Archive for October 30, 2009

| October 30, 2009
Comments Off on 2010 Not Any Better – Maybe

2010 Not Any Better – Maybe

2010 Not Any Better - Maybe it spendingGartner says that IT spending experienced its worst year ever in 2009. The Stamford, CT research firm says the enterprise space saw a spending decline of 6.9%. ChannelInsider reports that the industry won’t reach 2008’s spending levels again until 2012. In the meantime, there will be some growth in 2010. Gartner sees a 3.3% increase over 2009 levels to $3.3 trillion.

IT spending prediction

2010 is about balancing the focus on cost, risk, and growth,” says Peter Sondergaard, senior vice president at Gartner and global head of research, in a prepared statement. “For more than 50% of CIOs the IT budget will be 0% or less in growth terms. It will only slowly improve in 2011.” On the other hand, Forrester has a rosier picture. In their report released 10-08-09 “US and Global IT Outlook: Q3 2009,” Forrester analyst Andrew Bartels, says the global IT market will see an upturn, starting Q3 2009 in an article on Campus Technology.

Hardware is hard hit

According to Gartner, things have been toughest on the hardware side of the computer market. Gartner says that worldwide computer hardware spending will total just $317 billion this year, a 16.5% decline, and in 2010 hardware spending will remain flat. Forrester says computer equipment sales will increase by 8.3% in 2010. Worldwide telecom spending is on pace to decline 4% this year and is forecast to grow by 3.2% in 2010 according to Gartner. Forrester claims communications equipment sales will show a bump at 3.6%.

Professional services is up

Additionally, Gartner forecasts IT services spending to total $781 billion in 2009 and to grow 4.5% in 2010.  In their report, Forrester predicts IT consulting services will increase by 11.7% in 2010 Software spending will decline 2.1% in 2009 but is expected to grow by 4.8% in 2010. Forrester says software purchases will be up by 9.3% in 2010.

Three big trends will shape the IT spending and operational infrastructure in 2010, according to Gartner—a shift in IT budgets to more opex from capex, the ramifications of an older infrastructure made up of older IT hardware, and the need for IT to create business cases for spending.

Spending trends

Gartner says the shift from capital expenditure to operational expenditure in IT budgets will be accelerated by emerging cloud services and will make IT costs more scalable and elastic. The second trend comes from delays in computer hardware upgrades. As the business has delayed buying servers, PCs, and printers, and is expected to continue to keep wallets closed in 2010, they need to look at the impact of increased equipment failure rates. “Approximately 1 million servers have had their replacement delayed by a year. That is 3% of the global installed base. In 2010 it will be at least 2 million,” Gartner says.

If replacement cycles do not change, almost 10 percent of the server installed base will be beyond scheduled replacement by 2011,” Sondergaard says. “That will impact enterprise risk. CFOs need to understand this dynamic, and it’s the responsibility of the CIO to convey this in a way the CFO understands.”

Third, Gartner says that IT needs to build compelling business cases, “2010 marks the year in which IT needs to demonstrate a true line of sight to business objectives for every investment decision. IT leaders can no longer look at IT as a percentage of revenue. CIOs must benchmark IT according to business impact.”

rb-

From where I stand, the Gartner predictions seem more rational than Forrester’s. Forrester seems to base their optimism on two fleeting factors, Obama-money and Microsoft. The only real beneficiaries of Obama-money has been Wall Street, not the rest of America, so stimulus spending is irrelevant to most American business. Forrester seems to believe that Windows 7 will save IT spending, another large leap of faith that businesses are going to jump on the bandwagon, but none of my clients seem ready to leap yet.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 23, 2009
Comments Off on WordPress Security Help

WordPress Security Help

WordPress Security HelpWith all of the hubbub over the recent Labor Day WordPress worm. The worm caused every installation not hosted at WordPress.com to be suspected of being at risk. In response to the worm, WordPress pushed out WordPress 2.8.5, a “hardening patch” it is time to get some help with WP security.

Wordpress logoOne of the tools I found is the WordPress Exploit Scanner plugin by Donncha O Caoimh. The Exploit Scanner does a number of things to help you manage your WordPress installation. The scanner installs on the WP dashboard and compares your sites’ files against an MD5 hash of the WordPress files for the version of installation you’re running. The scanner ignores files that are present but it does not have a hash for. If your hash’s don’t match then you have a problem. It also looks for suspicious code in your files that may have been deposited by attackers. It looks for “invisible” text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there’s anything suspicious or spammy about them.

This tool is not designed to identify new files, it identifies altered core WordPress files. According to the author’s website, It will not stop someone from hacking into your site, but it may help you find any uploaded or compromised files left by a hacker.

rb-

Besides staying current on patches (déjà vu MSFT) and implementing a tool like the Exploit Scanner, turning off “user registration” is probably one of the simplest and most effective ways of “hardening” WordPress. Hopefully, WP will fix this in version 2.9 so the community aspect of WP can be securely turned back on.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 17, 2009
Comments Off on Microsoft Serves COFEE to Cops

Microsoft Serves COFEE to Cops

Microsoft Serves COFEE to CopsAccording to an article on the Seattle Post Intelligencer website, Microsoft has teamed up with the National White Collar Crime Center (NW3C) to distribute a computer forensics tool to U.S. police for free.

The Computer Online Forensic Evidence Extractor (COFEE) makes it easy for any officer, not just digital forensics specialists, to record the current processes of a suspect’s computer. An officer can plug in a COFEE-formatted USB thumb drive, run COFEE, and download data that would have been lost if the computer were turned off for transit to the police station according to the article.

Microsoft logoCOFEE can be used to identify parts of a computer’s hard drive that a criminal might use for identity theft, online fraud, child pornography or other crimes. It can speed up the forensics process when a computer-crime specialist takes over the investigation. COFEE  requires Windows XP for configuration and works best at downloading data from machines running XP or earlier. However, it does have some Windows Vista support. Microsoft plans to release a new version of COFEE next year that fully supports Vista and Windows 7, a spokesperson said.

It’s a rather straightforward tool and it uses a lot of off-the-shelf technology already,” said Richard Boscovich, a senior attorney for Microsoft’s World Wide Internet Security Program. “That’s the beauty of the tool – that you don’t need that forensics expert at the scene.” Michael Merritt, assistant director of the U.S. Secret Service told an audience at Microsoft’s Digital Crime Consortium, “The difference now with technology is that many companies like yours house valuable information  … And that now has become the target of many criminals.

Boscovich said Microsoft is offering the tool for free because it helps police cut down on the larger problem of high-tech crime. Microsoft software, because of its ubiquity, is usually considered the most at-risk for digital attacks.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| October 15, 2009
Comments Off on Brocade Selling Itself

Brocade Selling Itself

Brocade Selling ItselfChannelInsider citing the Wall Street Journal is reporting that network equipment maker Brocade Communications Systems Inc. put itself up for sale on 10-05-09. The paper, citing people familiar with the matter, said Oracle and Hewlett-Packard were potential bidders for the company, but a deal was not imminent and Brocade may not even go ahead with a sale. Oracle CEO Larry Ellison told investors at Oracle’s annual shareholder conference Wednesday. “We have no interest in buying Brocade,” in response to a question from an investor according to Fortune.

Data centerTo compete with much bigger rival Cisco Systems Inc, the company has been bolstering sales partnerships with large technology vendors such as IBM and Dell to expand their customer reach. In an interview with Reuters last month, Brocade Chief Executive Michael Klayko had said he did not see a need for Brocade to merge with or acquire another company, citing the company’s expertise and partnerships.

However, Goldman Sachs analyst Min Park told Fortune, interest in Brocade is picking up, “Brocade is a likely strategic fit for a number of potential acquirers.” He includes Hewlett Packard, Juniper, Dell, IBM, and Oracle among those interested in Brocade.

rb-

It is unlikely that Dell will purchase Brocade since Dell has Perot Systems to digest and a sales partnership with Brocade. Juniper is not in the financial position but is the most need of the product. IBM is financially capable but the hardware business seems to be losing focus at Big Blue. That leaves HP  for three reasons, first, it is financially capable, second, it is looking to grow its ProCurve business and its EDS acquisition is well underway. The wild card could be Huawei if they can get government approval. Of course, Brocade CEO Mike Klayko just may have needed some extra pocket money as the Wall Street Journal article triggering a 14 percent jump in the company’s shares. Mr. Klayko’s $5 million in options increased by $700,000 in one day.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| October 10, 2009
Comments Off on Size Doesn’t Matter for Botnets

Size Doesn’t Matter for Botnets

Size Doesn't Matter for BotnetsDarkReading points out a new report released on 09-29-09 from researchers at Symantec’s MessageLabs unit which provides a detailed analysis of the size and output of current botnets. One of the report’s conclusions: Size doesn’t always matter.  Rustock, for example, is still the largest of the botnets, with an estimated size of between 1.3 million and 1.9 million nodes. Cutwail is next in size, with an estimated 1 million to 1.5 million bots.

Size Doesn't Matter for BotnetsBut neither of these two botnets is the largest proliferator of spam, according to Paul Wood, senior analyst at MessageLabs and one of the authors of the report. That title goes to a rapidly emerging botnet called Grum, which delivered an average of 39.9 billion spam messages per day last quarter — more than 23 percent of all the spam on the Internet.

Despite the fact that it’s half the size of Rustock, Grum is generating much more spam,” Wood says. “It’s getting each bot to do a lot more work.

Bobax, a botnet that has been around for more than two years, is also becoming more efficient, generating more than 27 billion messages per day and 15.2 percent of all Internet spam, the report says. That means each Bobax node generates more than 1,400 spam messages per minute.

Botnet operators have discovered that many ISPs don’t immediately recognize the huge output of individual bots because each bot’s performance is affected only on the upload, not on the download, Wood says. “Your computer might be a bot, but it might not affect your download performance very much,” he observes. “It’s only when users try to upload something and experience a performance problem that the ISP gets a complaint.

As they become more sophisticated, botnet operators are finding ways to make their infrastructures more efficient, Wood says. A new botnet, Maazben, accounted for only 0.5 percent of Internet spam 30 days ago, but now is generating 4.5 percent — about 2.4 billion messages a day — at its peak. As with Bobax, each Maazben bot is highly productive, pushing out nearly 1,300 spam messages per minute.

No matter what their size or how efficiently they operate, botnets clearly are at the heart of the spam problem, MessageLabs says. According to the report, botnets generated an average of more than 150 billion messages per day last quarter — nearly 88 percent of all the spam on the Internet.

The takedown of ISPs like McColo definitely helped, but it doesn’t solve the problem,” Wood says. “Already we see botnet operators spreading traffic across multiple ISPs, effectively giving themselves better backup than some enterprises have.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries