RB | Bach Seat - Part 191

Archive for RB

RB | May 29, 2011

Comments Off

Are You Gaga for Chrome?

Google‘s (GOOG) newest advertisement for their Internet Explorer killer Chrome browser using media darling de jour Lady Gaga struck me as jumping the shark moment for Google.

rb-

Is this a new marketing strategy from GOOG founder and newly appointed CEO Larry Page?

Hopefully, GOOG will continue to develop new quality products and not use celebrity marketing to drive the firm.

Lady Gaga tapped to give Chrome browser an edge (news.cnet.com)

What do you think?

I remember when everybody was gaga over Madonna – Am I too old to get it?

Does Lady Gaga make you want to ditch Firefox for Chrome?

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2011, Business, Chrome, GOOG, Google, Lady Gaga, Larry Page, Madonna, Marketing and Advertising

RB | May 28, 2011

Comments Off

Michigan Troopers Downloading Phone Data Without Warrants?

Think about this while you are driving around this Memorial Day weekend. – The American Civil Liberties Union of Michigan claims that for several years now Michigan State Police have been using portable devices that allow them to secretly extract personal information from cell phones In an article on Help Net Security the ACLU says that the troopers have used the devices on cell phones of people pulled over for minor traffic infractions as well as people suspected of a crime.

The article says most of the devices used are from CelleBrite and can extract a great number of data from most cell phones, including contacts, text messages, deleted text messages, call history, pictures, audio and video recordings, memory file dumps, and more. GeekOSystems says the Cellebrite UFED Physical Pro Scanner (cut-sheet), were tested by the U.S Department of Justice. The DOJ reported the device was capable of pulling all photos and video from an Apple (AAPL) iPhone in under a minute and a half. Cellebrite says their devices also can extract, “existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags.” It can also extract your highly incriminating ringtones. These devices can also get around password protection, and work on over 3,000 cellphone models according to the website.

The ACLU is concerned that the MSP is using these devices to conduct warrantless searches without consent or a search warrant in violation of the 4th Amendment of the U.S. Constitution. Help Net Security reports that the ACLU of Michigan has been requesting information about MSP’s use of these devices for nearly three years by filing Freedom of Information Act requests to the Michigan State Police. The ACLU wants the troopers to reveal the data it collected, but it has had no luck so far. The article indicates that the MSP is stonewalling the ACLU’s Freedom of Information (FOIA) requests resulting in possible court action.

Following those accusations, the Michigan State Police posted their side of the story in an official statement published on its website according to another Help Net Security article. The MSP says it has, “fulfilled at least one ACLU FOIA request on this issue …” The web-posting also claims that devices that the MSP has in its possession can’t extract data without the officer actually having the owner’s mobile device in his hand and they claim the scanners are properly used, “The DEDs (data extraction devices) are not being used to extract citizens’ personal information during routine traffic stops,” it explains. “The MSP only uses the DEDs if a search warrant is obtained or if the person possessing the mobile device gives consent.”

rb-

Wonder why the government keeps trying to make talking on a cell phone while driving a primary offense? Could it be so the government has an excuse to stop people and collect their personal data? The last sentence from the MSP is particularly chilling since people are strongly encouraged to cooperate with the police even when they know they did nothing criminal. Warrantless searches violate the protection against unreasonable search and seizure guaranteed by the 4th Amendment of the U.S. Constitution.

Secure motoring in Michigan!

What do you think?

Does anyone care about privacy anymore?

Cops refuse to say if they secretly snarf cellphone data (go.theregister.com)

Category: Uncategorized | Tags: 2011, American Civil Liberties Union, Constitution, Department of Justice, Fourth Admendment, Freedom of Information Act, iPhone, Legal, Michigan, Michigan State Police, U.S.

RB | May 25, 2011

Comments Off

Michigan Disaster Recovery Test Turns Into Disaster

State of Michigan IT officials are probably happy for a new week. The State of Michigan IT infrastructure took two big hits last week. The folks in Lansing had a failure on Monday 05-16-11 were nearly 25,000 employees were unable to use the state’s IT network for about three and a half hours, Kurt Weiss, public information officer for the Michigan Department of Technology, Management, and Budget (DTMB), said in a phone interview with InformationWeek. Apparently, an upgrade over the weekend to patch security holes had gone wrong somewhere, Mr. Weiss said. Access to the network was restored by 10:30 a.m.

ESCON cable On Wednesday 05-18-11 a disaster recovery test at the Michigan DTMB turned into a disaster when a link to a mainframe computer was broken reports MiTechNews. Around noon Wednesday, a link between the test environment and production environment was severed by human error, taking out a mainframe computer. Mr. Weiss told MiTechNews

A fiber link was broken by a state employee … We were working on a disaster recovery test, performing a test on the mainframe. During the test we went from test to real life disaster. The cord between testing and real life was severed. Corrupted files got loaded on the mainframe, and we crashed the mainframe.

The “big iron” failure affected many state offices, including 131 Secretary of State branch offices, which run 80,000 daily transactions. Other state operations also were affected, including the departments of corrections, treasury, and human services. Data stored on the mainframe that was affected included the bulk of information about driver’s license and motor vehicle registration in the state, the ability for police officers to look up driver’s license information (LEIN), or for automobile dealerships to transfer license plates for vehicles that they sold, Mr. Weiss said.

The mainframe was up and running by Wednesday night, but computer applications were still inoperable due to file corruption. The system was finally restored after 5:00 PM on Thursday according to Government Technology. The delay was caused by the data-recovery operations that were necessary as the result of file corruption during the outage. “We have had outages before, but not to this length or scale or duration,” Mr. Weiss said, “and actually not to this level of complexity. This one has been a much more difficult one to fix compared to the other outages.”

The mainframe that went down last week also is part of an old system that is in need of modernization, Weiss said, but Michigan’s budget woes have so far prevented the state from doing the upgrades it needs. “We do need to modernize all of those applications for the secretary of state,” he told InformationWeek.

Former Gateway Computers CEO and current republican governor Snyder, when asked about the outage, told MiTechNews it is another reason the state has to get the budget approved so the state can focus on upgrading the old computer equipment used by the Michigan government. Some of this equipment is more than 30 years old.

The DTMB IT department is doing a root cause analysis of both incidents and plans to publish a “lessons learned” review of them once that is complete, Weiss said. No data was lost in either incident, although some data files were corrupted during the second and had to be restored through tape backup, he said.

IT officials are re-evaluating how to do such tests in the future in light of the incident, and another test will not be performed until this study is complete, he said.

rb-

Just put it back in the cow box

So now the boys and girls in Lansing know what it is like to work with ancient equipment because the Governor is cutting funding to everything to give a tax cut to businesses. I doubt that Snyder or his cronies have ever been in line for hours just to get new tabs. I have. Michigan needs to invest in its people and infrastructure not tax breaks for businesses.

What do you think?

Invest in people and infrastructure so people want to stay in Michigan?

Cut spending and raise taxes to give businesses more profits?

How To Implement a Disaster Recovery Strategy (readwriteweb.com)

Category: Uncategorized | Tags: 2011, Business Continuity, Department of Technology Management and Budget, Fail, Government Technology, IBM, Mainframe computer, Michigan

RB | May 23, 2011

Comments Off

40 Years of Malware – Part 1

40 Years of Malware - Part 1 Twenty-five years ago, two brothers in Pakistan came up with one of the greatest annoyances in the modern world. Basit and Amjad Farooq Alvi developed the first major personal computer malware “Brain” in 1986 at their Lahore, Pakistan computer shop. Brain spread eventually spread across the world, one infected floppy disk at a time.

– See Part 1 Here – See Part 2 Here – See Part 3 Here – See Part 4 Here

Brain was the first of what became known as “stealth viruses.” Because most 1980s computers only had tiny internal hard drives or none at all, everything had to be run from floppy disks. Brain would bury itself in the part of the disk necessary for running programs and infect any computer it ran into. It would then sit in the computer’s memory and infect new disks inserted into that machine as well. While Brain was relatively harmless, it was the mother of all viruses, which spawned a host of malicious malware.

Robert Slade, a senior instructor at the International Information System Security Certification Consortium (ISC2) told News.Com, Australia:

… the virus itself spreads far and wide without any reference to the original media and programs they were selling … Because this was a boot sector infector, it just spread on to any floppy disk that had been put into an infected machine.

There has been a great deal of speculation about why the brothers created the virus. So on the 25th anniversary, F-Secure (FSC1V) researcher Mikko Hypponen, who was among the first to analyze Brain, decided to track down the Farooq brothers and ask them about their groundbreaking work. Mr. Hypponen originally reverse-engineered the virus and discovered a short block of text with the phone number and address of the place where it was created buried within Brain’s code. Amazingly enough, the brothers are still working at their company, Brain Telecommunications, which is still headquartered at the same Pakistan address near Lahore Railway Station listed in the virus code.

During the interview, the brothers explained how and why they created Brain, adding that they wrote the code primarily as an experiment to see how far it could spread via floppy disk. The brothers, who are now successful businessmen in Lahore, were quick to point out that Brain wasn’t destructive, and explicitly distanced themselves from the more malicious viruses that have sprung up in the past quarter of a century. To the Farooqs, today’s malware is rooted in pure criminality — something they denounce, but don’t feel entirely responsible for spawning. As they pointed out, if they hadn’t created the world’s first PC virus, someone else surely would have.

Aaron Toponce: Poll: Have You Ever Used A Floppy Disk? (pthree.org)

Category: Uncategorized | Tags: 2011, Boot sector, Brain, Computer, Floppy disk, Lahore, Malware, Pakistan, Security, Virus

RB | May 21, 2011

Comments Off

2/3 K-12 Networks Breached Multiple Times

Panda Security, a provider of cloud-based security software, recently released a report that says 63 percent of K-12 schools experience malware outbreaks or unauthorized user access at least twice a year. The report, Kindergarten-12 Education IT Security Report (PDF), had some other interesting infobits.

Personal devices on K-12 networks

The survey reports that eighty-two percent of schools allow students and staff to connect personal computers and laptops to the school network. Panda says schools recognize outside devices introduce external risks, but they struggle to fully integrate security policies for multiple devices. Only 74 percent of districts are monitoring the use of external devices. Fifteen percent fail to take any extra security measures, leaving those school systems more vulnerable to infection. Most schools have implemented IT security best practices, there is still room for improvement reports Panda. The report says ninety percent of schools install anti-virus and/or anti-malware on computers, but nearly 25 percent fail to use firewalls, block high-risk websites, or employ user authentication. 86% prevented the use of very risky websites; while 89% mandated users install security software on their systems. Further, 15% of respondents acknowledged that there weren’t any extra security measures in their districts if they wanted to use laptops.

Social media threats

Social media is a top concern for schools, but the stringency of school policy varies greatly. Ninety-five percent of schools have a social media policy in place, citing the mitigation of malware-related risks as the main reason for implementation. Twenty-nine percent of schools allow students unlimited access to social media sites, while 32 percent deny students access altogether.

Schools lack the funding to be secure. I have always said that schools face attacks from the inside and the outside. Insiders in a K-12 school network range from technically unsavvy to damn good malicious attackers. Despite this, the report says 72% of schools reported that budget limitations were the main obstacle, to better security and 38% reported non-availability of staff, and 29% of the schools, reported their IT staff had to attend to other more important tasks than IT security. IT administrative staff at 38 percent of schools report removing viruses or malware from IT systems a few times a week, and 21 percent are doing this daily according to Panda.

With malware on the rise and new threats propagated through social media every day, having the right security tools in schools has never been more important. Security issues consume staff time, diverting attention from the business of education. Help Net Security quotes Rick Carlson, president of Panda Security US, who has a great grasp of the obvious, “While the Internet is an invaluable tool for education, it can cause serious interruptions to day-to-day operations if schools fail to properly address security concerns.”

rb-

Just to prove the point, the Oakland Press is reporting that 4 students at Romeo High School in Romeo, Michigan were caught allegedly intercepting 60 staff members’ emails, including the Superintendent after “something goofy” happened to the website. While I have no first-hand knowledge, the news did say the attackers went after people who read their emails on their cellphones. So more than likely it was some kind of Bluesnarfing attack, maybe including a Cain and Able payload to get at passwords.

Notable data breaches (boston.com)

Category: Uncategorized | Tags: 2011, Anti-Virus, Computer, Malware, Michigan, Networking, Panda Security, Security, Social

« Older Entries Recent Entries »

Bach Seat

Archive for RB

Are You Gaga for Chrome?

Related articles

Michigan Troopers Downloading Phone Data Without Warrants?

Related articles

Michigan Disaster Recovery Test Turns Into Disaster

40 Years of Malware – Part 1

Related articles

Meta