apple iChat, and Google Talk (That's what I'm talkin' about!)...And if you didn't already know where you were, V 7.5 will include location awareness and enhanced security and privacy, all built on the Eclipse framework intended to encourage open plug-in development.
Next, expanded support for SAP Solutions through the IBM Lotus Notes Suite for SAP Solutions (Hey, I don't make up these names...I just laboriously retype them!) and the new "Move2Lotus on Linux" program. On the SAP front, we include expanded integration into calendaring, time tracking, contact management, report generation, approval workflows, and other common business tasks, availability 1H06.
And with the "Lotus on Linux" program, we're providing IBM Business Partners with the tools, resources, and incentives they need to help their customers migrate off of competing messaging and collaboration systems to Lotus Notes and Domino on Linux. That's one small step for the penguins, one giant leap for global communications.
Real-Time Collaboration for Real-Time Business
Finally, we have announced enhanced support of click-to-call (to call in instant messaging or email contact directly from email and IM clients), click-to-conference (to instantly initiate a voice conference from within a client), and business-quality video into Lotus Sametime working with the likes of Avaya, Nortel, Polycom, Premier Global Services, Siemens, and Tandberg.
These new instant messaging, web conferencing, voice, audio integration and PC-to-PC technologies will help IBM customers keep their feet firmly on this flattening earth, and help ensure the right hand knows what the left is doing...or not doing, as the case may be.[Read More]
If it's late January, it's time to put on the yellow.
Lotusphere 2006 kicks off in Orlando this weekend, and judging from the enrollment and the early buzz, it could very well prove to be the biggest and best Lotusphere ever.
This year, we've worked to maximize attendees' time by balancing the coverage between product overviews and roadmaps with pragmatic specifics and case studies on how you can extract real business value from our upcoming technologies.
LotusphereBootCamp: Practical and Technical
We're also introducing a new program -- LotusphereBootCamp (say that three times quickly) -- which is a conference-long, highly technical curriculum aimed at the practical application of Lotus software.
To whet your appetite for all things yellow, check out this interview with new Lotus general manager, Mike Rhodin.
If you can't make it down to Orlando, but are interested in getting a ringside seat on the replay of our IBM Lotus Notes/Domino 7 launch event, check it out here.
Who Needs Denis Leary??
Finally, just so you know we recognize that all work and no play make for a dull Lotusphere, this year we're also kicking off the Lotusphere JAMFest, a two-night jam session where attendees are encouraged to bring their musical instruments and crank out some tunes.
Get jiggy with it by checking out the official JAMFest wiki, where you can build pages for the songs you'd like to perform -- or see performed -- and start to review the pending lineup. So far, highlights include requests for early Kansas, Meatloaf, David Bowie, Cheap Trick, Sammy Hagar, Styx (with two volunteer guitar players...has anybody seen Tommy Shaw?), and yes, even the Violent Femmes.
Anybody up for a little blisterin' in the Orlando sun? ; )[Read More]
turbotodd 100000388Y 2,664 Views
While it would be easy to have immersed one's self in the new Bin Laden audiotape news this A.M., a similarly disturbing story emerged from the mediasphere in a posting from the San Jose Mercury News.
"Feds after Google data."
You can read the entire story here. The net of it was this: The Bush administration has asked a U.S. federal judge to order Google to turn over a "broad range of material" from its extensive records as part of an effort to review an Internet child protection law struck down by the U.S. Supreme Court two years ago. Thus far, Google has declined to adhere to the request.
It would be inappropriate for me to speak here as to my personal opinion on the subject of a Big Brother government using the advances of the Internet and information technology to use that information to intrude upon the private lives of individuals under the guise of protecting them from themselves.
So let me just say this: Go Google.
This move should serve as a reminder as to the power and reach of the Internet, both online and off. Your private information is increasingly no longer private. Empower yourself with tools and technologies that limit the collection of these personal digital footprints off of your hard drive. Even if in this instance the government is not specifically requesting information that might tie you back to your individual searches on Google, it's a fast and slippery slope.
Your information belongs to you, and no one should use or abuse it without your express consent.
Amazon's New Deal: "Retailtainment" Starring Bill Maher
Meanwhile, back at the virtual movie studio, and in a strange twist of art imitation life imitating art, Internet broadcaster Yahoo! ran an AP story announcing that Amazon is going to be running Web entertainment at a virtual mall near you soon.
Amazon apparently intends to broadcast or, as the case may be, "Webcast" -- a new series starring comedian Bill Maher entitled the "Amazon Fisbowl With Bill Maher." It is intended to blend the excitement of entertainment with the adrenalin rush of visiting your virtual mall.
And most intriguing, because Bill Maher is the host, the U.S. federal government can be expected to watch the new Yahoo series -- and all its viewers -- very, very closely.
Let's just hope they don't use our credit card numbers to purchase the DVD edition. ; )[Read More]
turbotodd 100000388Y 2,610 Views
It's the beginning of a new year, which means it's time to think about taxes. I know, I know, death and taxes and all that, but I've learned from past experience that thinking about taxes earlier in the new year means less misery as April 15th (the tax filing deadline date here in these United States) looms closer.
I've already begun pulling together receipts and such, and the 1099s have already started showing up via the snail mail. Once upon a time, I thought about trying to figure out a way to "stick it to the man" -- kind of like that exec in the funny new Sprint TV spots -- but there's no sticking it to anyone when you're a single male with no dependents -- it is you who typically gets the sticking.
So, it was with great amusement that I ran across the story on C:NET posing the question as to whether or not virtual assets are taxable.
Now, when I say "virtual assets," I mean just that. In the world of online fantasy gaming -- particularly for what have come to be known as "massively multiplayer online games" (MMOs for short) -- multiplayer games like "Ultima Online" have fomented the creation of entire underground economies in which buyers and sellers trade imaginary goods. In fact, this market is estimated to be worth over $135M on the game Everquest this year alone.
Surely ye jest, Turbo, ye exclaims!
Ney, gaming warmonger. And while it may not have yet gotten the taxman's attention...yet...it is only a matter of time before the tax trolls awakeneth to these potential virtual tolls!!
So, Can I Depreciate That Arctic Ogre Lord?
So what are these potential tax evaders selling? In games like EverQuest, which has an estimated 450,000 subscribers, players are exchanging virtual goods, capabilities, and even skill levels worth real money (i.e., you can buy from someone else the acquired skill level that they spent several hours' attaining so that you can quickly jump into a higher level of the game).
Julian Dibbell, author of a recent article on the subject of virtual taxation in "Legal Affairs" magazine, indicated that he made some $11,000 in 2003 in selling virtual assets via eBay, but explained that his local IRS office was puzzled by the concept when he tried to explain it to them, and that they didn't quite know how to advise him.
My take? With the total GDP for the MMO marketplace being an estimated $800M this year alone, it's only a matter of time before someone at the IRS figures out how to initiate an audit on the ogres.[Read More]
Believe it or not, even though I work at IBM, I don't always know what's going on, and have to stumble upon things in the press like anybody else.
Today, I ran into a story on C:NET that I thought demonstrated a really intriguing use of our WebSphere Application Server software technology that I thought worth passing along.
We're currently working with Whirlpool and the U.S. Department of Energy on a project called "GridWise," studies intended to bring about a more intelligent power grid.
The basic premise of the studies and the technology is to use IBM Software to help alert customers how much energy they specifically are consuming based on real-time prices, and encourage them to lower usage during peak utilization and rates. This will allow them to take action to meet their personal energy budgets and save on overall energy usage before they get their bill.
The other study focuses on a clothes dryer that can sense instability in the power grid and shut itself down as necessary, saving on energy costs and potentially on maintenance. C:NET reported that the widespread adoption of these technologies across the nation could eventually save consumers up to $80 billion in 20 years by negating the need for the construction of new transmission substations and other power distribution equipment.
Now if I could just get a dryer to fold my clothes.[Read More]