Free Program Removes DRM Controls from PDFs
August 12, 2011
We’ve found a tool that is, perhaps, a bit concerning. Softpedia presents, for free, PDF Drm Removal 1.4.2.0. The developer of the software is listed as Removedrmfromepub.com. The product description reads,
PDF Drm Removal is a professional and reliable application designed to remove DRM protections from PDF files with no quality loss. Just removes the PDF files drm header, no change on the files. Read the PDF on any supported devices!
Interesting and somewhat concerning. We understand there’s controversy over Digital Rights Management controls; some say that they stifle innovation or violate private property rights. Others say the technology unnecessarily locks documents into a format that is bound to become obsolete someday.
However, we necessarily sympathize with publishers and writers, like Stephen E. Arnold, who
rely on PDF security to safeguard documents. How else will they protect their work in the digital age?
Cynthia Murrell August 11, 2011
Symantec Snaps Up Clearwell to Enter E Discovery Market
July 20, 2011
I do some odd jobs for Enterprise Technology Management. Among them is hosting podcasts on various topics. Last week we did a podcast with several luminaries in the e discovery market. E Discovery is a term used to describe the content and text processing required to figure out what is in unstructured content gathered in a legal matter. There doesn’t have to be a law suit to trigger a company’s running an e Discovery project, but unlike search, e Discovery beckons legal eagles.
We read the article “Symantec acquires Clearwell Systems for $390m.” Perhaps best known for their antivirus software, Symantec also offers an array of information management solutions. Clearwell Systems specializes in e-discovery tools, used in response to litigation and other legal/ investigative matters.
Symantec gains much with the acquisition:
Symantec notes the acquisition will add archiving, backup and eDiscovery offerings to its existing offerings, enabling it to offer a broader set of information management capabilities to customers. The deal will help Symantec provide future product integration opportunities with Symantec backup and security, Symantec NetBackup, Data Loss Prevention and Data Insight, the company said.
This acquisition moves e-discovery to the cloud, while continuing the appliance approach.
On the podcast I learned:
- There will be a push for more hosted services. Autonomy has done a good job with its Zantaz acquisition and its hosted services, so Symantec is going down a route that leads to a pay off.
- The Clearwell approach will continue to feature its rapid deployment model. I associated the phrase “rocket docket” with Clearwell which connotes speedy service.
- The Clearwell report and user audit functions will be expanded and enhanced. I saw a Clearwell report and watched an attorney pop it in an envelope for delivery to another attorney. The system impressed me because the report did not require any fiddling by the attorney. Good stuff.
Naturally, other new services are planned. Stay tuned.
Cynthia Murrell July 14, 2011
Search and Security: Old Wine Rediscovered
July 20, 2011
There is nothing like the surprise on a user’s face when an indiscriminate content crawl allows a person to read confidential, health, or employment information. Over enthusiastic “search experts” often learn the hard way that conducting a thorough content audit * before * indexing content on an Intranet is a really good idea.
Computerworld’s new article “Security Manager’s Journal:The perils of enterprise search,” is an insight into the dangers of sloppy search parameters or what we call old wine rediscovered.
The author does a good job of addressing the security concerns that can pop up if an enterprise search is not well thought out.
If security concerns aren’t addressed, this is what you can expect: The IT team does some research, makes a choice, deploys the infrastructure and begins pointing it to data repositories. Before you know it, someone conducts a search with a term like “M&A” and turns up a sensitive document naming a company that’s being considered for acquisition, or a search for the word “salary” reveals an employee salary list that was saved in an inappropriate directory. In other words, people will be able to find all manner of documents that they shouldn’t have access to.
Thurman sites the ‘rule of least privilege’ or the rule that information should only be available to those who need to know of it. With enterprise searching, it means that queries should return only information relevant to the search and that the user is allowed to see.
All in all, a rather informative if redundant read that outlines a few security options and ideas.
What we find interesting is that such write ups have to be recommissioned. Not much sophistication in enterprise search land we fear.
Stephen E Arnold, July 20, 2011
Sponsored by ArticleOnePartners.com, the source for patent research
Booz, Allen: Alleged Security Misstep
July 13, 2011
“Anonymous Leaks 90,000 Military Email Accounts in Latest #AntiSec Attack” caught my eye. The story points out that Booz, Allen seems to have been caught with its security Brooks Brothers suit pants down. The story said:
The leak, dubbed ‘Military Meltdown Monday,’ includes 90,000 logins of military personnel—including personnel from US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors. Their correspondences could include exchanges with Booz Allen’s highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA. Anon was also kind enough to gut 4 GB of source code from Booz Allen’s servers. Anon cites the firm’s alleged complicity in the SWIFT financial monitoring program as at least partial motive for the attack.
I used to work at Booz, Allen & Hamilton. Happier times. One of my goslings quipped, “Is this the same Bozo, Allen where you worked?” Happily I pointed out that my tenure took place when there was one highly regarded firm, no debt, and no allegations of broken toes with regard to security. I hope the story is incorrect.
Stephen E Arnold, July 13, 2011
Sponsored by Pandia.com, publishers of the monograph, “The New Landscape of Enterprise Search.”
Security and Open Source: A Delicate Mix Requires a Deft Hand
July 5, 2011
I recall reading a very unusual write up with a “learning” hook. The story was “The 10 Worst Cloud Outages (and What We can Learn from Them).” The article makes lemonade from the Amazon faults, which is a combination of home grown, open source, and commercial software. The lemonade bucket is full because the same recipe is used for cloud outages at Microsoft Sidekick, Google’s Gmail (with no reference to the Blogger.com crash during this year’s Inside Search conference which focused on cloud stuff), Microsoft’s Hotmail issues, Intuit’s flubs, Microsoft’s business productivity online standard suite stumbles, Saleforce.com’s outage, Terremark’s troubles, PayPal’s hiccups, and Rackspace’s wobblies.
What the article taught me was that this cloud stuff is pretty difficult even for folks with deep pockets, lots of engineers, and oodles of customers who swallow the pitch hook, line, and sinker.
My hope is that US government funding of research into the use of open source software for security applications can route around cloud dependencies. “DHS, Georgia Tech Seek to Improve Security with Open Source Tools.” The article said:
Although parts of the government, such as the Defense Department, have embraced open-source software for a variety of applications, many agencies still view it as suspect. As a resource, Davis hopes HOST will help to dispel the “hippie in the basement” view of open-source programs — that it’s cobbled together by enthusiasts rather than teams of professional programmers. The advantage of open-source software is that users can vet the source code themselves to make an application more secure. “Having something in a cellophane wrapped box doesn’t make it safer,” he said.
A combination of cloud technology and open source might prove the undoing of a well conceived program based on open source technology. Intertwining the cloud and open source tools for security might create a interesting and difficult to troubleshoot situation. Let’s hope the approach delivers lemonade with just the right amount of sugar, not a sour concoction.
Stephen E Arnold, July 5, 2011
From the leader in next-generation analysis of search and content processing, Beyond Search.
AtHoc at Home in the Pentagon
June 30, 2011
AtHoc, Inc. is the leader in “net-centric” emergency mass notifications. MediaWorkstation.com is reporting they have announced that the Pentagon Force Protection Agency (PFPA) will deploy AtHoc alerts in order to meet mass notification requirements. We learned from the write up:
Responsible for the security of the Pentagon, PFPA uses the AtHoc IWSAlerts mass notification solution to rapidly send alerts through its IP network to connected computers, SMS text messages to cell phones and voice alerts to office, home and mobile phones. Alerts to computer workstations override the computer screen with an intrusive audio/visual message that describes the threat, includes instructions for taking appropriate action and provides response options via bi-directional communication between the alert recipients and operators. Phone alerts appear both as text (for cell phones) and voice, allowing recipients to respond and indicate their status.
AtHoc is IP-based and integrated within the already working structure of the Pentagon’s systems to notify personnel in case of emergency and has features to insure safety. It is another step in the Pentagon’s remodeling of their Computer Emergency Notification System (CENS) that was created after the attack on the Pentagon on Sept. 11.
Sounds like a good idea to me. AtHoc delivers in my opinion.
Stephen E Arnold, June 30, 2011
From the leader in next-generation analysis of search and content processing, Beyond Search.
Google and Alleged Hosting of Phishing Sites
June 23, 2011
Has Google become a phishing buddy? That’s what F-Secure is saying in “Phishing Sites Hosted on Google Servers.”
An examination of spreadsheets on Google Docs reveals various phishing sites. What makes these attacks particularly nasty is that they “are hosted on the real Google.com, complete with a valid SSL certificate.” F-Secure provides screen shots of what appears to be particularly high-quality phishing. Even more confusing, “apparent Google employees are linking to” phishing forms.
If F-Secure’s right, this is very unsettling. Savvy users have prided themselves for years on being able to spot and avoid phishing attempts. But these spreadsheets have experts scratching their heads as to their validity. If they’re not sure, how can the average user tell the difference?
Stephen E. Arnold, June 23, 2011
Sponsored by ArnoldIT.com, your source for strategic information services
Stormy Weather for the Eucalyptus Grove?
June 10, 2011
Still feel safe in the cloud? Have you heard from Eucalyptus lately?
According to “Critical Vulnerability in Open Source Eucalyptus Clouds”, there has been another break-in. At least a theoretical one; university researchers have found a hole in the cloud. Per the article:
“An attacker can, with access to the network traffic, intercept Eucalyptus SOAP commands and either modify them or issue their own arbitrary commands. To achieve this, the attacker needs only to copy the signature from one of the XML packets sent by Eucalyptus to the user. As Eucalyptus did not properly validate SOAP requests, the attacker could use the copy in their own commands sent to the SOAP interface and have them executed as the authenticated user.”
The platform has already provided a newer, downloadable version that corrects the issue. Eucalyptus has warned their services may be a little spotty while the rest of the system recognizes the fix.
Go ahead and tally another tick mark against the cloud. What’s worse, besides the discovered threat, users must contend with the hassle of outages related to the fix. I could be wrong, but it seems it is only a matter of time before some serious consequences arise from lax attitudes concerning data storage.
How about putting enterprise data in the cloud with a search interface? Or maybe a bank of social security numbers? Now what about a security lapse?
Sarah Rogers, June 10, 2011
Sponsored by ArnoldIT.com, the resource for enterprise search information and current news about data fusion
More Cloud Cheerleading
May 27, 2011
“Gartner Identifies Five Ways to Migrate Applications to the Cloud” identifies the options for the IT department when the CIO calmly announces to ‘move some applications to the cloud’. As if it was only a matter of transferring a file from one shelf to the next.
Gartner insists there are many factors to consider when initiating the migration process, including a company’s requirements and architectural principles. Five options plainly identified for relocating to the cloud are as follows: “Rehost on infrastructure as a service (IaaS), refactor for platform as a service (PaaS), revise for IaaS or PaaS, rebuild on PaaS, or replace with software as a service (SaaS)”.
Granted, this article was written from the perspective of application architects. These are, we assume, individuals whose job is not to evaluate if an existing structure should be migrated to the cloud, only how to do so. In light of this, we would like to toss some other factors on the table.
What about the risks? Lady Gaga problems at Amazon. Dead Blogger.com. Sony network problems. Microsoft BPOS Exchange issues. Need I go on?
Cost should be considered. The difference felt in the coffers can be great between top-end and entry level servers, and without a simulation prior to the switch you may not realize what magnitude of power you require.
Security and reliability are also points of interest. Both the ability to extract personal data from the cloud as well as bring the service to a screeching halt has been demonstrated recently with the Sony network breach and AWS breakdown.
There are obviously some great benefits to joining the cloud, but just like any other decision, it is best to view all angles prior to jumping in. It is tough to search for documents or basic information when the cloud takes a couple of days off to recover from sun burn.
Sarah Rogers, May 27, 2011
Freebie
About that Cloud Security?
May 21, 2011
Let’s assume the Bloomberg story “Amazon Server Said to Be Used in Sony Attack”. If a one cloud based service can be used to attack another cloud based service, does the owner of the service used in the attack have an obligation to prevent the attack? Bloomberg reports that Sony is concerned. No kidding, but what about the customers? Bloomberg says:
…the breach at Amazon is likely to call attention to concerns some businesses have voiced over the security of computing services delivered via others’ remote servers, referred to as cloud computing. Cloud security is Amazon’s top priority, Chief Executive Officer Jeff Bezos said at an event sponsored by Consumer Reports magazine this week.
Will substantive, timely action be taken to address the issues associated with this type of alleged use of cloud services? I suppose that the companies involved will try to slap on a patch. When the dust settles, will there be significant change? My hunch is that the quest for revenues will come first. The costs associated with figuring out problems * before * they occur are just too high.
We’re still in the react mode when it comes to online. Learning to live with unknown risks just adds spice to the online stew.
Stephen E Arnold, May 21, 2011
Freebie
-
- Subscribe to Beyond Search
Feature archive
News archive
-
