Tech

The early, awkward days of “portable” computing

You kids today are spoiled by your modern-day razor-thin ultrabooks. Come take a look portable technology that required some muscle.

Sure, it’s a bit unwieldy
In the first iteration of any technology, it’s amazing that you can do it. When the first Motorola mobile phone hit the market, it seemed miraculous to make phone calls unconnceted to the grid; only later did it become clear how unwieldy that first phone was.

The same is true for PCs. Early “portable” computers would make you laugh, because of their size (large), price tag (high), capabilities (poor), or some combination of the three. But as you take this tour through the history of mobile computing, we urge you to remember the day when it was amazing that you could lug these things around at all.

DYSEAC, 1954
What makes a computer “portable”? Well, at minimum, you have to be able to move it from place to place. By that standard, just about any computer made today is more portable than the earliest computers of the 1940s and 1950s, built from hundreds of vacuum tubes installed into row after row of cabinets and taking up entire rooms. In this sense, DYSEAC, built by the National Bureau of Standards for the US Army Signal Corps, was a real breakthrough: it could be easily fit into a tractor trailer and driven from place to place.

IBM 5100, 1975
Decades later, IBM looked to make a similar leap down in size from the half-ton behemoths it sold. With the IBM 5100, Big Blue was able to compress a lot of power into a package that, at 55 pounds, was relatively tiny: amazingly, the computer was able to emulate a version of the APL programming language that would run on an S/360 mainframe. Reasoning that anyone who would be opting for the 5100 over a real mainframe would put portability at a premium, IBM emphasized the suitcase-sized unit’s luggability and built a keyboard and tiny monitor directly into the all-in-one machine. Fully tricked out, the 5100 cost $19,975 — the equivalent of more than $85,000 today.

Osborne 1, 1981
Six years later, Osborne Computer introduced the Osborne 1, with a similar look and footprint but a much less cutting edge level of technology. Company founder Adam Osborne himself said that “It is not the fastest microcomputer, it doesn’t have huge amounts of disk storage space, and it is not especially expandable.” But it used the mass-market CP/M operating system, and it was cheap ($1,795, the equivalent of $4,500 today), and, at 22 pounds, relatively easy to fit into a suitcase for lugging to wherever you might need a computer. Osborne published a magazine specifically for users, The Portable Companion, and the first issue featured an amazing picture of journalist David Kline with Afghan mujahideen admiring his Osborne 1.

GRiD Compass, 1982
The GRiD Compass was an Osborne contemporary; it was smaller — at a scant 11 pounds, it’s almost getting to the same order of magnitude of modern-day laptops. It also used a unique operating system and rugged but slow bubble memory, and cost $8,150 (more than $19,000 today). The combination of its tough construction and high price tag meant that its chief customer was the U.S. federal government: the Compass went into orbit on the Space Shuttle, and was rumored to be part of the presidential “nuclear football,” which stored launch codes.

Compaq Portable, 1982

The Compaq Portable was roughly the same size (28 pounds) and form factor as the Osborne: barely portable, in other words, despite the name, though it did come with a nifty suitcase. What made it really special wasn’t related to its portability: it was the first ever IBM clone of any sort, with reverse engineered BIOS and Microsoft’s MS-DOS, making it the ancestor of every Windows laptop ever made. Its luggable design was an added bonus; it was popular enough that IBM had to answer with its own portable version, the IBM 5155 model 68.

Epson HX-20, 1983
Having read about what passed for portable computing in the early 1980s, you can now understand how shocking and revolutionary the Epson HX-20 was. At three and half pounds, its lighter than a modern-day 15-inch MacBook Pro, and at $795 (the equivalent of $1,800 today), it’s cheaper, too.

What was the catch? While the other luggables we’ve seen had monochrome monitors on the order of 8 or 9 inches, the HX-20 sported a tiny LCD that could only show four lines of text, 20 characters wide. There was also very little software available for its proprietary OS, and the machine was distinctly underpowered.

Classic Mac form factor, 1984
Even as this spate of what we’d now recognize as the ancestors of modern notebook computers was being released, the idea of just what might make a computer count as “portable” was still in flux. For instance, nobody would’ve mistaken the original Macintosh for a laptop, with its near-cubical form factor — but at 16.5 pounds, it was lighter than many computers specifically billed as portable. The case came with a built-in handle on top so you could carry it around your house or office, and, as this page from the original owner’s manual demonstrates, custom-made carrying satchels were available.

Macintosh Portable, 1989/PowerBook 100, 1991
Five years later, Apple’s first portable Mac looked like the early ’80s dinosaurs we’ve already seen: huge, clunky, and awkwardly designed. The Portable was a bit lighter than its predecessors at 16 pounds, and of course ran a more modern OS, but at $6,500 ($12,000 in today’s money) it was difficult to justify.

The truly amazing thing was that just two years later, Apple released the PowerBook 100 series. These machines started at a third the weight and a third the price of the Portable; more importantly, their design, with wrist rests and a trackball below the keyboard, set the standard for all laptops, Mac and PC, that followed. The modern portable era had arrived.

Apple Newton, 1993
Of course, around the same time the world was launching into a whole new world of portable computing: the PDA, direct ancestor to the modern-day smartphone. We leave you with this picture that shows how far we’ve come in the “handheld computing devices much smaller than personal computers” department: the orignal Apple Newton, that prophetic flop, seemed miraculously small at the time, and yet dwarfs the original iPhone. (Though with the advent of the huge iPhone 6 Plus, perhaps this is going full circle.)


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Peeping into 73,000 unsecured security cameras thanks to default passwords

A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.

Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries …unsecured as in “secured” with default usernames and passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.

Truthfully, I was torn about linking to the site, which claims to be “designed in order to show the importance of security settings;” the purpose of the site is supposedly to show how not changing the default password means that the security surveillance system is “available for all Internet users” to view. Change the defaults to secure the camera to make it private and it disappears from the index. According to FAQs, people who choose not to secure their cameras can write the site administrator and ask for the URL to be removed. But that requires knowing the site exists.

There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.

Unsecured bed cams insecam
The last big peeping Tom paradise listing had about 400 links to vulnerable cameras on Pastebin and a Google map of vulnerable TRENDnet cameras; this newest collection of 73,011 total links makes that seem puny in comparison. A year ago, in the first action of its kind, the FTC brought down the hammer on TRENDnet for the company’s “lax security practices that exposed the private lives of hundreds of consumers to public viewing on the Internet.”

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer. Sure, a geek could Google Dork or use Shodan to end up with the same results, but that doesn’t mean the unsecured surveillance footage would be aggregated into one place that’s bound to be popular among voyeurs.
Unsecured panasonic security camera in Aruba insecam

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.

One of thousands of unsecured foscam baby cams insecam
Randomly clicking around revealed an elderly woman sitting but a few feet away from a camera in Scotland. In Virginia, a woman sat on the floor playing with a baby; the camera manufacturer was Linksys. There was a baby sleeping in a crib in Canada, courtesy of an unsecured Foscam camera, the brand of camera most commonly listed when pointing down at cribs. So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies.
Unsecured Foscam baby cam insecam

I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

Unsecured Linksys insecam

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.
Unsecured IP surveillance camera insecam

I’m unwilling to say how many calls I made, or else you might think I enjoy banging my head against the wall. It was basically how I spent my day yesterday. Too many times the location couldn’t be determined, led to apartments, or the address wasn’t listed in a reverse phone search. After too many times in a row like that, I’d switch to a business as it is much easier to pinpoint and contact.

One call was to a military installation. Since the view was of beautiful fall foliage, it seemed like a “safe” thing to find out if that camera was left with the default password on purpose. Searching for a contact number led to a site that was potentially under attack and resulted in a “privacy error.” Peachy. Then I had two things to relay, but no one answered the phone. After finding another contact number and discussing both issues at length, I was told to call the Pentagon! Holy cow and yikes!

MITM attack Chrome privacy warning Chrome privacy warning

About six hours into trying to help people, I was used to talking to the manager of establishments and explaining the issue. During a call to a pizza chain place, the manager confirmed the distinct views from eight channels of cameras before things got ugly.

Managers, don’t shoot the messenger; a person out to hurt you might dig into a Linux box with root, but no exploit or hacking is needed to view the surveillance footage of your unsecured cameras! It’s exceedingly rude to yell or accuse a Good Samaritan of “hacking” you. If your cameras are AVTech and admin is both username and password, or Hikvision “secured” with the defaults of admin and 12345, then you need to change that. Or don’t and keep live streaming on a Russian site.

Unsecured security camera with 16 channels insecam

After an exasperating day of good intentions not being enough to help folks, hopefully raising awareness will help. It would be great if these manufacturers would start wrapping the boxes in tape that yells, Be sure to change the default password! In some security camera models, no password is even required.

If you don’t recall your username/password combo, then download the manual of your camera model, reset the device like you would a wireless router, and aim for a strong password to truly provide security this time. This might be a good place to start for support or manuals for Foscam, Linksys, AVTech, Hikvision, Panasonic, but some of the unsecure security cams are simply listed as IP cameras.

I don’t know what else to do if the FTC doesn’t again bring the hammer down on companies that don’t do enough to stop people from having their lives invaded. Take the issue and manufacturer names to Craigslist to try and get the attention of people in specific towns? But that would simply point back to the site and open even more people to having their privacy invaded.

Mostly, it falls on us, dear security-conscious readers, to nudge our not-so-techy friends and remind our families how very important it is to set strong passwords on security cameras unless they want to give the whole world a free pass to watch inside their homes.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

IBM’s chip business sale gets national security scrutiny

GlobalFoundries is already talking over security issues with the U.S. government

IBM’s plan to transfer its semiconductor manufacturing business to GlobalFoundries faces a government review over national security implications. It has the potential of being complicated because of IBM’s role as a defense supplier.

GlobalFoundries is based in the U.S., but is owned by investors in Abu Dhabi, which is part of the United Arab Emirates (U.A.E.). IBM is paying the firm $1.5 billion to take over its semiconductor manufacturing operations. IBM says it isn’t cutting back on R&D or its design of semiconductors, but will rely on GlobalFoundries for manufacturing.
MORE ON NETWORK WORLD: 25 crazy and scary things the TSA has found on travelers

IBM’s semiconductor manufacturing unit work includes production of components used in defense systems and intelligence.

“We are in discussions with the U.S. government on the security-related issues, and we believe there are solutions that can address national security interests,” Jason Gorss, GlobalFoundries spokesman, said in an email.

Gorss points to the fact that GlobalFoundries successfully completed a national security review by the government when it purchased AMD assets in 2008, “so we are familiar with the process.” GlobalFoundries was created out that divestiture.

Because of the foreign ownership issue, the sale will be reviewed by the Committee on Foreign Investment (CFIUS), said Gorss.

Retired U.S. Army Brig. Gen. John Adams, who authored a report last year for an industry group about U.S. supply chain vulnerabilities and national security, said the sale “needs to be closely studied and scrutinized.”

Adams said CFIUS will have to look at where the investors are. Some countries are more closely aligned with the U.S. than others, “and I don’t want cast aspersions unnecessarily on Abu Dubai — but they’re not Canada,” he said. “I think that the news that we may be selling part of our supply chain for semiconductors to a foreign investor is actually bad news.”

Gorss points out that the U.A.E. has purchased some of the U.S.’s most sophisticated defense equipment, including F-16s and missile defense systems. The Congressional Research Service, in a report last month to lawmakers, said about 5,000 U.S. military personnel are stationed in U.A.E. and noted its role in extending the U.S.-led efforts against the Islamic State organization, or ISIS.

GlobalFoundries has manufacturing operations in New York, Germany, and Singapore and it would keep operating IBM’s chip making operations in New York and Vermont once the sale is completed next year. It also plans to hire nearly all the workers. GlobalFoundries also has R&D, design, and customer support operations in the U.S., Singapore, China, Taiwan, Japan, Germany and the Netherlands.

Apart from the U.A.E.’s investment in the firm, U.S. officials have had long-standing concerns about foreign ownership of critical technology, including semiconductors.

In 2003, the U.S. Department of Defense called for a “Defense Trusted Integrated Circuit Strategy” that provides access “to trusted suppliers of critical microcircuits used in sensitive defense weapons, intelligence, and communications systems.”

That led to a pilot program with the NSA and formation of the “Trusted Access Program Office” and then to “a contractual arrangement with the IBM Corp., for the manufacture of leading-edge microelectronic parts in a trusted environment,” according to a Defense Department report released in July.

If the U.S. loses more of its industrial capacity, “we mortgage our ability to make national security decisions to investors who come from countries who have interests opposed to ours,” said Adams.

To give an example of how extreme foreign dependences can go, one problem cited in Adam’s report was the U.S. reliance on a Chinese firm as the sole source for a chemical needed to propel Hellfire air-to-surface missiles. Since that report, the U.S. has identified an American company that is scheduled now to begin production of this propellant component in the next few months. The U.S. is giving some tax incentives and other assistance to make that happen, said Adams.

The U.A.E., has seen its trade suffer because of the embargo with Iran. But the U.A.E is also viewed as a conduit for technology shipments to Iran that bypass the embargo.

In late 2007, Iran claimed to have built a small Linux supercomputer using 216 AMD Opteron chips. Imports of microprocessors and other technologies to Iran isn’t allowed under the U.S. embargo.

The Iranian High Performance Computing Research Center (IHPCRC) research center included a series of photographs on its Web site showing workers assembling the supercomputer. The chips could not be identified in the photos, but the shipping boxes and the name of company and the initials U.A.E. on the boxes were visibile.

AMD said it has never authorized any shipment of its products to the U.A.E., and said so again in a response to an SEC query2009.

It’s unclear how capable Iran’s supercomputing capabilities are at this point; Iran’s Amirkabir University of Technology, the home of the IHPCRC, had in 2010 a system with 4,600 CPUs, but it did not identify the processor maker.

After Computerworld published the initial story, Iran removed the photographs. The website of IHPCRC appears to have disappeared as well, replaced by a web page about acne medication.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Gartner: IT careers – what’s hot?

Do you know smart machines, robotics and risk analysis? Gartner says you should

ORLANDO— If you are to believe the experts here a the Gartner IT Symposium IT workers and managers will need to undergo wide-spread change if they are to effectively compete for jobs in the next few years.

How much change? Well Gartner says by 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders will need to develop new hiring practices to recruit for the new nontraditional IT roles.

“Our recommendation is that IT leaders have to develop new practices to recruit for non-traditional IT roles…otherwise we are going to keep designing things that will offend people,” said Daryl Plummer, managing vice president, chief of Research and chief Gartner Fellow. “We need more skills on how to relate to humans – the people who think people first are rare.”

Gartner intimated within large companies there are smaller ones, like startups that need new skills.

“The new digital startups in your business units are thirsting for data analysts, software developers and cloud vendor management staff, and they are often hiring them fast than IT,” said Peter Sondergaard, senior vice president and global head of Research. “They may be experimenting with smart machines, seeking technology expertise IT often doesn’t have.”

So what are the hottest skills? Gartner says right now, the hottest skills CIOs must hire or outsource for are:
Mobile
User Experience
Data sciences

Three years from now, the hottest skills will be:
Smart Machines (including the Internet of Things)
Robotics
Automated Judgment
Ethics

Over the next seven years, there will be a surge in new specialized jobs. The top jobs for digital will be:
Integration Specialists
Digital Business Architects
Regulatory Analysts
Risk Professionals


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Biggest, baddest, boldest software backdoors of all time

These 12 historically insidious backdoors will have you wondering what’s in your software — and who can control it

The boldest software backdoors of all time

It’s always tough to ensure the software you’re using is secure, but it’s doubly difficult if the creators of the software — or some malicious unknown third party — has surreptitiously planted a back way in.

Here’s a look at 12 of the trickiest, subtlest, and nastiest software backdoors found in the wild yet.

Back Orifice
Far from being the first backdoor, Back Orifice brought backdoor awareness to a wider audience. Created in 1998 by folks from the Cult of the Dead Cow hacker collective, Back Orifice allowed computers running Microsoft Windows to be controlled remotely over a network (and cleverly played off the name of Microsoft BackOffice Server, a precursor to Windows Small Business Server).

Back Orifice was devised to demonstrate deep-seated security issues in Microsoft Windows 98, and so it sported such features as being able to hide itself from the user — something that endeared it to a generation of black hat hackers because it could be used as a malicious payload.

The DSL backdoor that wouldn’t die
Having a backdoor in your hardware product is bad enough; promising to fix it and then only covering up its existence is even worse. But that’s what happened at the end of 2013 with a number of DSL gateways that used hardware made by Sercomm, all of which sported a manufacturer-added backdoor on port 32764. A patch was later released in April 2014 to fix the problem, but the “fix” only concealed access to the port until a specially crafted packet (a “port knock”) was sent to reveal it. We’re still waiting for a real fix.

The PGP full-disk encryption backdoor
Here’s one for the “not a backdoor, but a feature” department: PGP Whole Disk Encryption, now marketed by Symantec, allows an arbitrary static password to be added to the boot process for an encrypted volume. (By default the password expires the first time it’s used.) When first unearthed in 2007, PGP replied that other disk-encryption products had similar functionality, although the lack of public documentation for the feature was unnerving. At least now we know it’s in there, but the jury’s still out on whether it should be there to begin with.

Backdoors in pirated copies of commercial WordPress plug-ins
WordPress may be one of the most popular and powerful blogging and content management systems out there, but its track record on security leaves a lot to be desired. Some of the sneakiest breaches have come by way of pirated copies of premium plug-ins surreptitiously patched to include backdoors, at least one of which was obfuscated so well that expert WordPress users might have trouble detecting it.

Yet another reason to avoid pirated software (as if you needed any more).

The Joomla plug-in backdoor
WordPress isn’t the only major CMS that’s experienced backdoor issues with plugins. Joomla installations have been victimized in a similar way — for instance, via a free plug-in, the code of which was apparently modified after the fact.

Such sneak attacks are generally performed as a means for getting back into a website that’s been hacked because few think twice about checking whether a CMS plug-in was the point of entry of an attack.

The ProFTPD backdoor
ProFTPD, a widely used open source FTP server, nearly had a backdoor planted in it as well. Back in 2010, attackers gained access to the source code hosting server and added code which allowed an attacker to spawn a root shell by sending the command “HELP ACIDBITCHEZ.” Irony abounded in this case: The attackers used a zero-day exploit in ProFTPD itself to break into the site and plant the malicious code!

The Borland Interbase backdoor
This one’s guaranteed to raise hairs. From 1994 through 2001, Borland (later Inprise) Interbase Versions 4.0 through 6.0 had a hard-coded backdoor — one put there by Borland’s own engineers. The backdoor could be accessed over a network connection (port 3050), and once a user logged in with it, he could take full control over all Interbase databases. The kicker, and a sign of some strange programmer humor at work, was the credentials that were used to open the backdoor. Username: politically. Password: correct.

The Linux backdoor that wasn’t
Back in 2003, someone attempted to insert a subtle backdoor into the source code for the Linux kernel. The code was written to give no outward sign of a backdoor and was added to the Linux source by someone who broke into the server where the code was hosted.

Two lines of code were changed — something that might have breezed past most eyes. Theoretically, the change could have allowed an attacker to give a specific, flagged process root privileges on a machine. Fortunately, the backdoor was found and yanked when an automatic code audit detected the change. Speculation still abounds about who might have been responsible; perhaps a certain three-letter agency that asked Linus Torvalds to add backdoors to Linux might know.

The tcpdump backdoor
One year before someone tried to backdoor the Linux kernel, someone tried to sneak a backdoor into a common Linux (and Unix) utility, tcpdump. A less stealthy hack than the Linux one — the changes were fairly obvious — it added a command-and-control mechanism to the program that could be activated by traffic over port 1963. As with the Linux backdoor, it was added directly to the source code by an attacker who broke into the server where the code was hosted. As with the Linux backdoor attempt, it was quickly found and rooted out (no pun intended).

The tcpdump backdoor
One year before someone tried to backdoor the Linux kernel, someone tried to sneak a backdoor into a common Linux (and Unix) utility, tcpdump. A less stealthy hack than the Linux one — the changes were fairly obvious — it added a command-and-control mechanism to the program that could be activated by traffic over port 1963. As with the Linux backdoor, it was added directly to the source code by an attacker who broke into the server where the code was hosted. As with the Linux backdoor attempt, it was quickly found and rooted out (no pun intended).

The NSA’s TAO hardware backdoors
Never let it be said that the NSA doesn’t have some clever tricks up its sleeve. Recent revelations about its TAO (Tailored Access Operations) program show that one of the NSA’s tricks involves intercepting hardware slated for delivery overseas, adding backdoors to the device’s firmware, and then sending the bugged hardware on its merry way. Aside from network gear, the NSA also apparently planted surveillance software in the firmware for various PCs, and even in PC peripherals like hard drives.

The Windows _NSAKEY backdoor that might have been
Speaking of the NSA, in 1999 researchers peered into Windows NT 4 Service Pack 5 and found a variable named _NSAKEY with a 1024-bit public key attached to it. Speculation ran wild that Microsoft was secretly providing the NSA with some kind of backdoor into encrypted data on Windows or into Windows itself. Microsoft denied any such activity, and security expert Bruce Schneier also doubted anything nefarious was going on. But rumors have swirled ever since concerning unpluggable backdoors into Windows.

The dual elliptic curve backdoor
Yet another from the NSA, and perhaps the sneakiest yet: a deliberate, stealthy weakening of a random number generator commonly used in cryptography. Theoretically, messages encrypted with the Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) standard, ratified by NIST, had a subtle weakness that could allow them to be decrypted by an attacker. Only after Edward Snowden leaked internal NSA memos did it come to light that said agency had manipulated the approval process for the standard to allow the backdoor to remain in the algorithm. Fortunately, plenty of other random number generators exist, and NIST has since withdrawn its recommendations for Dual_EC_DRBG. Small wonder people speculate what else the NSA may have hidden up its (and other peoples’) sleeves.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Gartner: Top 10 strategic predictions for businesses to watch out for

For a session that is high-tech oriented, this year’s Gartner strategic predictions were decidedly human.

That is to say many were related to increasing the customer’s experience with technology and systems rather than the usual techno-calculations.
Gartner 2014

“Machines are taking an active role in enhancing human endeavors,” said Daryl Plummer is a managing vice president, chief of Research and chief Gartner Fellow. “Our predictions this year maybe not be directly tied to the IT or CIO function but they will affect what you do.”

Plummer outlined the following predictions and a small recommendation as to what IT can do to prepare for the item. Read on:

1. By 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders — need to develop new hiring practices to recruit for the new nontraditional IT roles.

2. By 2017, a significant disruptive digital business will be launched that was conceived by a computer algorithm. CIOs must begin to simulate technology-driven transformation options for business.

3. By 2018, the total cost of ownership for business operations will be reduced by 30% through smart machines and industrialized services. CIOs must experiment with precursor “almost smart machine” technologies and phantom robotic business process automation. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor.

4. By 2020, developed world life expectancy will increase by 0.5 years due to widespread adoption of wireless health monitoring technology. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor

5. By year-end 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants. Apple’s Siri is a type of assistant, but many online vendors offer some sort of software-assist that you may or may not be aware of. Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. By the end of 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants.

6. By 2017, U.S. customers’ mobile engagement behavior will drive U.S. mobile commerce revenue to 50% of U.S. digital commerce revenue. Recommendation: Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. Mobile marketing teams investigate mobile wallets such as Apple’s Passbook and Google Wallet as consumer interest in mobile commerce and payments grows.

7. By 2016, 70% of successful digital business models will rely on deliberately unstable processes designed to shift as customer needs shift. CIO need to create an agile, responsive workforce that is accountable, responsive, and supports your organizational liquidity.

8. By 2017, more than half of consumer product and service R&D investments will be redirected to customer experience innovations. Consumer companies must invest in customer insight through persona and ethnographic research.

9. By 2017, nearly 20% of durable goods e-tailers will use 3D printing to create personalized product offerings. CIOs, product development leaders, and business partners—evaluate gaps between the existing “as is” and future “to be” state (process, skills, and technology.)

10. By 2018, retail businesses that utilize targeted messaging in combination with internal positioning systems (systems that know you are in or near a store) will see a 20% increase in customer visits. CIOs must help expand good customer data to support real-time offers.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

7 killer open source monitoring tools

Network and system monitoring is a broad category. There are solutions that monitor for the proper operation of servers, network gear, and applications, and there are solutions that track the performance of those systems and devices, providing trending and analysis. Some tools will sound alarms and notifications when problems are detected, while others will even trigger actions to run when alarms sound. Here is a collection of open source solutions that aim to provide some or all of these capabilities.

Cacti
Cacti is a very extensive performance graphing and trending tool that can be used to track just about any monitored metric that can be plotted on a graph. From disk utilization to fan speeds in a power supply, if it can be monitored, Cacti can track it — and make that data quickly available.

Nagios
Nagios is the old guard of system and network monitoring. It is fast, reliable, and extremely customizable. Nagios can be a challenge for newcomers, but the rather complex configuration is also its strength, as it can be adapted to just about any monitoring task. What it may lack in looks it makes up for in power and reliability.

Icinga
Icinga is an offshoot of Nagios that is currently being rebuilt anew. It offers a thorough monitoring and alerting framework that’s designed to be as open and extensible as Nagios is, but with several different Web UI options. Icinga 1 is closely related to Nagios, while Icinga 2 is the rewrite. Both versions are currently supported, and Nagios users can migrate to Icinga 1 very easily.

NeDi
NeDi may not be as well known as some of the others, but it’s a great solution for tracking devices across a network. It continuously walks through a network infrastructure and catalogs devices, keeping track of everything it discovers. It can provide the current location of any device, as well as a history.

NeDi can be used to locate stolen or lost devices by alerting you if they reappear on the network. It can even display all known and discovered connections on a map, showing how every network interconnect is laid out, down to the physical port level.

Observium
Observium combines system and network monitoring with performance trending. It uses both static and auto discovery to identify servers and network devices, leverages a variety of monitoring methods, and can be configured to track just about any available metric. The Web UI is very clean, well thought out, and easy to navigate.

As shown, Observium can also display the physical location of monitored devices on a geographical map. Note too the heads-up panels showing active alarms and device counts.

Zabbix
Zabbix monitors servers and networks with an extensive array of tools. There are Zabbix agents for most operating systems, or you can use passive or external checks, including SNMP to monitor hosts and network devices. You’ll also find extensive alerting and notification facilities, and a highly customizable Web UI that can be adapted to a variety of heads-up displays. In addition, Zabbix has specific tools that monitor Web application stacks and virtualization hypervisors.

Zabbix can also produce logical interconnection diagrams detailing how certain monitored objects are interconnected. These maps are customizable, and maps can be created for groups of monitored devices and hosts.

Ntop
Ntop is a packet sniffing tool with a slick Web UI that displays live data on network traffic passing by a monitoring interface. Instant data on network flows is available through an advanced live graphing function. Host data flows and host communication pair information is also available in real-time.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

First Look: BlackBerry Passport

BlackBerry does an about-face, back towards its enterprise roots.

So BB 10 didn’t work out so well, did it?
Which helps explain why, with the new Passport smartphone, BlackBerry is ditching the years-late emphasis on competing for consumers and refocusing on the enterprise users on which the company was built. The Passport is uniquely focused on being a device for work first and personal stuff second – take a look at how it’s turned out.

It’s hip to be square
We’re just not used to square screens anymore, are we? I think the last one I used was on a flip-phone, circa about 2005. So in a sense, BlackBerry’s not putting the Passport in great company there. Given that this screen is 4.5 inches and boasts 1440×1440 resolution, though, it’s probably OK.

Big in Canada
It’s a big device, there’s no getting around that – as the name suggests, it’s the size of a U.S. passport. That said, it’s no more outsized than other recently released phablets like the Samsung Galaxy Note 4 or the iPhone 6 Plus.

Of course it has a keyboard
It’s a new design, and it incorporates some intriguing touchpad functionality, like swiping to select auto-suggest entries. And it’s a business-focused BlackBerry device – of course it has a physical keyboard.

A voice search thingy!
One of many catch-up boxes checked by the Passport, the new voice search functionality appears to work more or less the same way as Siri/Cortana/Google Voice search, et al.

Blend
The impressive BlackBerry Blend system provides an app that can run on other mobile devices, as well as on desktops and laptops, that brings files and messages from the Passport to whichever device you happen to be using at the time, and segregates them into personal and enterprise spaces.

Some apps
BlackBerry bolsters its own somewhat limited app offerings with access to the Amazon App Store, which provides a larger selection of Android apps for use on the Passport.

Under the hood
The Passport’s specs bring it into line with the latest Androids and iPhones – a 2.2GHz, quad-core Snapdragon processor, 3GB of RAM, a 13MP camera with optical image stabilization and 32GB of on-board storage, with a microSD slot for expandability. It’s also got a big 3450 mAh battery, which BlackBerry was eager to talk up.

The nitty-gritty
The Passport goes on sale tomorrow from Amazon and BlackBerry directly, for $600 unlocked. It’ll be available on-contract from as-yet unspecified carriers for about $250, BlackBerry said.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

 

10 Hot Internet of Things Startups

As Internet connectivity gets embedded into every aspect of our lives, investors, entrepreneurs and engineers are rushing to cash in. Here are 10 hot startups that are poised to shape the future of the Internet of Things (IoT).

As Internet connectivity gets embedded into everything from baby monitors to industrial sensors, investors, entrepreneurs and engineers are rushing to cash in. According to Gartner, Internet of Things (IoT) vendors will earn more than $309 billion by 2020. However, most of those earnings will come from services.

Gartner also estimates that by 2020, the IoT will consist of 26 billion devices. All of those devices, Cisco believes will end up dominating the Internet by 2018. You read that right: In less time than it takes to earn a college degree (much less time these days), machines will communicate over the Internet a heck of a lot more than people do.
MORE ON NETWORK WORLD: 12 most powerful Internet of Things companies

With the IoT space in full gold-rush mode, we evaluated more than 70 startups to find 10 that look poised to help shape the future of IoT.

Note: These 10 are listed in alphabetical order and are not ranked.
1. AdhereTech

What they do: Provide a connected pill bottle that ensures patients take their medications.

Headquarters: New York, N.Y.

CEO: Josh Stein. He received his MBA from Wharton in 2012, and, before that, he worked for a number of successful startups in New York City, including Lot18, PlaceVine and FreshDirect.

Why they’re on this list: There are plenty of companies trying to cash in on IoT by tethering it to healthcare. Let’s call it the Internet of Health (IoH). What’s impressive about AdhereTech, though, is that it focuses on a discrete problem and knocks it out of the park with its solution. It’s simple and smart.

Prescription adherence — sticking to your prescribed medication regimen — is one of the biggest problems plaguing medicine. Current levels of adherence are as low as 40 percent for some medications. Poor adherence to appropriate medication therapy has been shown to result in complications, increased healthcare costs, and even death. Medication adherence for patients with chronic conditions, such as diabetes, hypertension, hyperlipidemia, asthma and depression, is an even more significant problem, often requiring intervention.

According to AdhereTech, of all medication-related hospital admissions in the United States, 33 to 69 percent are related to poor medication adherence. The resulting costs are approximately $100 billion annually, and as many as 125,000 deaths per year in the U.S. can be attributed to medication non-adherence.

AdhereTech’s pill bottle seeks to increase adherence and reduce the costs associated with missed or haphazard medication dosage. The bottle uses sensors to detect when one pill or one liquid milliliter of medication is removed from the bottle. If a patient hasn’t taken his/her medication, the service reminds them via phone call or text message, as well as with on-bottle lights and chimes. The company’s software also asks patients who skip doses why they got off schedule. In addition to helping people remember, AdhereTech aggregates data anonymously to give a clearer picture of patient adherence overall to pharmaceutical companies and medical practitioners.

Customers: AdhereTech has trials running with Boehringer Ingelheim for a TBD medication, The Walter Reed National Military Medical Center for type 2 diabetes medication and Weill Cornell Medical College for HIV medication.

Competitive Landscape: Vitality GlowCap is the most direct competitor for AdhereTech. Other less direct competitors include RXAnte, an analytics company that helps to identify patients most at risk for falling off their prescription regimen, and Proteus Digital Health, which puts tiny digestible sensors inside of pills to give doctors a clearer picture of patient compliance.

 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Popular Android apps fail basic security tests, putting privacy at risk

Instagram and Grindr stored images on their servers that were accessible without authentication, study finds

Instagram, Grindr, OkCupid and many other Android applications fail to take basic precautions to protect their users’ data, putting their privacy at risk, according to new study.

Data integration is often underestimated and poorly implemented, taking time and resources. Yet it
Learn More

The findings comes from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), which earlier this year found vulnerabilities in the messaging applications WhatsApp and Viber.

This time, they expanded their analysis to a broader range of Android applications, looking for weaknesses that could put data at risk of interception. The group will release one video a day this week on their YouTube channel highlighting their findings, which they say could affect upwards of 1 billion users.

“What we really find is that app developers are pretty sloppy,” said Ibrahim Baggili, UNHcFREG’s director and editor-in-chief of the Journal of Digital Forensics, Security and Law, in a phone interview.

The researchers used traffic analysis tools such as Wireshark and NetworkMiner to see what data was exchanged when certain actions were performed. That revealed how and where applications were storing and transmitting data.

Facebook’s Instagram app, for example, still had images sitting on its servers that were unencrypted and accessible without authentication. They found the same problem in applications such as OoVoo, MessageMe, Tango, Grindr, HeyWire and TextPlus when photos were sent from one user to another.

Those services were storing the content with plain “http” links, which were then forwarded to the recipients. But the problem is that if “anybody gets access to this link, it means they can get access to the image that was sent. There’s no authentication,” Baggili said.

The services should either ensure the images are quickly deleted from their servers or that only authenticated users can get access, he said.

Many applications also didn’t encrypt chat logs on the device, including OoVoo, Kik, Nimbuzz and MeetMe. That poses a risk if someone loses their device, Baggili said.

“Anyone who gets access to your phone can dump the backup and see all the chat messages that were sent back and forth,” he said. Other applications didn’t encrypt the chat logs on the server, he added.

Another significant finding is how many of the applications either don’t use SSL/TLS (Secure Sockets Layer/Transport Security Layer) or insecurely use it, which involves using digital certificates to encrypt data traffic, Baggili said.

Hackers can intercept unencrypted traffic over Wi-Fi if the victim is in a public place, a so-called man-in-the-middle attack. SSL/TLS is considered a basic security precaution, even though in some circumstances it can be broken.

OkCupid’s application, used by about 3 million people, does not encrypt chats over SSL, Baggili said. Using a traffic sniffer, the researchers could see text that was sent as well as who it was sent to, according to one of the team’s demonstration videos.

Baggili said his team has contacted developers of the applications they’ve studied, but in many cases they haven’t been able to easily reach them. The team wrote to support-related email addresses but often didn’t receive responses, he said.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Go to Top