Tag Archive for Facebook

| August 28, 2010
Comments Off on New School Year Same Security Threats

New School Year Same Security Threats

New School Year Same Security Threats Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start up again. Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, “With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

Top threats at school

WatchGuard’s top at school threats include:

watchguard_logoSocial Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing, and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for educational purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways of delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet are part of a botnet. As part of a botnet, school and university systems can be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft, and more.

Phishing scams continue to get more advanced and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As the use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
  • The Science of Cyber Security (usnews.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 24, 2010
Comments Off on Cows Can Power Your Next Server Farm

Cows Can Power Your Next Server Farm

ComputerWorld reports that HP (NYSE: HPQ) researchers presented a paper (PDF) on using manure from cows to generate power to run data centers. HP says that manure from dairy farms. cattle feedlots and other “digested farm waste” can be used to generate electricity.

HPHP presented the idea to the American Society of Mechanical Engineers Conference on Energy Sustainability, The researchers believe that biogas from a farm of 10,000 dairy cows could power a 1 megawatt (MW) data center, about 1,000 servers. That is the equivalent of a small bank’s computer center.

Organic matter is already used by farms to generate power. Farmers use a process called anaerobic digestion that produces methane-rich biogas. HP’s paper looks at how the process could be extended to run a data center, starting with the amount of manure produced by your typical dairy cow and working up from there.

Connecting a data center to cows

But there are some practical problems. The first problem is connecting a data center to the cows. “What’s the reality of getting 10,000 cows in one place?” said Angie McEliece, an environmental consultant for RCM International in Berkeley, CA, which makes digester systems. She told ComputerWorld the average size dairy farm in the U.S. includes less than 1,000 cows. farms with 5,000 cows are quite unusual. Farms that now use anaerobic digestion systems to generate electricity and heat typically get some funding from federal and state grants. In such cases, a payback of four years or less on the technology is likely. 10 years is the payback to me without grants, said Ms. McEliece in the ComputerWorld article.

Cows Can Power Your Next Server Farm

HP insists that this is just an idea sketched out on paper by a research team. No demonstration project has yet been planned. “I’ve not yet submitted a purchase order for cows,” said Tom Christian, an HP researcher, in an e-mail to ComputerWorld. “The idea of using animal waste to generate energy has been around for centuries, with manure being used every day in remote villages to generate heat for cooking.

The new idea that we are presenting in this research is to create a symbiotic relationship between farms and the IT ecosystem. The new tech can benefit the farm, the data center, and the environment according to Tom Christian, principal research scientist, Sustainable IT Ecosystem Lab, HP.

rb-

The proposal has energy independence, economic and ecological benefits.

Michigan had 335,000 cows in 2007.  According to the HP researchers, the manure that one dairy cow produces in a day can generate 3.0 kilowatt-hours (kWh) of electrical energy. Michigan dairy cows could produce enough methane to move 366.825 MWh off the grid under this plan. That would be enough electrical power to move all of Facebook’s estimated 30,000 servers off of the grid.

Economic benefits

There are economic benefits as well. Data center operators would have access to a reliable source of clean energy, presumably at a competitive if not lower cost than what’s on the market. Dairy farmers would make money selling electricity to data center customers. HP estimates that dairy farmers would break even within the first two years. They could earn roughly $2 million annually from selling the power to data center customers. Michael Kanellos, at Greentech Media, told the New York  Times that there was some convenient overlap between data centers and biogas generation. “Computing equipment produces a lot of heat as a waste product, and the systems needed to create biogas require heat. So, there is a virtuous cycle of sorts possible.”

Another trend that makes this idea workable is the move to build facilities in rural locations. In areas where high-speed networks are available, they can benefit from the cost advantages of rural areas. Many agricultural areas are also ideal for wind farms. Leading to a second clean energy source that could lead to some economic revival in the U.S.

Alternate energy sources such as these can help prepare for a new round of regulation and taxes. For example the U.S.s’ Waxman Markey bill. Carbon taxes or cap-and-trade systems both in the U.S. and abroad will force companies to measure and report greenhouse gas emissions. Farmers will benefit from the proposed system by accumulating carbon offsets for capturing and reusing methane.

There are also environmental benefits. A system that extracts biogas from manure would cut the hefty environmental impact of animal waste. The HP paper says methane is 21 times more damaging to the environment than carbon dioxide. Additionally, farmers will benefit from carbon offsets. They could be eligible to receive credits for capturing and reusing methane under any future cap-and-trade emissions legislation.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 20, 2010
Comments Off on Facebook Adds IPv6

Facebook Adds IPv6

Facebook Adds IPv6NetworkWold is reporting that Facebook began offering “experimental, non-production” support for IPv6 on June 10,2010. With more than 350 million active users. 65 million of them accessing the site through mobile devices, Facebook is planning its deployment of native IPv6 to its network backbone. The social network says it wants to support both IPv4 and IPv6-aware clients. In a presentation at the Google IPv6 Implementors Conference, Facebook’s network engineers said it was “easy to make [the] site available on v6.”

FacebookFacebook said it deployed dual-stack IPv4 and IPv6 support on its routers, and that it made no changes to its hosts to support IPv6. FB also said it was supporting an emerging encapsulation mechanism known as Locator/ID Separation Protocol (LISP), which separates Internet addresses from endpoint identifiers to improve the scalability of IPv6 deployments. “Facebook was the first major Web site on LISP (v4 and v6),” Facebook engineers said during their presentation. They also said that using LISP allowed them to deploy IPv6 services quickly with no extra cost. Facebook’s IPv6 services are available at www.v6.facebook.com, m.v6.facebook.com, www.lisp6.facebook.com, and m.lisp6.facebook.com.

John Curran, president, and CEO of the American Registry for Internet Numbers (ARIN) has been urging Web site operators to deploy IPv6. Curran set a deadline of Jan. 1, 2012, when all public-facing Web sites must support IPv6 or risk providing visitors with lower-grade connectivity. The remaining pool of unallocated IPv4 addresses could be depleted as early as December due to unprecedented levels of broadband and wireless adoption in the Asia-Pacific region, experts say.

ARIN logoRichard Jimmerson, CIO at the American Registry for Internet Numbers (ARIN), told NetworkWorld, “It’s moving so fast now that it’s hard for us to be current on it any longer,” ARIN provides IPv4 addresses to carriers in North America. “We’ve gone through 10 /8s since the beginning of this year,” Jimmerson says. “To put that in perspective, in all of 2009, we only went through eight /8s. It’s very possible that the IANA free pool will deplete in December or January at the earliest.”

The article reports that demand for IPv4 addresses remains flat in North America, there has been a huge surge in the Asia-Pacific region this year that is likely to stay strong. “The Asia-Pacific region has very large economies that are underserved by IP addresses such as India, China, and other places,” Jimmerson told NetworkWorld. “They are really seeing a big surge in broadband deployment and wireless data handset deployment, and that translates into having to have unique IP address space. That trend is likely to continue.”

rb-

Just last week, I was speaking with a potential client about getting ready for IPv6 on their network. They had not even talked yet with their ISP about getting IPv6 traffic to them, let alone how they were going to deal with IPv6 in and out of the network.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| January 30, 2010
Comments Off on Password Insecurity

Password Insecurity

password The massive Rockyou.com breach reveals the weakness of the password. The Rockyou.com breach provided an opportunity to evaluate the true strength of passwords as a security mechanism. California-based security firm Imperva analyzed the stolen cache of 32 million passwords and the results are not pretty. According to researchers, most passwords are eight or fewer characters and nearly 30% of passwords were six characters or less. They also found Nearly 50% of users used names, slang words, dictionary words, or trivial passwords (consecutive digits, adjacent keyboard keys, and so on), and 20 percent are from a pool of 5,000 passwords. The ten most common passwords used were:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Imperva“The problem has changed very little over the past 20 years,” explained Imperva’s CTO Amichai Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. “It’s time for everyone to take password security seriously; it’s an important first step in data security. It’s important to point out that, the same password “123456” also topped a similar chart based on a statistical analysis of 10,000 Hotmail passwords published (Link removed at the request of Acunetix) October 2009 by Acunetix (Link removed at the request of Acunetix).

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes,” explained Shulman in a press release.

For enterprises, password insecurity can have serious consequences. “Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” said Shulman.

The rest of the passwords rated by popularity:

Imperva passwords

Some of the lessons that firms can lead from the Imperva research are:

1) Most users use short passwords which lack a lower-capital-numeric characters mix or trivial dictionary words which every decent brute-forcing/password recovery application can find in a matter of minutes.  A hacker will typically take 17 minutes to gain access to 1000 accounts.

2) Strong password algorithms must be coupled with longer passwords that contain a mix of letters, numbers, and, where possible, punctuation.

3) Firms should emulate Twitter’sbanned passwords” list consisting of 370 passwords that are not allowed to be used.

The analysis proves that most people don’t care enough about their own online security to give more than a fleeting thought when choosing the password which secures access to their accounts.  This research shows why firms must take proactive actions to manage their users’ choices in passwords.

PASSWORD RELATED SECURITY BEST PRACTICES:

• All passwords are to be treated as sensitive, confidential corporate information.
• Don’t use the same password for corporate accounts and non-corporate accounts (e.g., Facebook, Twitter, personal ISP account,  etc.).
• If someone demands a password call someone in the Information Security Department.
• Change passwords at least once every four months.
• Do not use the “Remember Password” feature of applications (e.g., Eudora, Outlook, Netscape Messenger).
• If an account or password is suspected to have been compromised, report the incident and change all passwords.

Strong passwords characteristics:
• At least eight (8) alpha-numeric characters
• At least one numeric character (0-9)
• At least one lower case character (a-z)
• At least one upper case character (A-Z)
• At least one non-alphanumeric character* (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family, etc.
• Are never written down or stored online.

Password  “dont’s”:
• Don’t reveal a password over the phone to ANYONE
• Don’t reveal a password in an email message
• Don’t reveal a password to the boss
• Don’t talk about a password in front of others
• Don’t hint at the format of a password (e.g., “my family name”)
• Don’t reveal a password on questionnaires or security forms
• Don’t share a password with family members
• Don’t reveal a password to co-workers while on vacation

OTHER PASSWORD-RELATED SECURITY BEST PRACTICES:
• Account Lockout: all systems should be set to “lockout” a user after a maximum of 5 incorrect passwords or failed login attempts
• Lockout Threshold: all systems should have a minimum “lockout” time of five (5) minutes
• Password History: systems should be configured to require a password that is different from the last ten (10) passwords

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| December 11, 2009
Comments Off on Insurers Astroturf Facebook

Insurers Astroturf Facebook

Insurers Astroturf FacebookThe Business Insider reports that health insurance industry trade groups opposed to President Obama’s health care reform bill are paying Facebook users. The trade group is Facebook users virtual currency to send letters to Congress protesting the bill. When Facebook users play a social game, like “FarmVille” or “Mafia Wars,” the gamers get virtual currency in three ways:

  1. Winning it playing the games
  2. Paying for it with real money
  3. By accepting offers from third parties who agree to give the gamer virtual currency so long as that gamer agrees to try a product or service. This is done through an “offers” provider — a middleman that brings the companies, Facebook, and the Facebook game maker’s users together.

Blue Cross Blue Shield opposition to healthcare reform

It’s this third method that an anti-reform group called “Get Health Reform Right” which is funded and directed by mega-insurer Blue Cross Blue Shield according to SourceWatch is using to pay gamers virtual currency for their opposition to health-care reform. This practice of paying people to act like political supporters is called “astroturfing,” because of the fake grass-roots campaigning. The Insurance Companies’ Political Action Committee astroturfing is targeting women in their 30s and 40s and teenagers of both sexes who tend to be Facebook gamers according to Business Insider.

Instead of asking the gamers to try a product, “Get Health Reform Right” requires gamers to take a survey, which, upon completion, automatically sends the following email to their Congressional Representative, including:

“I am concerned a new government plan could cause me to lose the employer coverage I have today. More government bureaucracy will only create more problems, not solve the ones we have.”

Under the “Who We Are” tab on GetHealthReformRight.org (appears down on 12-10-09) the following organizations are listed:

rb-

This practice is not illegal. Most EULA’s are so broad, ambiguous, and slanted toward the vendor that most anything is possible. The ethics of this practice are pretty shady in my opinion. Based on the list of companies that back GetHealthReformRight.org. I find it extremely hard to believe that these insurance companies have nothing but their own best interests in mind.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , ,
  Recent Entries »