Tag Archive for CIA

Whats Up With Cisco?

Whats Up With Cisco?What is up with Cisco? Their fiscal results for the recently closed 2017 Q3 showed revenue of $11.9 billion, a 1% decline in revenue, compared to the same quarter last year. This is the 6th consecutive down quarter. The networking goliath also issued downward guidance for 2017 Q4. They estimated a revenue declines of 4-6% year-over year.

Cisco logoOn the earnings call, Cisco CEO Chuck Robbins blamed several factors for the lower guidance. He cited:

  • “a pretty significant stall right now” in the U.S. federal public sector
  • Service provider revenues were down in Mexico.
  • United Kingdom business is being dampened by currency issues.
  • Middle East, there is “pressure… relative to oil prices.”

Then there are the layoffs. Cisco buried the announcement in a footnote in the company’s SEC 8-K report that 1,100 more layoffs are coming, on top of the 5,500 announced Layoffsin August 2016.

In May 2017, we extended the restructuring plan to include an additional 1,100 employees with $150 million of estimated additional pretax charges.

According to SDXCentral, the Cisco CEO stressed several times on the earnings call, that the company is transitioning to more software and subscription-based business. He declared,

I am pleased with the progress we are making on the multi-year transformation of our business.

These weak fiscal results and the move to a subscription-based business have led to speculation about what the Cisco business will look like in the future. TechTarget speculates that Cisco may go so far as to separate the Network Operating System (NOS) from the hardware. They contend that such a move would be a dramatic departure from Cisco’s traditional business model of bundling high-margin hardware with its NOS. The author believes that market trends will likely force the vendor to release an open NOS.

Cisco Catalyst 3750-E.TechTarget cites reports from the The Information that a hardware-independent NOS called Lindt is coming. Reportedly Lindt will run on a white box powered by merchant silicon. According to the article, a number of market trends are driving the move to a hardware-independent NOS.

The first market trend forcing Cisco to release a hardware-independent NOS is the company’s declining dominance of the Ethernet switch market. Since 2011, the company’s share has dropped from about 75% to less than 60% last year, according to the financial research site Trefis. The decline is important to Cisco’s bottom line because switches accounted for 40% of Cisco’s product sales in 2016, 30% of net revenues and 20% of the company’s $162 billion valuation, Trefis reported.

Infrastructure as a ServiceCisco’s weakening performance in switching is tied to the second market trend forcing Cisco to release a hardware-independent NOS. It’s customers are turning to public cloud providers, such as Amazon (AMZN) Web Services, Microsoft (MSFT) Azure and IBM (IBM) SoftLayer, for their IT infrastructure. The more enterprises subscribe to infrastructure as a service, the less networking gear they need in their data centers.

The shift to cloud providers is found in the latest numbers from Synergy Research Group. Revenue from public cloud infrastructure services is growing at almost 50% a year. In the fourth quarter of last year, revenues topped $7 billion.

Cloud providersThe third market trend forcing Cisco to release a hardware-independent NOS is the trend where enterprises that were Cisco’s largest customers are joining cloud providers in building open networking hardware and software to replace inflexible proprietary systems that lock them to a vendor. Those companies include large financial institutions, like Bank of America, Goldman Sachs and Fidelity Investments, and communication service providers, such as AT&T (T), Deutsche Telekom and Verizon (VZ).

The technology shift is driving an enormous amount of spending on IT infrastructure. Worldwide spending on public and private cloud environments will increase 15% this year from 2016 to $42 billion, according to IDC. Meanwhile, spending in Cisco’s core market of traditional infrastructure for noncloud data centers will fall by 5%.

Arista NetworksWhile Cisco is ignoring the trend away from proprietary hardware, the article says Cisco’s rivals are embracing it. Juniper Networks (JNPR) and Arista Networks (ANET) have released a version of their NOS for white boxes favored by cloud providers and large enterprises. Both companies reported year-to-year revenue growth in switching last year. Even Cisco’s patent lawsuit against upstart Arista was set-back by the courts.

Rohit Mehra, an analyst at IDC hypothesized that Cisco’s resistance to change is likely due to fear that giving customers other hardware options would accelerate declining sales in switching. “There would be potentially some risk of cannibalization in the enterprise space,” he added.

Cisco insists its customers are not interested in buying networking software that’s separate from the underlying switch. The Cisco spokesperson told TechTarget:

Cisco insists its customers are not interested

The vast majority of our customers see tremendous value in the power and efficiency of Cisco’s integrated network platforms, and the tight integration of hardware and software will continue to be the basis of the networking solutions we offer our customers

TechTarget adds that Cisco doesn’t say the article is wrong. Instead, the company falls back on a corporate cliché for refusing to discuss a media report. “We don’t comment on rumor or speculation,” a Cisco spokesperson said.

The networking market is evolving away from the hardware that Cisco depends on for much of its valuation. Cisco will resist changing its market approach for as long as possible. But in the end, the company will have to become a part of the trend with an open NOS capable of running on whatever hardware the customer chooses.

Mergers and acquisitionsRather than change its model for selling networking gear, Cisco has spent billions of dollars on acquisitions over the last few years to create software and subscription-based businesses in security and analytics. But Cisco’s software push has yet to pay off with 5 conservative down quarters.

Finally, Cisco just recently patched a flaw in IOS software that affected more than 300 models of its switches. Despite issuing an advisory on March 17, Cisco did not release the patch for this vulnerability until May 8, 2017. The Cisco vulnerability was part of the Vault 7 WikiLeaks dump of alleged CIA hacking tools.

Alleged CIA hacking toolsThe vulnerability, rated a critical 9.8 out of 10 by the Common Vulnerability Scoring System, is in the Cluster Management Protocol, or CMP. could allow a remote, unauthenticated attacker to reload devices or execute code with elevated privileges. This vulnerability can be exploited during Telnet session negotiation over either IPv4 or IPv6.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

9 Emails You Should Never Open

9 Emails You Should Never OpenThe increasing pace of life coupled with mobile computing which bombard us with messages, from more sources and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

CybercriminalsTrigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professional, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam. These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

Facebook friends2. The “long-lost friend.” This scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue. These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date. A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

Fake anit-virus5. You’re infected. A message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

Foreign lottery6. You’ve won. Claims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that asks you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification. An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

Scams8. Playing the victim. These emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check. A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

 

Ralph Bach has been in IT for over fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Internet of Things

Help – My Thermostat is Calling Home to China!

ThermostatPhil Neray of Q1 Labs, an IBM (IBM) company posted that in the recent Chinese hack of the U.S. Chamber of Commerce’s network, one attack vector was a thermostat. The thermostat at a Chamber town house on Capitol Hill which was communicating with an Internet address in China and a printer spontaneously started printing pages with Chinese characters (rb- I wrote about securing printers here).

The blog says that the hackers were in the network for more than a year before being detected is not unusual. Mr. Neray cites the 2011 Data Breach Investigations Report, more than 60% of breaches remain undiscovered for months or longer (versus days or weeks).

rb-

This is one of the risks of the Internet of Things. Security is in the era of IoT will have to use machines to monitor the machines.

CIA Chief: We’ll Spy on You Through Your Dishwasher

Dishwasher Spencer Ackerman at Wired points out that more personal and household devices are connecting to the internet, forming the Internet of Things and U.S.CIA Director General David Petraeus cannot wait to spy on you through them.

General Petraeus recently spoke about the “Internet of Things” at a summit for In-Q-Tel, the CIA’s venture capital firm. “‘Transformational’ is an overused word, but I do believe it properly applies to these technologies particularly to their effect on clandestine tradecraft” the blog recounts.

Mr. Ackerman predicts that people will be sending tagged, geolocated data that a spy agency can intercept in real-time when they open their Sears (SHLD) Craftsman garage door with an app on an Apple (AAPL) iPhone. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said, “the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.”

Wired says the CIA has a lot of legal restrictions against spying on American citizens. But collecting ambient geolocation data from devices is a grayer area, especially after the 2008 carve-outs to the Foreign Intelligence Surveillance Act. Hardware manufacturers, it turns out, store a trove of geolocation data; and some legislators have grown alarmed at how easy it is for the government to track you through your Apple iPhone or Sony (SNE) PlayStation.

rb-

The implications of the “Internet of Things” is profound when linked the transformational nature of the connected home network. The CIA sees great opportunity in wired home devices. Any home gadget with RFID, sensor networks, embedded servers, or energy harvesters is ripe for interception by spy agencies.

Koubachi Wi-Fi Plant Sensor Gives Your Plant a Voice

Koubachi Wi-Fi Plant Sensor Gives Your Plant a Voice Koubachi, the Swiss start-up company behind the popular iPhone plant care assistant presented its newest innovation at CeBIT 2012 in Hannover: the Koubachi Wi-Fi Plant Sensor according to ITnewsLink.

Building on the success of its popular interactive plant care assistant, Koubachi launched a Wi-Fi Plant Sensor that integrates into the Koubachi system to literally gives your plant a voice.

The Wi-Fi Plant Sensor measures soil moisture, light intensity and temperature. Using Wi-Fi, the data is sent to the Koubachi cloud, where it is analyzed by the Koubachi Plant Care Engine. The plant owner gets a detailed care instructions on watering, fertilizing, misting, temperature and light through push notifications or email. “The Koubachi Wi-Fi Plant Sensor is the first device ever that enables real-time monitoring of the plant’s vitality” says Philipp Bolliger, CEO of Koubachi, “It’s a truly unique product in the field of “Internet of Things” and bringing state-of-the-art technology to plant care.”

Smart Gadgets are Like Sleeper Cells in Your Kitchen

Smart meterManufacturers are “future-proofing” their appliances with “Internet of Things” capabilities that are latent for now. Christopher Mims at MIT’s Technology Review asserts that major appliances bought in the last three years probably contain a Zigbee capable wireless radio that can send out information about a device’s status and energy use and receive commands that alter its behavior.

Many appliance makers don’t announce these capabilities, Mike Beyerle, an engineer at GE (GE) whom Mr. Mims interviewed about GE‘s Nucleus home energy management system. “We want to build up a base before we make a big deal out of it,” says Mr. Beyerle.

The author says that manufacturers aren’t telling consumers what their devices are capable of because, in part, those abilities are useless without an energy management hub like GE’s Nucleus or a utility company‘s smart meter. In both cases, smart appliances must be “bound” to a hub to communicate with the outside world.

Once a device is hooked up to an energy management system and become part of the IoT, it get interesting. Mr. Mims says that users who signed up for a “demand response” program with their utility to get a lower bill, enable the utility to control their appliances. For example a refrigerator’s ice maker’s defrost cycle or the elements in a clothes dryer can be manipulated to drive down power use during times of peak demand.

rb-

Most people do not realize that installing a new smart meter can activate a technological sleeper cell in their HDTV, kitchen or laundry room. All of these “smart” devices will be part of the “Internet of Things.” They will have an IP address (probably an IPv6 address) and will be broadcast via a Zigbee wireless network. This is why the CIA says it can spy on people through their dishwasher.

Connected Kitchen

Connected KitchenEngadget says the Samsung RF3289 fridge is designed to let users access Pandora or tweet while grabbing a snack. Samsung touts it as the first to feature integrated WiFi. The Wi-Fi also offers the ability to view Google calendars, check the weather, download recipes from Epicurious, or leave digital notes

Engadet also reports LG’s Thinq line of connected appliances includes vacuum, oven, refrigerator, and washer / dryer. They support Wi-Fi and ZigBee to communicate with each other, the smart meter, smartphones and tablets.  That’s a pretty strong foundation to build the Internet of Things especially if the home is already equipped with ZigBee devices. CNET says the line can be troubleshot remotely; tech support can log in to the device see what’s wrong and fix it. Kenmore has a similar product line.