My friends sometimes tease me about having to enter a passcode just to play games on my iPhone. But the truth is, Angry Birds isn’t the only thing hanging out on my home screen, so I need to be extra careful with who can access that information. Granted, a measly little four-digit passcode won’t stop even most amateur hackers, but it can buy a little time for me to report my phone missing or to wipe the sensitive information from my phone.
I was vindicated yesterday when Daniel Amitay, an Apple iPhone developer, published his research into passcode security. Amitay pays homage to past articles about the most common passwords on the Internet, creating a list of the ten most common iPhone passcodes. Here they are, in all their glory, from Amitay’s blog:
After years of waiting, the Associated Press (and other media outlets) finally received the results of their freedom of information request to the state of Alaska: A massive trove of former Governor and Vice Presidential Candidate Sarah Palin’s e-mails from when she was in office.
And so far, love her or hate her, the results are pretty tame: Mother Jones, which has had some of the most aggressive coverage of the e-mails, reported that she did, indeed, regularly use the folksisms she’s become famous for, from “unflippinbelievable,” “what a goof” and “holy flippin A“to “we love the mobster in ya.” Indeed.
Here at the Enterprise IT Watch blog, we try to up with the latest news in enterprise IT to keep you updated on the goings-on in your neck of the woods. Usually our posts focus on our theme month topics, but not everything new in IT follows our schedule (despite our many efforts). To make up for that, I’m going to start compiling the top stories in enterprise tech, to make sure that you know what’s happening (and so that we know what’s happening as well). So even next month, when we’ll be tackling Cloud Storage, you can get a balanced dose of enterprise IT right here. Your one-stop shop, if you will.
So here goes:
Hey, Google! It’s rude to point.
It seems the latest trend of enterprise IT is to adopt whatever’s hot in consumer tech, although usually because of necessity and security rather than by choice. The latest spinoff of the should-we/shouldn’t-we debate over mobile gadgets is the question of online or cloud storage. Google made it a household name with Google Docs and its array of Office-like applications, and more recently pushing it further with Google Music. With similar offerings from Amazon and Apple, the idea of the public cloud is losing its mystery and gaining a more everyday reputation.
Companies such as Dropbox, Box.net, and Mozy are getting in on the online storage trend, gaining attention from the New York Times Technology section, highlighted for their successful foray into the storage industry. As Verne G. Kopytoff reports, “Aaron Levie, chief executive of Box.net, an early online storage company based in Palo Alto, Calif., said that the increased adoption of mobile devices and ubiquity of online connections had created a bigger need for companies like this.” The article cites the decrease in cost of hardware such as servers and data storage devices as one of the main benefits these companies have experienced in the past years. Box.net’s server space leasing cost has decreased about five to eight times since 2005 when the company started.
But these online storage companies are no strangers to the number one deterrent for all things “cloud”: Security concerns. Even casual consumers understand that their photos of last week’s BBQ are at risk, let alone images of their passport or social security card. With the recent horrible stretch for cloud computing, it’s not hard to see why experts urge users to only store non-sensitive information to these platforms. Newer companies are using this skepticism to their advantage. Chief executive of Cx.com Brad Richardson told the New York Times he “was not intimidated by all the competition. Focusing on security will help set his company apart from rivals.” Aside from being a thorn in the IT department’s side, consumer cloud services often serve as a catalyst for innovation in enterprise IT. With Amazon’s Cloud Drive and Apple’s iCloud (announced today and compared here), it definitely seems that further improvements could be headed for enterprise data storage.
The next step up from consumer acceptance? Small- and medium-sized businesses. And as Ron Miller points out, cloud storage seems the most obvious option for SMBs:
Small businesses today are being built for a fraction of the cost of even 5 years ago precisely because these businesses don’t have to make huge investments in hardware infrastructure. By passing off these costs to infrastructure providers, small businesses can concentrate on building the business and not worrying about keeping the Exchange server up and running or adding a new drive to the network to handle increased usage.
So it seems the dividing line between trusting your data to online storage and not falls right where most other IT concerns do: Budget. The bottom line for now seems to be, if you’re just starting your business, taking advantage of cloud storage can diminish your costs and keep you afloat. If you’re a company with enough to invest in the hardware (or something to hide) to host your own data storage, use that to your advantage and keep track of your most sensitive data that way. Unless you’re Sony, then you might just want to bury your head in the sand.
After the RSA breach, there was a fair amount of debate over how much security fallout there would be, if any. As one security analyst told SearchSecurity at the time, “Good crypto works even if an attacker knows how it works.”
Now, however, it looks like the breach has claimed its first major victim: Lockheed Martin, one of the largest defense contractors in America. As Reuters reported, the company “is grappling with ‘major internal computer network problems,’ said one of the sources who was not authorized to publicly discuss the matter.” While not explicitly stated, it sounds like normal e-mail access is restricted among other disruptions.
Robert X. Cringely reported on the attack early on, without naming the specific company, and wrote that countermeasures were taken, namely in requiring another level of authentication:
It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network.
The contractor’s data security folks saw this coming, though not well enough to stop it. Shortly after the RSA breach they began requiring a second password for remote logins. But that wouldn’t help against a key-logger attack.
The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it. A breach like this is very subtle and not easy to spot. There will be many aftershocks in the IT world from this incident.
A month ago, as SearchSecurity’s Rob Westervelt reported, that added layer of security was already of renewed interest, despite being a traditionally hard sell to security-stingy executives. Now with Lockheed’s surprisingly public example, it might just be a much easier upgrade to get approved.
When I first started out as a beat reporter covering mobile for SearchMobileComputing, it was an interesting time: The iPhone was relatively new, BlackBerry was the only true “corporate” phone, there were serious questions between whether Android or LiMo would win out, and Palm was still a decrepit if beloved classic OS.
I even wrote a gem called Six simple steps to killing the iPhone (ignore reg link and keep scrolling down), advice that’s not too embarrassing until the last one:
Step 6: Take a deep breath
Others disagree, but both Hughes and Gold say the iPhone hysteria is no different in principle from other phone crazes before it — the Sidekick or the Motorola RAZR, which was at one point ranked #12 in the greatest gadgets of the past 50 years but is now regarded as a mid-tier feature phone at best.
“Somebody needs to come up with something that’s really innovative, and then you’ll see loyalties switch in a second,” Gold said. “I think it’s probably going to be folks in the Far East: LG or Samsung, or maybe a Chinese company we don’t even know about yet.”
The point is, at the time, iPhones were just a flash in the pan. They’ve now thoroughly invaded the enterprise; early IT resistance has softened, to the point that it’s hard to find an IT vendor who doesn’t offer some sort of server management tools for the iPhone (I’ll give Gold some points for his “company we don’t even know about yet,” as Taiwan’s HTC has come from underground white labeled device maker to very public contender).
That’s the background I come from when I read Preston Gralla’s predictions that Apple’s enterprise growth isn’t sustainable, and why I think he looks at the right data, but draws all the wrong conclusions:
As you probably know, May was Networking Month at IT Knowledge Exchange. We’ve been busy covering Interop 2011 and all of the latest happenings in the networking world. So if you’ve found yourself as confused about your network as those wires over there, check out some of what we’ve been doing and what we think you shouldn’t miss compiled below for your easy digestion.
In Seattle, an upgraded 802.11n mesh network means the police department can keep a watchful eye on more of the city than ever before, without the need to deploy costly new fiber lines. And if things go well, the pilot project will be expanded from a few wireless routers powering six cameras placed on Columbia Center, Seattle’s tallest building, to a broad mesh network powering 180 wireless routers covering about two-thirds of Seattle’s downtown area.
As SearchNetworking’s Shamus McGillicuddy reports, this proposed network, which is contingent upon further grant funding, would not only drive networked video but also a host of other potential emergency services:
In that scenario, the Seattle PD would use the group of APs downtown to create a mesh network, so first responders from multiple agencies could access the cameras. The first mission of this expanded network will be to deliver IP video surveillance along the waterfront, but Moss said the network will eventually deliver a variety of wireless services for multiple government agencies.
“We’ll be deploying cameras along the waterfront, and those will have to be accessed with the MSR4000 units because we will have harbor units or fire department or Port of Seattle police accessing those feeds from the water. So we need something with a strong signal on the waterfront,” he said.
It’s important to note that the “two-thirds coverage” is wireless coverage, not video coverage. Currently, Seattle police have to daisy-chain two trucks within wireless hopping distance of each other, making coverage possible at “major events” where there’s some planned coordination involved, particularly when the police can tap into surveillance cameras of nearby parking garages and restaurants. The new network, however, would allow continuous video coverage, keeping a watchful eye on Seattle’s waterfront even when the foot patrol isn’t on the prowl.
Since IPv4 addresses have slowly but surely begun to run out, the Internet Society has arranged a day to test out the future, or IPv6 at least: June 8, 2011. With the air of someone foretelling the apocalypse, IPv6 advocates strongly urge users and to join the revolution and leave IPv4 behind. On the brink of its fortieth birthday, IPv4 is about to max out on the number of unique connections and devices it can safely track. Many companies have jumped on board World IPv6 Day in order to test and demonstrate the decreased hassle of adopting the newest IP version. Major organizations such as Cisco, Bing, Rackspace, Google, Yahoo!, Facebook, and Juniper Networks have signed on to participate in the worldwide test, offering their content over IPv6 for 24 hours (although some companies already offer such access, 24/7).
But big name supporters don’t have everyone convinced that this is the beginning of the IPv6 revolution. As the VP of IP engineering at NTT America, Dorian Kim, told Carolyn Marsan, the Internet “will be even more heavily NATed than it currently is, but life will mostly go on.” On the contrary, chairman of the Internet Engineering Task Force (IETF) Russ Housley fears a “very fragile Internet” will result if increased network address translation, as necessitated with IPv4, becomes the case.
A Short History of IPv6
Created by the Internet Engineering Task Force in 1998, IPv6’s primary purpose is to expand the Internet’s address space while adding autoconfiguration, network renumbering, and security through the IPsec protocol. The push for IPv6 adoption has included support from Google, Verizon, Comcast, and especially the U.S. government with its 2008 mandate that all agency networks to demonstrate the capability to carry IPv6 traffic. In July 2010, the Federal Acquisition Regulation changed, requiring government agencies to purchase only IPv6-capable systems.
Whether or not the public is ready, IPv4 addresses will almost certainly run out in the next few years (In fact, Asia’s registry, APNIC, has already depleted its normal reserves). Perhaps that’s what the Mayans meant with their 2012 warnings?
Beating Around the IPv6
If you’re struggling with the question of whether or not to deploy IPv6, there are several options to make transitioning from IPv4 to IPv6 easier, such as dual stacking, or running both protocols simultaneously in your network. Network address translation allows the sharing of one public IPv4 address across several users. But users are urged to not stop there. Tools such as OpenDNS’s IPv6 Sandbox allow networking professionals to get their feet wet, starting a full month before World IPv6 Day.
To check if your devices are ready for World IPv6 Day, visit http://test-ipv6.com/ before June 8, and for troubleshooting info, visit the American Registry for Internet Numbers (ARIN). Be sure to check with your devices’ manufacturers about upgrading operating systems, browsers, and router software to ensure you are ready to test out IPv6.
What’s keeping you from taking the plunge? Let us know in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.
Some vendors and analysts content that the network just connects boxes and all you need is a tactical network, capable of addressing current business requirements and challenges. Cisco wants to debunk the myth that “good” is good enough for your business. Read this whitepaper to further debunk the myth of a “good enough” network.