Tuesday, 27 August 2013

US Surveillance Brings End to Legal Website

When former US intelligence analyst Edward Snowden first revealed systemic abuses by the US National Security Agency (NSA) in its information gathering process, no one could have imagined the collateral damage that would result.  The latest evidence of that damage is the closing of the well-known Groklaw legal reporting website.  Groklaw founder Pamela Jones closed the site due to an apparent lack of anonymity.

According to Jones, the NSA practice of screening and storing e-mails now makes it impossible for contributors to feed Groklaw information for its online publication without compromising their identities.  A fear of the loss of anonymity would mean fewer contributors sending the site the information necessary to continue.

What's more, Jones does not want to endanger the identities of contributors who would still be willing to feed Groklaw information.  It is too big a risk, knowing that information contained in an e-mail could come back to haunt the sender years down the road.

To be sure, Groklaw is not the only company adversely affected by the NSA.  Already two other companies offering encrypted e-mail services have shuttered operations.  They did so out of fear of lawsuits resulting from e-mails being seized and decrypted by the US government.  Both companies could no longer guarantee security and privacy in the wake of NSA activities.

For the time being, it appears as though government overreaching has not affected the general networking environment.  However, it's not beyond the realm of possibility to assume that information could be revealed later on that proves otherwise.  For all we know, governments from around the world have their electronic spies monitoring virtually everything done online.

The Cost of Security

Now that we've reached this point, it is important to have a realistic discussion about the cost of security.  After the tragic events of September 11, 2001, it was just assumed that beefing up surveillance and information sharing was necessary in order to avoid further attacks.  Having said that, plenty of people warned that the types of surveillance being suggested would turn out to be damaging to individual freedom.  It turns out that they were right.

Do we want to continue down the road in which the US and UK governments can use the need for domestic security as an excuse to practice surveillance in any way they see fit, at any time, and against any individual?  If so, there will be no such thing as Internet security in the near future.  There will always be the potential for spying eyes to discover what everyone is doing, saying and thinking.  This is not wise.

It's no wonder, then, that the concept of cloud computing still is not catching on as fast as was hoped in Europe.  Companies are smart enough to know that cloud computing opens up the door to even greater security risks that cannot be easily managed.  They are far more comfortable sticking with traditional hosting plans that allow them to keep their environments at least a little more secure.

It looks like it could be time to reconsider what we are currently doing...

Thursday, 22 August 2013

Google and Amazon Go Dark: Could This be Linked?

Last Friday (16 Aug 2013), everything at Google went dark for just a couple of minutes.  When we say everything, that's exactly what we mean.  IT services, commercial applications – everything from Gmail to the Google Apps Dashboard was gone.

According to GoSquared and other analytics firms, the short outage was punctuated by a 40% drop in total Internet traffic.  That's shocking to some of us.  Thankfully, Google was back up and running within 5 minutes.  End of story?  Maybe not.

The following Monday retailing giant Amazon.com also endured an interruption of service in North America.  For about 30 minutes, users could not search for or purchase products, leave reviews, and manage seller accounts.  Amazon claimed their problem was an ‘internal error’ and in no way related to the Google issue just three days earlier.

Coincidence or Link?

The powers that be at both Google and Amazon are saying the outages are mere coincidence and that they are nothing to worry about.  We might be convinced except for one small problem:  there have been other inexplicable outages among major corporations over the last several days.  These outages seem to come and go without warning and, to date, without explanation.

Among the other companies hit so far are the New York Times, Intel and Microsoft.  Adding even more fuel to the speculative fire is a recent announcement that the New York Times is once again the subject of attacks by unidentified hackers, believed to be from China.

The one thing that hasn't been observed are widespread outages among hosting companies and commercial data centres offering networking services to smaller companies.  The outages seem to be focused on big-name players that maintain their own infrastructure.  It is also interesting to note that most of the outages occurred during peak operating hours.

Keep an Open Mind

It should be noted that it's still too early to tell whether all of these incidents are linked or not, and whether they are the result of nefarious individuals trying to wreak havoc on the networks of the Western world. Nonetheless, we would be foolish to ignore the incidents as mere coincidence.

We already know how serious an issue network security is all over the world. If nothing else, we should keep an open mind and investigate all of the outages thoroughly.  If they are being caused by hackers looking for ways to eventually take down the Internet, we can ill-afford to wait until it actually happens.  We need to be proactive in discovering the cause and eliminating it, whatever it might be.

If it turns out the outages were just ‘internal errors’ or hardware failures, we've nothing to fear.  We can continue going about our lives with all the benefits of Gmail, YouTube and the vast Internet shopping opportunities offered by Amazon.  We'll all be happy indeed.

Yet, if these outages turn out to be more than mere coincidences, they could have devastating effects on our way of life.  Should we leave that to ignorant bliss?

Tuesday, 20 August 2013

Voluntary Filtering Coming to UK Web Hosts

In an attempt to protect minors from inappropriate Internet content, PM David Cameron's government recently announced plans to implement a new voluntary filtering system among the nation’s Web hosts.  The system is designed to protect people from being inadvertently exposed to objectionable content while browsing the web.

In a speech outlining the plans, Cameron said that the voluntary filtering program would make it more difficult to directly access adult material or to find illegal content via standard Internet searches.  Although it will not cut off inappropriate content entirely, the system will supposedly make it much more difficult to come by.

In the early stages, ISPs deciding to implement the filtering will be responsible for classifying content and training employees appropriately.  New customers will have to actively opt out of the filtering when signing up for the service.  Existing customers will not be impacted immediately, but they will eventually be automatically subject to filtering.  They will need to inform their ISPs it they want access to blocked content.

The government insists filtering will occur at the domain level rather than the IP level. This essentially gives web hosts and ISPs greater control over what is blocked and what's not.  In theory, two sites utilising the same shared server could see one filtered and the other left alone as long as their domain names are different.

Critics warn the system is too simple to be of any real value for protecting kids from adult material.  For starters, it wouldn't take much for children to opt out of the filtering without their parents or carers knowing.  Secondly, there are software and hardware tools that can easily get around filters.  Today's Internet users are already well-versed in these tools.

Potential Censorship Problems

While the plan sounds very appealing on the surface, there are real concerns about potential censorship issues. Those concerns come by way of how the filtering deals with content other than what is deemed as ‘adult material’.  This additional content would the classified as objectionable if it didn't deal with certain topics in a way deemed inappropriate by ISPs.

Examples of such content would include topics promoting extremism, terrorism, violence or suicide. Questionable material regarding various emotional and mental disorders might also be included. The problem is that all of this is rather subjective.

If political organisations or advocacy groups were to become involved, for example, they might be able to convince an ISP to block a number of sites whose only offence is displaying content that runs contrary to the opinions of those lobbying the ISPs.  This type of thing happens in China all the time.

Even though the idea of filtering may be a good one, more thought needs to be put into how to implement it in a way that still contain safeguards against censorship.  In the end, no amount of filtering is going to totally eliminate all of the dangers on the web so trampling on the rights of content owners in the name of Internet safety does not seem reasonable.

Thursday, 15 August 2013

New York Times Hackers Back for More

This past January (2013) hackers allegedly sponsored by the Chinese government managed to break into the New York Times computers with relative ease. According to a number of sources, the hackers were able to gain access to the computers of 53 Times employees along with data and newsgathering information having to do with Chinese officials. The newspaper admitted the hackers had access for nearly 4 months before they were discovered.

Unfortunately, the hackers are back once again. According to FireEye, the latest attacks use more sophisticated versions of two well-known pieces of malware named Aumlib and Ixeshe. Neither piece of malware has seen much activity since 2011, and neither has evolved at all until recently. However, the new incarnations allow hackers to manipulate networking and traffic patterns in order to remain undetected.

FireEye officials say that these newest attacks are significant because they take the two malware families to the next level. The amount of work required to write new code, develop new infrastructure, and train people in the use of the malware is extensive enough that it couldn't be the work of any organisation that didn't have significant muscle behind it. Hence, suspicion is once again being directed at the Chinese government.

Other than the massive amount of work that must have gone into the retooling, experts are not surprised to see Aumlib and Ixeshe being used again. Hackers often retool malware once current incarnations are exposed. As long as they can rewrite code to overcome security, there's no need to reinvent the wheel. That appears to be the case here.

New York Times a Victim Again?

FireEye's revelation of renewed attacks was first made known on August 13. But just a day later, the New York Times website was down for several hours, with some news outlets reporting a denial of service (DoS) attack as the culprit. When the site finally came back just after 2 pm EST, the Times released an official announcement saying the problem was due to an internal error.

One wonders if the Times is being completely honest. They may very well be, but would they be willing to publicise an external attack if that were the real cause of their website being down? There's no way to know for sure. The point is that no website or computer network is completely safe from hackers.

The nature of networking means there are vulnerabilities all across the board. From the servers hosting websites to the local computers accessing them, there are far too many players in the game to ensure complete security. So just like death and taxes, network hacking is something that is virtually guaranteed in this day and age.

IT security firms will continue doing their part monitoring international hackers and closing the security loopholes that make attacks possible. Indeed, prevention might even be possible in some cases. However, for the most part, we will be left to deal with attacks as they come. That's just the way it goes...

Tuesday, 13 August 2013

Big Data's Looming Changes Just Around the Corner

Anyone who spends any amount of time on the Internet has heard the term ‘Big Data’. However, the ambiguous nature of the term has left most of us only marginally interested in what it all means. That's about to change. The world of Big Data is on the verge of transforming everything we know about how data is used. The first changes will be seen in employment.

Right now Big Data is largely used to track and analyse consumer practices. The fact that data storage is so cheap and accessible has led to just about every online movement being tracked and analysed. Every credit card transaction, every online form filled out, every survey answered; they are all tracked and analysed by multiple entities.

However, with all this data there comes a very definite problem: managing it effectively as the monster continues to grow. Believe us when we say that Big Data has grown well beyond a couple of datacentre reports turned in at the end of the day.

Big Data Hiring

In order to gain control of Big Data, companies are going to have to start hiring and training competent professionals able to deal with it all. They will need professionals who can develop software for data handling, others who can sort through data to separate the useful from the redundant, and creative individuals able to show potential customers how they can benefit from Big Data.

It would not be surprising to see Big Data management being offered as one of the latest IT services in the near future. It might even show up as one of the managed services that hosting companies and datacentres offer. Either way, it's coming.

The other thing to consider where Big Data meets hiring and recruiting is the idea of using properly analysed data to find the best candidates for a given job. Let's face it, if we can track credit card purchases and web surfing habits, we can also track specific types of behaviour that would help companies locate the best prospects. That's coming as well.

What It All Means

At the end of the day, this all points to the fact that Big Data is on the verge of breaking through the confines of marketing and into just about every other facet of digital life. The amount of data now being stored and analysed is so massive that it would be wasted if it were to continue serving only marketing purposes.

The negative side of Big Data is one that is all too familiar with network security specialists. As the amount of data increases, so does the risk associated with storing and tracking it. Therefore, the most important priority for Big Data is security. Otherwise, it could mean Big Trouble.

No matter how you feel about the world of Big Data, it's here to stay. Get used to it. If the powers that be do as they should, Big Data will provide plenty of great benefits for generations to come.