Browse > Home / Archive: July 2016

Defending Against Java Deserialization Ransomware

July 13, 2016

What is different about the recent rash of ransomware attacks against hospitals (besides the level of callousness it takes to hold the well-being of hospital patients for ransom)? CyberWatch brings us up to date in,  “My Layman’’s Terms: The Java Deserialization Vulnerability in Current Ransomware.” Writer Cheryl Biswas begins by assuring us it is practicality, not sheer cruelty, that has hackers aiming at hospitals. Other entities, like law enforcement agencies, which rely on uninterrupted access to their systems to keep people safe are also being attacked. Oh, goody.

The problem begins with a vulnerability at the very heart of any Java-based system, the server. And here we thought open source was more secure than proprietary software. Biswas informs us:

“This [ransomware] goes after servers, so it can bring down entire networks, and doesn’t rely on the social engineering tactics to gain access.  It’s so bad US-CERT has issued this recent advisory. I’ve laid out what’s been made available on just how this new strain of ransomware works. And I’ve done it in terms to help anybody take a closer look at the middleware running in their systems currently. Because a little knowledge could be dangerous thing used to our advantage this time.”

The article goes on to cover what this strain of ransomware can do, who could be affected, and how. One key point—anything that accepts serialized Java objects could be a target, and many Java-based middleware products do not validate untrusted objects before deserialization.  See the article for more technical details, and for Biswas’ list of sources. She concludes with these recommendations:

“Needs to Happen:

“Enterprises must find all the places they use deserialized or untrusted data. Searching code alone will not be enough. Frameworks and libraries can also be exposed.

“Need to harden it against the threat.

“Removing commons collections from app servers will not be enough. Other libraries can be affected.

“Contrast Sec has a free tool for addressing issue.  Runtime Application Self-Protection RASP.  Adds code to deserialization engine to prevent exploitation.”

Organizations the world over must not put off addressing these vulnerabilities, especially ones in charge of health and safety.

 

Cynthia Murrell, July 13, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Written by Stephen E. Arnold · Filed Under Analytics, Business strategy, Data, Enterprise, News, Technology | Comments Off on Defending Against Java Deserialization Ransomware 

Thomson Reuters: Selling at Peak Value?

July 12, 2016

I read “Thomson Reuters Announces Definitive Agreement to Sell its Intellectual Property & Science Business to Onex and Baring Asia for $3.55 billion.” Thomson Reuters has been working hard to pump up revenue and generate a juicy profit for its stakeholders. Like IBM, it seems that the best way to get a large, established company in gear is to sell assets. According to the write up, Thomson Reuters’ management thinks:

“With the completion of this divestiture, Thomson Reuters will be even more focused on operating at the intersection of global commerce and regulation.”

What’s next for Thomson Reuters? More video? More Palantir repackaging? Higher fees for its professional information services?

Thomson Reuters has tried many things in the last two decades. The result is suggested in this chart:

image

The top line has been drifting down. The profit margin (the all important red line) has been a roller coaster. The net income has been a result of management moves and cost controls.

The question is: Is this collection of patent and IP related properties at peak value?

My hunch is that Thomson Reuters found the deal palatable. What will the new owners do with the properties. Both are investment outfits. The trajectory of these “services” like Compumark will be interesting to follow.

For Thomson Reuters, the hurdle remains growth. Isn’t that a problem with which IBM is struggling? Running specialist businesses with those who are not experts in each niche has been a challenge for many firms. Now the new owners Onex Partners and Baring Private Equity Asia have an opportunity to display their management expertise.

Selling is easier than innovating. Managing a bundle of businesses may be even more difficult.

Stephen E Arnold, July 12, 2016

Written by Stephen E. Arnold · Filed Under Acquisition, News, Online (general) | Comments Off on Thomson Reuters: Selling at Peak Value? 

Why Enterprise Search Fails

July 12, 2016

I participated in a telephone call before the US holiday break. The subject was the likelihood of a potential investment in an enterprise search technology would be a winner. I listened for most of the 60 minute call. I offered a brief example of the over promise and under deliver problems which plagued Convera and Fast Search & Transfer and several of the people on the call asked, “What’s a Convera?” I knew that today’s whiz kids are essentially reinventing the wheel.

I wanted to capture three ideas which I jotted down during that call. My thought is that at some future time, a person wanting to understand the incredible failures that enterprise search vendors have tallied will have three observations to consider.

No background is necessary. You don’t need to read about throwing rocks at the Google bus, search engine optimization, or any of the craziness about search making Big Data a little pussycat.

Enterprise Search: Does a Couple of Things Well When Users Expect Much More

Enterprise search systems ship with filters or widgets which convert source text into a format that the content processing module can index. The problem is that images, videos, audio files, content from wonky legacy systems, or proprietary file formats like IBM i2’s ANB files do not lend themselves to indexing by a standard enterprise search system.  The buyers or licensees of the enterprise search system do not understand this one trick pony nature of text retrieval. Therefore, when the system is deployed, consternation follows confusion when content is not “in” the enterprise search system and, therefore, cannot be found. There are systems which can deal with a wide range of content, but these systems are marketed in a different way, often cost millions of dollars a year to set up, maintain, and operate.

image

Net net: Vendors do not explain the limitations of text search. Licensees do not take the time or have the desire to understand what an enterprise search system can actually do. Marketers obfuscate in order to close the deal. Failure is a natural consequence.

Data Management Needed

The disconnect boils down to what digital information the licensee wants to search. Once the universe is defined, the system into which the data will be placed must be resolved. No data management, no enterprise search. The reason is that licensees and the users of an enterprise search system assume that “all” or “everything” – maps to web content, email to outputs from an AS/400 Ironside are available any time. Baloney. Few organizations have the expertise or the appetite to deal with figuring out what is where, how much, how frequently each type of data changes, and the formats used. I can hear you saying, “Hey, we know what we have and what we need. We don’t need a stupid, time consuming, expensive inventory.” There you go. Failure is a distinct possibility.

image

Net net: Hope springs eternal. When problems arise, few know what’s where, who’s on first, and why I don’t know is on third.

Read more

Written by Stephen E. Arnold · Filed Under Enterprise search, Feature | Comments Off on Why Enterprise Search Fails 

Google-Oracle: Allegations of Lawyer Leaking Secret Info

July 12, 2016

I was looking for a single document filed on June 30, 2016. I did my looking only to find that the document had been sealed. There you go. Kentucky oaf aced by legal eagles.

I was interested to read “Google vs Oracle Post-Script: The Price for Revealing Sensitive Financial Information.” The write up alerted me that allegedly one legal eagle let some info leak into the public information stream. I was astounded. I was thwarted only to learn that legal eagles can release information to anyone.

The focus of the write up is a attorney for Oracle, who allegedly made secret information available during the legal dust up9 between Google and Oracle. I must confess that I am not able to figure out who did what to whom in this Java API matter, but the leaking of info caught my attention.

According to the write up:

You may recall a couple of months ago it became public knowledge that Google paid Apple $1 billion dollars to have Google search on the iPhone. The figure apparently represents a 34% slice of the revenue Google makes from searches originating on iPhones. Or it did, “at one point in time”, according to Oracle’s lawyer Annette Hurst. Hurst also revealed that Android had made $31 billion in revenue and $22 billion in profit for Google. At the time Google objected that the figures were not public knowledge.

Okay. The article then reported:

Bloomberg published two stories on the transcript’s contents back in January. Two hours after the story went live the transcript disappeared from electronic court records. Google had apparently petitioned the judge overseeing the case to have the transcript removed from public access as soon as it was published, but Bloomberg’s story let the cat out of the bag.

Now that’s more like it. Just like the document I sought, the info disappeared. Magic.

So what? Google, according to the write up, has the green light to seek “sanctions.” I am familiar with sanction with extreme prejudice, but I am not sure if this is the legal eagle definition of the phrase.

I have several thoughts:

  1. I think that the Alphabet Google thing probably will have a desire to tackle Oracle and its law firm. Moon shots, solving death, and using legal tactics to keep Oracle on its toes seem to be possible. Well, maybe not solving death, but, hey, Alphabet Google is a sharp outfit.
  2. HP must be looking at this legal matter and thinking, “Will our pursuit of Autonomy have a similarly happy ending?”
  3. Oracle may be thinking about its relationship with the firm allegedly involved in the info spill. The write up identifies the lawyer as Annette Hurst. Ars Technica attaches her entity to an outfit called Orrick, Sutcliffe & Herrington.

Interesting. Perhaps the moral of the story is that information should be tightly controlled. Secrecy may be a valid business model. I can’t read a document filed on June 30, 2016, and information disclosed in a trial is like a problem.

Is the answer a Star Chamber type approach? Perhaps there are secret courts. No wonder I could not locate my document which was sealed more quickly than my dear, late mother put a slice of cheese in a plastic baggie.

Stephen E Arnold, July 12, 2016

Written by Stephen E. Arnold · Filed Under Google, Legal matters, News | Comments Off on Google-Oracle: Allegations of Lawyer Leaking Secret Info 

Technology Does Not Level the Playing Field

July 12, 2016

Among the many articles about how too much automation of the labor force will devastate humanity, I found another piece that describes how technology as tools are a false equalizer.  The Atlantic published the piece titled: “Technology, The Faux Equalizer.”  What we tend to forget is that technology consists of tools made by humans.  These tools have consistently become more complicated as society has advanced.  The article acknowledges this by having us remember one hundred years ago, when electricity was a luxurious novelty.  Only the wealthy and those with grid access used electricity, but now it is as common as daylight.

This example points to how brand new technology is only available to a limited percentage of people.  Technological process and social progress are not mutually inclusive.  Another example provided, notes that Gutenberg’s printing press did not revolutionize printing for society, but rather the discovery of cheaper materials to make books.  Until technology is available for everyone it is not beneficial:

“Just compare the steady flow of venture capital into Silicon Valley with the dearth of funding for other technological projects, like critical infrastructure improvements to water safety, public transit, disintegrating bridges, and so on. ‘With this dynamic in mind, I would suggest that there is greater truth to the opposite of Pichai’s statement,’ said Andrew Russell, a professor at Stevens Institute of Technology. ‘Every jump in technology draws attention and capital away from existing technologies used by the 99 percent, which therefore undermines equality, and reduces the ability for people to get onto the ‘playing field’ in the first place.’”

In science-fiction films depicting the future, we imagine that technology lessens the gap between everyone around the world, but we need to be reminded that the future is now.  Only a few people have access to the future, compare the average lifestyle of Europeans and Americans versus many African and Middle East nations.  History tells us that this is the trend we will always follow.

Oh, oh. We thought technology would fix any problem. Perhaps technology exacerbates old sores and creates new wounds? Just an idle question.

 

Whitney Grace,  July 12, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Business intelligence, Data, News, Technology | Comments Off on Technology Does Not Level the Playing Field 

The Potential of AI Journalism

July 12, 2016

Most of us are familiar with the concept of targeted advertising, but are we ready for targeted news? Personalized paragraphs within news stories is one development writer Jonathan Holmes predicts in, “AI is Already Making Inroads Into Journalism but Could it Win a Pulitzer?” at the Guardian.

Even now, the internet is full of both clickbait and news articles generated by algorithms. Such software is also producing quarterly earnings reports, obituaries, even poetry and fiction. Now that it has been established that, at least, some software can write better than some humans, researchers are turning to another question: What can AI writers do that humans cannot? Holmes quotes Reg Chua, of Thomson Reuters:

“‘I think it may well be that in the future a machine will win not so much for its written text, but by covering an important topic with five high quality articles and also 500,000 versions for different people.’ Imagine an article telling someone how local council cuts will affect their family, specifically, or how they personally are affected by a war happening in a different country. ‘I think the results might show up in the next couple of years,’ Caswell agrees. ‘It’s something that could not be done by a human writer.’”

The “Caswell” above is David Caswell, a fellow at the University of Missouri’s Donald W Reynolds Journalism Institute. Holmes also describes:

“In Caswell’s system, Structured Stories, the ‘story’ is not a story at all, but a network of information that can be assembled and read as copy, infographics or any other format, almost like musical notes. Any bank of information – from court reports to the weather – could eventually be plugged into a database of this kind. The potential for such systems is enormous.”

Yes, it is; we are curious to see where this technology is headed. In the meantime, we should all remember not to believe everything we read… was written by a human.

 

 

Cynthia Murrell, July 12, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Written by Stephen E. Arnold · Filed Under AI, algorithms, News, Technology | Comments Off on The Potential of AI Journalism 

Does China Want Apple to Become a 1000 Year Old Digital Egg?

July 11, 2016

I know China is a large market. I know China has a baker’s dozen of top flight engineering schools. I know China has outfits able to make things from prototypes to industrial scale production of stuff for dollar stores.

My thought is that China wants Apple style mobile phones made by folks China feels comfy with. My hunch is that Apple itself may not be on the short list of China’s BBFs.

Navigate to “Apple’s Problems in China Continue as It’s Sued over a 1990s War Film.” I assume the write up is spot on and that headline contains a germ of insight; namely, “problem in China continue.” The operative words are “continue” and “problems.”

I learned:

Apple is being sued in China over a 1990s war film.

I wonder if Cupertino’s Mandarin Gourmet has a fortune cookie with this saying inside which might be included with the restaurant’s sizzling rice soup:

The world may be your oyster, but it doesn’t mean you’ll get its pearl.

How will the China Apple interaction conclude? Years ago, I heard that Google wanted China to change? I wonder how that worked out. Perhaps some countries want companies which do not perceive themselves as having more power than the nation state?

Stephen E Arnold, July 11, 2016

Written by Stephen E. Arnold · Filed Under Government, News | Comments Off on Does China Want Apple to Become a 1000 Year Old Digital Egg? 

Get Them While They Are Hot: Microsoft Search APIs

July 11, 2016

If you want to buy some Microsoft smart APIs, now is the time. Navigate to Microsoft Azure and pick your API. On offer are some content processing APS like text search, image search, autosuggest, etc. How much are these goodies? Well, the fee varies with the number of transactions. What’s a “transaction”? Like Amazon AWS, you will find that out as you move forward, gentle reader. Here’s the display for the search API fees:

image

I know that these low contrast Web pages are just so easy to read. In a nutshell, you will owe the Microsofties by tier. The S1, S2, etc. remind me of IBM’s tiered prices. The number is dependent on how may transaction, which tier, and I assume any other special goodies one requires. Think in terms of blocks of $30.

Enjoy the taxi meter approach. In my experience, these work out really well for those selling services. I love metered, tiered prices with “transactions” left wonderfully fluid. Does the phrase “lock in” resonate? Does the concept of “price lift” have relevance? Have fun budgeting costs over a three to five year span.

Stephen E Arnold, July 11, 2016

Written by Stephen E. Arnold · Filed Under Business strategy, News, Search | Comments Off on Get Them While They Are Hot: Microsoft Search APIs 

Six Cybercriminal Archetypes from BAE Systems

July 11, 2016

Tech-security firm BAE Systems has sketched out six cybercriminal types, we learn from “BAE Systems Unmasks Today’s Cybercriminals” at the MENA Herald.  We’re told the full descriptions reveal the kinds of havoc each type can wreak, as well as targeted advice for thwarting them.  The article explains:

“Threat intelligence experts at BAE Systems have revealed ‘The Unusual Suspects’, built on research that demonstrates the motivations and methods of the most common types of cybercriminal. The research, which is derived from expert analysis of thousands of cyber attacks on businesses around the world. The intention is to help enterprises understand the enemies they face so they can better defend against cyber attack.”

Apparently, such intel is especially needed in the Middle East, where cybercrime was recently found to affect about 30 percent of organizations.  Despite the danger, the same study from PwC found that regional companies were not only unprepared for cyber attacks, many did not even understand the risks.

The article lists the six cybercriminal types BAE has profiled:

“The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money;

The Professional – career criminals who ‘work’ 9-5 in the digital shadows;

The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;

The Activist – motivated to change the world via questionable means;

The Getaway – the youthful teenager who can escape a custodial sentence due to their age;

The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company.”

Operating in more than 40 countries, BAE Systems is committed to its global perspective. Alongside its software division, the company also produces military equipment and vehicles. Founded in 1999, the company went public in 2013. Unsurprisingly, BAE’s headquarters  are in Arlington, Virginia, just outside of Washington DC.  As of this writing, they are also hiring in several locations.

 

 

Cynthia Murrell, July 11, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, Management, News, Search, Security, Technology | Comments Off on Six Cybercriminal Archetypes from BAE Systems 

The Twiggle Challenges Amazon

July 11, 2016

Twiggle sounds like the name for a character in a children’s show.  Rather Twiggle is the name of an Israeli startup.  It is working on the algorithms and other operating factors to power ecommerce search, using machine learning techniques, artificial intelligence, and natural language processing.  Venture Beat shares an insightful story about how Twiggle is not going to compete with Google, but rather Amazon’s A9: “Twiggle Raises $12.5 Million To Challenge A9 Ecommerce Search Engine.”

The story explains that:

“Rather than going up against well-established search giants like Google, Twiggle is working more along the lines of A9, a search and ad-tech subsidiary created by Amazon more than a decade ago. While A9 is what Amazon itself uses to power search across its myriad properties, the technology has also been opened to third-party online retailers. And it’s this territory Twiggle is now looking to encroach on.”

Twiggle has not released its technology, but interested users can request early access and it is already being incorporated by some big players in the eCommerce game (or so we’re told).

Twiggle functions similar to A9 with the ultimate goal of converting potential customers into paying customers.  Twiggle uses keywords to generate results based on keywords and it might transition into a visual search where users submit an image to find like items.  Natural language processing will also take regular human conversation and turn it into results.

The series A round funding of $12.5 million was led by Naspers with other contributors. Yahoo Japan, State of Mind Ventures, and Sir Ronald Cohen.  Twiggle says it is not copying A9 and has powerful search technology behind it, but are the rebranding the same product under a new title?  When they deliver the goods, then the tests will tell.

 

Whitney Grace,  July 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Data, ECommerce, News, Technology | Comments Off on The Twiggle Challenges Amazon 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta