Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for September 2011

TurboTech: The Flying Solo, Almost Live From Bangalore Edition

leave a comment »

My time in Bangalore is coming to a rapid close, but I wanted to provide a quick, solo edition of “TurboTech” as I prepare to jet out of here overnight. I can’t say enough good things about my experience here this week, or about the new team I’m going to be working with here.  They’ve been a lot of fun despite the long meetings and hard work, and I expect it won’t be long before I’m back for another visit.

Meanwhile, my cricket knowledge doubles every passing day, and at least now I can honestly say I can explain the difference between a “sixer” and an “over.”  I had hoped to get a ticket to the Mumbai Indians game this evening as part of the Champion’s League T20 this evening, but they were all sold out!

Hopefully Scott and I will be able to get our social calendars linked up once I’m back to Austin, and the stopwatch will be making its return engagement.

Written by turbotodd

September 30, 2011 at 1:07 pm

IBM X-Force Trends Report: Year Of The Security Breach

with 2 comments

Attacker types and techniques in 1H2011 identified by the IBM X-Force Mid-Year Trend & Risk Report. The study revealed mobile security exploits would likely double in 2011.

Okay, it’s my last day in Bangalore.  At least for this particular journey.

I don’t have any more India-related news, except to report that the Kolkata Night Riders beat the Royal Challengers Bangalore in the CLT20 last night, here in Bangalore.

KKR won by nine wickets, and now I know why there were such sad faces in the stadium as I watched the end of the match late last night on TV.

As I was watching cricket, IBM was releasing the results of its “X-Force 2011 Mid-Year Trend and Risk Report,” a tiding I always attempt to cover in some depth, both because I find the reports fascinating and enlightening, and because I consider it a real service that IBM is providing to the global IT community.

Poised at the frontline of security, the IBM X-Force team serves as the eyes and ears for thousands of IBM clients – studying security attack techniques and creating defenses before many vulnerabilities are even announced.

The X-Force Mid-Year Trend and Risk Report is based on intelligence gathered through IBM’s research of public vulnerability disclosures as well as the monitoring and analysis of an average of 12 billion security events daily since the beginning of 2011.

Drumroll, Please: Moble Exploits Are Ripe For Exploitation!

The headline: This report demonstrates the rapidly changing security landscape characterized by high-profile attacks, growing mobile vulnerabilities and more sophisticated threats such as “whaling.”

Adoption of mobile devices such as smartphones and tablets in the enterprise, including the “Bring Your Own Device” approach, which allows personal devices to access the corporate network, is raising new security concerns.

IBM X-Force has documented a steady rise in the disclosure of security vulnerabilities affecting these devices.  X-Force research recommends that IT teams consistently employ anti-malware and patch management software for phones in enterprise environments.

Click to enlarge. This graphic explores what the security situation might look like if it were run by the IBM X-Force team as they attempted to deal with this year's exploits.

Other key findings from the study:

  • Malicious software targeting mobile phones is often distributed through third-party app markets. Mobile phones are an increasingly attractive platform for malware developers as the sheer size of the user base is growing rapidly, and there is an easy way to monetize mobile phone infections. Malware distributors can set up premium texting (SMS messaging) services that charge users that text to a specific number. Malware then sends text messages to those premium numbers from infected phones.
  • Some mobile malware is designed to collect end user’s personal information. This data could then be used in phishing attacks or for identity theft. Mobile malware is often capable of spying on victim’s personal communications as well as monitoring and tracking their physical movements via the GPS capabilities common in these phones.

“For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “It appears that the wait is over.”

Critical Vulnerabilities Triple in 2011

The X-Force team also reports that the percentage of critical vulnerabilities has tripled thus far in 2011.

X-Force is declaring 2011 the “Year of the Security Breach” due to the large number of high-profile attacks and network compromises that have occurred this year.

This graphic explores the top website categories from the 1H2011 report containing at least one malicious link.

There is a cadre of notable emerging threats from this year’s breaches:

  • Teams of professional attackers motivated by a desire to collect strategic intelligence have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning. These attackers are often referred to as “Advanced Persistent Threats” (APTs).
  •  The success of APTs has raised the profile of “whaling,” a type of spear phishing which targets “big fish,” or those positioned in high levels of an organization with access to critical data. These targeted attacks are often launched after careful study of a person’s online profiles has armed an attacker with the information needed to create a compelling phishing email that the victim will be fooled into clicking on.
  • Attacks from ‘hacktivist’ groups, who targeted web sites and computer networks for political ends rather than just financial gain. Hacktivist groups have been successful in using well known, off-the-shelf attack techniques such as SQL Injection, which is one of the most common attack techniques seen in the Internet.
  • Anonymous proxies have more than quadrupled in number compared to three years earlier. Anonymous proxies are a critical type of website to track, because they allow people to hide potentially malicious intent.

Advances In Security

“The rash of high-profile breaches this year highlights the challenges organizations often face in executing their security strategy,” said Cross. “Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves.”

Although the X-Force team declared 2011 as a watershed in high-profile security breaches, the report also uncovered some improvements in areas of computer security that show headway in the fight against crime on the Internet.

  • The first half of 2011 saw an unexpected decrease in web application vulnerabilities, from 49 percent of all vulnerability disclosures down to 37 percent.  This is the first time in five years X-Force has seen a decrease.
  • High and critical vulnerabilities in web browsers were also at their lowest point since 2007, despite an increasingly complex browser market. These improvements in web browser and application security are important as many attacks are targeted against those categories of software
  • As major botnet operators are taken down and off-line by law enforcement officials, the report shows a trend in the decline of spam and more traditional phishing tactics.
  • After years of consistent spam growth until the middle of 2010, there has been a significant decline in spam volumes in the first half of this year.In the first half of 2011, the percentage of spam that is phishing on a weekly basis was less than 0.01 percent. Traditional phishing has greatly declined from the levels X-Force was seeing prior to the middle of 2010.

Also of note, the SQL Slammer Worm has been one of the most common sources of malicious packets on the Internet since its appearance and naming by the IBM X-Force team in 2003, but it has fallen down the list after a dramatic disappearance observed in March 2011.

The most recent analysis strongly suggested that the SQL Slammer Worm’s disappearance is due to an unknown source or actor. The analysis showed that a time-based trigger using a Slammer’s server clock was used to shut it down, proving that it was disabled by a single cause.

Traditional Vulnerabilities Still a Problem

The X-Force report uncovered numerous attacks that target traditional security vulnerabilities. According to the report, attacks on weak passwords are commonplace on the Internet, as are attacks that leverage SQL Injection vulnerabilities in web applications to compromise backend databases.

Databases have become an important target for attackers. Critical data used to run organizations — including financial/ERP, customer, employee, and intellectual property information such as new product designs — is stored in relational databases.

IBM researchers tested almost 700 web sites — from the Fortune 500 and other most popular sites — to uncover that 40 percent of these contain a class of security issues referred to as client-side JavaScript vulnerabilities. The existence of vulnerabilities like these in so many corporate web sites is indicative of the security blindspots in many organizations.

This graphic reveals insight into the exploit effort versus potential reward in the 1H 2011 X-Force report.

IBM Launches Institute for Advanced Security in Asia Pacific

To help combat security risks and to foster collaboration amongst security industry leaders, IBM is launching the IBM Institute for Advanced Security in Asia Pacific in order to combat growing security threats in the region.

The IBM Mid-Year X-Force report states that top countries originating spam have shifted to Asia Pacific, with India sending out roughly 10 percent of all spam registered today, and South Korea and Indonesia also making the top five list.

This Institute joins its predecessors in Brussels, Belgium and Washington, D.C., focused on European and U.S. clients respectively.

About the IBM X-Force Team and the Trend and Risk Report

This report comes from IBM’s X-Force team, the premier security research organization within IBM that has catalogued, analyzed and researched more than 50,000 vulnerability disclosures since 1997.

The IBM X-Force Trend and Risk Report is an annual assessment of the security landscape, designed to help clients better understand the latest security risks, and stay ahead of these threats.

It is the result of the work done in IBM’s nine global Security Operations Centers, which is provided as a managed security service to clients.

The report gathers facts from numerous intelligence sources, including its database of computer security vulnerabilities, global web crawler, international spam collectors, and the real-time monitoring of an average of 12 billion security events every day for nearly 4,000 clients in more than 130 countries.

You can learn more about and download the report here.

Written by turbotodd

September 30, 2011 at 9:16 am

Don’t Even THINK About Parking Here: The First Ever IBM Global Parking Survey

leave a comment »

Considering that traffic congestion has been an ongoing theme during my week in Bangalore, it only stands to reason that parking follows.

IBM just released its first ever parking survey, and Bangalore made the top, or near the top, on a couple of key metrics. It was first in terms of most parking tickets issued, and second (only to New Delhi) in terms of cities where drivers argued most over parking spaces.

They have parking spaces in Bangalore??

I jest, but not being able to find a parking space is no laughing matter: Which is why these results are so disturbing these results: The study found that drivers in 20 international cities face a daily struggle in finding a parking space, and in the past year, nearly six out of 10 drivers have abandoned their search for a space at least once, and more than a quarter have gotten into an argument with a fellow motorist over a parking space!

Calgon, take me away!

In addition to the typical traffic congestion caused by daily commutes and gridlock from construction and accidents, reports have estimated that over 30 percent of traffic in a city is caused by drivers searching for a parking spot.

So not only do inefficient parking systems result in congestion and increased carbon emissions, they also waste commuters’ time, lead to lost productivity and economic opportunities and can lead to inefficient city services.

IBM Global Parking Index

IBM compiled the results of the survey into its first-ever Parking Index that ranks the emotional and economic toll of parking in a cross-section of 20 international cities with the highest number being the most onerous.

The Index reveals a wide range in the parking pain experienced from city to city. Chicago had the least pain when it comes to parking in the cities studied, followed by Los Angeles and Toronto.

Here’s how the cities stack up: New Delhi: 140; Bangalore 138; Beijing 124; Moscow 122; Shenzhen 122; Paris 122; Milan 117; Nairobi 111; Madrid: 104; Singapore 97; Mexico City: 97; Stockholm: 90; Johannesburg: 87; London: 86; New York City: 85; Montreal: 85; Buenos Aires: 80; Toronto: 77; Los Angeles: 61; and Chicago: 51.

Click to enlarge image. IBM's first ever global parking survey found that drivers in 20 international cities face a daily struggle in finding a parking space. In the past year, nearly six out of 10 drivers have abandoned their search for a space at least once, and more than a quarter have gotten into an argument with a fellow motorist over a parking space.

The IBM Parking Index is comprised of the following key issues: 1) longest amount of time looking for a parking place; 2) inability to find a parking place; 3) disagreement over parking spots; 4) received a parking ticket for illegal parking and 5) number of parking tickets received.

In a related announcement, IBM is working in partnership with Streetline, a privately held company headquartered in San Francisco with smart-parking deployments in California, Maryland, New Jersey, New York, North Carolina, Texas, Utah, and Washington D.C.

Streetline was recently named one of Fast Company’s “10 Most Innovative Companies in Transportation,” as well as, to help cities of all sizes reduce congestion, better manage parking availability and resources and put information at people’s fingertips to find parking faster.

Streetline was selected from more than 600 SmartCamp entries worldwide based on its outstanding technology, innovative business plan, and alignment with IBM’s Smarter Planet strategy.

Combining information management and advanced analytics from IBM with data gathered from parking sensors and applications from Streetline will allow cities to make smarter and more timely decisions related to parking and their transportation systems.

Officials will be able to use this smarter parking solution to better understand parking patterns so they can improve citizen services, optimize revenue and more effectively allocate city resources.

In the future, insight from the historical and real-time data being gathered can help cities become more proactive in anticipating how parking and their transportation network interacts with other city services and plan accordingly from how it might affect economic development and merchant services to how to appropriately schedule mass transit to how best to plan around infrastructure projects or special events.

Who Moved My Parking Space? Parking Reinvented

As the majority of the world’s population moves to metropolitan areas, key city systems, including city streets and transportation systems, are being strained to the breaking point.

Additionally, vehicle emissions resulting from drivers looking for parking are so closely linked that a year-long study found that drivers in a 15 block district in Los Angeles drove in excess of 950,000 miles, produced 730 tons of carbon dioxide and used 47,000 gallons of gas searching for parking.

The Smarter Parking Starter Kit is a pre-integrated solution that includes instrumentation, connectivity and intelligence. This solution is designed to help cities “get out of park” and improve parking services, optimize operations and help reduce congestion. By leveraging advanced technologies from IBM and Streetline cities will be able to:

  • Provide real-time information to allow citizens and visitors to find parking more easily
  • Gather, analyze and act on information about parking resources and services to optimize revenue
  • Analyze real-time information to better model and anticipate problems to reduce congestion, more appropriately price parking based on demand and provide enhanced services to citizens
  • Integrate real-time information from on-street and off-street parking to enable collaborative decision making for rapid response to events, changes in parking availability and demand.

Streetline’s patented smart parking platform detects the presence of a car through a network of ultra-low power wireless sensors located in individual parking spaces.

This information is then made available in real time both to the city, as well as to consumers via Parker, a free smartphone app via the iTunes Store or Android marketplace.

Using this real-time parking data combined with advanced parking analytics built on IBM Cognos, cities can then tap into this information to understand important factors including hourly occupancy, occupancy by block, parking duration, and trends by area.

Streetline was named the winner of the IBM SmartCamp World Finals and IBM Global Entrepreneur of the Year in November 2010.

About IBM and Smarter Transportation

IBM works with cities, governments and others around the world to make their transportation systems smarter. Smarter transportation systems can help traffic and public transit systems flow more smoothly, anticipate and improve congestion in advance, reduce emissions and increase the capacity of infrastructure.

To join in the conversation on Smarter Transportation, join us on LinkedIn and Twitter.

Visit here for more on IBM and Smarter Transportation.

Navigating The Tech Cosmos @ IBM Software Universe India

with one comment

I’m well into my third day of a very busy but most enjoyable business trip to Bangalore, my second in as many years.

You’ve read as I’ve written about the crazy traffic, the superb food, the wonderful people, and even an IBM India win vis a vis Escorts Group.

India’s most awaited annual software conclave arrives on October 20th, in Mumbai, in the form of the IBM Software Universe India conference.

Now, it’s time to get down to software business. And what better way than to encourage technology peeps in the sub-continent to consider attending IBM Software Universe India.

The event is scheduled for October 20, 2011, at the Renaissance Convention Centre Hotel in Mumbai. I’m told this is India’s most awaited annual software conference, and a learning ground for IT professionals and developers who want to stay ahead of the technology curve and industry trends.

At the event, attendees can expect to hear about the next big wave in software, and centering around seven unique and diverse tracks: Social Software, Business & Collaboration Solutions, Business Analytics, Application Integration & Optimization, Business Infrastructure, and Security & Risk.

From the optimisation of traffic systems and electric grids, to the delivery of better education, transport and healthcare, to reducing costs with cloud, smarter software is inspiring new thinking and ideas that might be applied to business goals.

Some of the featured speakers and tidings you can expect:

  • Keynote from John Dunderdale, VP Growth Markets, IBM, on “Harnessing the Nexg Big Wave”
  • A motivating keynote by tennis legend Martina Navratilova
  • Sessions by eminent industry leaders and subject matter experts
  • A Bollywood Night performance by celebrated singer, Sunidhi Chauhan
  • Networking with peers
  • Exclusive, on the spot industry certifications

There will also be sneak previews on futuristic technology topics, including Watson, the Spoken Web, Big Data, Social Business, Track & Trace, and others.

For those who might be interested in attending the event, you can find more information and registration information at this website.

You can also find ongoing updates at the IBM Software Universe India blog.

For those of you who are socially inclined, in India and beyond, you can follow the following Twitter ID : @ibmsoftware_in and the conference hashtag: #ibmswuin.

Speaking Of India…

leave a comment »

And speaking of India…per my blog post about arriving back in Bangalore over the weekend…IBM recently announced a prominent customer win here just before my arrival.

The Escorts Group, one of India’s leading engineering conglomerates, is adopting IBM’s smarter computing approach to IT which will provide enhanced performance and compliment the company’s business growth goals of lowering its overall IT operating costs.

Through its agreement with IBM, Escorts Group is going to receive a workload-optimized hardware solution to replace its existing ERP infrastructure.

The advanced systems will provide enhanced performance and the new infrastructure will reside in Escorts Group’s newly-built corporate data center. This will manage the company’s disaster recovery system in addition to the ERP system.

The IBM solution is expected to provide Escorts Group with savings in power and cooling costs of between 30 to 35 percent, over a three year period.

“Escorts Group has embarked on a journey of IT transformation to achieve operational & manufacturing excellence,” said Mr. Vipin Kumar, Group CIO, Escorts Limited. “To achieve this we are not only going beyond adhering to prevailing norms, we are in fact setting our own standards and relentlessly pursuing them to achieve our desired benchmarks of excellence.”

“To aid us in this journey we needed a scalable and high-performing IT infrastructure, backed by a robust technology roadmap,” continued Mr. Kumar.  “IBM clearly had the best solution, while ensuring a reduction in our energy footprint and increasing return on investment.”

During the hardware evaluation process to support the expansion, Escorts considered various options including Itanium-based servers from Hewlett-Packard Co. and Oracle Corp.’s Exadata Database Machine.

The company, however, chose to replace its existing HP PA-RISC servers with IBM Power 750 Express and IBM Power 740 Express systems. Each of the systems is complemented by IBM System Storage DS5000s, and IBM Tivoli Storage Manager software.

Click here if you’d like to learn more about IBM’s Power 750 Express system, or here if you’d like to view the demo.

Written by turbotodd

September 27, 2011 at 11:50 am

Back In Bangalore

leave a comment »

I’m back in Bangalore.

It’s been a little over a year since my first visit, and this time, I knew what I was getting into in terms of the travel.

I calculated that from Austin to India, as the crow flies, it’s a little over 8,000 miles…or was that kilometers??

The Sri Shiva temple in Bangalore is currently under renovation during my visit, but that certainly hasn't stopped hoardes of faithful Hindus paying a visit to Lord Shiva.

In either case, it’s a longgg way on an airplane traveling 500+ MPH. But I found myself eager with anticipation.

Not only in terms of meeting a new team we had put together, but in also seeing the friends I had already met here, and also visiting the vibrant (and now 3rd largest city in India, in terms of population) metropolis that is Bangalore.

The traffic is crazier than ever…there’s still plenty of dust in the streets, not to mention sacred (literally) cows…but I also sense an incredible energy and vibrancy here that has long ago worn off other major cities in the world.

And then there’s the food, which I wish I could just pack into my suitcase and bring back to America.

There’s also the serious business that is cricket (tonight it was the Mumbai Indians against Trinidad & Tobago, playing in the first round of the CLT20…UPDATE: Mumbai won, but just barely…The Trinidadian cricketers didn’t look too happy at breakfast this morning…They were staying at the same hotel as us.), a game I won’t pretend (yet) to fully comprehend but an excitement around which is palpable.

And then, of course, there are the people of India, and the Bangaloreans in particular, whose grace and courtesy and humbleness are unmatched around the globe.

I discovered from a taxi driver on the ride in from the airport here that 3M citizens in 2003 has grown to 9+M in 2011, and though the growth here may have overmatched the infrastructure, it is the chaos and verve and tenacity of its citizenry which suggests a nation that continues on the rise even despite the global gloom and doom headlined in newspapers and websites around the world.

Though my visit this year will be a week shorter, I have a distinct feeling that my learning and understanding will belie my time on the ground, and I’m very much looking forward to the four full days I have left in this week.

As for the content of the meetings and discussions going on here, I cannot relate those due to competitive reasons…the old CIA, “If I told you I’d have to kill ya.”

But rest assured it’s with great anticipation and expectations that we move through the rest of this week.

Beyond that, I’ll have to save the sordid stories for my as-of-yet unpublished memoirs…but know that the memories of my second sojourn to “Bengalaru” being stored in my human RAM will not be erased or forgotten anytime soon.

P.S. I’m blogging on my new portable guerilla platform, an iPod 4 with an Apple bluetooth keyboard. With some luck and some precious spare time, I’ll also hope to share some of what’s being witnessed here in some semblance of video content.

Written by turbotodd

September 26, 2011 at 5:03 pm

TurboTech: Netflix/Qwikster, HP rumors, Facebook follies, Twitter ads

leave a comment »

So Scott and I recorded our latest “TurboTech” episode yesterday, and no sooner did we record the bit about Meg Whitman maybe taking over as CEO of HP than it seems like it’s actually gonna be a done deal.

That’s okay, things move fast in this industry, and it’s kind of like that old joke about how you don’t have to outrun the leopard — you just have to outrun the slowest gazelle.

In this case, I’m not sure if Scott’s the gazelle and I’m the leopard, or if Meg Whitman’s the leopard and Leo Apotheker’s the gazelle, but whatever the case, things change, watch us move your cheese.

We talked about that, the Netflix marketing debacle, and the latest changes on Facebook (which pretty much everyone seems to hate).

Me, I’m off to India tomorrow, and will be hanging in the IT hub of Bangalore for a week.  I hope to take lots of pics and NOT lose my camera there this go around, and am very much looking forward to some of that lovely South and North India Cuisine and to seeing all my IBM India friends.  Put some Kingfishers on ice, gang, I’ll be there momentarily.

Enjoy this episode, and the next dispatch may just be a video one from the streets of Bangalore, where crossing through traffic’s like riding in a sub-contintental rodeo with motor rickshaws and motorbikes!

Yeeee-hawwww, Sahib!

Written by turbotodd

September 22, 2011 at 7:29 pm

%d bloggers like this: