Tag Archive for Open Source

| August 22, 2020
Comments Off on Elephants on the Internet

Elephants on the Internet

Elephants on the InternetThe global COVID-19 lockdown is now taking its toll on endangered wildlife like elephants and rhinos around the globe. Global lockdowns have caused a sharp drop in Africa’s wildlife tourism revenue. Wildlife tourism in Africa is a $169 billion industry. It employs 24.6 million people and is often the only employer in areas where wildlife thrives. The tourism business has helped curb poaching in several ways. First, tourists act as a deterrent to poachers. However, with fewer tourists, there are fewer tourist vehicles in parks. They are no longer a deterrent to poachers.

The amount of poaching is on the rise because COVID-19 has reduced funding for law enforcement in wildlife areasAfrica’s wildlife tourism revenue funds help to sustain wildlife reserves across the continent. At many of the reserves more than half of the budget comes from tourism revenues. Matt Brown, with The Nature Conservancy’s Africa program, told ABC News that tourist fees support rangers. Fees such as bed-night, and conservation fees help pay for the rangers‘ salaries. The fees also pay fuel for airplane patrols, and more – hampering security and opening the game reserves to poachers. 

Vulnerable to poaching

Without money to support the rangers — and the highly endangered animals they protect – elephants gorillas and rhinos — are left vulnerable to poachers. The amount of poaching is on the rise because COVID-19 has reduced funding for law enforcement in wildlife areas

highly organized illegal poaching threatens rhinos,

CNBC reports that highly organized illegal poaching threatens to send African wildlife into extinction over the next several decades. Most vulnerable to extinction are the black and white rhinos, lions, and elephants. The black rhino population has plummeted 97.6% since 1960. The lion population is down 43% in the last 21 years, according to the World Wildlife Fund. At least 35,000 African elephants are killed each year. There are only 1,000 mountain gorillas and 2,000 Grevy’s zebras that remain on the continent.

According to reports, six elephants were killed on one June day in Ethiopia’s Mago National Park. That compares to 10 in that nation for all of 2019. Officials suspect that most elephant tusks and finished products are shipped to China and south-east Asian countries. To make matters worst, in 2017 the Trump administration rolled back the ban on hunting elephants. The Trump policy allows elephant remains to be imported into the United States. Conservationists believe that elephants in the wild could be extinct within 10 years due primarily to poaching. 

Using IoT to protect elephants

OpenCollar, an open-source modular animal-tracking collar system for wildlife monitoringExtinction does not have to be the “new normal.FierceElectronics reported on a collaboration using Internet of Things (IoT) technologies to protect elephants in the wild from extinction by developing a next-generation elephant tracking collar. The collaboration between Phoenix-based electronic components firm Avnet’s developer community Hackster.io, and conservation group Smart Parks which focuses on technology to protect endangered species, are running a design competition called ElephantEdge.

The ElephantEdge challenge asks developers to leverage the Internet of Things (IoT) technologies that can help humans protect elephants from extinction. ElephantEdge will combine software, machine learning (ML), and hardware to build the next generation elephant collars. The next generation collars will have better battery life, longer range, and accuracy that can be worn by elephants in the wild.

Elephant IoT collars

The elephant IoT collars will have sensors for audio pickup, location, and position as well as low-power, wide-area antennas that provide wireless connectivity. The new collar will use hardware and software from different vendors:

The ElephantEdge Challenge requires developers to build machine learning models with Avnet’s Edge Impulse Studio and tracking dashboards with Avnet’s IoTConnect– which will provide useful tracking, health vitals, motion, environmental anomalies, and more. ElephantEdge challenge looks to create machine learning  models like:

  • Poaching Risk Monitoring: Identify an increased risk for poaching by learning when an elephant is moving into a high-risk area and send real-time notifications to park rangers.
  • Human Conflict Monitoring: Prevent conflict between humans and elephants by sensing and alerting when an elephant is heading into an area where farmers live by detecting if any mobile phones or WiFi hotspots are near.
  • Elephant Musth Monitoring: Detect and alert when an elephant bull is in musth by using motion and acoustic sensors to discern this state of erratic, loud, and aggressive behavior.

vocal communications between elephants

  • Elephant Activity Monitoring: Collect data on the general behavior of the elephant, such as when it is drinking, eating, sleeping, etc. by using accelerometer data.
  • Communication Monitoring: Listen for vocal communications between elephants via the onboard microphone. 

rb-

This is an example of when IoT tech can do good for the world – protect animals like elephants, gorillas, rhinos, lions, and polar bears which cannot protect themselves from extinction.

Nobody is going to get rich doing this work – challenge winners will receive an Apple Watch 3 and a collectible t-shirt as prizes – but the world will be a better place.

By the end of 2020, ten next-generation elephant collars will be produced for Smart Parks to deploy in selected African parks, in partnership with the World Wildlife Fund. Final software and hardware will be documented and shared freely under an open-source license. 

Stay safe out there!

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| September 7, 2019
Comments Off on $2.9M Per Minute Lost to Cybercriminals

$2.9M Per Minute Lost to Cybercriminals

Updated 10/27/2019 – On October 22, 2019, the FBI issued a warning about cybercriminals running e-skimming attacks, also known as Magecart attacks. These attacks have been happening since 2016, but have intensified during 2018 and 2019. These attacks started out by exploiting vulnerabilities in open-source e-shopping platforms. However, over the past two years, attackers evolved their attack methodology, and any online store is now susceptible to attacks, regardless if it runs on top of an open-source platform or a cloud-hosted service.

$2.9M Per Minute Lost to CybercriminalsCybercriminals cost the global economy $2.9 million every minute of 2018. This shocking statistic comes from RiskIQ‘s latest Evil Minute report. RiskIQ specializes in online attack surface management, providing threat discovery, intelligence, and mitigation. The San Francisco, CA-based firm figured that a total of $1.5 trillion was lost to cyber-criminals in 2018. Some of the more ominous info-bits they presented include:

  • RiskIQ logo$25 per minute, the cost to top companies due to security breaches.
  • $17,700: lost from phishing attacks per minute
  • $22,184: the projected by-the-minute cost of global ransomware events in 2019

Other statistics include:

  • 8,100: identifier records compromised every minute
  • 2.4: phish traversing the internet per minute
  • 0.32: blacklisted apps by-the-minute
  • 0.21: Magecart attacks detected every minute

Lou Manousos, CEO of RiskIQ said in the presser, “As the scale of the internet continues to proliferate, so does the threat landscape.

Magecart hacks

Magento .logoThe report specifically calls out attacks that target e-commerce. They focus on the Magecart hacks. Magecart hacks have increased by 20% in the last year. By some estimates, the Magecart supply chain attacks have resulted in the theft of more credit card information than more infamous breaches at Home Depot and Target. According to reports, Magecart was behind the 2018 cyber-attacks on British Airways and Ticketmaster which together compromised the info of over 425,000 of the firm’s customers.

Magecart attack is a credit card skimmer that intercepts card numbers and information when a payment card is swiped at the point of sale. Unlike gas card or ATM skimmers, there is almost no way for a consumer to determine that Magecart skimming is about to take place. There is no physical manifestation of Magecart and it is not always easy to catch, because it takes advantage of universal code and other applications not typically related to payments.

ecommerace

Magecart is a consortium of at least six different hacking groups that target flaws in online shopping cart systems. The attackers like Magento to steal customer payment card information. Magento, an open-source e-commerce platform written in open-source PHP. At least initially attackers exploited a PHP Object Injection flaw (CVE-2016-4010) in the popular online shopping cart.

In order to run this compromise, the Magecart attacker substitutes a piece of Javascript code, either by altering the Magento source code or by redirecting the shopping cart using an injection to a website that hosts the malware to steal the credit card and user information.

Trend Micro Mirrorthief attack chainRiskIQ CEO Manousos warns;

Without greater awareness and an increased effort to implement necessary security controls, there will be more attacks using an ever-expanding range of technologies and strategies.

 

RiskIQ infographic

rb-

Firms that fall victim to attacks don’t just lose card info. They also lose time and productivity. Restoring hacked data and systems takes time and resources. The damage to a company’s reputation can cost it new and existing customers. Then there are the legal penalties from PCI, HIPAA, and the courts that come with mishandling customer information.

Like I keep saying – time to go back to the cash economy.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| March 10, 2018
Comments Off on Follow the Open Source Money

Follow the Open Source Money

 Matt Asay at Infoworld recently pointed out some interesting data on who really contributes to open source. Wikipedia, the most well-known open-source project, defines open-source software as software whose source code is published and made available to the public, enabling anyone to copy, modify and redistribute the source code without paying royalties or fees. Open-source code can evolve through community cooperation. These communities include individual programmers as well as large companies.

Open sourceAdobe developer Fil Maj used the GitHub REST API to pull public profile information from GitHub users. The REST API is a low-bandwidth protocol used on the internet that allows two software programs to communicate with each other. Using the API, Mr. Maj collected the company field from all 2,060,011 GitHub user profiles who were active in 2017 (“active” meaning ten or more commits to public projects). Using that data, Mr. Maj was able to pull the total number of corporate contributors to GitHub, with results that might surprise you.

Here are the ranking of GitHub contributors, with their total number of employees actively contributing to open source projects on GitHub:

RankCompanyEmployees Contributing
1Microsoft4,550
2Google2,267
3Red Hat2,027
4IBM1,813
5Intel1,314
6Amazon.com881
7SAP747
8ThoughtWorks739
9Alibaba694
10GitHub676
11Facebook619
12Tencent605
13Pivotal591
14EPAM Systems585
15Baidu584
16Mozilla469
17Oracle455
18Unity Technologies414
19Uber388
20Yandex351
21Shopify345
22LinkedIn343
23Suse325
24ESRI324
25Apple292
26Salesforce.com291
27VMware271
28Adobe Systems270
29Andela259
30Cisco Systems233

The author points out, this is not a perfect measure, but it is a much richer, more accurate data set for figuring out total contributors for any company. Even with that caveat in mind, we end up with many more corporate open source contributors than previous data suggested.

Microsoft’s contributions to open source

Microsoft's contributions to open sourceThe new data shows Microsoft (MSFT) is the number 1 open source contributor. Redmond has twice the number of contributors compared to its next nearest competitor. Remember Steve Ballmer‘s developers! developers! developers! meltdown?  For those of us that were around when Mr. Ballmer, the Microsoft CEO called open source as a “cancer” and “anti-American,” this is a remarkable change of heart for MSFT.

Red Hat

Red Hat (RHT) Mr. Maj’s data puts the open source leader among the top contributors. Red Hat has dramatically fewer engineers on its payroll than Google (GOOG) or Microsoft. As such, it’s doubly impressive that Red Hat would place so highly. Pretty much every engineer in the company works on open-source projects.

Amazon

 

Amazon logoAmazon (AMZN) Often considered an open source ne’er-do-well, Amazon comes in at No. 6 in the rankings. AMZN has nearly 900 open source contributors on staff. The article points out that Amazon has perhaps not publicly led the open source effort in the same way as Google and Microsoft have, but it remains a strong contributor to the projects that feed its developer community.

China is a net consumer of open source

Chinese companies like Baidu, Tencent, and Alibaba, which have long been perceived to be net consumers of open source, actually contribute quite a bit according to the new data.

Legacy firms

Legacy firms like Intel (INTC), Oracle (ORCL), Adobe (ADBE), and Cisco (CSCO) rank among the top 30 open source contributors reports InfoWorld.

rb-

Color me suspicious, but have these firms really embraced open source. Have they just adapted their business model to usurp elements of open source to lay their proprietary code on top of it? This saves them the bother of writing new code and yet they can charge proprietary costs for software where they have reduced their development costs.

Tom Brady hanging high fiveAfter all, numbers don’t lie. Stats say that in 2014, half of the companies said they use open source in their product. Just one year later, the number grew to 78%. Consequently, as long as open source continues to enjoy its place in the sun, we should expect the Microsoft-open source bromance to continue.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , , ,
| April 18, 2016
Comments Off on Schools Face RansomWare Risk

Schools Face RansomWare Risk

More than 2,000 machines at K12 schools are infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam. TargetTech defines ransomware as malware designed for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment in Bitcoins for the decryption key.

JBossRansomware has typically been spread through drive-by downloads or spam emails with malicious attachments. One of the latest victims of Samsam was MedStar Health, a not-for-profit organization that runs 10 hospitals in the Washington, D.C., area.

PCWorld reports that the Cisco (CSCO) Talos threat-intelligence organization, announced that roughly 3.2 million machines worldwide are at risk. The article says that many of those already infected run Follett’s Destiny library-management software, used by K12 schools worldwide. According to Cisco, Follett responded quickly to the vulnerability,” Follett identified the issue and immediately took actions to address and close the vulnerability”.

BitcoinIn a presser, Follett offers patches for systems running version 9.0 to 13.5 of its software and says it will help remove any backdoors. The author states that Follett technical support staff will reach out to customers found to have suspicious files on their systems. Follett even offers SNORT detection rules on the presser page.

Snort is a highly regarded open-source, freeware network monitoring tool that detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to Syslog, a separate ‘alerts’ file, or to a pop-up window.

JBoss the vulnerable underlying system is described as an open-source Red Hat product that serves as an application server written in Java that can host business components developed in Java. Essentially, JBOSS is an open source implementation of J2EE that relies on the Enterprise JavaBeans specification for functionality.

PCWorld reports that compromised JBoss servers typically contain more than one Web shell. Talos advises that it is important to check the contents of a server’s jobs status page. “This implies that many of these systems have been compromised several times by different actors,” the company said.

BackupWeb shells are scripts that indicate an attacker has already compromised a server and can remotely control it. The list of those associated with this exploit is listed in Talos’s blog post.

Companies that find a Web shell installed should begin by removing external access to the server, Talos said in the article. The security firm recommends quick action.

Ideally, you would also re-image the system and install updated versions of the software … If for some reason you are unable to rebuild completely, the next best option would be to restore from a backup prior to the compromise and then upgrade the server to a non-vulnerable version before returning it to production.

rb-

I have worked with a number of customers on their library automation projects. The cost of these systems is as usual in the data. There is a great deal of time and effort that goes into creating the proper MARC records, especially for books that are out of print and kiddie books. If these files get locked up by ransomware, the system is useless and expensive to replace.

K12 schools are notoriously cheap, but the advice is the same as always,

  1. Keep your software UP TO DATE
  2. Use a real virus scanner on your servers and administrative stations
  3. Back-Up – Back-Up – Back-Up – With a good backup, you can just blow the machine away, re-install and restore the data. and be back in business.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| April 9, 2013
Comments Off on Rackspace Strikes Back at Patent Troll

Rackspace Strikes Back at Patent Troll

Rackspace Strikes Back at Patent TrollRackspace, which just successfully defended itself in a lawsuit filed by one patent troll, is now declaring war on another patent troll reports Barb Darrow at GigaOM. The hosting firm turned cloud infrastructure service provider announced on its blog that it sued IP Navigation Group (IP Nav) and Parallel Iron, asking the federal court in its hometown of San Antonio, TX for damages, for breach of contract, and to enter a declaratory judgment asserting that Rackspace does not infringe on Parallel Iron’s patents.

Rackspace logoAccording to the Rackspace (RAX) blog post, Parallel Iron sued Rackspace and 11 others in Delaware. The other firms the non-practicing entity is suing includes; Qualcomm (QCOM), JPMorgan Chase (JPM), Twitter, Trulia (TRLA), Wal-Mart (WMT), Visa (V), Groupon, PayPal, Cloudera Inc., eBay (EBAY), and Nokia (NOK). That suit alleges that the defendants infringed on three patents that Parallel Iron claims cover the use of the open-source Hadoop Distributed File System (HDFS).

In his post, Alan Schoenbaum, Rackspace SVP and general counsel wrote: “Parallel Iron is the latest in a string of shell companies created to do nothing more than assert patent-infringement claims as part of a typical patent troll scheme of pressuring companies to pay up or else face crippling litigation costs. At least that is what it looks like on the surface.”

Line in the sandGigaOM has reported many of the non-practicing companies (aka trolls) are shells created by patent aggregators. Their goal is to wring money out of targets. Sometimes, legitimate tech companies give their IP to trolls to harass rivals or even create their own shell to pursue this sort of litigation.

rb-

The trolls claim they are supporting small firms. The argument goes that without the patent trolls,  small companies — those without the resources to enforce their own patents — can turn their IP over to a shell company to protect it. Rackspace’s Shoenbaum calls the theory “laughable.”

I have covered how patent trolls have been stifling innovation and removing over $29 billion in value from the U.S. economy for a long long time.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries