Archive for August, 2014:

Munich reverses course, may ditch Linux for Microsoft

Decade of movement on open-source in jeopardy from new city government

The German city of Munich, long one of the open-source community’s poster children for the institutional adoption of Linux, is close to performing a major about-face and returning to Microsoft products.

Data integration is often underestimated and poorly implemented, taking time and resources. Yet it
Learn More

Munich’s deputy mayor, Josef Schmid, told the Süddeutsche Zeitung that user complaints had prompted a reconsideration of the city’s end-user software, which has been progressively converted from Microsoft to a custom Linux distribution – “LiMux” – in a process that dates back to 2003.

The newspaper reports that about 80% of all Munich city workers use LiMux at the office, and that, according to Schmid, many of those workers are “suffering.” The deputy mayor said that the government will convene an expert panel to consider whether to move back to Microsoft products. The report also notes that Microsoft is planning to move its German HQ from nearby Unterschleissheim to Munich as of 2016.

Schmid was the unsuccessful opponent of now-mayor Dieter Reiter in Munich’s municipal elections of late March. Reiter, however, had to form a coalition government, bringing Schmid in as deputy mayor. Reiter has also criticized the city’s open-source initiatives since his election, saying that the technology sometimes lags behind that of Microsoft, and that compatibility issues can cause issues.

For his part, Schmid characterized the adoption of open-source technology as a political decision from the start, telling the German newspaper that the move seemed to be intended more as a gesture to Microsoft than anything else.

The news comes just eight months after Munich’s city council essentially declared victory, saying that the LiMux transition was complete and boasting of more than $15.6 million saved since the project began. Nearly 15,000 users were converted to the city’s customized Linux-based operating system.

As recently as February, Munich’s attitude toward the open-source project was “full speed ahead,” when it announced that it would switch to groupware provided by Swiss developer Kolab Systems.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

Silver Peak looks to the clouds and redefines WAN Optimization

Last week, Silver Peak announced a new product called Unity that can be thought of as an intelligent WAN optimization ‘fabric.’

The evolution of the WAN is finally underway. The primary force driving a new WAN architecture is, of course, the cloud. Building a WAN prior to the cloud was a challenging but straightforward task. Connect your branches to a central hub, have one connection to the Internet, and away you go. Optimizing the WAN with WAN optimization controllers meant a box on either side of the link, and like magic WAN-based applications would perform like LAN-based applications.

Now, enter the era of the cloud. Now there are Internet connections everywhere and the nice, tidy, orderly WAN we had is a big, complex, chaotic system. Optimizing a hybrid WAN is a difficult, if not impossible, task using traditional WAN optimization. Unless you’ve got some pull with the folks at Salesforce or Google, it’s pretty hard to get a WAN optimization appliance deployed in those environments. Clearly, a new type of solution is needed to address the concept of a hybrid WAN that leverages both premise and cloud resources.

Last week, Silver Peak announced a new product called Unity that can be thought of as an intelligent WAN optimization “fabric.” The fabric enables network managers to track the location of cloud services and have a real-time “weather map” of Internet traffic to help find the optimum path for traffic flows. Airlines use weather maps to fly around trouble to give its passengers an experience that’s as good as can be. Similarly, IT organizations can use the fabrics weather map to route traffic around potential problem spots to keep data flowing securely and as fast as possible.

When Unity is deployed, the solution creates an overlay fabric to the network that sits between the enterprise network and a number of SaaS and IaaS providers. The fabric communicates with Silver Peak’s Cloud Intelligence services, which constantly aggregates data from the changing Internet traffic patterns. In a sense, Unity is bringing order to a system that has traditionally been highly chaotic. Customers can then view the entire network, cloud, and premise through the Silver Peak Global Management System, which gives network managers control.

Each separate instance on the Unity fabric communicates with Silver Peak’s Cloud Intelligence service, which continually aggregates changing web patterns and traffic information for the user. IT managers can view this through the Silver Peak Global Management System (GMS), which orchestrates the traffic routing.

Silver Peak has built an advanced exterior routing system that identifies the closest point of egress to the cloud data centers and routes traffic to the cloud service over the best path. Also, there’s an interior routing protocol that selects the best path on the company network by monitoring packet loss, latency, and bandwidth in real time.

At time of launch, Silver Peak supported about 30 cloud services, including all of the mainstream SaaS and IaaS services, such as, Google Apps, Office 365, Box, Amazon Web Services, and Windows Azure. The company told me in a pre-briefing that it would continue to add support for additional applications, eventually supporting every major SaaS service and many of the IaaS services on the market.

The Unity service is a strong, differentiated product for Silver Peak. Instead of just trying to find new use cases for its traditional WAN optimization technology, the company took an architectural approach to addressing the needs of businesses looking to leverage cloud services. The WAN is changing and changing fast, so it makes sense that WAN optimization needs to evolve equally fast.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Continue Reading

Healthcare organizations still too lax on security

Data breach at Community Health is symptom of broader problem, security experts say

The data breach at Community Health Systems that exposed the names, Social Security numbers and other personal details on more than 4.5 million people is a symptom of the chronic lack of attention to patient data security and privacy within the healthcare industry.

For more than 10 years, the Health Information Portability and Accountability Act (HIPAA) has required all entities handling healthcare data to implement controls for protecting the data, yet many organizations pay little more than glancing attention to the rules because of the relatively lax enforcement of the standards.

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has begun cracking down recently on hospitals and other healthcare entities that have suffered security and privacy breaches. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced some significant penalties for noncompliance with data security requirements.

Yet, many health organizations don’t see data security as a major concern until a breach. So far this year, healthcare entities have reported to the HHS at least 150 incidents involving compromises of personal data.

“The industry has a long culture of not recognizing the incredible value of healthcare information,” to those who want to misuse it, said Deborah Peel, a physician and founder of the advocacy group Patient Privacy Rights.

Apart from a lack of real enforcement of any of the privacy and security provisions in HIPAA, the industry has also suffered from the lack of an auditing requirement for security, Peel said.

HIPAA doesn’t require even large healthcare organizations to submit to a third-party audit of their data security controls. “Only if you have a breach or someone reports you are you likely to come to the attention of HHS,” Peel said.

Companies in other industries, such has financial services, have to go to great lengths to externally validate their systems and provide audit reports on request, she said. “There is no such requirement in healthcare,” even though the information handled by the industry is highly sensitive and far more valuable in the underground market than financial data.

“There is a lot of catching up to do. A lot of public trust is going to be lost,” before real change happens in the industry, Peel said.

Things will probably have to get worse before it starts getting better, said Phil Lieberman, president of Lieberman Software, a security vendors.

“It will take a Target type of episode where a healthcare provider and their C-suite face demise due to the damage they have caused to their entire population of patients to get some providers to wake up,” and invest in real security, Lieberman said.

The unfortunate reality is that most healthcare providers have little concern for having IT security, he noted. “There is no incentive for them to invest, nor is there any material consequence for their failure to protect their infrastructure. HIPAA has had little to no effect in protecting patient data.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

8 ways the password is dying

From smartphones that know you’re near to tattoos and even pills, high-tech companies are busy replacing pesky strings of text with easier ways to authenticate. Check out the future here.

The death of the password
Google’s massive I/O conference was chock full of trends and portents, but one of the most intriguing messages to trickle out of the show was far more subtle than the Android-everywhere blitz: Google is finally making good on its quest to kill the password.

Every single major platform Google promotes declared war on the password in some fashion. And Google’s far from the only company to come up with interesting authentication alternatives to memorizing long codes of numbers, letters, and special characters. From digitized tattoos to Bluetooth trickery and beyond, here’s how big names like Google, Apple, Samsung, and others are trying to kill the password.

Android L’s ‘personal unlocking’
When Android L, the next version of Google’s all-encompassing mobile operating system, hits the streets this fall, it’ll pack in a headache-relieving feature dubbed ‘personal unlocking.’ Personal unlocking takes what it knows about both you and your phone to alleviate the need to enter a security PIN when your phone’s in a safe situation.

The automatic authentication can be handled several ways: Android L can tell if you’re in a trusted location, for instance, or sense your paired Android Wear watch, or even pick up on the sound of your voice. It’ll be intriguing to see how this plays out.

Chromebooks embrace Android
Android’s anti-password stance carries over to Chrome OS, too. Sometime this fall—presumably around the time Android L goes live—Chromebooks will pick up the ability to sense your Android phone via Bluetooth, then automatically unlock your notebook, going so far as to sign you into your various associated Google accounts. Handy!

If your phone isn’t nearby, of course, you’ll still have to sign in with your Google account password. The automatic authentication isn’t the only deep Android integration coming to Chromebooks, either.

Chromecast’s sonic security bypass

Chromecast, Google’s streaming TV dongle, is taking a different tack by making it easier for your guests to share videos on your TV. Currently, you can cast content to the Chromecast only if both it and your device are on the same Wi-Fi network, but a future update will remove the need to share your network password.

Even cooler will be the way the Chromecast authenticates nearby devices: It’ll emit a high-frequency tone inaudible to the human ear, but registered by your phone’s mic. Any phones that hear the sonic squeal will be able to cast content to your TV. Whoa.

Apple’s Touch ID
Google’s antics aren’t the only assault on the password. The most notable alternative is Apple’s Touch ID, introduced in the iPhone 5s in late 2013. Touch ID builds fingerprint recognition technology into the iPhone’s home button, which allows you to sign into the phone and authenticate purchases from iTunes, the App Store, and iBooks with a quick touch—no password or PIN required. The upcoming iOS 8 update will open Touch ID authentication to third-party apps, too…

Fingerprint recognition spreads
…Which the fingerprint reader built into Samsung’s Galaxy S5 already offers, assuming the third-party app’s developers have coded the feature into their software. HTC’s One Max also integrates a fingerprint scanner—on the rear of the phone, oddly enough. Various business-focused Windows notebooks have offered fingerprint scanners, though the technology never really exploded for PCs. It’s mostly used as a secondary means of authentication in strict enterprise environments.

Digital ink
Other plans to kill the password are more…esoteric. At the AllThingsD conference in 2013, Regina Dugan, Motorola’s head of advanced technology and projects group, outlined some of the ambitious experiments in progress to obviate the need for PINs.

Using an electronic tattoo for password-free device authentication sounds crazy—do you really want to brand yourself forever to skip your phone’s lockscreen?—but it’s already happening. Just this week, reported that VivaLnk worked with Motorola and now offers temporary tattoos with a small NFC sensor that can be used to unlock your Moto X. The tattoos come in packs of 10 for $10 and stay on your skin for 5 days.

Password pills
Dugan’s other idea sounds like something straight out of Minority Report: Taking a daily password pill, just as you would a vitamin. The pill features a small chip with a switch that uses your stomach acids to activate, creating an 18-bit, ECG-like signal inside your body. “My hands are like wires, my arms are like alligator clips,” Dugan said. “When I touch my phone, my computer, my door, my car, I’m authenticated.”

ATAP—which is remaining with Google when the rest of Motorola is sold to Lenovo—is working with a company called Proteus Digital Health to make these pills a reality. Proteus already has FDA approval to create an ingestible sensor, though its efforts are largely focused on using the sensor as a medical device.

Growing pains
Killing the password comes with troubles of its own. Researchers have already duped the fingerprint sensors in today’s phones using Mission Impossible-like tactics, creating thick, high-DPI recreations of the phone owner’s fingerprints. After Google’s I/O keynote, security experts were quick to point out that relying on a single Android phone as an authentication tool for your devices created a single point of failure for would-be hackers.

But still, in a six-month span that’s already seen numerous, massive security breaches resulting in the breach of half a billion accounts’ worth of data, the idea of moving beyond passwords holds vast appeal. Sure, the transition has its perils along with the promises. But nobody loves passwords.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Posted in: TECH

Continue Reading

Facebook posts can land Americans on watchlists

Concrete evidence of being a suspected terrorist is not necessary before nominating people to watchlists; leaked “guidance” states that uncorroborated posts on social networking sites are sufficient grounds for the government to add people to watchlist databases.

As we’ve seen in the past, there’s nothing reasonable about supposedly suspicious activities as numerous you-might-be-a-terrorist-if lists are often filled with harmless behaviors. You know there are “hot” keywords monitored by government agencies and that anything you might say on social media could come back and bite you at a later date; those facts were again highlighted in the 166-page document issued by the National Counterterrorism Center to give “watchlisting guidance.”

Although this guidance includes advice on determining whether or not there is reasonable suspicion that someone is a terrorist and should be nominated to watchlists, the more worrying aspects involve getting around reasonable suspicion. According to “March 2013 Watchlisting Guidance” published by The Intercept:

In determining whether a reasonable suspicion exists, due weight should be given to the specific reasonable inferences that a nominator is entitled to draw from the facts in light of his/her experience and not on unfounded suspicions or hunches. Although irrefutable evidence or concrete facts are not necessary, to be reasonable, suspicion should be as clear and as fully developed as circumstances permit.

Americans are protected by the First Amendment; the guidelines do say that constitutionally-protected activities cannot be the basis for nominating a person to be added to watchlists, yet how many times has that proven to be untrue? Way before Snowden spilled the beans on NSA surveillance, back in 2010, the ACLU reported that FBI spying on free speech was nearly at Cold War levels.

It has been said that law enforcement considers not having a Facebook account to be suspicious, but it turns out that if someone were to setup a fake Facebook account pretending to be a specific person, the government doesn’t even need to confirm account ownership before flagging that person to be added to a watch list.

While the guidelines nominally prohibit nominations based on unreliable information, they explicitly regard “uncorroborated” Facebook or Twitter posts as sufficient grounds for putting an individual on one of the watchlists. “Single source information,” the guidelines state, “including but not limited to ‘walk-in,’ ‘write-in,’ or postings on social media sites, however, should not automatically be discounted … the NOMINATING AGENCY should evaluate the credibility of the source, as well as the nature and specificity of the information, and nominate even if that source is uncorroborated.”

It’s left to the nominator’s discretion to determine what is or is not suspicious. As we’ve seen in the past, sometimes being concerned about privacy or security is considered a “suspicious activity.” Below is a portion from a Communities Against Terrorism flyer designed by the FBI and the DOJ to promote suspicious activity reporting at Internet Cafes.
Privacy and security as suspicious activities

If a person on a watchlist were to travel, then airport or border officials are told what type of information should be targeted for collection during such encounters. Nominators are encouraged to include miscellaneous item information such as from “social networking accounts (e.g., Facebook, Twitter, MySpace, LinkedIn, ICQ), titles of books, DVD/CD, brochures being carried and their condition such as new, dog-eared, annotated, unopened, professional journals.”

Examples of electronic media/devices that are also to be observed or copied include “cellphone list and speed dial numbers, laptop images, GPS, thumb drives, disks, iPod or MP3, PDAs, Kindle or iPad (electronic books), cameras, video and/or voice recorders, pagers and any electronic storage media.”

Let’s say government officials snagged and copied a watchlisted individual’s cellphone. If you were listed in that person’s contacts, then that could be enough “reasonable suspicion” to add your name to a watchlist. “Because you appear on a telephone list of somebody doesn’t make you a terrorist. That’s the kind of information that gets put in there,” explained former FBI special agent David Gomez. “If reasonable suspicion is the only standard you need to label somebody, then it’s a slippery slope we’re sliding down here, because then you can label anybody anything.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Continue Reading

Follow Us

Bookmark and Share

Popular Posts