• Read This Before You Finalize It!

    As an IT professional, knowing what’s coming down the technology pipeline can be invaluable when it comes to planning and budgeting. Although nobody has a crystal ball, Gartner’s professional pulse on all things technological certainly makes the research company’s predictions worth noting.

    At a Gartner Symposium IT Expo in late 2012, the firm laid out 10 critical trends and technologies slated to impact IT for the next five years. Take note, as we explore the first five here:

    1. Organizational entrenchment and disruption.  With significant growth in IT complexity — including faster change cycles, shorter development timelines, and reduced budgets 24/7/365, global IT support is being demanded. End users are driving IT to make changes, such as appealing for access to iPads, iPhones and other smart phones. Furthermore, a “skills shift” is occurring with increasing numbers of retirees and new sets of skills required of employees.

    2. Software-defined networks.  In the coming years, Gartner believes a new way to operate networks will emerge-an OS that shifts control from individual devices to a central controller and allows configuration of the network from one place.  Likened to network virtualization, the move will make the location of a physical data center irrelevant, while also reducing the time required to provision new resources.

    3. Bigger data and storage. By 2015, Gartner says big data demand will generate 1 million jobs in the Global 1000, but only a third will get filled due to shortage of talent. Also on thehorizon:  30 to 60 percent compounded growth in data depending on the organization. Auditing, archiving, and recovery will become increasingly complex, with analytics and pattern recognition proving key. New specialized ARM-based servers will be commissioned to do specialty analytics, and clients will get relief from equipment that provides more performance in a smaller footprint, thus reducing power requirements.

    4. Hybrid cloud services.  Gartner believes that private clouds will improve agility and dominate the market. People are looking at the cloud as a way to accelerate business growth, particularly mobile apps, which could lead to hybrid environments with dozens of specialty providers, both private and public. “Hybrid data centers — with the ability to increase capability and/or capacity — will be in your future,” Gartner insists. You can move non-critical work to the cloud to free up space, resulting in incremental operating expense growth, but long-term capital spending deferral.

    5. Client and server architectures. One size doesn’t fit all, nor does one operating system. Noting that forced end-user standardization just doesn’t work, Gartner encourages companies to let people do what they want, within reason. For example, allowing tablets is a must, as well as wireless networks, instant messaging and smartphones. While the research firm says Windows 8 will surface within IT organization, it predicts that it will not be a full replacement for Windows 7 or XP.  

    Already feeling better prepared for the next five years? Be sure to check back for additional IT trend predictions.

  • Many organisations are struggling to keep pace with the changing face of security threats, according to a poll conducted by F5 Networks at Infosecurity Europe 2013 in London.

    Only 10% of security professionals polled said they could describe accurately how DNS reflection attacks work, just weeks after a spat between web hosting company Cyberbunker and anti-spam website Spamhaus led to some of the biggest distributed denial-of-service(DDoS) attacks to date.

    DNS reflection or amplification is a type of distributed denial of service (DDoS) attack that takes advantage of the fact that a small DNS query can generate a much larger response.

    When combined with source address spoofing, an attacker can direct a large volume of network traffic to a target system by initiating relatively small DNS queries.

     The poll found that only 11% would be completely confident that the day-to-day operations of their business would not be disrupted, should they be hit by such an attack.

    Many respondents reported feeling vulnerable due to the host of modern threats from cyber criminals, hacktivists and hackers.

    Some 87% claimed that it is more difficult than ever to secure their business from the threat of cyber attacks, with almost one in four citing the BYOD trend as the major factor.

    Others referenced the increasing complexity of threats (20%) and the change to espionage and political motives (14%) as the number one factor in increasing the difficulty in protecting businesses.

    The poll revealed other concerns around protecting infrastructure and applications, with 83% of respondents saying they were less than fully confident that their organisation has consistent security and availability policies across their entire IT infrastructure.

    “Both the scale and the method of the Spamhaus attacks should have acted as a wake-up call, but the research suggests that many security professionals would still struggle to deal effectively with the new breed of DDoS attacks, and fear the potential impact on their organisation,” said Joakim Sundberg, security solution architect at F5.Some 85% acknowledged the risk of wiping personal as well as company data when safeguarding a corporate mobile device following a theft.

    “As organisations continue to move their applications to the cloud as a way to increase infrastructure agility and reduce costs, it is vital that they close off any back doors to would-be attackers,” he said.

    According to Sundberg, conventional firewalls are failing in the face of increasingly complex internet threats.

    More intelligence has to be built into the corporate network to ensure their security can handle the newest threats, he said.

    “This includes being able to configure and automate security seamlessly to ensure the entire IT environment is protected, regardless of the mix of on-premise, cloud or hybrid infrastructures,” 

    We first heard rumors about a possible comeback of the Start menu button in Windows 8.1 last week, but now sources speaking to The Verge have confirmed that this will indeed be the case, only it’s probably not what most detractors were hoping for. The newly reintroduced button will reportedly sit on the traditional bottom left corner, and will look near-identical to the existing Windows flag used in the Charm bar, but clicking on it will simply bring up the tile-based Start screen rather than the old Start menu.
    There are already several quick ways to get back to the Start screen from the desktop. Users can just press the Windows key on their keyboard, or hover their mouse over the lower left corner of the screen until a Start screen thumbnail shows, and then click. So while there’s nothing new here functionality-wise, Microsoft apparently hopes to appease at least some of the criticism by adding a shortcut users might be more familiarized with.
    To be fair, you can already do everything the Start menu allowed with the redesigned Start screen -- searching, opening recent files, quickly launching apps, jumping to the control panel and so on. But those who have been criticizing the change have an issue with having to jump back and forth between Modern UI and the desktop to do these things.
    Another noteworthy change expected to arrive with the upcoming “Blue” update is the addition of a boot to desktop option. So far only hints of this have appeared on internal builds, and there’s currently no toggle to enable it through the operating system’s UI, but Microsoft is apparently working on how to add this feature -- News sources confirms this feature might be limited to Pro and Enterprise Windows 8 SKUs only.

  • While the imminent arrival of next-gen USB andThunderbolt interfaces is no longer fresh news, ComputerWorld brings to attention one potentially revolutionary detail: the next iteration of USB will deliver enough juice to effectively power any device without the aid of unsightly wall-warts.
    To do this, USB 3.0's move from 5Gbps to 10Gbps will be accompanied by significant bump (pdf) in power delivery -- 100 watts instead of just 10 watts. With that kind of juice, everything from full-size external hard drives to displays -- and even laptops -- could all fall within the purview of USB's new-found bus power. 
    That's an enormous improvement over today's limitations where small devices like external HDDs, cell phones and tablets can push power draw limits.
    One example shown at Intel's Developer Forum was of a Lenovo laptop, a LCD monitor and other peripherals all simultaneously being powered by a USB SuperSpeed hub.
    To help make certain things are safe and standardized, USB 3.0 is expected to have five different power profiles (pdf):
    • Profile 1: 5V @ 2.0A
    • Profile 2: 5V @ 2.0A or 12v @1.5A
    • Profile 3: 5V @ 2.0A, 12V @ 3A
    • Profile 4: 5V @ 2.0A, 12V or 20V at 3A
    • Profile 5 : 5V @ 2.0A, 12V or 20V at 5A
    While convenience is an obvious benefit of increasing the power output for USB, there is one less conspicuous bonus: greener electronics. Billions of power adapters for portable electronics are chucked into the trash each year. USB's pending upgrade stands to reduce that number by a significant margin.
  • Are Android smartphones finally poised to conquer the enterprise?

    Makers of Android malware have developed an ad network SDK that pushes malicious software through seemingly innocuous apps.
    Google has suspended several accounts associated with 32 apps on Google Play containing the malicious SDK which have been downloaded up to nine million times, according to mobile security firm Lookout.
    Legitimate ad network SDKs, such as Google's own AdMob SDK, offer app developers the libraries to distribute in-app ads and monetise free apps. The malicious ad network masquerades as a genuine one, largely but not exclusively targeting Russian-speaking users. The SDK has been installed on a range of apps including games, recipe, sex and dictionary apps, some of which are also aimed at English-speaking users.
    "Because it's challenging to get malicious bad code into Google Play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices at a later date in order to pass the app scrutiny," Lookout's principal security researcher Marc Rogers noted in an alert on Friday.
    In violation of Google's developer terms, the malicious ad network causes the app to impersonates news messages, including fake alerts encouraging the user to install a "critical update" to Russian social network Vkontake, Skype, and other apps. The fake update attempts to lead the user to a website to install a premium rate SMS app and also sends the user's phone number and device ID to a command server.
    The attackers took their cue from shady affiliate-based marketing websites, according to Rogers. Using an ad network to distribute malware is a "significant development" in mobile malware since it overcomes the hurdles placed at the gateway to app marketplaces, Lookout said.

    Sidestepping Google protection

    Google launched its server-side scanner Bouncer to fend off malicious submissions in early 2012, and late last year added a client-side malware scanner to Android 4.2 Jelly Bean that could be used to vet apps installed outside the official store.
    The discovery of the malicious SDK follows reports last week from Russian security firm Dr Web that malware distributors were using Android in-app advertising to spread fake antivirus, bringing an old pest from the desktop to mobile. 
    The threat, which Dr Web has called Android.Fakealert, prompts users via in-app advertising users to install fake antivirus.
    The fake antivirus or scareware scam was growing pest for desktop users until a major crackdown by the FBI and Russian authorities took out lead players in the industry back in 2011. 
    Dr Web says the fake alert scam for Android has been around since October 2012. However, the company's CEO Boris Sharov told ZDNet that this threat was not being distributed via Google Play.
  • "When people don't see stuff on Google, they think no one can find it. That's not true."

    That's according to John Matherly, creator of Shodan, the scariest search engine on the Internet.

    Unlike Google (GOOG, Fortune 500), which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet. (Shodan's site was slow to load Monday following the publication of this story.)

    Shodan runs 24/7 and collects information on about 500 million connected devices and services each month.

    It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

    Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

    What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them.

    "It's a massive security failure," said HD Moore, chief security officer of Rapid 7, who operates a private version of a Shodan-like database for his own research purposes.

    A quick search for "default password" reveals countless printers, servers and system control devices that use "admin" as their user name and "1234" as their password. Many more connected systems require no credentials at all -- all you need is a Web browser to connect to them.

    In a talk given at last year's Defcon cybersecurity conference, independent security penetration tester Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.

    He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city's entire traffic control system was connected to the Internet and could be put into "test mode" with a single command entry. And he also found a control system for a hydroelectric plant in France with two turbines generating 3 megawatts each.
    Scary stuff, if it got into the wrong hands.

    "You could really do some serious damage with this," Tentler said, in an understatement.
    So why are all these devices connected with few safeguards? Some things that are designed to be connected to the Internet, such as door locks that can be controlled with your iPhone, are generally believed to be hard to find. Security is an afterthought.

    A bigger issue is that many of these devices shouldn't even be online at all. Companies will often buy systems that can enable them to control, say, a heating system with a computer. How do they connect the computer to the heating system? Rather than connect them directly, many IT departments just plug them both into a Web server, inadvertently sharing them with the rest of the world.

    "Of course there's no security on these things," said Matherly, "They don't belong on the Internet in the first place."

    The good news is that Shodan is almost exclusively used for good.

    Matherly, who completed Shodan more than three years ago as a pet project, has limited searches to just 10 results without an account, and 50 with an account. If you want to see everything Shodan has to offer, Matherly requires more information about what you're hoping to achieve -- and a payment.

    Penetration testers, security professionals, academic researchers and law enforcement agencies are the primary users of Shodan. Bad actors may use it as a starting point, Matherly admits. But he added that cybercriminals typically have access to botnets -- large collections of infected computers -- that are able to achieve the same task without detection.

    To date, most cyberattacks have focused on stealing money and intellectual property. Bad guys haven't yet tried to do harm by blowing up a building or killing the traffic lights in a city.

    Security professionals are hoping to avoid that scenario by spotting these unsecured, connected devices and services using Shodan, and alerting those operating them that they're vulnerable. In the meantime, there are too many terrifying things connected to the Internet with no security to speak of just waiting to be attacked.
  • Deeming Windows 9 'too good to release,' Microsoft execs shelve follow-up to Windows 8 and proceed to Windows 10

    If you've been looking forward to Windows 9, the OS that will fix what Windows 8 got wrong, you're in for a surprise: There will be no Windows 9. Instead, Microsoft announced it will proceed directly to Windows 10.

    "The Windows 9 internal beta was a phenomenal success," said Microsoft PR rep Cheryl Tunt. "I mean, it blew Windows 8 out of the water, and as we all know, Windows 8 is nigh flawless. After discussion at the C level, Microsoft has decided it will not mess with success and will leave Windows 9 exactly as it is. As such, work is now getting under way on Windows 10, which should see a public release."

    Details about Windows 9 are sketchy, but according to internal Microsoft communications obtained by InfoWorld, the OS was fast, intuitive, bug-free, and equally adept with both the Windows Desktop and Metro-style interfaces. "And who would've thought to put the Start button there?!? Genius!" marveled one engineer, though it's unclear where "there" is exactly.

    Another engineer likened the OS to the Nintendo Entertainment System's Power Glove accessory, saying, "It's that good a melding of man and machine."

    One email chain riffed extensively on how Windows 9 is like the sitcom "Seinfeld" in that it's "about nothing," but also because "there was that one episode where Kramer got the deli meat slicer, and he said he had cut slices of meat so thin, he couldn't even see them. Well, Windows 9 is so transparent, you won't even know it's there. Hell, I'm not even sure I used it!"

    "Hey guys, if all this is true, then we can't release this [OS] to the public," one HR manager who had been CC'd on the emails declared. "We have to keep this internal and advertise it as a perk. You know: 'Come work for Microsoft, and you get to use Windows 9!'"

    The decision to jump to Windows 10 was announced during an all-company meeting by Microsoft CEO Steve Ballmer, who took the stage in front of a banner reading "Mission Accomplished."
    "You guys who make Windows are the backbone of this company!" an exuberant Ballmer claimed. "You've really outdone yourselves here. This is exactly the kind of perfection so synonymous with the Microsoft brand that we can't see fit to have it exist anywhere but within Microsoft. It's simply too good to be released. Now, onward with Windows 10! By the way, this meeting counts as your lunch break."

    There was at least one beta tester who wasn't quite so dazzled. "Yeah, I tried out Windows 9," he told InfoWorld on condition of anonymity. "I dunno ... it's pretty good, I guess. It's not at all what they're talking about, though -- the engineers might be delirious from lack of sleep. I'm pretty sure the real reason we aren't going to sell it is because it's actually OS X."

    Please note: This is an April Fools' joke.