Cyberwarfare Attack Devices
May 26, 2009
If you worry about enterprise search, you won’t find much of interest in this Aviation Week. The addled goose, on the other hand, sees the story “Network Attack Weapons Emerge” here by David Fulghum as a precursor of similar information initiatives in the business arena. Information is a strategic asset and methods to locate, disrupt, intercept, and analyze those assets are going to remain and become increasingly significant. The core of the Aviatiion Week story was this comment:
Devices to launch and control cyber, electronic and information attacks are being tested and refined by the U.S. military and industry in preparation for moving out of the laboratory and into the warfighter’s backpack.
Mr. Fulghum added:
The Russians conducted a cyberattack that was well coordinated with what Russian troops were doing on the ground,” says a longtime specialist in military information operations. “It was obvious that someone conducting the cyber[war] was talking to those controlling the ground forces. They knew where the [cyber]talent was [in Russia], how to use it, and how to coordinate it. “That sophisticated planning at different levels of cyberwarfare surprised a lot of people in the Defense Dept.,” he says. “It looked like a seamless, combined operation that coordinated the use of a range of cyberweapons from the sophisticated to the high school kids that thought it was cool to deface official web sites. The techniques they used everybody knows about. The issue was how effective they were as part of a combined operation.”
I found interesting his description of the components of a cyberattack toolkit:
The three major elements of a cyberattack system are its toolbox, planning and execution capabilities. The toolbox is put together by the hardware and software experts in any organization to address specific missions. They maintain the database of available capabilities.
Worth reading.
Stephen Arnold, May 26, 2009
Tough to Search When Computers Are Off
May 22, 2009
Courant.com reported that a computer virus caused problems for the US Marshal’s information system. You can read “Mystery Virus Strikes Law Enforcement Computers, Forcing FBI, US Marshals to Shut Down Parts of Networks” here. Security is an important consideration in online systems and for search and content processing. Tough to perform information retrieval when the computers are off line.
Stephen Arnold, May 22, 2009
UK Military Security
May 18, 2009
I am not sure if this Web log post is true. If it is, a rethink of security in the UK’s Ministry of Defence is likely to be forthcoming. The article “MoD Loses 28 Laptops This Year” here reported:
The laptops were lost between January 1 and 11 May 2009. The Ministry of Defence also admitted to losing 20 flash drives and 4 PCs in the same period.
Not much need for exotic search and retrieval when you have the gizmo in your possession. I wonder if the security method was developed at Los Alamos National Lab?
Stephen Arnold, May 18, 2009
Sphinx: Inscrutable Search
May 9, 2009
The Register’s Ted Dziuba’s “Sphinx – Text Search the Pirate Bay Way” here is a good case example for open source search technology. Before you cancel your Microsoft Fast ESP license, keep in mind that Sphinx is for structured data, specifically MySQL tables. You can get more detail here. There are some doubters in the crowd, particularly with regard to open source search technology. Based on the email I receive and the implementations I have examined, the open source search technology cannot be dismissed or ignored. For me, one of the more interesting comments in the article was:
Internet-famous MySQL wonk Jeremy Zawodny, who had the foresight to jump from the ship’s bow as Yahoo started to take on water, replaced MySQL full text search at Craigslist with Sphinx. Craigslist used 25 machines to handle roughly 50 million queries per day on MySQL. Under that kind of load, Zawodny found that MySQL wasn’t using much CPU or doing much disk I/O, which means it’s spending all of its time waiting on thread locks. Oops. Maybe we should have paid attention to parallelism after all. The Sphinx implementation took those 25 machines down to 10, with plenty of room to grow. While Sphinx didn’t handle the traffic out of the box at the time, Zawodny was able to patch it to handle Craigslist’s specific need – and fix a few bugs along the way.
The “green angle” is important. The comments about vowels and stopwords are also interesting. Worth putting this write up in the open source search archive.
Stephen Arnold, May 9, 2009
SharePoint Overview
May 6, 2009
Barb Mosher wrote “SharePoint Online (SaaS) Review – What It Is and Isn’t.” You can find the full write up published by CMS Wire here. Ms. Mosher has done a very good job of explaining the Software as a Service implementation of SharePoint. She walks through the basics and provides some screenshots. She has done what she could to make these screenshots easy to follow, but I find the steps for some basic tasks convoluted. Addled geese are not good candidates for SharePoint wisdom, I suspect. The most useful part of the article is her description and lists of what is included and what is not included. With regards to search, it seemed that only the bare bones of queries within a site are supported. I have questions about the stability of SharePoint from the cloud, which she did not address. Latency also triggers questions in my mind. Useful information to download and keep close at hand.
Stephen Arnold, May 6, 2009
Unusual Customers for Microsoft Hotmail
May 3, 2009
Short honk: The Washington Post reported an interesting use and even more intriguing users found Hotmail email reliable and reasonably secure. You must read “Al-Qaida Used Hotmail, Simple Codes in Planning” by Pamela Hess here. The notion of monitoring email appeals to me, and it is clear that a lack of monitoring seems to have come to light. It is also possible that monitoring was in place and did not work.
Ms. Hess wrote:
Al-Marri sent e-mails to Khalid Sheik Mohammed’s hotmail account _ HOR70@hotmail.com _ addressed to “Muk” and signed “Abdo.” The details of that code were included in an address book found in an al-Qaida safehouse in Pakistan.
Ms. Hess reported that the Hotmail users tried to get Yahoo to work but were not able to achieve the desired function:
Al-Marri initially tried to use a Yahoo e-mail account to contact Mohammed, but it failed to go through. So he switched to Hotmail as well. When al-Marri arrived in the United States, he created five new e-mail accounts to communicate with Mohammed, using the 10-code to send him his cell phone number in Peoria.
The Post included a photo of one of the individuals who used Hotmail for “secret” messages. Interesting. I am thinking about what Ms. Hess reported. The idea that Microsoft worked is fascinating as is the issue with Yahoo Mail.
Stephen Arnold, May 2, 2009
USA.gov Gets Social
April 30, 2009
What a stunning announcement. Navigate to AllFacebook.com here and read the story “Facebook Signs Agreement with GSA”. At first glance, I thought “GSA” meant the Google Search Appliance. Ho hum. I have heard that the GOOG will be interested in the contract now held by other vendors when recompete time rolls around. Old news. But when I scanned the AllFacebook.com item I learned something quite remarkable. The US government has inked a deal with Facebook.com. The party to the deal is the US General Services Administration, one of the US government’s purchasing and administrative arms. These are big arms, too. Think World Wrestling Federation. The site with the Facebook.com deal is http://www.usa.gov (formerly FirstGov.gov).
Facebook.com is one of the social networking sites that boasts a pretty good retention rate. I have heard that about 65 to 70 percent of sign ups use the service. The Twitter critter retains only about 40 percent. Check my figures because I am operating on conference baloney today. Your taste in stats sandwiches may vary.
The story, written by Nick O’Neill, features a logo of USA.gov that say, “Government made easy.” Okay, how does Facebook.com fit in. The story quotes administration officials who said:
“USA.gov is breaking new ground by migrating to new media sites to provide a presence and to open up a dialog with the public. We know that many other agencies want to do the same, and having these agreements is an important first step.” Under the new administration and the leadership of a new CTO and CIO, government agencies will get access to many of the publicly available technologies that would have previously been impossible to include within projects. I know it’s silly but advertising a government job on Facebook would have taken so many hurdles previously that in the end it would not be worth it.
I don’t want to speculate on how the USA.gov site will leverage the Facebook.com service. I must go on record as honking, “The GSA is showing some teen spirit.” I do have some questions flapping around. I will capture one before it wings away: “What security provisions will be put in place to deal with the issues related to personal or sensitive information?”
Facebook.com is reasonably secure unless a careless person becomes careless with friend lists, user name and password, and what’s posted. A happy honk to Facebook.com for the deal. The security folks at the GSA will be popular in the near future I wager.
Stephen Arnold, April 30, 2009
Security: Not If There Is Money for Some Humans
April 26, 2009
ITBusiness.ca ran a story with the eye catching headline “One-Third of Employees Willing to Steal Company Data If the Price Is Right” here. Studies of this type require some mental prudence. I found the write up a useful reminder than humans are the weakest link in a security fence. For me the most interesting comment was:
Research by the security event organizer revealed that of those willing to steal sensitive data, 63 per cent would expect at least £1 million (Can$1.78 million) for their troubles, while 10 per cent want enough to pay off their mortgage.
Now, what about that confidential information secured with industry standard systems? Take out your checkbook?
Stephen Arnold, April 26, 2009
Google Updater: Bugs but Benign
April 13, 2009
I loved this statement in Google Operating System: Unofficial News and Tips about Google here, “Unfortunately, the service has many bugs, it can’t be disabled unless you uninstall all the applications that use it and there are some privacy issues…” Who wrote this? The Google. You can read “Google Update, Open Sourced” here. To make clear the intent of the Google Update service, Google has released the code to the public domain. (I doubled checked and this does not seem to be a tardy April Fool.) The other interesting statement in the article was:
Since Google Update is always running on your system, there’s no simple way to stop it, and since it’s a fundamental part of the Google software that needs it, it’s not explicitly installed.
A question: do you think this sounds somewhat similar to Microsoft’s protestations that Internet Explorer could not be disable or removed from Windows, a fact which may have been subject to revisionism in Windows 7? Google has some clever engineers. It’s a pity that this installer is such a baffler. The comments to the post go in a surprising direction; namely, legal issues. Post any additional info you may have, please. I will update this item but not automatically as I learn more. I love categoricals. Just like mom in a way.
Stephen Arnold, April 13, 2009
Another Password List
April 6, 2009
Short honk” PCMag.com published a list of the 10 most common passwords here. If you are curious, you may want to peruse the list. The used Mac Mini I bought to talk to my Apple TV box came with a password on this list. I’m delighted I paid $250 for the gizmo. I changed the password to something slightly more exotic.
Stephen Arnold, April 6, 2009
-
- Subscribe to Beyond Search
Feature archive
News archive
-
