Tag Archive for MSFT

| October 25, 2016
Comments Off on Linux Turns 25

Linux Turns 25

Linux Turns 25Linus Torvalds released the first Linux operating system kernel on Oct. 5, 1991. On Oct. 6, 1991, Torvalds began arguing with volunteer developers who would go on to make Linux an open-source powerhouse and eventually a household name. Today the Linux community is upwards of 86 million users strong.

Linux Turns 25As part of celebrations to mark Linux’s 25th birthday the Linux Foundation has published its annual Linux Kernel Development Report (PDF reg required). According to the Register, the report concludes that Linux is in great shape, “There may be no other examples of such a large, common resource being supported by such a large group of independent actors in such a collaborative way.”

The independent actors have a lot to collaborate on. The report notes that the first versions of the Linux kernel comprised about 10,000 lines of code. Now it’s nearing 22 million and growing at a rate of 4,600 lines a day.

Wall StreetWhile Linux may have started out as a hobby OS, that changed in the early 2000s. At the turn of the century, Wall Street banks demanded Linux support for their enterprise application servers says Tech News World.

“That was a moment that broke down resistance to Linux in the big IT vendors like BEA, IBM, and Oracle (ORCL). That hole in the dam was the start of a flood,” said Cloud Foundry CEO Sam Ramji. “Today Linux is the home of operating system innovation.

Linux user and open source advocateAporeto Virtualization Expert Stefano Stabellini, who has been a Linux user and open source advocate since the 1990s explained the transition. “… back when I started with Linux in the ’90s … [companies] did not understand it. They thought that open source was unsustainable, and Linux was niche and hobbyist.” He says that now everything has changed. Every company has an open source strategy now. “Microsoft (MSFT) was the biggest foe and now is a strong ally. Linux is the most widely adopted operating system of all times.

Dice points out that the most active contributors to the growth of Linux have included (in descending order) Intel (INTC), Red Hat, Linaro, Samsung (005930), SUSE, IBM (IBM), and various corporate consultants. Google (GOOG), AMD (AMD), and Texas Instruments (TXN) also ranked in the top 15.

rb-

So my first pass at Linux was Red Hat Linux 5.0. when Novell bought into Linux. Yeap I was a Novell CNE 5 way back in the day.

The last couple of projects I have been involved with have used Linux and not Windows, CMS, IVR, PAFW’s, and storage.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| September 24, 2016
Comments Off on FIDO

FIDO

FIDOSince 2013 there have been nearly 5 billion data records lost or stolen according to the Breach Level Index. The UN says there are 6.8 billion mobile phone accounts which mean globally 96% of humans have a cell phone. It would seem that these factoids could interact to cut the pace of lost or stolen data records. An effort is underway to use mobile devices to better secure data called FIDO.

https://fidoalliance.org/FIDO (Fast ID Online) is an open standard for a secure and easy-to-use universal authentication interface. FIDO plans to address the lack of interoperability among strong authentication devices. TargetTech says FIDO is developed by the FIDO Alliance, a non-profit organization formed in 2012. FIDO members include AgnitioAlibaba, ARM (ARMH), Blackberry (BBRY), Google (GOOG), Infineon Technologies, Lenovo (LNVGY), Master Card, Microsoft (MSFT), Netflix, Nok Nok Labs, PayPal, RSA, Samsung, Synaptics, Validity Sensors and Visa.

The FIDO specifications define a common interface for user authentication on the client. The article explains the goal of FIDO authentication is to promote data privacy and stronger authentication for online services without hard-to-adopt measures. FIDO’s standard supports multifactor authentication and strong features like biometrics. It stores supporting data in a smartphone to eliminate the need for multiple passwords.

encrypted virtual containerThe author writes that FIDO is much like an encrypted virtual container of strong authentication elements. The elements include: biometrics, USB security tokens, Near Field Communication (NFC), Trusted Platform Modules (TPM), embedded secure elements, smart cards, and Bluetooth. Data from authentication sources are used for the local key, while the requesting service gets a separate login to keep user data private.

FIDO is based on public-key cryptography that works through two different protocols for two different user experiences. According to TargetTech the Universal Authentication Framework (UAF) protocol allows the user to register an enabled device with a FIDO-ready server or website. Users authenticate on their devices with fingerprints or PINs, for example, and log in to the server using a secure public key.

authenticate users with a strong second factorThe Universal Second Factor (U2F), originally developed by Google, is an effort to get the Web ecosystem (browsers, online service providers, operating systems) to authenticate users with a strong second factor, such as a USB touchscreen key or NFC on a mobile device.

FIDO’s local storage of biometrics and other personal identification is intended to ease user concerns about personal data stored on an external server or in the cloud. By abstracting the protocol implementation, FIDO also reduces the work required for developers to create secure logins.

Samsung and PayPal have announced a FIDO authentication partnership. Beginning with the Samsung Galaxy S5 users can authorize transactions to their PayPal accounts using their fingerprints, which authenticates users by sending unique encrypted keys to their online PayPal wallets without storing biometric information on the company’s servers.

Samsung and PayPal FIDO authentication partnershipFIDO promises to clean up the strong authentication marketplace, making it easier for one-fob-fits-all products. The open standards shift some of the burdens for protecting personally identifiable information to software on devices or biometric features, and away from stored credentials and passwords. ComputerWeekly described FIDO’s potential this way:

The FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user’s device that calculates cryptographic strings to be sent to a login server.

In the past, multiple-factor authentication methods were based on either a hardware fob or a tokenless product. These products use custom software, proprietary programming interfaces, and much work to integrate the method into your existing on-premises and Web-based applications.

same authentication device can be used in multiple ways for signing into a variety of providersComputerWeekly says FIDO will divorce second-factor methods from the actual applications that will depend on them. That means the same authentication device can be used in multiple ways for signing into a variety of providers, without one being aware of the others or the need for extensive programming for stronger authentication.

Integrating FIDO-compliant built-in technology with digital wallets and e-commerce can not only help protect consumers but reduce the risk, liability, and fraud for financial institutions and digital marketplaces.

The big leap that FIDO is taking is to use biometric data – voiceprint, fingerprint, facial recognition, etc. and digitize and protect that information with solid cryptographic techniques. But unlike the traditional second-factor authentication key fobs or even the tokenless phone call-back scenarios, this information remains on your smartphone or laptop and isn’t shared with any application provider. FIDO can even use a simple four-digit PIN code, and everything will stay on the originating device. With this approach, ComputerWeekly says FIDO avoids the potential for a Target-like point-of-sale exploit that could release millions of logins to the world, a big selling point for many IT shops and providers.

Target-like point-of-sale exploitIt can eliminate having to carry a separate dongle as just about everyone has a mobile phone these days this is a mobile world we live in, and we need mobile-compatible solutions; otherwise, you’re behind the curve right out of the gate.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| September 1, 2016
Comments Off on What is Bitcoin?

What is Bitcoin?

Bitcoin is the name of probably the best-What is bitcoin?known cryptocurrency or digital currency or digital gold or virtual money. A cryptocurrency is a medium of exchange, such as the US dollar, but is digital and uses encryption techniques to control the creation of monetary units and to verify the transfer of funds. Blockchain is the technology that enables the existence of cryptocurrency.

Occupy Wall StreetThe cryptocurrency has populist roots. It made its debut in relative obscurity at the start of 2009, when the great recession  financial crisis was still raging. A person or group of people known as Satoshi Nakamoto purportedly created the bitcoin protocol and reference software. The populist ideology behind Bitcoin is to take power out of the hands of the central bankers and governments who usually control the flow of currency.

Bitcoin is both a digital currency and a payment system. The basic idea behind Bitcoin is that you can use it to pay for things without a third-party broker, like a bank or government. The value of a bitcoin depends on the bitcoin market at the time. One bitcoin = 100,000,000 Satoshi like 1 dollar = 100 cents. There are no transaction fees and no need to give your real name. Merchants have to pay transaction fees on each credit card sale of 2.5% to 3.5% to the likes of Visa, MasterCard, or Discover.

Accounting ledgerThink of Bitcoin like one big ledger shared by all the users: When you pay for something with bitcoin or get paid, then your transaction is recorded on the ledger to ensure there is no double spending of the currency.

Members of the network collectively contribute processing power from their computers to maintain Bitcoin’s integrity. And every time a transaction is made, a record of it is sent out to be recorded in a public ledger where the transactions are effectively set in stone. Anyone can download and install the Bitcoin software for free so these records are distributed permanently across the entire network. This publicly distributed ledger is called the blockchain.

Peer to peerIn order to get more Bitcoins, computers running bitcoin software compete to confirm the transaction by solving a complex cryptographic equation, and the winner is rewarded with more bitcoins. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes. The process is known as “mining”. Don’t get too wrapped up in Bitcoin mining because only the computer powerhouses get their bitcoins this way.

The Consumerist explains that Bitcoin mining math is complicated and hard to forge, so the blockchain stays accurate. Because anyone can download and install the Bitcoin software for free, the payment processing and record-keeping for Bitcoin is done in a widely distributed way, and not on one particular server.

Bitcoin miningWhen blockchains are created, so are new bitcoins — but there’s a hard limit to how many will ever exist. The system was designed to create more bitcoins at first, then to dwindle exponentially over time. The first set of blockchains each created 50 bitcoins. The next set each created 25 bitcoins, and so on. New blockchains are created roughly every 10 minutes no matter what; when more computers are actively mining, the program they’re running gets harder (and therefore slower) to compensate. The Bitcoin FAQ estimates that the last bitcoin will be mined in the year 2140, bringing the permanent circulation to just under 21 million. (Currently, there are roughly 15.8 million bitcoins in the world.)

In order to use Bitcoin, you’ll have to install a “bitcoin wallet” app on your phone or computer, and then buy them from a bitcoin exchange. A bitcoin digital wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money via an exchange of public and private security keys. Bitcoin wallets can exist either in the cloud or on a user’s computer. The wallets have all the risks of any other app on your device or in the cloud. Unlike bank accounts, the FDIC does not insure bitcoin wallets. CNN Money points out some of the risks in using bitcoin.

Bitcoin miningIn order to buy bitcoins, you have to use a marketplace called “bitcoin exchanges” which allow people to buy or sell bitcoins using different currencies. These exchanges have a dubious history.

Bitcoin exchanges are vulnerable to hacking, collapse or a ”run on the bank.” A run on a bank occurs where customers are scared and demand to withdraw their deposits so fast that the bank makes payments and shutdowns. If something like that happens, good luck getting your money back: This isn’t like an FDIC-insured bank account.

Bitcoin can be used in a few places; Marketwatch says there doesn’t seem to be much rhyme or reason to where you can use Bitcoin:

rb-

The use of bitcoins in Michigan has not really taken off. Last summer, according to the FreeP, there were only a handful of businesses in metro Detroit that took bitcoin included:

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| August 22, 2016
Comments Off on Chatbot Risks

Chatbot Risks

Chatbot RisksChatbots are the latest rage on social media. As Time explained, they have been around since the 1960s. That’s when MIT professor Joseph Weizenbaum created a chatbot called ELIZA. Chatbots found a home on desktop messaging clients like AOL Instant Messenger. Chatbots went dormant as messaging transitioned away from desktops and onto mobile devices.

Sophiscated botBut they’re poised for a resurgence in 2016. There are two reasons for this. First, artificial intelligence and cloud computing has gotten better thanks to improvements in machine learning. Second, bots could be big money.

Tech titans have chatbots on social media

All the tech titans have released social bots on the web; Apple’s (AAPL) Siri, Facebook’s (FB) “bots on Messenger“, Google’s (GOOG) Allo, and Microsoft’s (MSFT) ill-fated Tay. They believe there’s a buck to be made here, and they’re scrambling to make sure they don’t get left out.

Social botThe July issue of the Communications of the ACM included an article, “The Rise of Social Bots,” which lays out social bots’ impact on online communities and society at large. The authors define a social bot as a computer algorithm that automatically produces content and interacts with humans on social media, trying to emulate and possibly alter their behavior.

The Business Insider published this infographic about the social bot ecosystem.

Business Insider infographic

Chatbots can be deceptive

The ACM article argues that social bots populate techno-social systems; they are often benign, or even useful, but some are created to harm by tampering with, manipulating, and deceiving social media users. The article offers several examples of how social bots can be a hindrance. The first example involves the Twitter (TWTR) posts around the Boston Marathon bombing. The researcher’s analysis found that social bots were automatically retweeting false accusations and rumors. The researchers argue that forwarding false claims without verifying the false tweets granted the false information more influence.

bots can artificially inflate political candidatesThe ACM article also discusses how social bots can artificially inflate political candidates. During the 2010 mid-term elections some politicians used social bots to inject thousands of false tweets to smear their opponents. This type of activity puts the integrity of the democratic process at risk. These types of attackers are also called astroturfing, or twitter-bombs.

Anti-vaxxer chatbots

The article offers another example of the use of social bots to influence an election in California. During the recent debate in California about a law on vaccination requirements there appears to be widespread use of social bots by opponents to vaccinations. This social bot interference puts an unknown number of people at risk of death or disease.

bot provoked stock market crashGreed is the most likely use of social bots. One example from the article is the April 2013 hack of the Twitter account of the Associated Press. In this case, the Syrian Electronic Army used the hacked account to posted a false statement about a terror attack on the White House which injured President Obama. This false story provoked an immediate $136 Billion stock market crash as an unwarranted result of the widespread use of social bots to amplify false rumors.

Chatbots manipulate social media reality

Research has shown that human emotions are contagious on social media. This means that social bots can be used to artificially manipulate social media users’ perception of reality without being aware they are being manipulated. The article says the latest generation of Twitter social bots has many “human-like” online behaviors that make it difficult to separate bots from humans. According to the authors, social bots can:

  • Search the web to fill in their profiles,
  • Post pre-collected content at a defined time
  • Engage in conversations with people,
  • Infiltrate discussions and add topically correct information.

Some bots garner attention.Some bots work to gain greater status by searching out and following popular or influential users or taking other steps to garner attention. Other bots are identity thieves, adopting slight variants of user names to steal personal information, picture, and links.

Strategies to thwart bad chatbots

The authors review several attempts to thwart these growing sophisticated bots.

1. Innocent-by-association – This theory measured the number of legitimate links vs. the number of social bots (Sybil) links a user has. This method was proven to be flawed. Researchers found that Facebook users are pretty indiscriminate when adding users. The article says that 20% of legitimate Facebook users accept any friend request and 60% accept friend requests with only one contact in common.

2. Crowdsourcing – Another approach to stop social bots is crowdsourcing. The crowdsourcing approach would rely on users and experts reviewing an account. The reviewers would have to reach a majority decision that the account in question was a bot or legit. The authors pointed out some issues with crowdsourcing.

  • It will not scale to large existing social networks like Facebook or Twitter.
  • “Experts” need to be paid to check accounts.
  • It exposes user’s personal information related to the account to unknown users and “experts.”

3. Feature-based detection is the third method the researchers noted by the authors. Feature-based bot detection uses behavior-based analysis with machine learning to separate human-like behavior from bot-like behavior. Some of the behaviors that these types of applications include:

  • The number of retweets.
  • Age of account.
  • Username length.

4. Sybil until proven otherwise – The Chinese social network RenRen uses the fourth method noted by the author. This network uses a “Sybil until proven otherwise” approach. According to the article, this approach is better at detecting unknown attacks, like embedding text in graphics.

rb-

Use your brainWhile people’s ability to critically assimilate information, is beyond technology, the authors call for new ways to detect social bot-generated spam vs. real political discourse.

The researchers speculate there will not be a solution to the social bot problem. The more likely outcome is a bot arms race, like what we are seeing in the war on SPAM and other malware.

Related articles
  • Man vs. Machine: What do Chatbots Mean for Social Media? (blogs.adobe.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , ,
| May 26, 2016
Comments Off on Lessons From the LinkedIn Data Breach

Lessons From the LinkedIn Data Breach

Lessons From the LinkedIn Data BreachReaders of the Bach Seat know that passwords suck and that people are awful at picking passwords. The Business Insider offers more proof. According to a recent article, the 2012 LinkedIn data breach exposed a whopping 167 million accounts that were compromised, including 117 million passwords.

The article says the passwords were hashed or encrypted so they can’t be read, but researchers at LeakedSource have been able to decrypt them. Their findings should be no surprise to Bach Seat followers. The results show just how much the same passwords get used over and over (and over and over and over and over) again.

Most often used passwords

92% of the top leaked LinkedIn passwords were identified as the top 25 most often used passwords in 2011 or 2012. Nearly half of the passwords listed were the most commonly used password in 2011, 2012, or 2013. The top 5 bad passwords were used to “secure” over 1.2 million accounts.

PasswordsThe LeakedSource data says the most popular password for LinkedIn in 2012 was 123456. That password was used by more than 750,000 accounts. Data the Bach Seat has collected says that 123456 has been the top 1 or 2 passwords every year used since 2011.

The remarkably unstealthy password ’linkedin’ is the second most used password on these breached LinkedIn accounts with 172,523 users. That is just so wrong on so many levels.

The password ‘password’ is number three with 144,458 hacked LinkedIn users relying on it to secure their professional profile. Our historical data says that ‘password’ has swapped the top ranking with ‘123456’ since 2011.

password is ‘password’12345678’ is the fourth most popular bad LinkedIn password with 94,214 users according to LeakedSource. This password has been a consistent #3 in my data.

The data for the top 49 passwords is below. You can search for your user name here  Fix your passwords.

RankPasswordFrequencyNotes
1123456753,305#2 in 2012
2linkedin172,523
3password144,458#1 In 2012
412345678994,314#6 in 2012
51234567863,769#3 in 2012
611111157,210#12 in 2011
7123456749,652#7 in 2011
8sunshine39,118#15 in 2011
9qwerty37,538#4 in 2011
1065432133,854#21 in 2011
1100000032,490#25 in 2013
12password130,981#21 in 2013
13abc12330,398#5 in 2011
14charlie28,049
15linked25,334
16maggie23,892
17michael23,075#16 in 2012
1866666622,888
19princess22,122#22 in 2013
2012312321,826#11 in 2013
21iloveyou20,251#9 in 2013
22123456789019,575#13 in 2013
23Linkedin119,441
24daniel19,184
25bailey18,805#17 in 2011
26welcome18,504
27buster18,395
28Passw0rd18,208#18 in 2011
29baseball17,858#9 in 2012
30shadow17,781#17 in 2011
3112121217,134
32hannah17,040
33monkey16,958#6 in 2011
34thomas16,789
35summer16,652
36george16,620
37harley16,275
3822222216,165
39jessica16,088
40GINGER16,040
41michelle16,024
42abcdef15,938
43sophie15,884
44jordan15,839#22 in 2012
45freedom15,793
4655555515,664
47tigger15,658
48joshua15,628
49pepper15,610

rb-

The advice remains the same as I wrote about in 2010.

Strong passwords characteristics:
• At least eight (8) alpha-numeric characters
• At least one numeric character (0-9)
• At least one lower case character (a-z)
• At least one upper case character (A-Z)
• At least one non-alphanumeric character* (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family, etc.
• Are never written down or stored online.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »