The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run.
If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.
The fear of someone building such a back door, known as a Trojan horse, and using it to conduct continual spying is why companies and security experts were so alarmed by Google’s disclosure last week that hackers based in China had stolen some of its intellectual property and had conducted similar assaults on more than two dozen other companies.
“Originally we were saying, ‘Well, whoever got it has the secret sauce to Google and some 30 other California companies, and they can replicate it,’ ” said Rick Howard, director of security intelligence at VeriSign iDefense, which helped Google investigate the Chinese attacks. “But some of the more devious folks in our outfit were saying, ‘Well, they could also insert their own code — and they probably have.’ ”
For example, a foreign intelligence agency might find it extremely useful to know who was asking particular questions of Google’s search engine.
Security researchers took particular interest in the fact that the Silicon Valley company Adobe Systems was one of the companies hit by the recent wave of attacks.
Computer users around the globe have Adobe’s Acrobat or Reader software sitting on their machines to create or read documents, and Adobe’s Flash technology is widely used to present multimedia content on the Web and mobile phones.
“Acrobat is installed on about 95 percent of the machines in the world, and there have been a lot of vulnerabilities found in Flash,” said Jeff Moss, a security expert who sits on the Homeland Security Advisory Council. “If you can find a vulnerability in one of these products, you’re golden.”
Products from Microsoft, including Windows, Office and Internet Explorer, have long been favored targets for hackers because so many people use them. But McAfee, a leading software security firm, predicts that Adobe’s software will become the top target this year, as Microsoft has improved its products after years of attacks and Adobe’s software has become ubiquitous.
Adobe said it was still investigating the attacks but so far had no evidence that any sensitive information had been compromised.
Brad Arkin, the director of product security at Adobe, said the company generally expected to face increasing attention from hackers given the growing popularity of its products. But he added that the company employed industry-leading practices to respond to threats. “The security of our customers will always be a critical priority for Adobe,” he said.
Given the complexity of today’s software programs, which are typically written by teams of hundreds or thousands of engineers, it is virtually impossible to be perfectly confident in the security of any program, and tampering could very well go undetected.
Companies are understandably reluctant to discuss their security failures. But one notable episode shows just how damaging the secret tampering with source code can be.
Before the 2004 Summer Olympics in Athens, an unidentified hacker inserted secret programs into four telephone switching computers operated by the Vodafone Group, the world’s largest cellphone carrier. The programs created a clandestine tapping system that allowed unknown snoops to eavesdrop on cellphone calls and track the location of about 100 prominent Greek citizens, including then-Prime Minister Kostas Karamanlis, military officials, the mayor of Athens, activists and journalists.
The infiltration was uncovered in a government investigation after a Vodafone engineer was found dead in 2005 under suspicious circumstances.
Although the recent round of attacks against Google and other companies appears to have come from China, the threat is not limited to that country, according to computer security researchers. A host of nations, private corporations and even bands of rogue programmers are capable of covertly tunneling into information systems.
“Our conventional military dominance drives our adversaries to cheat, lie and steal,” said James Gosler, a fellow at Sandia National Laboratories and a visiting scientist at the National Security Agency, in a speech last year to Pentagon employees. “The offensive technical capability to play this game is well within the reach of the principal adversaries of the United States. In fact, one could argue that some of our adversaries are better at this game than we are.” Over the years, Chinese attackers have shown the most interest in military and technology-related assets, leaving assaults on financial systems to hackers in Russia and Eastern European countries.
A look at the source code of software at a company like Adobe or Cisco can help attackers find new ways to burrow into products before the companies can fix errors in their software. In addition, the hackers can gain insights into how to insert their own code into the software so that they can have ready access to machines down the road. “One of the U.S. government’s biggest worries is that the attackers will place that source code back into products,” said George Kurtz, the chief technology officer at McAfee.
For example, the widespread appearance of counterfeit Cisco routers, which direct traffic on computer networks, has become a major concern in recent years.
Cisco is required by law to include technology in its networking products that allows investigators to tap the hardware for information. The fear is that a country like China could sell counterfeit routers containing slightly modified software that would allow hackers to dial into the systems. “That could provide the perfect over-the-shoulder view of everything coming out of a network,” Mr. Moss said.
A Cisco spokesman, Terry Alberstein, said that the company had extensively tested counterfeit Cisco routers. “We have not found a single instance of software or hardware that was modified to make them more vulnerable to security threats,” he said.
Alan Paller, director of research at the SANS Institute, a security education organization, said American technology companies had gotten better about protecting their most prized intellectual property by creating more complex systems for viewing and changing source code. Such systems can keep a detailed account of what tweaks have been made to a software product.
But such security can be undermined by employees who open malicious files sent to them in e-mail, said Mr. Kurtz. “One of the greatest vulnerabilities remains the people element,” he added.
Despite of the above facts, Google is now playing off its demand to the Chinese Government to prevent Chinese Hackers to attack Google's servers and steal its intellectual properties. It hoped to maintain its business unit in China. (source: The NY Times)
Thursday, January 21, 2010
Tuesday, January 19, 2010
Next Generation Executive Information Syastem
The ability to transform data into insights to help manage a company is the domain of corporate business intelligence, which consists of the processes, applications, and practices that support executive decision making. With such knowledge at a premium, chief information officers have moved to center stage. By connecting the right parties across their companies, CIOs are making their role—helping organizations to mediate between business requirements and IT capabilities—more critical than ever.
It’s a challenging mission because for all the data flowing through companies, executives often struggle to find the information they need to make sound decisions. Potentially valuable content is frequently trapped in organizational silos, lost in transit from one system to another, bypassed by inadequately tuned data collection systems, or presented in user-unfriendly formats. Although wired with layers of information-gathering technology, organizations still find it difficult to deliver the right data to the right people.
At the heart of these difficulties are inadequate executive information systems, supposedly designed to help top management easily access pertinent internal and external data for managing a company. Our research suggests that a set of common problems plagues these systems, which have existed for some time. Some forward-looking companies have therefore given CIOs a mandate to redesign them and to restore their importance in corporate decision making.
A failure to deliver
When information systems are dysfunctional, performance suffers. The executives of a large chemical company, for example, found that only about half of the data generated from its executive information system was relevant to corporate decision making. Executives needed precise numbers for each strategic business unit, product, and operating business, but nonuniform data made apples-to-apples revenue and cost comparisons difficult.
A rigid design architecture, based solely on financial-accounting rules, restricted the system’s output to a limited number of reporting formats. Custom analyses, such as inventory turnover by product and region, were nearly impossible to generate. A cluttered front-end interface compounded the problem. Executives intent on reviewing key performance indicators (KPIs) had to sort through a jumble of onscreen data, so the CIO needed to take several IT analysts offline every month to comb through the figures and create the desired analyses. Frustrated, the company’s board pressed the CIO to explain why group reporting costs were climbing upward and so much IT support was necessary.
As the chief information officer, the CIO should play a more central role in designing next-generation executive information systems that can help a company’s top managers extract value from the data that surrounds them. Three major factors often hinder success.
Inconsistent and unreliable content
Different semantics and inconsistencies in the way information is structured from one unit to another hobble many executive information systems. Data, gathered through a multitude of sources, often with different labels, tags, and uses, can be hard to aggregate accurately for decision-making purposes. Group management accounting may roll up figures one way, operational management another—inconsistencies that can make executives question the reliability of the underlying data. At times, data sets lack contextual links that could provide perspective needed for executive analysis. Even if the system’s interface seems to be convenient, when executives doubt that the numbers are vetted, current, and accurate, they may be disinclined to use it.
Poor oversight and system handling
Too often, disjointed communication between businesses and IT can lead to flaws in an executive information system’s design. Creating reports may be complex. Sometimes IT logic rather than business analysis drives the navigation system. Tensions may arise as divisions, accustomed to seeing their numbers presented a certain way, vie to retain control over preferred reporting formats. Clear ownership is central to governance, but fiefdom issues are often a problem. As one executive told us, “Data ownership can get personal. The notion ‘I want my data my way’ can be pervasive.”
Inflexible business/IT architecture
Because business needs are dynamic, corporate business intelligence must be as well. Yet many executive information systems have static design architectures that limit the capture, organization, and accessibility of data. New demands—say, regulatory changes, the adoption of International Financial Reporting Standards, or requests from the field for performance data—often require time-consuming adjustments. Older systems are largely ill-equipped to handle these updates, so the IT staff must create manual links to Excel spreadsheets and other data tables, and this can cause confusion. Since design limitations prevent the new data from being integrated into the system, parallel data structures crop up across the IT landscape. A well-functioning executive information system should deliver varying levels of detail, yet many dashboards offer only a top-line view of the business; navigation facilities to pierce through layers of reporting data overcharge current IT capabilities.
From information to intelligence
One global corporation decided that the best way to tackle these problems was a wholly redesigned IT blueprint to support top management. The company, a multibillion-dollar global logistics organization prized for its ability to transport goods from one corner of the globe to another, was having a tough time getting its internal executive information system in order. While it could track cargo along any given point of its delivery network, it had little visibility into its own data streams. Years of rapid growth and decentralized, somewhat laissez-faire information management had created an untidy patchwork of reporting processes across its divisions. Management lacked a single viewpoint into the company’s core performance data and, as a result, couldn’t know for sure which products made money.
Knowing that something had to be done, the CIO formed a task force, with members from both the business side and IT, which quickly found that relations between them were in some ways dysfunctional. Executives from headquarters, the business units, and the divisional and central IT functions all documented performance in their own way, tapping into different data sources to tally their results. These figures were rolled up into a series of group reports, but variances in the underlying data and the lack of a uniform taxonomy made it difficult for managers to know which set of numbers to trust. The management interface, designed to present key performance data, was jammed with so many different and, in some cases, conflicting KPIs as to be largely unusable. A non-user-friendly front end compounded the problem. Executives therefore asked for a new executive information system to gauge the company’s performance at varying levels of detail (exhibit). This new corporate navigator would have to incorporate major improvements in design and functionality (see sidebar, “One company’s blueprint for a next-generation executive information system”). (Source: McKinsey)
Friday, January 1, 2010
Google will sell Nexus-One unlocked at $530
Gizmodo offers leaked documents that show Google plans to offer the Nexus One smartphone for $529.99 unlocked or $179.99 from T-Mobile with a two-year contract. Google declined to comment on the price points, which came hours after the search engine giant invited press to an Android news event Jan. 5. T-Mobile will offer the Nexus One with a $79.99 monthly plan that includes 500 talk minutes with unlimited nights and weekends, text messaging and Web usage, according to the document.
Google will sell its Nexus One smartphone for $529.99 for users who want to pop in their existing SIM card, or with a two-year T-Mobile contract for $179.99, according to documents leaked to gadget Website Gizmodo.
The price points, which a Google spokesperson declined to comment on for eWEEK Dec. 30, come as buzz is peaking over the Nexus One, a speedy, HTC-built mobile phone based on version 2.1 of Google's Android mobile operating system.
Google Dec. 29 scheduled an Android press event at its Mountain View, Calif., headquarters Jan. 5, just two days before the commencement of the 2010 Consumer Electronics Show.
Resource Library:
A leaked T-Mobile screen grab revealed that Google will be offering an Android phone through its Web site, confirming the go-to-market plan Google was rumored to be employing to sell the device.
However, how much Google planned to charge for the device, and whether or not it would offer it unlocked and unsubsidized or locked and subsidized by a carrier partner such as T-Mobile, was a matter of much debate. Also floated was the rumor that the Nexus One would initially be offered by invite only, but it looks as though that may be put to rest.
If these documents are legitimate, Google is selling the Nexus One unlocked and unsubsidized for a hefty sum of $529.99 and through T-Mobile for $179.99 with a two-year contract. This latter scheme matches the price point T-Mobile initially charged for the inaugural Android smartphone, the G1, in 2008.
Rate plans are a key point in any wireless contract and T-Mobile will offer the Nexus One with a $79.99 monthly plan that includes 500 talk minutes with unlimited nights and weekends, text messaging and Web usage, according to the documents.
Gizmodo also noted existing T-Mobile customers cannot keep their current plan if they want a subsidized phone; they would have to switch to the Nexus One plan.
Users may also purchase a Nexus One desktop docking station for $39.99 or a Nexus One car docking station for $49.99 through Google's Nexus One Web site, which could be live Jan. 5 after the press event. That site will be www.google.com/phone, and each Google Account users may only buy five Nexus One phones.
By all accounts of Google employees using the device and journalists who have seen it in action, the Nexus One hews to Google's vision of a suitable communications device for powering Web applications.
It's fast and performs well, superior to the popular Motorola Droid offered by Verizon Wireless, which is on pace to soon sell one million-plus units. More than any Android phone to date, the Nexus One provides a mobile Web experience that rivals Apple's iPhone, which bodes well for a fragmented Android platform that boasts a handful of iterations.
Meanwhile, Forrester Research analyst Michele Pelino expects big things for Android devices among business users, predicting 10 percent of enterprises to manage or support Android-based devices next year.
"As we head into 2010, expect Android smartphones to capture the attention of corporate smartphone users," Pelino wrote in a Dec. 18 note.
"Why? Heavy industry support from Qualcomm and jointly developed devices from Verizon, Motorola, and Google, as well as the open nature of the Android platform let in-house and third-party application developers easily create new applications and integrate them with enterprise apps." (source: eWEEK)
Google will sell its Nexus One smartphone for $529.99 for users who want to pop in their existing SIM card, or with a two-year T-Mobile contract for $179.99, according to documents leaked to gadget Website Gizmodo.
The price points, which a Google spokesperson declined to comment on for eWEEK Dec. 30, come as buzz is peaking over the Nexus One, a speedy, HTC-built mobile phone based on version 2.1 of Google's Android mobile operating system.
Google Dec. 29 scheduled an Android press event at its Mountain View, Calif., headquarters Jan. 5, just two days before the commencement of the 2010 Consumer Electronics Show.
Resource Library:
A leaked T-Mobile screen grab revealed that Google will be offering an Android phone through its Web site, confirming the go-to-market plan Google was rumored to be employing to sell the device.
However, how much Google planned to charge for the device, and whether or not it would offer it unlocked and unsubsidized or locked and subsidized by a carrier partner such as T-Mobile, was a matter of much debate. Also floated was the rumor that the Nexus One would initially be offered by invite only, but it looks as though that may be put to rest.
If these documents are legitimate, Google is selling the Nexus One unlocked and unsubsidized for a hefty sum of $529.99 and through T-Mobile for $179.99 with a two-year contract. This latter scheme matches the price point T-Mobile initially charged for the inaugural Android smartphone, the G1, in 2008.
Rate plans are a key point in any wireless contract and T-Mobile will offer the Nexus One with a $79.99 monthly plan that includes 500 talk minutes with unlimited nights and weekends, text messaging and Web usage, according to the documents.
Gizmodo also noted existing T-Mobile customers cannot keep their current plan if they want a subsidized phone; they would have to switch to the Nexus One plan.
Users may also purchase a Nexus One desktop docking station for $39.99 or a Nexus One car docking station for $49.99 through Google's Nexus One Web site, which could be live Jan. 5 after the press event. That site will be www.google.com/phone, and each Google Account users may only buy five Nexus One phones.
By all accounts of Google employees using the device and journalists who have seen it in action, the Nexus One hews to Google's vision of a suitable communications device for powering Web applications.
It's fast and performs well, superior to the popular Motorola Droid offered by Verizon Wireless, which is on pace to soon sell one million-plus units. More than any Android phone to date, the Nexus One provides a mobile Web experience that rivals Apple's iPhone, which bodes well for a fragmented Android platform that boasts a handful of iterations.
Meanwhile, Forrester Research analyst Michele Pelino expects big things for Android devices among business users, predicting 10 percent of enterprises to manage or support Android-based devices next year.
"As we head into 2010, expect Android smartphones to capture the attention of corporate smartphone users," Pelino wrote in a Dec. 18 note.
"Why? Heavy industry support from Qualcomm and jointly developed devices from Verizon, Motorola, and Google, as well as the open nature of the Android platform let in-house and third-party application developers easily create new applications and integrate them with enterprise apps." (source: eWEEK)
Subscribe to:
Posts (Atom)