Justin's cloud of thoughts

Heartbleed all over the place

2014-04-10T14:44:00.000-07:00

The internet, in its physical form, is a spiral of wires connecting between servers, but we all know in the digital sense it has evolved into a platform for e-commerce to occur, social networks to allow communications between people, and a storage for all our personal information. But what if one day, a bug occurred in the fundamental codes of the internet which exposed all of our information?

Internets and hearts

It was found a few days ago that OpenSSL, a collaborative effort to allow enterprises and organisations to employ secure connections for their webpages, contained a line of code which would cause web servers to leak a 'small slice' of memory if someone pinged it in the right way. This data, if captured in the right way, could contain unencrypted data, passwords and identifiable information. The bug was in the software for at least two years, in which anyone with the
right know-how could have exploited these backdoors to gain data from big firms (e.g. Facebook, Google) who used OpenSSL to gain unauthorised access to data.

Obviously, websites are now telling users to change their passwords, but for some smaller websites, updating their software to the newest takes time and deployment may cost them, which may case all sorts of problems for larger businesses if they are any inter connections. End users can't really do anything in these situations because their data is at the mercy of that organistion's security policies to choose what type of protocols to implement, and how proactive they are in handling the issue.

Ohwell.

Sources:
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/
http://www.pcpro.co.uk/news/388162/heartbleed-coder-bug-in-openssl-was-an-honest-mistake

Seniors and technology

2014-04-03T22:01:00.001-07:00

I remember the first time when my father bought a cell phone - it was big and clunky, but at least it had the battery life of a week. Nowadays, seniors seem to be dropping behind in terms of catching up technology, whether it be computers, digital televisions, smartphones, and the god-almighty iPad that Aunt Macy gives your child to play with.

Eh?

But funnily enough, some seniors are still on the technology adoption curve, albeit quite slowly. According to a study conducted by Pew Research (very credible), seniors are most influenced to use technologies when it most relevant to their lifestyles, and when they take non-skeptical approach to it. Those which were comparatively young (in terms of seniors) and highly educated made a good attempt to integrate the internet into their daily lives, whilst the other 'older' adults with lesser priviledges in interacting with technology felt less comfortable using it.

The problem lies not in the technology, but their perception of it: asking them whether they wanted to use the technology to "see newest pictures of their grandchildren" yielded positive results, suggesting some seniors' resistance towards technology was more attributed to non-understanding of the technology as a gateway as opposed to a hassle.

In my family, technology is a norm in my parents' lives, as well as my grandparents. Most of this was because of me communicating the benefits to them e.g. staying connected, learning possibilities, keeping an eye on my grandma. Who knows how much technology they'll absorb as the internet of things becomes more prominent.

Sources:
http://america.aljazeera.com/articles/2014/4/3/seniors-using-technology.html

Oculus, and a story of betrayal

2014-03-27T08:54:00.001-07:00

When most businesses start up, most of them are small and do not have the benefits of financing to substantially establish themselves within their target market, unless they somehow manage to capture the attention of potential investors and users.

There's virtual money up there!

Ever since the DotCom boom, businesses have been able to utilise a new platform to market their businesses, as well as to enable them to access a level playing field as that of larger enterprises to access their potential customers. To supplement the growth of potential businesses start-ups, online communities have been constructed to allow entrepreneurs to showcase their creative ideas and talent, and to obtain funding from interested parties. Kickstarter is one such instance where entrepreneurs try to attract people, and promise 'rewards' for those who pledge support - e.g. extra content for a computer game, features for software, etc. However, there is no guarantee that these entrepreneurs have any obligation to give their supporters their promised 'rewards', deliver their projects on time, or even at all.

Oculus is one such company which raised $2.4 million through crowfunding via Kickstarter, in order to develop its virtual reality gaming 'glasses'. It was only a few days ago when they were purchased by Facebook for $2 million dollars - supporters felt betrayed to the project leader agreeing to an ad-driven enterprise who may have a significant influence over the final product. Mass commercialisation of a product, especially by Facebook, could hamper efforts to deliver the product on-time as many more managerial factors would have to be considered.

Whilst many supporters have felt 'betrayed', I personally don't think they were fully entitled to anything from the project except the promises made by the developer e.g the development kit, the T-shirt. Even though Facebook may not have the most prestigious reputation as they started to integrate more and more ads to everything, these early supporters had every right not to crowd fund these projects in the first place. Like any business investment, don't be so naive with your money.

Sources:
https://en.wikipedia.org/wiki/Kickstarter
https://en.wikipedia.org/wiki/Oculus_Rift
http://www.reddit.com/r/technology/comments/21f3tb/oculus_talking_people_out_of_24_million_dollars/

I see what you did there

2014-03-20T15:24:00.002-07:00

Ever since the invention of the micro-transistor, RFIDs and numerous other small electronic chips that are unseen to the naked eye, we have thought of more and more ways to try and include them into our daily lives - and one of those ways is desperately sticking a chip into things that we use on a common basis. Whilst some of these "electronised" devices make sense, like a fridge, or our cars, or maybe even our food packaging to tell us (in the future) we need more milk. Some devices on the other hand, don't make sense - a washing machine tweeting the number of cycles it has done in the last hour, a table telling us someone has put something hot on it isn't useful. So it would be intuitive that as long as we implement it into things that do make sense then we can proceed.

Apparently, this drone steals your data just by flying over you.

No? All these chips are clever in some way, and in some instances, could be more clever and crafty than the average tech user. How would you know if your fridge wasn't sending your eating habits to the closest marketer? Or if your cars could mysteriously be controlled by the government remotely? We have embraced these technologies with open arms, but we don't realise that these technologies (especially those connect to the internet) could have more than one sole user - the other not being the person who purchased it. One moment you could be in complete privacy, the other some sneaky person could activate the webcam on your computer. Who knows.

Technology, including the internet has brought many benefits for us consumers, but we as consumers need to be more aware of the potential for unauthorised access for these devices, and decide collectively what is reasonable use of technology and what isn't.

Sources:
https://en.wikipedia.org/wiki/Internet_of_Things
http://www.theguardian.com/technology/2014/mar/20/internet-of-things-security-dangers
http://www.reddit.com/r/technology/comments/20wcnz/south_korean_schools_are_remotely_disabling/
http://money.cnn.com/2014/03/20/technology/security/drone-phone/index.html?section=money_technology&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_technology+%28Technology%29

Disaster recovery plans can fail... too.

2014-03-06T20:57:00.001-08:00

Many organisations understand the need for disaster recovery plans - to ensure that whatever data that they have within remains safe, and that core and critical operations continue to run in the event in a crisis. However, even with these supplements to safeguard a company's well-being, there is still the risk of disaster recovery failure, and these fails often range from simple restore errors to complete system incompatibility. By why do these happen, and how can an effective disaster recovery plan be devised?

Its funny when this happens in the world of professionals.

Organisations like stability, and in the world of IT, good technologies which are affordable for the organisation are ideal. It is tempting for one to say they have complete peace of mind when they pay for a technology which works now, but this sense of complacency is what increases the risk of disaster recovery failure. Technologies we buy now may simply become obsolete in the future, are subject to wear and tear, human error, or was purchased but not set up properly. Preparing for any situation which involves interaction with these backup technologies, as well as its future well-being, will vastly reduce the risk of failure (e.g. imagine the amount of damage one could do if they accidentally deleted everything off the corporate backup!).

It is possible to invest sufficiently in the right technologies, but without the right processes and people, the technology is rendered useless. If the people do not understand the protocols of technologies or how to make them function with other business applications, when the time comes to run the disaster recovery plan it is guaranteed to fail. Non-understanding or non-contact of essential IT staff to maintain core IT operations is like getting art people to do finance - they aren't trained to do that.

Finally, a disaster recovery plan can only be useful if it is proven that it can be useful in a disaster. Buying systems and putting them in place in an organisation is great, but without knowing what it can do and what may potentially happen if it goes wrong is the same as shredding money for the organisation. Testing is where IT administrators can experiment with different disaster scenarios to make sure they select the right plan and that it is implemented the right way.

Sources:
http://www.unitrends.com/docs/papers/solution-briefs/avoiding-disaster-recovery-epic-fails.pdf

Is outsourcing safe?

2014-02-27T22:05:00.001-08:00

Since the economic crisis back in 2008 or so, organisations have tried to find many ways to cut their cost centers - firing ridiculous numbers of staff, removing organisational complexity, selling assets. In almost every situation, IT is laid off because of the tremendous operating costs associated with maintaining hardware, server stacks and developing staff abilities and certifications. However, these businesses cannot survive without IT, and this created a demand for off-shore hardware (and perhaps software capabilities) which would lessen the financial burden on non-IT core organisations. These services, namely outsourced work, provide the same or similar services as before, and are extremely attractive for business owners who cannot afford to pay a large IT cost upfront.

Imagine the conversation in this office.

However - is simply providing our data and operations to a third party safe, especially to low-wage countries (e.g. India, China, etc.) who may not have as great a priority for data safety?

Consequently, outsourcing has become a hot topic for topic amongst CIOs (who want safe data) and CFOs (who want cheap). One of the biggest risks is in the storage of data - should third parties be allowed to access mission critical data? For many financial institutions, CFOs are held accountable by the Sarbanes-Oxley law to be able to certify the integrity of data, and have opted to keep the storage inside the organisation, whilst focusing on outsourcing applications development. Instead, mock data could be used to test the applications. Despite this, this does not stop hidden code from being inserted into a programme by a rogue programmer, and making unauthorised access attempts to the real data when the system goes online.

What happens if your outsourcee suddenly goes off the grid for a few days? Can your business survive? Even though outsourcing companies give their word about being available 24/7, companies should simulate crises with their vendors to see how they can react with the help of a third party. There is also the complexity of finding the right outsourcee - and this takes time and effort in order to maintain yet another business relationship. One has to consider the integrity of the third party, the extent to which they implement data security laws and policies and the amount of accountability they have for their client's data.

Outsourcing has become a popular choice for organisations struggling with their IT budgets, although it does come with a set of potential risks in addition to the benefits. It makes sense to integrate outsourcing into a business' operations when the work is non-critical and repetitive, but efforts need to be made to find the right outsourcee.

Sources:
http://www.wallstreetandtech.com/operations/offshore-outsourcing-is-your-data-safe/19201904?pgno=2
http://deloitte.wsj.com/cio/2012/07/10/it-outsourcing-4-serious-risks-and-ways-to-mitigate-them/
http://www.npr.org/blogs/alltechconsidered/2014/02/26/282935216/with-tech-outsourcing-the-internet-can-be-a-scary-place

What? $19 billion dollar app

2014-02-20T22:31:00.001-08:00

There is saying that goes (and I'm paraphrasing) like this: "businesses have to grow in order to survive." It sounds intuitive, as incumbents of a proven product or service will often attract competitors who will attempt to undermine their core offering through cheaper alternatives. There are two options: organic and inorganic growth, and for many IT companies, inorganic growth through takeovers and acquisitions are commonplace as they allow a company to expand its portfolio at ease. However, a few questions come to mind: what is a sensible acquisition for an IT company, how much should they be offering for something so intangible, and what are they going to do with it once they have it?

Yesterday: $0.99 on the app store, today, $19 billion

Recently, Facebook bought WhatsApp for $19 billion dollars, and I'm pretty sure they didn't mistakenly buy it off the Apple app store 19 billion times. Facebook, however, claims that it was because of the 450 million users (and growing) who used WhatsApp and powered it to grow faster than any other web service. It makes sense then, to buy a network growing faster than itself for 10% of its value, and could possibly overtake itself - in essence, it is paying to relevant in the future. It could also be a good and sensible learning opportunity for them to capture more users. That's two of the above questions answered.

However, I bring your attention to the demographic of Facebook, which is 1) declining in terms of active users, 2) growing old and 3) playing Candy Crush or Farmville. Teenagers or in other words, younger generation people, prefer something which is different to what the older generation people are using because its 'cooler'. Although Zuck has promised not to merge WhatsApp with Facebook, there will probably be another 'Whatsapp' following in its wake as teenagers decide there is something better. Facebook has tried to counter this in the past by buying Instagram and trying to integrate it into Facebook, but in my opinion this has caused teens to go to other apps like Snapchat. Perhaps, Facebook should keep its two consumer segments separate.

In my opinion, the $19 billion dollars was probably worth it as a strategic move - as long as they keep WhatsApp the way it is.

Sources:
http://www.economist.com/news/business/21596966-why-mark-zuckerbergs-social-network-paying-such-whopping-sum-messaging
http://www.theguardian.com/technology/2014/feb/20/facebook-whatsapp-acquisition-apps-messaging
http://www.marketplace.org/topics/tech/whats-whatsapp-subscriber-worth-42

Small businesses can be bigger than you think

2014-02-12T20:35:00.001-08:00

Maybe its time to add clicks and play to bricks and mortar.

Everyone wants to be successful - how many times have you heard someone tell you they wanted to run their own business? We have come to a time where individuals are no longer limited by inadequate finance and expertise as they can reach out to banks and experts respectively to kick start their own business. Consequently, the number of business start-ups has exploded in the last decade as would-be entrepreneurs try to sell their 'unique' creative ideas. However, this reduction in barriers of entry has meant that business owners will find it increasingly challenging to make their business stand out as more and more start-ups poor in.

In this aspect, a web presence can make or kill a business. Setting up an e-business complete with e-commerce functionality can significantly extend a business' survival in the long term, given that it is executed with efficacy to attract target audiences using appropriate methods. The web platform is essential for providing potential customers with interactive materials which will further entice them to make a transaction, whilst e-commerce will make this a convenient and seamless process. Although this means that companies will have to invest sufficient resources into developing this platform (i.e. the more efficiently marketed website with an intuitive interface), and that the success of this platform relies strongly how well they design their online presence, the web levels the playing field by exposing all e-businesses to the same unfiltered web audience.

I would argue that businesses who want to stay brick and mortar permanently won't be around in the long-term, or will eventually be forced to utilise these technologies by their competitors. Either way, its a win-win for the customer.

Sources:
http://www.forbes.com/sites/ciocentral/2013/03/13/the-future-of-e-commerce-for-small-businesses/
http://www.forbes.com/sites/ericwagner/2013/09/12/five-reasons-8-out-of-10-businesses-fail/

Data is valuable... and losable in a moment

2014-02-04T11:56:00.003-08:00

It goes without saying that data has become an essential part of our lives because it is used to define us, the things we like, and what we do. Data used to be physical, but now it is employed in everyday technologies - our mobile devices, on our home computers and at work. It has become a necessity to capture our memories (e.g. photos, videos) and sensitive information (e.g. your financials, your homework assignment!). Therefore, it would make sense then to the several billion users of computers that we should keep backups of information which could be lost in a moment.

Imagine if you accidentally dropped your computer unit into a shredder

According to statistics, only 10% of people do daily backups, whilst 29% of people don't do backups at all! This poses a question: why are they taking unnecessary risks with their data? Whilst some people feel that it is too time consuming, or that their data is not valuable enough, in my opinion, I feel that it is because people don't feel there it is a necessary reason to do so. To the technologically-inept individuals, or even organisations, they see technology as a one-off investment, and fail to maintain it with backups of their valuable organisational data. Data could be lost simply by dropping your computer, remotely or accidentally deleted, vandalised by others, etc.

Personally, I have seen a company lose five years of data because of the lack of care for the unit housing their data. Whilst the consequences were okay for this particular company, losing five years of scanned documents, photos, faxes, scans, etc. when you need to work is hardly just an inconvenience as costs may be incurred as you try to recover that data. One report states companies pay between $6,000 to $8,000 per megabyte to recover invaluable data, which if lost, could put them at the risk of lawsuits by clients regarding professional liabilities.

With the variety of backup options available to end consumers and businesses, which can take a snapshot of the data, upload it to the cloud, distribute it to several physical drives, backup should be a no-brainer as it is better to invest in a contingency plan rather than in future costs (which can scale up immensely) in recovering lost data.

Sources:
http://www.itdonut.co.uk/blog/2013/08/29-people-dont-do-backups-are-you-one-them
http://blog.backblaze.com/2012/06/12/10-now-back-up-daily-90-to-go/
http://www.techinsurance.com/news/it-insurance-advice/report-60-percent-of-small-businesses-go-bankrupt-because-of-data-loss-247/

ATMs can also play solitare, but not for long

2014-01-29T23:16:00.004-08:00

Software is a very powerful thing which in modern times has enabled businesses and individuals to run their core operations, applications and communications. Sometimes, when you're used to a piece of software, you're unlikely to make the switch to alternatives because 1) you're not bothered, 2) nothing's wrong with the existing one and 3) everything electronic you have is probably only guaranteed to be compatible with that. So what happens when someone revokes that software?

You wouldn't expect your local ATM being able to do this

You have probably used an ATM in your life, but you probably don't expect that it runs fully-fledged Windows XP (or some variant of it). The blue screen that greets you with financing options and withdrawal amounts is the work of software programmers striving to make a stable application that will run flawlessly and stable and can connect with the central banking system for Windows XP. It makes use of protocols which are tweaked with minor changes to ensure its optimal performance on that platform.

Unfortunately, the perfect world isn't persistent, and Microsoft will sever ties with Windows XP by cutting its security support on 8th April 2014. After this date, Windows XP computers will no longer be updated to be protected against the latest threats. Whilst this may not be a worry for technological-inept home users (who don't worry that much about security anyway), companies will feel the heat in continuing to patch their software for something that may have loopholes that have yet to be exploited.

The solution sound simple then - do what the consumer would do, go out, buy a new computer, put Windows 7/8 on it. The corporate way of doing it, however, is much more time and resource consuming. Imagine you have one child which you will nurture throughout their lives - their college funds, spending money, health, safety, etc. Now imagine you have 2.2M children (the number of ATMs in the world), all waiting to grow up. Now imagine you have 2.2M ATMs all waiting to upgraded and deployed with new software. It is a costly nightmare, and that doesn't even include the costs to redevelop the software in case the architecture is completely different. Even if banks upgrade their software starting today, only 15% will possibly be updated by 8th April.

Technology is not something that you invest in once, and then forget about. Unfortunately, some companies don't understand this and rather than approaching technology proactively, they react to it slowly. Although an upgrade is imminent, it should have been considered years in advance just as Microsoft decided Windows XP should not be supported anymore. This would have helped ease organisations into new technologically-abundant world that we live in today.

p.s. Windows 8 doesn't come with solitaire, the last time I checked.

Sources:
http://money.cnn.com/2014/01/29/technology/enterprise/windows-xp/
http://www.bizjournals.com/dallas/news/2014/01/29/doom-and-gloom-how-will-windows-xp-demise-affect.html

The hacking of Adobe's data

2014-01-19T22:49:00.001-08:00

"What data?"

For many big businesses, IT has become a significant part in running the back-end functions, everyday operations, such as in storing detailed information about its employees and its customers. Intuitively, with great data comes great responsibility, and companies should be making adequate efforts to safeguard our data. But some aren't, and a particular company called Adobe (hint: they make Photoshop) seems to have allowed hackers to access 2.9 million customers' details as well as access to source code used in various Adobe software in 2013. So what does this mean in terms of security?

Most companies which have an online presence employ a three-tier architecture - that is, their IT systems are structured onto three layers: usually into web (i.e. website interface), applications (e.g. or updating the website, or retrieving data from the layer beneath) and database (i.e. customer data). For Adobe, the hackers presumably entered it within the application layer (although a web layer approach is also possible) which enabled them to access the database layer with ease. This could only have happened if there were backdoors and exploits within Adobe's core application code which were left gapingly open. Although easier said then done, Adobe should have revamped critical parts of their code when hacker problems started to arise, to ensure that their programs were up to scratch to fend off hackers.

Adobe Reader is a case in point, which is used globally in document transfer and viewing online and offline. However, did you know that since 2007, the Reader software has had bugs in its code which has allowed hackers to access files on people's computers, open up back doors on these computers as well as include malicious code within these documents which has led to hacking of several companies.

Adobe has come a long way, but it should not become complacent by the success of its software; instead, they should focus on making their applications reliable, stable and safe for their consumers. Success will naturally return when they have done that.

Sources:
http://buzz.money.cnn.com/2013/11/12/adobe-stock-hacking/
http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/
https://stackoverflow.com/questions/312187/what-is-n-tier-architecture
http://money.cnn.com/2013/10/08/technology/security/adobe-security/index.html
http://abcnews.go.com/Business/adobe-hack-tip-iceberg/story?id=20905320
http://www.banktech.com/business-intelligence/with-big-data-comes-great-responsibility/232600252