A Big Step Forward In Creating A Cloud Marketplace

Lots of great news starting to come out of VMworld 2011 in Las Vegas.

Technically, I'm supposed to be there right now, but we had this hurricane come through ...
Metaphorically speaking, though, a hurricane isn't a bad analogy for describing the impact of this important event.

The scope of VMworld has expanded far beyond the initial boundaries of server virtualization and pulled in all sorts of adjacent disciplines: cloud, IT transformation, application transformation, next-gen user experience as well as all sorts of related technologies: servers, storage, security, backup, orchestration and management ... it's perhaps the most compelling cross-section of advanced IT thinking in the industry.

And one of the first blockbluster announcements from VMware concerns signficant and meaningful progress towards establishing a marketplace of compatible service providers, based around VMware technologies.

Choices Are Good, Aren't They?
Enterprise hybrid clouds are all about choice -- having flexible options down the road.
One key choice is getting to decide what runs in your own environment, and what runs in a service provider setting.  This isn't your father's outsourcing, it's a world where you can go into (and out of!) an external provider with far less friction than before.

Embrace virtualization, and you'll have far more many of these choices than if you don't.
Going farther, it''d be better if those same external service providers offered infrastructure and operational control mechanisms that were similar to the ones you used internally.
That's part of the motivation behind VCE and Vblocks -- giving customers flexible consumption options for standardized infrastructure: buy, rent or any combination that suits you.
When you deconstruct the recent announcement from VMware, you'll find a lot to like in support of this model:

• "Global Connect" -- a ready pool of compatible service providers that are ostensibly using the exact same technology and operational model for key parts of the upper-level orchestration stack.  VMware says they'll certify these service providers going forward -- something I'll be looking forward to getting more details on as they become available.
• A new version of the VMware Cloud Connector (1.5) that does reliable data transfer to and from an external service provider.  EMC is doing a lot of work with VPLEX around this environment to turbocharge this essential capability -- no specific announcements today, but plenty of cool demos at the show :)
• SP partner announcements around a key use case (remote recovery) using VMware's Site Recovery Manager (SRM) in conjunction with these other technologies.
• A new customer portal to learn about these compatible service providers: who they are and what they do (vcloud.vmware.com -- not up yet as of this writing)

Enterprising service providers seem to have lost no time in getting on-board early.  The VCE SPs are in an excellent position to move forward here, see this example from CSC.
 I'm sure we'll see many more signing up to the program before too long.
The Win For Customers -- And Service Providers
Cloud -- at its essence -- is an industry transition to an IT-as-a-service model.  IT organizations deliver an attractive and competitive portfolio of IT services to their organizations, regardless of whether the service is sourced internally or externally.

If we step outside of IT for a moment, you'll see most of today's economy organized around vast marketplaces of service producers and service consumers -- with many, many attractive choices for the consumer.

Open competition is the norm: there are few barriers to entry or exit -- both for the providers and their consumers.  Service providers have to be on their game and provide something of unique value, otherwise they get quickly commoditized.  Customers (service consumers) benefit greatly by the increased competition.

What we're seeing here is the emergence of a familiar concept in a new domain -- an open marketplace of compatible service providers, each openly competing for business using similar technologies and operational models.

Compare this model against the more familiar uber-cloud model from Amazon and others: a single set of services, a single consumption model, high costs associated with exit, etc.
By comparison, I think VMware's model is going to win in the long term for a simple reason: the bigger the compatible marketplace, the more attractive it becomes for all players.

Darwinian capitalism at work :)
  
By: Chuck Hollis

When Virtualization Changed Databases

Inexorably, virtualization is changing how we think about every aspect of IT.
It’s already vastly changed how we think about physical IT infrastructure: servers, storage and network.

From static allocations to dynamic pools of resources – without VMware’s popularity, we really wouldn’t be talking much these days about cloud and transforming to IT to a service.
But what about databases and data management?  

Clearly, many of these technologies haven’t made the transition to the new model.  At best, we've only been able to encapsulate and containerize legacy databases using virtual infrastructure vs. revisiting how databases might intelligently work in this new model.

How do we get databases to intelligently use dynamic resources?  How do we deliver database as a service?  And how do we make databases as easy to consume as other forms of infrastructure?
Today, VMware announced their first foray into this new (and important) realm by announcing the new vFabric Data Director.

And many of us think this is very big news indeed.

Today’s Databases Were Designed For A Physical World
The more you look, the more you realize that the vast majority of databases in use today were designed to operate in the physical world, and not the virtual one.  And that’s far from ideal.
One immediate example is the lack of dynamic resource utilization.  All databases use precious resources: memory, CPU and storage.  Even though most database workloads are extremely variable, the vast majority of databases expect a big, fat over-allocation of these resources – they’re not smart enough to request more when they need it, and give it back when they don’t.

Any “virtualized” database should be smart about the environment it’s running in – smart enough to request and release resources as circumstances change.

Another example is the absence of integrated provisioning using standard templates and workflows.
Today, provisioning infrastructure can be dead simple on something like a Vblock: the administrator defines standard infrastructure services and templates, and creates or changes resource instances using a very high level of automation.
This isn’t true for provisioning new database instances – it’s still mostly a manual process that requires hands-on work by an important and scarce resource – the database administrator.   Any “virtualized” database should be as easy to provision as a virtual machine.

A final example might be the need for self-service portals.  In the infrastructure world, using products like vCloud Director, it’s easy for administrators to expose resources to anyone at all: other IT groups, even end users.  A simple portal explains your choices, collects your details, and gives you what you want: typically with little or no human intervention.

More importantly, the system administrator is additionally armed with powerful tools that help manage the pool of resources: allocation, service levels, and so on.  Again, if we’re talking fully virtualized databases, the same generic model should apply.

Consuming a new instance of a database should be as conceptually simple as consuming a virtual machine.  And managing pools of databases ought to be as straightforward as managing pools of virtual machines.

Ideally, virtualized databases would support dynamic resource usage, integrated provisioning and self-service pooled consumption models.  But, outside of a few exceptions, that’s not the case today.

Dynamic Resource Usage
One of the first things that leaps out of the announcement is the virtual enhancements the VMware team has made to the popular PostgreSQL database.  At the outset, a “balloon driver” is able to request and release memory based on changing circumstances.  The same sort of capability seems to be there for GemFire.  The announcement is pretty clear: more options coming over time.
Extending this idea a bit, it would be logical to assume that – eventually – this concept could include to storage performance (perhaps using a variety of mechanisms that are extensions of VAAI: linked clones, Storage vMotion and/or storage service pools) --  creating and releasing additional database storage instances (or perhaps relocating them to different storage tiers) thereby increasing or decreasing performance.  The same expand/contract potential exists for dynamically using virtual or physical cores.

I have observed that massive over-provisioning seems to be the accepted norm in the database world: overprovisioning on memory, overprovisioning on storage performance, and overprovisioning on CPU.

Wouldn’t it be wonderful if databases were smart enough to take what they needed to meet changing service level requirements, and no more?  If they had the same elastic properties as other portions of the infrastructure?

That's the goal here.

Integrated Provisioning
Everyone who has had the pleasure of doing physical server provisioning knows all of the sequential, labor-intensive and occasionally error-prone steps involved.

Indeed, anyone who’s working in a fully integrated virtualized environment (such as a Vblock using UIM) probably doesn’t want to go back to the old way of doing things anytime soon.
Indeed, in these new environments, valuable system administrator time is now spent on more worthwhile, higher-order tasks vs. the drudgery of before.

The database administrator in many regards is no different – their time is important as well, and they could greatly benefit from the same sorts of capabilities: far less time doing sequential, labor-intensive and occasionally error-prone grunt work; and far more time tackling the more interesting challenges and opportunities.

I haven’t had the opportunity to look at the new vFabric Data Director in gory detail, but from what I can see from the overviews, there appear to be the same sort of templates and automated workflow concepts you see in virtualized server provisioning workflows.

Ease Of Consumption
 Today’s pooled and virtualized environments are designed to be easy to consume -- that's what the whole "as a service" thing is about.  

Popular request types can be easily exposed on a portal, and people can get what they need with an absolute minimum of human intervention.  Behind that, resource administrators now have powerful tools that help manage and control the pooled environment in aggregate.No such luck for most of the database world today.

Getting (or changing) a database instance almost always involves tracking down a database administrator and asking them to do something on your behalf.  And, while database administrators have the tools to manage individual database instances, there’s not much out there that addresses their need to manage and control hundreds or thousands of database instances being delivered as a service.
That changes with the new vFabric Data Director.

Digging Deeper
I think once the novelty wears off, most IT thinkers will realize a few simple truths.
First, there’s a big and obvious problem to be solved here.  

I routinely meet customers who have hundreds and occasionally thousands of database instances swirling around their environment.  Telling people not to create new databases just means they’ll go elsewhere.  Not good.

And no one has the stomach for a massive “gee, let’s go consolidate a bunch of existing databases into a single humungous instance” project.  At least, not twice :)

The only viable approach for many?  Use virtualization techniques to lessen resource usage, control service delivery and manage the pool of database instances more efficiently.  Just like you do server instances.

Second, while the technology is capable of supporting demanding workloads, that’s not where it’s going to be used first.  Just as with server virtualization, the most appealing initial target will be non-critical database workloads vs. the big hairy stuff.   Make no mistake, that too will come -- in time.
Third, the underlying hybrid cloud model is extremely relevant here.  If you think for a moment about external database and PaaS offeirngs (e.g. AWS, Azure, et. al.) there’s only one consumption option for each: their particular service.  Easy to get in to, somewhat more difficult to get out of …
Compare and contrast this with the vFabric Data Director approach where you’re free to set it up internally, use any number of compatible external service providers, or any particular combination that suits you.

Fourth, I’ve met more than a few people that are looking for a different industry model to deliver database services to the business vs. buying more of what they already have.  Here's a model that's worthy of serious consideration.

The Journey Begins
When server virtualization first become popular, the IT infrastructure world quickly segmented in to two distinct camps: those that saw the potential -- and committed to accelerating – a key industry transition, and of course those that valiantly fought the inevitable changes.

Indeed, we still talk about “server huggers” – although there are a lot less of them around these days :)
I’d expect the same thing to happen in the database world: there will be those database architects and admins that “get it”, and will passionately commit to accelerating the transition.  And there will certainly be many who will find reason after reason to keep doing things as they’ve been done before.
I expect that – before long – we’ll be using terms like “database hugger” to describe this mindset :)
If you live in this world – or are responsible for it – you might want to think of the new vFabric Data Director as a sort of gauntlet being thrown down: new options are now available to significantly change the way you do things – transforming databases from physical entities to fully virtualized ones.

And, as before, you’ll expect to see the same sort of dramatic and meaningful impacts that occurred when server environments underwent a similar transition.

Are you up for the journey?

By: Chuck Hollis

Baby Boomers Guide to Online Banking

Continuing where I left off(http://blogs.mcafee.com/consumer/gen-x-to-baby-boomers-guide-to-safely-banking-online )… McAfee recently released an online guide for Safe Virtual Banking to help users of all technical levels get the tips they need to use virtual banking with confidence. According to the guide, McAfee discovered three main personality types when it comes to online banking. I continue with the Baby Boomers which are described as:

 “Conservative And Cautious”: Over 45 years old

This group is not as familiar as younger generations with technology, and a smaller portion use online banking. They tend to be more cautious when going online, and are in fact better protected than the other groups because research shows a higher percentage has security software. However, some older Americans are vulnerable to offline scams such as automated voice messages that request financial account numbers.

My friends and family that fall in this age range are super cautious when it comes to online banking. Younger Boomers are banking online, but of the over 55 set, only 20% are banking “virtually”. The concerns I have heard range from worry that something will go wrong to not having a paper trail.
 Dave Marcus from McAfee Labs says “Most instances of banking fraud are not due to the bank’s technology being compromised, but to people unwittingly giving out their personal banking information to criminals via phishing scams and copycat sites, or their computers being infected with malware”

Luckily this group is the best protected when it comes to antivirus.  53% of 45-54 year olds use antivirus and 56% of the 55-64 year olds are protected. Well done!

Still Boomers want more information to stay safe. Use the following tips to take advantage of the convenience of banking via computer.

1. Keep your security suite up to date and set to automatically update. Run regular scans to keep your computer running well.
2. If your computer is acting funny, lots of pop-ups or running sluggish, don’t do any banking until you have it checked out. [http://home.mcafee.com/downloads/free-virus-scan ]
3. Never click on a link in an email that looks like it came from your bank. Scammers use this phishing scheme to try to get in your account. Always just open a tab and type in the bank address or use your bookmark to make sure you aren’t going to a phony site.
4. Review your bank statement every month and make sure that there aren’t any bad charges. Report any fraud immediately to your bank.
5. Use strong passwords! If you are still using the same password from your first email address when you were 8, it is time to change!  Bank passwords should be different from any other password!
6. Download SiteAdvisor. It is a free add-on that will tell you if a site is safe, might spam you or contains malware. It doesn’t protect you from viruses, but it tells you what sites you shouldn’t bother to visit.
7. Follow Mcafee on Facebook to learn about the latest threats.

Share with the Baby Boomers and Silver Surfers that you know so they can feel more comfortable using this technology. Stay safe out there!

By: Tracey Mooney

The Power of Pervasive Video

We’re having a great time in Baltimore this week at the Defense Information Systems Agency’s Customer and Industry Forum 2011 (DISA). We’ve had the opportunity to discuss telepresence with people from all across the defense industry, and we’ve learned a great deal about their innovative and enterprising communications practices.

All of these discussions of enhancing information exchange for better command and control of military operations and improving communication throughout the Defense Department highlighted, for me, the profound impact a wide video collaboration deployment can have on an agency. With telepresence connections available to all employees, business retains continuity during disruptions, teleworkers stay fully connected, and agencies fulfill their commitments to environmental sustainability, among other benefits.


We’ve also seen the direct impact pervasive video and telepresence can have on command and control. The raid that led to the capture and death of Osama bin Laden relied on video to keep all parties connected, including President Obama in Washington.

Following our time here at DISA, I anticipate seeing more interesting and inspiring uses of video collaboration and telepresence for defense operations. There is so much potential for video applications like telepresence to refine military operations, enhance collaboration on defense initiatives, and help keep the defense budget in check.

We will certainly keep you posted here about all the great ideas for and uses of telepresence we witness, and we always welcome your observations and experiences, too!

By: Kerry Best

Telepresence Primed to Optimize Multijurisdictional Emergency Response

When emergency strikes, people want answers. What’s going on, what is the safety threat, and perhaps most importantly, who’s in charge?


That last question can lead to some complicated answers when an incident occurs under multiple law enforcement jurisdictions. For example, take the pipe bomb scare in March 2010 at the Naval Postgraduate School in Monterey, California. As Corey McKenna of Emergency Management explains, several units responded—campus police, a regional bomb squad, and the local police and fire departments—but these units did not have much history of working together. A fair bit of miscommunication and chaos ensued.

Thankfully, the above scenario proved to be nothing more than a suspicious empty suitcase. But the confusion among responding parties characterizes emergency response all too often. McKenna reports that problems with multijurisdictional response include “time and grind”—hammering out the details without the guidance of capable leadership—and “relationships”—knowing the people with whom you’re working.


I don’t imagine agents and officers of different law enforcement entities have time to chat over lunch to get to know each other. But making time to discuss leadership protocols in the event of emergencies is a critical safety measure that has an impact on the entire surrounding community. What better way to facilitate this connection than through telepresence?

With telepresence, units in multiple locations can communicate at the click of a button. They can meet to set policies and procedures without leaving home base, without risking being unavailable for an urgent call. They can also quickly and efficiently share evidence through high-definition, crystal clear screen images. And, in the midst of responding to a situation, they can quickly communicate any progress they make.

This week at the Defense Information Systems Agency’s Customer & Industry Forum 2011 we’re looking at the issue of multijurisdictional response in the context of the Department of Defense. Speakers and participants are sharing best practices for exchanging critical command and control information as well as building enterprise infrastructure. We’re especially excited to hear the panel on Communications in Disasters, focused on ensuring interoperability of disaster relief communication systems. Perhaps there are new ways telepresence can help?

If you’re at the conference too, please come say hello!

By: Kerry Best

Leveraging technology to support an Accountable Care Organization initiative

It is of particular interest to me to see how technology can be leveraged to help care providers meet legislation requirements and improve care delivery and outcomes at the same time!   One of our most recent examples of how this alignment occurred was through collaboration with Saint Thomas Health as part of the MissionPoint Health Partners pilot. We have been working on this project since 2010 to bring our Cisco HealthPresence Solution to underserved communities in Tennessee. 
(http://www.cisco.com/web/strategy/healthcare/cisco_healthpresence_solution.html)

Cisco HealthPresence is one of the solutions designed to facilitate better and more regular care.
The objective is to help extend the reach of healthcare delivery, simplify healthcare communications, and connect patients with medical providers and specialists to enable examinations in a convenient and efficient manner.

Cisco HealthPresence provides a communication and collaboration platform that is designed to help a remote physician evaluate patients based on diagnostic data derived from a variety of medical devices such as a stethoscope, blood pressure cuff, pulse oximeter and other diagnostic equipment.  Each unit is staffed by an attendant trained to operate the medical devices under the instructions of the remote healthcare professional, who may be hundreds of miles away.

Our  work with Saint Thomas Health achieves this as it allows patients in areas where medical resources are scarce to receive treatment, whether it is an examination conducted via HealthPresence, or just the chance to interact with physicians.  Cisco has been working with Ascension Health for several years to make care more accessible for patients across the U.S.  And, by working with Saint Thomas Health on the MissionPoint Health Partners pilot, Cisco continues to expand its relationships with healthcare providers in the U.S. and around the globe.

Together, we developed a holistic approach to the local delivery of health care services in response to the growing demand of patients, employers and the federal government for a more integrated system that offers high quality, efficiency and accountability. (http://www.sths.com/news.php?id=363&loc=bh) The Patient Protection and Affordable Care Act calls for Medicare pilot programs to test the concept of Patient Centered Medical Homes and Accountable Care Organizations in the coming years.  Through MissionPoint Health Partners and its partners – which include insurers, brokers and employers – patients will form an ongoing relationship with their physician’s office, whose job it is to keep that patient well, through typical visits, as well as preventive services and education.  What is interesting about this collaboration with Saint Thomas is that the technology and services are creatively addressing these demands for accountability.

Payment for MissionPoint services will be based on “outcomes” — whether the patient becomes and remains healthy — instead of the number of doctor’s visits, hospital stays or procedures a patient undergoes. And Cisco HealthPresence technology will be used to provide the patients access to specialist services intended to improve the patient experience. One of the most tangible, positive aspects of bringing HealthPresence technology to this model is that patients and doctors have more ways to communicate and connect. Care is more accessible and affordable and patients and providers have improved experiences.  We would love to hear your thoughts as to how providing care at a distance or other technologies can support the requirements for an Accountable Care Organization.

By: Kathy English

In the past we have seen malicious attacks pretending to be shipment notifications from various parcel delivery services. Now the New York State DMV has become the latest “brandjacking” victim for a series of malware attacks.

Here is what the fake message looks like:



Ticket-064-211.zip is the name of the malicious attachment, and it is being identified as a variant of Trojan.FakeAV—one of the most prolific risks seen on the Internet today.  Every day, bogus antivirus and security applications are released and pushed to unsuspecting users through a variety of delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base, but presented with a different name and look, which is achieved through the use of a "skin".

Here are some of the best practices to protect yourself from malicious email attacks:

• Be selective about the websites where you register your email address.
• When entering personal or financial details online, ensure the website has SSL encryption (look for things like HTTPS, a padlock, or a green address bar).
• Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed websites. We suggest typing Web addresses directly in to the browser rather than relying upon links within your messages.
• Do not open spam messages.
• Do not reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
• Do not open unknown email attachments. These attachments could compromise your computer.
• Always be sure that your operating system is up-to-date with the latest updates and use a comprehensive security suite. For details on Symantec’s offerings, visit http://www.symantec.com.

By: Sammy Chu

News Feeds Abused by Spammers, Again!

In the past few weeks, we have observed an old spam tactic re-emerging. Spammers are again using news feed to populate the subject header of spam messages. This technique has been used in the past in the form of directory harvesting attacks to gather valid email addresses. However, these attacks usually lasted for only one or two weeks, perhaps because their goal of collecting email addresses had served its purpose. This time not only the duration longer, but they have been selective in their news agency—it is only “BBC News” at this time.

Pharmacy-related spam is employing this technique, obviously attempting to get curious readers to open up these emails.  Using different techniques, like interesting news topics in a subject line, may compel users to open a spam email. This indirectly gives spammers a chance to advertise their products and possibly sell them too. In the case of malicious attacks, it is clicking viral links or attachments to compromise and later control the user’s computer.

In this particular trend, It looks like the spammers collect a whole bunch of news items from a specific day of a week (recent attacks suggest Thursdays or Fridays) and rotate these news headlines in the subject headers of the spam emails throughout the rest of the week. Spammers are known for being unpredictable, so it won’t be surprising if they change their ways in this spam campaign as well. For example, sometimes we found them sending updated news as well. Russian domains (.ru top-level domains) and a domain name with “pills” have also been a common feature for this attack.
Here are some sample images of spam messages:




Here are some sample BBC headlines seen in the subject header last week:

• Pakistan shooting soldier to die
• China finds 22 fake Apple stores
• Man missing as tug boat capsizes
• Piracy levels 'soaring' off Benin
• British Gas to end doorstep sales
• Gunman dies at Estonian ministry

Beginning Friday this week, spammers have introduced a new lot of BBC news headlines:

• 'First pre-Roman planned town' found
• A-level passes rise for 29th year
• Afghan roadside bomb 'kills 22'
• Hackers again target transit site
• Trial ordered for Hariri suspects
• Britain in 'last-chance saloon'

We also observed that this is a part of the whole attack so we get to see usual meds subject lines as well.

Symantec has been effectively blocking these attacks from reaching user’s inboxes. However, we would still advise our users to follow best practice guidelines mentioned in our monthly Symantec Intelligence Report.

By: Mayur Kulkarni

I Think I Know You – Part 2

In 2004, Massachusetts Senator Edward “Ted” Kennedy was refused an airline boarding pass by the Transportation Security Administration (TSA) on five different occasions. Despite being from one of the most famous families in American politics, not to mention being a U.S. Senator, he still appeared on a no-fly list designed to prevent terrorists from boarding airplanes. This was a mistake; one that took three weeks to clear up. No explanation was ever publicly given. One has to assume that there was someone else, presumably a suspected terrorist, with a similar name.

 

I was reminded of that incident at Black Hat, where Alessandro Acquisti from Carnegie Mellon University presented a paper called, “Faces of Facebook: Privacy in the Age of Augmented Reality” (which is also the starting point for the first part of this series).

 

The TSA starting testing facial recognition software in 2003.  Eight years is a long time in software development. Given the advances in commercial software, if facial recognition has yet to be installed in airports, it’s not because of any technology limitation (unless we consider accuracy…more on that later.)

 

The use of facial recognition by the government goes well beyond airports and the TSA, though. And it is certainly not restricted to the United States. The South Korean government has taken photographs of over 23,000 people since 2003, and they have used facial recognition software to match them to photos and names in resident and driver registration databases.

 

Police in Vancouver reportedly used facial recognition software to try and identify people who participated in riots there this past June. No word on which was more successful, using facial recognition or finding those who boasted of their rioting skills on Facebook. Beyond this, though, Facebook played an additional role in that a Facebook page was created whereby people could post photos they took of rioters in order to help the police.

 

A tool called MORIS is soon to be released for law enforcement agencies. It’s a mobile device that will be able to scan fingerprints, irises and facial features, enabling the police to identify a suspect without even taking them back to the station. It will be sold by a private company that manages their own database.

 

The FBI is working to improve access to its fingerprint database with a project called NGI, Next Generation Identification. And they are working on an initiative that will, “also explore the capability of facial recognition technology.”

 

These are just some of the examples I was able to find with a quick Internet search. Presumably, a deeper search would reveal a great many more.

 

The promise of this sort of tool has to be very appealing to those in law enforcement. Just think of all the other ways it could be used. Say you were on the look out for terrorists or criminals trying to use identify theft to get legitimate forms of identification. A quick check of facial recognition software would not only prevent you from issuing the ID, it would also call out the cops. According to the Boston Globe, at least 34 states are using such systems to review driver’s licenses for identity theft. 

 

But what if you don’t have access to a government database of photos or of photos helpful citizens gave you, yet you want to identify someone from a picture? This is the problem. Professor Acquisti and his team tried to solve this and what they reported at BlackHat was that they could do pretty well with off-the-shelf facial recognition software and cheap webcams. Where did they get their database of photos?  Facebook, of course.

 

Facebook has an estimated 100 billion photos. Many of them are conveniently tagged with user names, and many of those are in accounts where users have left them “wide open,”—in other words, with no security that would restrict who has access to those photos. All of Acquisti’s team’s work was done using publicly available photos.

 

So what is there to worry about?  What’s wrong with being better at catching thieves and terrorists? Not a darn thing. But, this is where Ted Kennedy comes in: two people having the same name is pretty common, but few of us are as well known as Edward Kennedy was; if a mistake like that can happen with names, it’s going to happen with faces. 

 

They say no two faces are the same. But we are talking about software trying to do a very, very difficult task. There will be mistakes. In fact it didn’t take me very long to find an example. The goal of the program in Massachusetts in this example actually sounds pretty good. Nobody wants the bad guys getting their hands on legitimate driver’s licenses. And they do have a plan to correct mistakes.

 

Of course it hasn’t happened to me, so I didn’t have to go through the hassle of proving who I was. With facial recognition software, you can be guilty of looking like someone else till proven innocent.  

 

Of bigger concern is what happens when facial recognition software is used everywhere. What happens if I get refused at the ATM or get turned away at a business because I look like someone who’s stolen credit cards?  I may not even get told that it was my face that caused the problem.  If Ted Kennedy couldn’t find out why they thought he was a terrorist, what are my chances?

 

By: Kevin Haley

 

I Think I Know You

An increasing number of photo sharing and social networking sites have facial recognition software to help users identify and “tag” people in photos. I don’t have much use for this type of feature; for me looking at old photos is more about pleasant discoveries than efficient searches. But I can see where people would find it useful. Whether you like the feature or not, it does provide compelling proof that the technology, while less than perfect, is viable and cheap. After all, this feature is implemented in essentially free software.  

 

Facial recognition software is also popular with law enforcement agencies as a way to catch criminals and terrorists.  In fact, they are already using it to  catch the  bad guys. And given the ongoing investment from government(s), we are going to see facial recognition systems that are bigger, better, and faster in the coming years.  More on that in a future blog.

 

The use of facial recognition software does not stop there. Passwords can be guessed. Hardware tokens can be lost or stolen. But how about your face? There are companies creating software that use your face as the ultimate security token.

 

Like it or not, we are going to see some amazing applications of facial recognition software in the next few years. Think augmented reality (such as the Terminator, who can look at someone and have their info displayed on top of what his eyes see; we’ll just be using a smart phone, at least at first).  We’ll also see electronics that greet us by name (like the billboards in the movie “Minority Report.”)  As amazing as it sounds, we have reached a point where we need to reference (not so) old science fiction movies to comprehend our immediate future.  

 

This is our immediate future. Or maybe it’s the present. Present enough that at the BlackHat conference, Alessandro Acquisti from Carnegie Mellon University presented a paper called, “Faces of Facebook: Privacy in the Age of Augmented Reality.” (PDF)

 

You can read the paper at the link above, but to summarize: by using cheap hardware (a $35 webcam, a smart phone), they were able to identify anonymous users from a dating site, identify people walking across the CMU campus, and in some cases, figure out a person’s Social Security number using “off-the-shelf” facial recognition software. The title of the study should tell you where they got the names and photos used to match the pictures they took with their webcam.

 

While this study is somewhat proof of concept, it raises huge privacy issues. And we may not have that long to work those issues out. The study makes the point that rapid advancement have been made in facial recognition technology. Commercially available software is already very effective. Big investments have been made to push the technology forward and it’s only a matter of time before we can point our smart phones at someone and know everything about them without ever having met them. This will create dramatic changes in how we interact with each other.  I’ll leave the issue of how those changes affect us to the sociologists.  

 

As for dealing with the privacy issues this raises, I wonder if we are already too late.  

 

As with every other privacy concern that has been raised by technology advances in the last few years, many people simply will not care. They will like the fact that others will have the ability to know everything about them just by pointing a phone at them. And they won’t care that billboards will be able to identify them and call them out by name. Others won't even think about the potential implications of this type of software. It won’t be a concern for them unless and until something bad happens to them as a direct result of the technology.

 

And what about those of us with reservations about how this type of software will be used?  Are we already too late? Has the technology already far outrun our ability to control or legislate its usage?  

 

Maybe we are stuck with this technology. As with tracking cookies, stored search results, and aggregated personal information, this may just be the way of the future. What do you think? Send me a tweet at @kphaley and let me know your thoughts.

 

By: Kevin Haley

Making A Case For Cloud: Perspectives From An IT Practitioner

Despite the vast multitudes talking about cloud and leading IT transformation, there are only handfuls of people I've met who are actually doing it at significant scale.


And of those who are actually leading a large-scale IT transformation, there are few as insightful and articulate as our own Jon Peirce, VP of Global Infrastructure for EMC IT.

If you're a frequent reader of this blog, the name should be familiar -- he's basically the star in popular posts such as "From Silos To Services".

Jon has now taken pen in hand, so to speak, and authored a compelling post on his personal perspectives regarding IT transformation to an "as a service" model.
And, boy, are there are some powerful insights that are worth elaborating on.

Are Heroes Born ... Or Made?
Jon's first career was in manufacturing, during which time he witnessed the complete transformation and restructuring of the industry to today's modern and streamlined model.   I'm sure he didn't realize at the time he'd be seeing another version of the same story, only this time played out in a large-scale IT setting.

Not only is Jon leading the complete transformation of EMC's global IT infrastructure landscape, he spends an amazing amount of time in front of IT audiences who are beginning to wrestle with many of the same challenges he's faced and tackled.

One interesting side effect -- the more time you spend talking about your experiences, the more focused your opinions become, and that's what I've seen in Jon, as exemplified by this post.
Go ahead, please take a moment to read it.  That's OK, I'll wait.
(pause here)

The Rationale For IT Transformation
Jon makes it brutally clear -- from his perspective, the advent of low-cost, high-quality and extremely convenient external IT services (e.g. the public cloud), means that the traditional IT monopoly is essentially doomed: IT must be prepared to compete or suffer the consequences.
Darwinian capitalism at work :)

He shares the fundamental truth: successful business people are all about solving problems and getting results, and if they can't get what they need from internal sources, they won't hesitate to go outside.
Case closed.

I compare and contrast that with my usual talk track which is a bit more aspirational: through transformation, IT groups have potential to reposition themselves from cost centers to value generators.

I think we're both right: he sees the threat, I see the opportunity.
Together, we make a half-decent carrot-and-stick.

The New Mindset: Winning The Business
Business leaders thrive on competing for the business. You become the best at giving your customers what they want, or they will most certainly go elsewhere.

Jon's key insight is that the lack of this "competing for the business" is the essential mindset and capability is what is responsible for holding back IT transformation.

He believes (and I agree) this simple but powerful perspective shift is what completely changes how you organize IT -- more like a modern service provider, less like a traditional project-oriented physical IT shop.

He argues persuasively that the exact same technology and processes used by successful external service providers is available to any IT organization operating at meaningful scale.
There is no magic involved here.

All that appears to be lacking is the will to use the tools at hand.
Going farther, I'd add that one of the keys to competing effectively is understanding your customers' requirements better than anyone else. In that regard, shouldn't IT organizations be best positioned to compete for internal IT business?

Separating Production And Consumption
If IT aspires to be the internal service provider of choice for an enterprise, they need to get really good at producing (i.e. delivering) IT services. Jon makes the point that IT should be held accountable for competitive unit costs for service delivery, and exposing those back to the business so intelligent optimization decisions can be made -- decisions made by the business, and not IT.

He is quite correct in pointing out that IT should not be held accountable for aggregate consumption of IT services, which is so often the case in today's traditional IT world.

If you think about it, don't business leaders make intelligent choices on what they spend on in an effort to deliver objectives -- if they decide to spend more on IT because they see the value, isn't that a *desirable* state of affairs?

And I wholeheartedly agree with Jon that if IT sees itself in the "IT rationing business", well, the long-term outcomes of that mindset should be obvious.

Who Controls Aggregate Consumption of IT In A Cloud World?
So, in a modern enterprise, this brings up an interesting question -- who controls aggregate IT consumption?  The likely answer is devestatingly simple: the CFO.

In most modern organizations, an effective CFO team controls aggregate consumption (e.g. expenses) for a wide variety of other non-IT economic inputs: travel expenses, facilities, personnel, R+D, etc. etc.
In this world, aggregate IT consumption is just one more expense item -- if unit costs are known and measured. And, if your career experience is anything like mine, this is something that CFOs know how to do very well indeed :)

Indeed, I meet many customers where the real battlelines for IT transformation are outside IT itself -- it's working with the finance team to transition from a "per project" IT funding model to a "shared and variable services" IT funding model.

Once again, the required tools and frameworks have existed for a while; what's lacking is the will to apply them to the challenge at hand.

The End State
In our free-market economy, we all survive and thrive through competition. Our companies compete, our internal organizations compete, and -- as individuals -- we compete daily. Through competition, we get better at what we do, or suffer the consequences.

For me, the whole cloud and IT transformation discussion has evolved to 10% technology, and 90% organizational mindset change.

IT landscapes are nothing more than the product of the people who build and operate them.
Change the people model, change the IT model.

No silver bullet technology on the planet is going to do that for you.

And I think, based on Jon's comments, he'd tend to agree.

By: Chuck Hollis

Fake AV Propels Visa Card Scams

More old wine in a new bottle: Spammers have used the same payload that we saw in an earlier UPS scam to target more victims. Looks like the spammers ran out of new binaries.

Last weekend McAfee observed scams spread across the world that claimed to have come from Visa Customer Services. The mail had the subject “Your credit card has been blocked – Central European (ISO).”

Scam mail

The mail included the malicious executable “VISA_complete_NR<Randomnumber> .doc________________.exe” zipped into a file with a random name. The malware was packed with another executable that was a fake antivirus program. At McAfee we observed that this same payload has been distributed across the world with different names using different scam campaigns. Some filenames:

• ups_invoice_id865165475837266465.doc________________.exe (UPS Scam)
• mastercard_invoce_id65729217565333.doc________________.exe
• visa_complete_nr62178865627245.doc________________.exe

The dropped malware randomly chooses the rogue AV payload (XP Security 2012 or Personal Shield Pro, to name two) from the remote server. McAfee products detect these payloads as FakeAlert-AB.dldr.



Unlike earlier variants, these binaries did not have the icon of a document file, so they were not covert enough to hide from users. Our cloud-based Artemis technology revealed that this scam was a global target.

The figure below from Artemis shows this malware has spread across the world.



All McAfee customers are protected against this malware. McAfee Labs reminds the public to pursue safe email practices.

By: Arun Pradeep

Insider Identity Theft Still a Problem

More than ten years ago, when I began speaking to organizations about personal security and identity theft, headlines often read “Utility Worker Steals Identities” or “Human Resource Officers Steal Identities” and even “Police Officer Steals Identities.” Back then the primary concern was insider identity theft, perpetrated by those who had direct access to victims’ data.

Ecommerce grew up, and more people started banking and shopping online. Black Friday turned into Cyber Monday, and companies like eBay and Amazon have made it easier than ever to find and inexpensively ship anything you might need. This has created many new opportunities for criminal hackers, and the result has been lots and lots of data breaches.

Headlines have shifted to “Bank Loses 1.2 Million Records to Hackers” or “Hackers Steal Over 100 Million Credit Card Numbers.” The stereotypical bad guy has become a mysterious criminal hacker, slipping into our PCs or our banks in the dead of night.

But just last month, a nurse was accused of stealing Social Security numbers and other sensitive information from patient files at several hospitals in Denver, Colorado. Prosecutors say the defendant opened credit cards in patients’ names and made purchases.

My point is that even today, the Human Resources director at some company may have a new boyfriend who happens to have a drug problem, and who needs her to steal your identity so that he can get a fix. The fundamental issue of identity theft hasn’t changed, and the people doing it are the same. Frequently, they are those on the inside, with direct access to your data.

It is important to observe basic security precautions to protect your identity. But when you provide information to businesses, its safety is beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features as well as live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

By: Robert Siciliano 

Bill Would Remove Social Security Numbers From Medicare Cards

The most basic advice for protecting your own identity is to protect your Social Security number. The obvious solution is simply never to disclose your number, but this is silly, since, depending on your age, you have probably provided it to hundreds of people, on hundreds of forms. It now sits in hundreds of databases, accessible to thousands, and possibly even available for sale.

40 million Medicare subscribers currently have their Social Security numbers printed on their Medicare cards. This means that their identities are at risk every time they hand over their cards, and in the event that any of their wallets are ever stolen.

The proposed “Social Security Number Protection Act” would resolve this issue by prohibiting Social Security numbers from appearing on Medicare cards or on any communications to Medicare beneficiaries, as well as requiring the Department of Health and Human Services to eliminate the unnecessary collection of Social Security numbers.

Social security numbers should certainly be removed from Medicare cards and any other cards, for that matter. But while this bill is a step in the right direction, it cannot protect any of those 40 million subscribers from future fraud.

Only identity theft protection, in combination with a credit freeze, will begin to protect citizens from the new account fraud associated with stolen Social Security numbers.

With more than 11 million victims last year alone, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

By: Robert Siciliano 

Researchers Say Identity Theft Has Lasting Psychological Effects

Identity theft victims don’t need Jessica Van Vliet, an assistant professor in counseling psychology at the University of Alberta, to tell them that they no longer feel safe when conducting everyday financial transactions, which most of us take for granted. But she did a study highlighting a fact that many of us in the industry have already known: identity theft makes a mess out of your life.

MedicalExpress.com reports, “Van Vliet recently conducted an exploratory study on the experiences of individuals who were victims of identity theft. Participants who recounted their experience during in-depth research interviews expressed a pervasive sense of vulnerability each time they use a credit card or a bank machine. Some participants also felt like they were being treated as criminals when they attempted to clear their names.”

Most of the identity theft victims felt they had been taking appropriate precautions to safeguard their personal information, and had no idea how their data fell into the wrong hands. The lack of specifics makes it difficult for victims to attain any closure and move forward. “No matter how well they monitor their financial records for the rest of their lives, they may still feel vulnerable,” Van Vliet says.
I’ve lost count of how many frantic emails and phone calls I’ve received from identity theft victims. These are people who have done all the right things to maintain a respectable position in society, only to be brought down by a vicious identity thief.

Over and over again I have stressed the importance of being proactive. You don’t want this happening to you. McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers resolve identity theft issues. For additional tips, please visit CounterIdentityTheft.com.
Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

By: Robert Siciliano 

Cybercriminals Target Senior Citizens

Cyber scams happen to the young and the old, the rich and the poor. It doesn’t matter how good or bad your credit is, or whether or not you have a credit card. Cybercriminals target everyone, regardless of how much or how little you rely on a computer.

The lowest of the lowlifes, however, tend to prey upon the weak and uninformed. And all too often, that means children or elderly.

Senior citizens are in a unique position because they often have money in the bank, plus access to additional lines of credit. They are less likely to be frequent Internet users, relative to younger generations, and are therefore less likely to be aware of the many scams that may be targeting them.
Many common scams take place using the telephone rather than the Internet, such as “grandparent scams,” in which victims receive calls from their supposed grandchildren, requesting money.
Online, beware of social media and dating scams. Not everyone who contacts you online is your friend, so be cautious before sharing personal information. Never, under any circumstances, should you send money on the basis an online relationship.

You’re most likely heard the term “phishing,” and have certainly received a fake email at some point. But scammers are getting better at creating targeted, personalized emails that include your name, email address, and even stolen account numbers. Never click any links within an email. Instead, go to your favorites menu or manually type the address into the address bar. If you suspect that an email might not be legitimate, hit delete.

Scammers are constantly searching for the information they need to take over your existing accounts, either by hacking into your own personal computer or by stealing data from your bank, credit card company, a government agency, or any other institution that keeps personal data on file. To prevent account takeover, keep your antivirus software updated, and pay close attention to all your bank statements. Refute any unauthorized transactions right away.

Bad guys love your Social Security number, because they can use it to open new credit accounts in your name. You’ve probably disclosed your Social Security number hundreds of times in your life, and can’t avoid disclosing it in the future. But you can protect yourself with identity theft protection and a credit freeze.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

By: Robert Siciliano 

Telepresence Helps Cut Costs and Add Value to Summer School Instruction

For most students, summer school may not be the most glamorous way to spend the treasured sun-drenched days of the long-awaited summer vacation. But, summer school classes provide enrichment opportunities for many students, as well as crucial remedial instruction for students who have fallen behind during the school year.

Unfortunately, according to the New York Times, schools increasingly have to cut summer school funding to make up for budget shortfalls. In some districts principals and teachers have offered to work without pay, while other schools have shut down summer programs altogether.



The Times recently hosted a debate among school leaders to discuss cost effective ways to give students the instruction they need during the summer so that they don’t lose ground between school years. Roger Prosise, superintendent of Diamond Lake School District near Chicago, proposed structuring summer school around fieldtrips instead of classroom instruction. He argued that in terms of cost reduction, fieldtrips would require fewer teachers on the payroll because, after teachers completed the fieldtrip planning, paraprofessionals (who earn lower salaries) could handle the day-to-day supervision. He also suggested that to reduce transportation costs, schools could bring in special programs.

I like Prosise’s thinking (why not center summer school around experiential learning—way more exciting than sitting in a classroom all summer!), and I think telepresence could add a whole other dimension to his suggested plan. Telepresence technology, the installation of which could be a one-time expense for school districts, can take students to museums anywhere in the world, back in time to experience different ways of life, and even to another planet. No transportation required. The telepresence technology could be multi-purposed during the school year to advance learning in all kinds of subjects.

Beyond cost-effective virtual fieldtrips, telepresence can connect students to the content and skills instruction they need, even if their regular school cannot directly provide the class. Telepresence already connects students to courses taught at other institutions, enabling teachers to reach any number of students outside of the physical classroom walls.

Can you think of other ways telepresence can help keep summer school instruction in beleaguered schools?

Interested in telepresence news? check out our Telepresence Facebook page

By: Kerry Best

Telepresence Could Help Lure Young Talent into the Government Workforce

How do the kids in your life spend their time after school? Do their activities involve video—either watching it, playing with it, or creating it?

For Cisco Consulting System Engineer Mike Harttree’s son, Tommy, after school time means gathering his Legos and those belonging to his neighborhood buddies, arranging them in elaborate constructions—like recreations of movie scenes— taking digital pictures of the arrangements, digitally gluing these photos together on a Mac, and uploading the glued photos in video format to YouTube.
Tommy is seven years old. His oldest friend/collaborator is 12. Check out their impressive work here.


Mike shared Tommy’s videos at Cisco’s recent Federal TelePresence User Forum. The reason for sharing them? To demonstrate his belief that when the millennial generation enters the workforce–including the military and the government–they will expect to work on an integrated video network. Such a network incorporates telepresence for communication, as well as video systems for content creation and collaboration on presentations and projects, Mike said.

Just to do a friendly check of the accuracy of Mike’s assertion about young people and video, I did a little research to see what factors might play a key role in drawing young talent to government positions. According to the grassroots organization Young Government Leaders, which was founded in 2003 by young government workers, one of the top ways to retain young talent is to “use modern IT and social networks to collaborate, communicate and coordinate.” Young government employees want to feel like they have access to the same cutting edge technology as their peers who work in other sectors.

Should telepresence rank among these cutting edge technologies? Well, according to Mike, by 2014 video will account for 90 percent of Internet traffic. With telepresence at the heart of video communication, it seems likely that a young workforce would demand and appreciate the benefits telepresence provides.

What do you think? If you were (or are) starting out in a government position today, what technology would you want at your fingertips?

By: Kerry Best

Spammers Take Advantage of Unicode Normalization to Hide URLs

Spammers are never idle when it comes to finding new ways to bypass mail filters—after all, this is crucial to a spammer's success. Recently, we've seen a low but steady number of spam messages in which spammers are replacing certain characters in URLs (which point to spam sites) with Unicode characters that look similar or identical. This is yet another way of obfuscating URLs in an attempt to make it more difficult to analyze them.

To understand how this technique works, a bit of knowledge of the Unicode standard is helpful. As well as specifying a large repertoire of characters, Unicode also provides normalization rules for converting similar and/or equivalent characters to a single form. For example, under various Unicode normalization forms, an encircled number is considered equivalent to the corresponding ordinary number. This latest spammer-led URL obfuscation technique relies on the HTML-rendering engine in mail clients (or Web browsers for Web-based email) to apply the appropriate Unicode normalization to URLs.

For example, a spam message could contain the following URL:
http://example․ⅼy/xyz

At first glance, the period or dot may look like a normal dot character, but it has actually been replaced with Unicode character U+2024, "ONE DOT LEADER". The "l" in the top-level domain also appears to be a normal Latin letter "l", but is actually Unicode character U+217C, "SMALL ROMAN NUMERAL FIFTY". When a Web browser or mail client HTML-rendering engine processes this URL, it typically applies Unicode normalization to it, replacing the "ONE DOT LEADER" character with a normal dot and the "SMALL ROMAN NUMERAL FIFTY" with a normal "l" character, allowing the user to visit the spam site. The process works as follows:



In a sense, this is similar to internationalized domain name (IDN) homograph attacks, in which similar-looking Unicode characters are used to lead users to fake sites, often for phishing purposes. However, this technique differs because it involves using similar Unicode characters to obfuscate a site rather than fake or spoof a site.

Symantec.cloud and Symantec Brightmail customers are protected from these attacks by our URL filtering technologies which are natively capable of handling these characters.

By: Francisco Pardo & Nick Johnston

Hardware Fragmentation Thwarts Android Call-Recording Trojan

Threats making or transmitting unauthorized audio recordings are not a new concept, though they have largely been limited to proof-of-concept demonstrations and final-year university projects. This is a vector that generates a lot of intrigue from researchers, as it pertains to many facets in security, such as data loss prevention and mobile threats, not to mention the changing face of the threat landscape. It is also something we have blogged about previously. Thus, when we received several inquiries about an Android threat we discovered over a week ago, and its ability to upload recorded voice conversations to a remote sever, I decided to take a second look at the threat Android.Nickispy.



This app was available on multiple sites in China, where it has been promoted as a solution for concerned users to confirm suspicions of infidelity by tracking a significant other’s calls and whereabouts. The author had clearly stated the purpose, so anyone installing this app could not be mistaken in its intentions. Now, that’s not to say someone couldn’t install it on another person’s phone. Still, on completion of installation, the app actually shows up with an icon marked Speech Recorder, clearly visible to the user.

Despite the fact there have been multiple reports of the app uploading the recorded voice conversations to a remote sever, our analysis has found no such functionality. It can record calls; however, physical access to the device is required in order to retrieve them. Still, the app does have the ability to send data such as the GPS location and call and SMS logs to another remote server hosted by the creator of this app. For the “suspicious husband or wife” to obtain this tracking data, they then have to pay the app’s author to obtain it.

If there was ever a reason to be grateful about the so-called “hardware fragmentation” issue surrounding Android devices, this is it. Due to the fact that not all Android hardware works the same way, we have found that if used on a real phone, as opposed to an emulator, the results can be quite different. After testing with several mobile phones in our lab, the majority of the devices we used resulted in the app crashing and abruptly ending the call. We only found one device that ran the threat successfully.



In an interesting twist, we were able to track down info about the creator of this app as a result of the continuous crashes. By doing an online search on the crash details in the accompanying error logs, we found a posted crash dump of the exact same issue on an Android developer forum, in which a developer was asking for urgent help with the code he or she was working on. A closer look at details of the posted crash dump showed that it had the same package name used in the threat. Still, it doesn’t look like they got all the bugs out since last year (posted July 15, 2010), because it’s still crashing most of the time on a real phone.



While I believe threats that attempt to make or transmit unauthorized recordings should be taken seriously, given the ubiquitous nature of smartphones, this isn’t necessarily one of those cases. Beyond the usual blog recommendations where we suggest best practices for security and updating definitions, I offer the following suggestion: if you find yourself to be in need of such an application, take the direct route and talk to your significant other instead.

By: Irfan Asrar

Sality Whitepaper

We’ve published a detailed analysis of Sality in a whitepaper titled, “Sality: Story of a Peer-to-Peer Viral Network.”

Sality is a file infector that spreads by infecting executable files and by replicating itself across network shares. Infected hosts join a peer-to-peer network used to propagate malware on the compromised computer. Typically, those additional programs will be used to relay spam, proxy communications, steal private information, infect Web servers, or achieve distributed computing tasks, such as password cracking.

The combination of file infection mechanism and the fully decentralized peer-to-peer network, along with other anti-security measures, make Sality one of the most effective and resilient malware in today’s threat landscape. Estimations show than hundreds of thousands of computers are infected by the virus.



In this comprehensive whitepaper, we introduce the readers to the threat and describe the architecture of the malware. The core of the paper focuses on the peer-to-peer characteristics of Sality, and examines its strengths and potential limitations. We also have a look at current trends and metrics.

By: Nicolas Falliere