Tag Archive for 2017

| April 8, 2017
Comments Off on Michigan Adds Over 10,700 Tech Jobs in 2016

Michigan Adds Over 10,700 Tech Jobs in 2016

Michigan Adds Over 10,700 Tech Jobs in 2016Michigan’s technology industry employment grew by an estimated 5.1% in 2016, the MichiganTech News reports. The good news comes from the annual Cyberstates 2017 report from CompTIA. The technology association found that Michigan employers added more than 10,700 new tech jobs in 2016.

Michigan ranks 10th for tech industry employmentThe survey also found that Michigan ranks 10th among the 50 states for tech industry employment with an estimated 221,994 workers. Michigan was in the top five states for 2016 tech industry job growth on a percentage change basis.

Technology occupations across all other industries in Michigan – the second part of the tech workforce – reached an estimated 271,900 in 2016. The tech sector accounts for an estimated 6.6 percent of the overall Michigan economy. The tech industry employs an estimated 5.3 percent of the overall state workforce. Leading tech occupations state-wide include:

  • Mechanical engineers (42,610),
  • Industrial engineers (25,500) and
  • Computer user support specialists (20,130).

metro-Detroit area leading tech jobs are: Software and Web DevelopersThe metro-Detroit area leading tech jobs are:

  • Software and Web Developers 11,434
  • Network Architects, Admins, & Support 10,379
  • Systems & Cybersecurity Analysts 9,441
  • Computer Support Specialists 1,437
  • Database Administrators 1,437

The annualized average wage for a Michigan tech industry worker was an estimated $89,200 in 2016, 77% higher than the average state wage ($50,400). Michigan ranks 21st nationally in average tech industry wages.

Other Key Findings

average wage for a Michigan tech industry worker was an estimated $89,200 Michigan ranks 27th among all states in the Cyberstates 2017 Innovation Score, which is based on an analysis of new tech patents, tech startups, and new tech business establishments on a per capita basis.

Michigan is home to an estimated 11,223 tech business establishments. The Detroit metropolitan area is home to more than one-third of these businesses (4,174).

The strongest year-over-year job growth occurred in the categories of:

  • Engineering services (+ 8.3%)
  • R&D and testing labs (+ 5.4%) and
  • Computer systems design and IT services (+ 5.1%).

Employers posted more than 28,600 job openings for tech occupations in Q4 2016.

“The Cyberstates data affirms the strength and vitality of Michigan’s tech industry, and attests to its essential standing in the economy,” Todd Thibodeaux, president, and CEO of, CompTIA said in a presser. “Technology enables innovation and generates growth for companies, regardless of their size, locale or markets served.”

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| April 2, 2017
Comments Off on 300 Billion Passwords

300 Billion Passwords

PasswordsThe death of the password has been predicted for years. Bill Gates predicted the death of the password at an RSA Security conference in 2004. In 2011, IBM (IBM) predicted that biometrics would replace passwords by 2016. In case you haven’t noticed in 2017 and passwords are still with us and they suck. “It’s now years after those statements were made, and passwords are still in heavy use,” Joseph Carson, head of global strategic alliances at Thycotic Software told CSO.

PasswordA new report (Reg. Req.) from cyber-security research firm Cybersecurity Ventures says that the number of passwords in use will grow from about 75 billion today to around 100 billion in 2020. AND the number of passwords used by machines, such as IoT devices, will grow even faster, from around 15 billion in 2015 to around 200 billion in 2020, the report said. That is 300 billion passwords by 2020.

And these numbers don’t include one-time passwords, SSL encryption keys, and other short-term credentials said Thycotic’s Carson. Thycotic Software sponsored the report.

Mr. Carson told CSO the estimates come from worldwide statistics about the total number of computers, operating systems, servers, routers, and other technologies and applications that come with passwords or need users to create passwords to use them. he added, “Then there are the social media accounts, which have been growing significantly.”

The average user has over 25 passwords, he said. There’s no decline in the number of passwords, in fact, the opposite is the case. “We find that the growth is accelerating at a massive pace,” CSO observed that the use — and reuse — of all these passwords is creating an ever-growing attack surface of both human and machine-to-machine passwords. A record number of credential breaches were disclosed in 2016, Mr. Carson added — 3 billion, with 43% of people having had at least one password or credential stolen.

A report released by the Pew Research Center said that for U.S. adults, the number was even higher. According to a 2016 survey, 64% said that they had personally noticed or been notified of a data breach that affected their accounts or personal data.

MoneyAccording to Mr. Carson, the financial damages of the breaches will continue to increase as well. Thycotic and Cybersecurity Ventures predicts potential damages from cyber-crime to reach $6 trillion by 2021.

rb-

Looks like passwords are here to stay. Followers of the Bach Seat know that passwords suck. I have covered a number of options to replace passwords. None of the biometric options have taken off as IBM had predicted.

Where biometric authentication is deployed, it’s been as an adjunct to passwords, not a replacement. Passwords are used to set up the initial trusted relationship, and as a fallback when the biometrics fail. Mr. Carson concludes, “The biometrics are used for ease of access to systems … Biometrics will never replace passwords.”

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| March 25, 2017
Comments Off on Limes in Your Data Center

Limes in Your Data Center

Limes in Your Data CenterTimes are changing in the data center. For decades data centers were wired with orange multi-mode fiber optic cable. MMF is the choice for the data center connections because it is smaller and faster than copper and cheaper and more forgiving than single-mode fiber optic cables typically used for long-haul transmissions. The orange flavor of MMF was pulled into data centers to deploy Gigabit Ethernet.

multi-mode fiber optic cableThis type of MMF would work with links up to 600 meters. MMF uses the 850 nm and 1300 nm wavelength to transmit data. The typical MMF is 62.5/125 µm which means it has a core size of 62.5 micrometers (µm) and a cladding diameter of 125 µm, OM1 (“OM” stands for optical multi-mode). The second generation of MMF is 50/125 µm (OM2). These cables used LED transmitters. Newer installations often used laser-optimized 50/125 µm multi-mode fiber (OM3). MMF that meets this designation has enough bandwidth to support 10 Gigabit Ethernet (GigE) up to 300 meters.

10 GigE is a great technology, but many organizations have outgrown it. New variants of Ethernet can reach speeds of 25 Gbps, 40 Gbps, 100 Gbps, and soon, up to 800 GigE is needed to keep up with the new requirements of enterprise and cloud data centers.

cloud data centersThe industry determined that a new type of fiber was needed to physically pass the bits back and forth at these new speeds and yet maintain backward compatibility with older installations. In October 2016, the international cabling standards development body International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) decided that the new standard would be called OM5.

Cabling Installation & Maintenance magazine reports that the new OM5 standard was developed to meet the increasing bandwidth demands but keep up compatibility with older MMF installations, “The standard specifies 50/125-micron laser-optimized fiber that is optimized for enhanced performance for single-wavelength or multi-wavelength transmission systems with wavelengths in the vicinity of 850nm to 950nm.”

OM5 fiber is 50 micron core, laser optimized multimode fiber (LOMF)Sr. Fiber Product Manager at Legrand Randy Harris, explained that OM5 fiber is a new type of 50-micron core, laser-optimized multimode fiber (LOMF) designed to provide better performance for applications using wavelength division multiplexing (WDM). It operates over a wider window in the range of 850nm to 953nm to support at least four wavelengths. Swiss-based cabling provider R&M says OM5 fiber-optic cabling supports duplex transmission by sending four wavelengths over a single multimode fiber to create future bandwidths up to 200 Gbps.

Cindy Montstream explained in an article published in Cabling Installation & Maintenance magazine in September 2016,

The 40 GE SWDM4 and 100 GE SWDM4 specifications support transmission over duplex OM3, OM4, and OM5 multimode fiber types. Maximum reaches vary from 75 to 440 meters depending on data rate and fiber type. The group added that in the future, SWDM technology could be leveraged to enable 200-, 400-, and 800-Gbit/sec Ethernet traffic on multimode fiber cabling as well.

In June 2016, a Telecommunications Industry Association (TIA) TR-42 subcommittee approved the new standard, which specifies wideband multimode fiber. In February 2017, the TIA TR-42.12 Optical Fibers and Cables subcommittee approved lime green as the OM5 jacket color. At that time it also approved a project to develop Addendum 2 to the TIA-598-D standard.

rb-
The evolution of Ethernet is driving changes in the data center. The IEEE has developed a couple of new standards for Ethernet, which I wrote about here. The new standards include IEEE 802.3by, which covers 25 Gb/s switch interconnects for data centers.

In well-done cable installations cables can be distinguished by jacket color:

  • Orange jackets indicate legacy 62.5/125 µm (OM1) and 50/125 µm (OM2) fiber-optic cabling
  • Aqua jackets show 50/125 µm “laser-optimized” OM3 and OM4 fiber fiber-optic cabling
  • Lime-green jackets  50/125 µm “laser-optimized” OM5 fiber-optic cabling
  • Yellow jackets indicate single-mode fiber-optic cabling

It took decades to install all the orange old-school MMF, it is going to take several more decades to get it all uninstalled.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| March 18, 2017
Comments Off on Your Mobile is Leaking SS7

Your Mobile is Leaking SS7

Your Mobile is Leaking SS7There is a vulnerability in the global phone system. The flaw allows hackers to access telephone data using nothing but a phone number. The flaw is in the Signaling System 7 (PDF) or SS7. SS7 is a set of telephony signaling protocols that exchanges information on telephone networks.

Listening to phone callsThe Register points out that SS7 signaling technology was developed in the 1970s. It hasn’t been updated, since the systems became accessible over the internet. The weakness in SS7 allows hackers or TLA’s to exploit the vulnerability with the phone number of the user they’re targeting. The flaw allows them to listen to phone calls, read text messages and track the user’s location.

The SS7 flaw

A white paper (PDF) by independent cyber-security company Positive Technologies explains.

The process of placing voice calls in modern mobile networks is still based on SS7 technology which dates back to the 1970s. At that time, safety protocols involved physical security of hosts and communication channels, making it impossible to obtain access to an SS7 network through a remote unauthorized host. In the early 21st century, a set of signaling transport protocols called SIGTRAN were developed. SIGTRAN is an extension to SS7 that allows the use of IP networks to transfer messages.

However, even with these new specifications, security vulnerabilities within SS7 protocols remained. As a result, an intruder is able to send, intercept and alter SS7 messages by executing various attacks against mobile networks and their subscribers.

The real-world result of the SS7 flaw as Alex Mathews, technical manager EMEA of Seoul Korea-based Positive Technologies explained is.

Chat applications such as WhatsApp, Telegram, and others use SMS verification based on text messages using SS7 signaling to verify the identity of users/numbers.

SMS verification based on text messages using SS7 signallingSMS authentication is one of the major security mechanisms for services like WhatsApp, Viber, Telegram, Facebook (FB), and is also part of second-factor authentication for Google (GOOG) accounts, etc. Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume the identity of the legitimate user. Having done so, the attacker can read and write messages as if they are the intended recipient.

If chat history is stored on the server, this information can also be retrieved.

60 Minutes hacks SS7

The hack first came to light in 2014. Security researcher Karsten Nohl demonstrated the SS7 flaw at a convention in Germany according to FierceWireless. CBS 60 Minutes (rb- That’s still on?) caused a mild ripple after they ran a story on the flaw. The program engaged Mr. Nohl to demonstrate the vulnerability. He was able to track a new iPhone that had been given to U.S. Rep. Ted Lieu (D-CA).

Mr. Lieu, who holds a degree in computer science from Stanford, agreed to use the phone to talk to his staff knowing it would be hacked. From his office in Berlin, Mr. Nohl was able to access Rep. Lieu’s phone. He tracked the representative’s movements in Los Angeles, read messages, and recorded phone calls between Representative Lieu and his staff.

record phone callsCBS correspondent Sharyn Alfonsi contacted representatives from CTIA for comment on the story. The CTIA said that there have been reports of SS7-related security breaches abroad. She stated, “… but (they) assured us that all U.S. cellphone networks were secure.” Despite the fact that Mr. Lieu was on a U.S. network when his phone was hacked from Germany.

An open secret

The flaw “is an open secret among the world’s intelligence agencies — including ours — and they don’t necessarily want that hole plugged,” Ms. Alfonsi reported. The four major U.S. wireless operators declined to discuss more specific questions from FierceWireless. When asked whether the flaw may threaten the privacy and security of subscribers, AT&T (T) and Verizon (VZ) deferred to CTIA. Sprint (S) and T-Mobile (TMUS) declined to discuss SS7.

Listen to phnoe callsRepresentative Lieu has called for a congressional investigation of the vulnerabilities in SS7. He wrote that “The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring U.S. government officials.” Lieu said the investigation should be conducted by the House Oversight and Government Reform Committee, of which he is a member.

Investigate the flaws in SS7

The Register reports that Senator Ron Wyden (D-OR) recently joined Representative Lieu to investigate the flaws in SS7. The pair plan to send an open letter [PDF] to Homeland Security. They want an update from Secretary John Kelly on DHS’s progress in addressing the SS7 design shortcomings. It also asks why the agency isn’t doing more to alert the public about the issue. The letter states in part:

We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. … We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.

 rb-

It is important to understand that the wired and wireless telephone network that your phone connects to is not secure. They probably never will be.

Telephone networks were not designed to be secure.

In the most recent draft of the new Digital Identity Guidelines requirements from NIST warns that:

Note: Out-of-band authentication using the PSTN (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.

You really have to wonder if this is related to the SS7 hole and why it is only being considered for removal. Maybe some of its TLA friends want the hole to stay in place.

I previously covered the SS7 flaw implications to SMS here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| March 11, 2017
Comments Off on Who Rules the Internet?

Who Rules the Internet?

Who Rules the Internet?

Singapore-based ISP Vodien published an infographic that lists the 100 highest-ranking websites in the U.S. by traffic, according to website analytics company Alexa. There are over 1.1 billion websites on the Internet, but the majority of all traffic actually goes to a very small number of firms. Seven companies control 30% of the top 100 websites and the related web traffic.

InternetNot surprisingly Alphabet controls the most popular sites on the web, Google and YouTube. Surprisingly, Microsoft controls the most sites in the top 100. Redmond controls seven of the top web properties including recently purchased LinkedIn, Bing, and Microsoft.com. For a long time, MSFT’s online efforts were a disaster. That seems to have changed with Azure, but I still hate Bing. According to the Vodien infographic Alphabet controls four of the most popular sites.

The Visual Capitalist points out that Google.com gets an astounding 28 billion visits per month. The next closest is also a Google-owned property, YouTube, which brings in 20.5 billion visits.

Facebook (FB) controls two of the most popular websites; Facebook (#3) and Instagram (#13).

Jeff Bezo’s firm Amazon (AMZN) directs four popular websites;

The infographic says Verizon (VZ) now controls the Huffington Post (#49) and AOL (#59) and will control Yahoo (#5) and Tumlr (#12) if the deal closes in 2017 Q2.

Reddit.com comes in at #7 and Reddituploads.com is #61.

Online retailer eBay comes in as the #8 website.

POTUS favorite Twitter (TWTR) is the 9th ranked website and t.co is #25.

Video streamer Netflix comes in ranked #10 by Vodien.

Microsoft (MSFT) controls 7 of the top 100 websites with recently purchased LinkedIn at #11, Live.com #14. so-so search engine Bing is #17, followed by Office.com (#23), Microsoft Online Services (#24), MSN (#37), and Microsoft.com (#41).


Vodien lists the 100 highest ranking websites

rb-

The consolidation of all of this web traffic is troubling. The current administration is going to allow online firms to sell all the personal information they collect to the government, data aggregators or anybody else to make a buck.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »