Ignoring Search Updates are a Security Risk
April 23, 2015
Searching is an essential function for basic Internet use and it is a vital function in enterprise systems. While searching on the Internet with a search engine might not seem like a security risk, the comparable action on enterprise search could be potentially dangerous. Security Enterprises points out the potential security risks in the article, “SearchBlox Vulnerabilities Underscore Importance Of Updating Enterprise Search Tools.”
Recently the Carnegie Mellon Software Engineering Institute CERT Division compiled a list of all the security risks from SearchBlox’s software. They included ways for hackers to view private information, upload files, cross-site (XSS) scripting, and cross-site request forgeries. Enterprise security developers can learn from SearchBlox’s vulnerabilities by being aware and repairing them before a hacker discovers the information leak.
The problem, however, might come from within an organization rather than out:
“Of all the possible threats, the ability for cybercriminals to conduct XSS attacks from within the product’s default search box is likely the most concerning, Threatpost reported. On the other hand, anyone trying to take advantage of such SearchBlox vulnerabilities would need to be an authenticated user, though there is no shortage of stories about insider threats within the enterprise.”
The article alludes that SearchBlox’s vulnerabilities came from day-to-day activities that keep an organization running. Using SearchBlox as an example, other organizations with enterprise systems will be able to learn where their own products need patches so the same issues don’t happen with them. So what do you take away: most hackers are probably insiders and look for holes in the ordinary, everyday routines.
Whitney Grace, April 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Search Updates and Security Issues
April 22, 2015
Searching is an essential function for basic Internet use and it is a vital function in enterprise systems. While searching on the Internet with a search engine might not seem like a security risk, the comparable action on enterprise search could be potentially dangerous. Security Enterprises points out the potential security risks in the article, “SearchBlox Vulnerabilities Underscore Importance Of Updating Enterprise Search Tools.”
Recently the Carnegie Mellon Software Engineering Institute CERT Division compiled a list of all the security risks from SearchBlox’s software. They included ways for hackers to view private information, upload files, cross-site (XSS) scripting, and cross-site request forgeries. Enterprise security developers can learn from SearchBlox’s vulnerabilities by being aware and repairing them before a hacker discovers the information leak.
The problem, however, might come from within an organization rather than out:
“Of all the possible threats, the ability for cybercriminals to conduct XSS attacks from within the product’s default search box is likely the most concerning, Threatpost reported. On the other hand, anyone trying to take advantage of such SearchBlox vulnerabilities would need to be an authenticated user, though there is no shortage of stories about insider threats within the enterprise.”
The article alludes that SearchBlox’s vulnerabilities came from day-to-day activities that keep an organization running. Using SearchBlox as an example, other organizations with enterprise systems will be able to learn where their own products need patches so the same issues don’t happen with them. So what do you take away: most hackers are probably insiders and look for holes in the ordinary, everyday routines.
Whitney Grace, April 1, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Oracle Challenges HP Autonomy Service
April 22, 2015
The article titled Oracle Adds Big Data Integration Tool To Streamline Hadoop Deployments on Silicon Angle discusses the news from Oracle that follows its determination that putting the right tools before users is the only way to allow for success. The Data Integrator for Big Data is meant to create more opportunities to pull data from multiple repositories by treating them the same. The article states,
“It’s an important step the company insists, because Big Data tools like Hadoop and Spark use languages like Java and Python, making them more suitable for programmers rather than database admins (DBAs). But the company argues that most enterprise data analysis is carried out by DBAs and ETL experts, using tools like SQL. Oracle’s Big Data integrator therefore makes any non-Hadoop developer “instantly productive” on Hadoop, added Pollock in an interview with PC World.”
Pollock also spoke to Oracle’s progress, claiming that they are the only company with the capability to generate Hive, Pig and Spark transformations from a solitary mapping. For customers, this means not needing to know how to code in multiple programming languages. HP is also making strides in this line of work with the recent unveiling of the software that integrates Vertica with HP Autonomy IDOL. Excitement ahead!
Chelsea Kerwin, April 22, 2014
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Enterprise Search Vendors: One Way to Move Past Failure
April 21, 2015
I just finished reading articles about IBM’s quarterly report. The headline is that the company has reported slumping revenues for three years in a row. Pretty impressive. I assumed that Watson, fueled with Lucene, home brew scripts, acquisitions, and liberal splashes of public relations, would be the revenue headliner.
How does IBM Watson’s unit, newly enhanced with a health component, respond to what I would call “missing a target.” Others, who are more word worthy than I, might use the word “failure.”
I read a blog post which lured me because at age 70 I am not sure where I left my dog, wife, and automobile this morning. Short term memory is indeed thrilling. Now what was I thinking?
Oh, right, “Embrace Selective Short-Term Memory to Move Past Failure Quickly.” The point of the write up is that those who have failed can more forward using this trick:
Rather than get caught up trying to emotionally soothe yourself, just forget it happened.
I have a theory that after an enterprise search vendor finds itself in a bit of a sticky wicket, the marketers can move on to the next client, repeat the assertions about semantic search or natural language processing or Big Data or whatever chant of buzzwords lands a sale.
Ask the marketer about an issue—for example, Convera and the NBA, Fast Search and the Norwegian authorities, or Autonomy and the Department of Energy—and you confront a team with a unifying characteristic: The memory of the “issues” with a search system is a tabula rasa. Ask someone about the US Army’s search system or the UK National Health Service about its meta indexing.
There is nothing quite like the convenient delete key which operates the selective memory functions.
Stephen E Arnold, April 21, 2015
Short Honk: Big Blue Gets Smaller. Cook Book Sales Not Reported
April 21, 2015
I read “IBM Sales Fall for 12th Quarter, Currency Weighs.” Nary a word about Watson. I then read “IBM Operating Profits Rise, but Strong Dollar Takes Toll.” Again a subject about which I sought information was not included. (The New York Times, April 21, 2015, business section, dead tree edition).
I learned that mainframes are still selling. I learned that not much else is selling. But the fact I wanted was missing.
I must conclude that sales of Watson’s cook book are not sufficient to bolster IBM’s financial results. Maybe next quarter along with Watson Health’s revenues.
One fact did stick with me. IBM has reported revenue declines for three years in a row. What advice does Watson offer? Also not reported. I hear a voice whispering, “Patience, grasshopper.”
Got it. Patience.
Stephen E Arnold, April 21, 2015
SharePoint Server Release Delayed by a Year
April 21, 2015
For users anxious to start working with SharePoint Server 2016, the wait just got a little longer. Microsoft just announced that the next version would not be available until the second quarter of 2016, a delay of full year from initial projections. ZD Net covers the latest news in their article, “Microsoft Pushes Back Next SharePoint Server Release to Q2 2016.”
The article breaks the news:
“When Microsoft announced the name of the next version of SharePoint Server — SharePoint Server 2016 — company officials said the product would debut in the second half of calendar 2015. But on April 16, Microsoft execs said that there’s a new delivery plan, and SharePoint Server 2016 won’t be generally available until the second calendar quarter of 2016.”
The delay doesn’t seem to be related to Windows Server, although it has also been pushed back to calendar year 2016. The new version is still very much anticipated as it promises updates to content management, team connectivity, and hybrid functionality. For users who are closely following all the news, stay tuned to ArnoldIT.com, specifically the SharePoint feed. Stephen E. Arnold maintains his site with a focus on search and all the expertise of a lifelong career.
Emily Rae Aldridge, April 21, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Microsoft Improves Search, Again, with Delve
April 20, 2015
The article titled Microsoft Beefs Up Office 365’s Delve, Aims To Complete Its Rollout By May on Computerworld discusses the improvements to the enterprise search and discovery app Delve. Delve was built for Office 365’s Office Graph machine learning engine, and helps create and analyze detailed data on users by linking to content through card icons. The article states,
“Based on what it learns about the user’s work, it determines which files, colleagues, documents and data are most relevant and important at any given point, and displays links to them in a graphically rich, card-based dashboard. Delve provides this assistance in real time, so that users can prioritize their work and find the information they need as they participate in whatever work projects and tasks they’re involved in.”
This means that Delve can figure that a user’s upcoming meeting will be about a particular topic with particular colleagues, and then collect information that is relevant in a timely manner for display in the dashboard. Microsoft is currently working to make Delve capable of analyzing email content within Exchange Online attachments. Yammer actions will also be performable in the near future from the Delve interface. It can also, of course, be used more traditionally as a search engine, but Microsoft has big plans for more dynamic and innovative capabilities.
Chelsea Kerwin, April 20, 2014
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Google is Now My Maid
April 20, 2015
Google wants to make lives easier or so it claims. In many ways the search engine giant has. They have free email, Web storage, an office program suite, YouTube, open source code community, maps, TV, access to books, and did we mention they have a search engine? Taking a queue from mobile phone voice activation services like Siri, Google wants to help people find local services. BuzzFeed reports that “Google Wants To Send You A Plumber” and a contractor, maid, lawn services, roofer, and an HVAC technician.
“Sources close to the company told BuzzFeed News that Google plans to announce a new product aimed at connecting Google search users with local home-service providers — like plumbers and electricians — at an advertising conference later this spring. The product will be integrated into Google’s core search offering and is intended to capitalize on search intent, turning queries about home improvement tasks into engagement with home-service providers.”
Google has increased its accuracy with local search results, but they have decided to take it a step further with a new service. Most of the search results for local services are littered with directed Google AdWord advertisements. Google wants to act as an intermediary for people and home services providers. Google would directly connect people with the home services providers and act as an unseen partner in the transaction.
It is unsure of how Google would directly connect the two parties, but it comes on the tails of another home services deal between Amazon and TaskRabbit. The article points out how Google is the only company capable of rivaling Amazon in such an endeavor. The bigger question is what will they do and how will they do it? Maybe they will borrow ideas from Uber and Lyft.
Whitney Grace, April 20, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Quote to Note: Search and Its Infancy
April 19, 2015
Navigate to “Moving Search Forward.” Here’s the Marissa Mayer quote which I highlighted:
We firmly believe that search is still in its infancy – and this partnership marks the next chapter in our exploration of how to make search truly great.
Like Penelope’s suitors, vendors are pretty convincing until Ulysses turns up. By the way, search has been a thing for more than 50 years, and I am getting tired of the “baby” metaphor. Search has plateaued, and it will take more than a former Googler’s rah rahs to make a difference.
Stephen E Arnold, April 19, 2015
France Cooks Boeuf Google Be Gone
April 19, 2015
I read “French Senate Backs Bid to Force Google to Disclose Search Algorithm Workings.” The Google is going to be Googley. My hunch is that the GOOG will take the approach of a trois etoile chef and keep some of the ingredients in a classic French dish under wraps. The French Senate, on the other hand, may concoct a dish, like revenge, best served cold, Boeuf Google Be Gone. Will French online users kick their Google habit? Perhaps France will embrace Dassault Exalead or Qwant? Will the groups which annoyed Caesar prevail?
Stephen E Arnold, April 19, 2015
-
- Subscribe to Beyond Search
Feature archive
News archive
-
