December 9, 2009 12:58 PM
Posted by: Michael Morisy
WPA Cracker, a service that bills itself “as cloud cracking service for penetration testers and network auditors,” has been making waves the past few days as breathless newswires report that “New Cloud-based Service Steals Wi-Fi Passwords“. Not quite: It just makes an already known vulnerability slightly more accessible to the common man, but what ne’er do well is really going to hand over their private info via Amazon Payments to crack a WPA-PSK password, particularly when there are simpler methods such as readily available rainbow tables?
To be clear, the service doesn’t break into Wi-Fi networks; it only runs a dictionary-based attack on handshakes that have to be recorded by an individual with at least some technical savvy.
Glenn Fleishman goes into another reason enterprises don’t have too much to worry about with this new development:
Let me be clear: this is a clever and worthwhile addition to penetration testing (pentesting) and network security, and I would gladly pay $34 to prove to someone smug that his or her company password was vulnerable. But it is not a generic nor dangerous attack on WPA. Smart companies, likely millions of them, already use account-based network authentication in the form of WPA/WPA2 Enterprise, which is not vulnerable to this form of brute-force attack. WPA/WPA2 server-side support is de rigeur in the enterprise network infrastructure, and available from third parties, as well as built into Microsoft Server and Mac OS X Server operating systems. Home users and small-business users are most likely to employ simple passwords.
In fact, there could be a silver lining. As Luke O’Connor notes, explaining the importance of strong passwords and security practices to management is never quite as easy as it should be. Showing decision makers that their password can be cracked by a simple web service in 20 minutes for under $40 can make quite an impact.
December 7, 2009 4:15 PM
Posted by: Michael Morisy
, Lotues Notes
, Ray Ozzie
Via the Channel Marker blog comes news that Lotus Notes turns 20 today. Well before social networking and crowdsourcing were hip and cool, Lotus Notes lead the collaborative charge with their take on “groupware.” But did anyone remember?
Not Ray Ozzie, apparently. The father of Lotus Notes has gone on to greener pastures as the Chief Software Architect at Microsoft, so don’t look for him to be making any teary-eyed statements about how well his (now IBM-owned) child has aged.
Not IBM, even on its Lotus Notes news page. $3.5 billion to buy Lotus, and then not $3.50 for a Hallmark card?
And definitely don’t look to Facebook. Lotus Notes fan pages were silent, eclipsed in popularity by, um, a Manhattan fashion blog?
It’s a cold world, but the anniversary hasn’t gone completely unremarked. Chris Toohey writes on DominoGuru that Lotus Notes has made him a better IT pro:
I have become friends with some of the most brilliant people in the world; people that not only take a particular technology and extend its functionality, but people that are able to think so far ahead of where I am today that they make me evolve my own thinking.
I’ve been superhuman.
I bleed yellow.
And, most important, I look forward to what I’ll be tomorrow.
Happy Birthday Lotus Notes, and I look forward to the next 20 years of collaboration, community, and evolution!
And Chris was kind enough to send along a link to Ed Brill, director of Lotus Software, who did note the anniversary in “20 years ago today…Notes 1.0“:
On December 7, 1989, at the American Academy of Arts and Sciences in Cambridge, Massachusetts USA, Lotus Notes 1.0 was officially unveiled. I wasn’t there, and the date wasn’t significant to me other than as I was approaching final exams in my penultimate semester of college. Clearly, though, that event changed history — and produced one of the most successful and longest-running software products in distributed computing.
How did you celebrate?
December 2, 2009 2:45 PM
Posted by: Michael Morisy
Foreclosure isn’t easy for anyone involved, particularly those homeowners who feel tricked into mortgages they can no longer pay and so face eviction. The results are often not pretty, as the Wall Street Journal reports in Buyer’s Revenge:
The stucco subdivisions of Las Vegas are caught up in the nation’s foreclosure crisis. These days, bankers and mortgage companies often find that by the time they get the keys back, embittered homeowners have stripped out appliances, punched holes in walls, dumped paint on carpets and, as a parting gift, locked their pets inside to wreak further havoc. Real-estate agents estimate that about half of foreclosed properties to be sold by mortgage companies nationwide have “substantial” damage, according to a new survey by Campbell Communications, a marketing and research firm based in Washington, D.C.
With the former homeowners losing their most valuable asset, it’s tough to re-coup the lost costs after the destruction has occurred, so banks have given up on the stick and turned to the carrot: Cash rewards for leaving early or even just on time and not having trashed the home.
Could the same approach work for IT?
Inevitably, equipment and even software breaks: Motherboards die, laptop screens fizzle, a virus gets through the firewall and anti-virus. Sometimes, it’s user error and other times it is faulty equipment. Often times, users will try and pass off the former as the latter, or pass the blame. According to some informal discussions in the forum, policies are generally clear: Employees are responsible for their possessions. But what about users who do take good care of their computers? While companies probably can’t get away with docking pay stubs for extra help desk tickets, perhaps the inverse is true: Users who self-help with forums or go to other employees to fix basic configuration problems, rather than draining limited resources, could be eligible for a reward, either a small bonus or even just a gift card.
Good idea? Recipe for disaster? Let me know what you think at Michael@ITKnowledgeExchange.com, particularly if you’ve tried an incentive program before.
December 1, 2009 1:47 PM
Posted by: Michael Morisy
, Cyber Monday
“Cyber Monday” has come and gone, but was it just another rough Monday for you or did your network face a deluge of “recreational” traffic?
There’s been a lot of debate over the years about whether “Cyber Monday,” the online follow up to Black Friday where consumers supposedly click on to hot deals while at work, is more marketing hype than reality (coupon codes come and go, after all). This year, at least, there appears to have been some bump: Coremetrics reports sales were up 11%. The real day to watch out for? December 17th, the last day for free shipping to arrive by Christmas for most Amazon purchases:
How was your Cyber Monday? And how are you handling holiday shoppers, whether they sap productivity in a trickle or a torrent? Let me know at Michael@ITKnowledgeExchange.com.
November 30, 2009 9:24 AM
Posted by: Michael Morisy
, Cyber Monday
The Monday after a long vacation is rarely easy, and today will probably not be the exception for most IT professionals: There’s a whole weekend-plus worth of things to fix up, schedules to resume … and the specter of Cyber Monday.
Hopefully, the latter is just a scary story marketers tell their bosses to make it look like their hip to this Internet thing. As one Business Week writer noted a few years back, there’s a flaw with this image of a surge of workers slacking off and juicing their office connections to get the best deals:
Just one problem: It’s not true, at least for many online retailers. Contrary to what the recent blitz of media coverage implies, Cyber Monday isn’t nearly the biggest online shopping or spending day of the year. It ranks only as the 12th-biggest day historically, according to market researcher comScore Networks. It’s not even the first big day of the season.
For most online retailers, the bigger spending day of the season to date was way back on Nov. 22, three days before Black Friday. What’s more, most e-tailers say the season’s top spending day comes much later, between around Dec. 5 and Dec. 15.
And this year, with more consumers than ever having home connections equivalent to or even faster than their work broadband, “Cyber Monday” might have started on Black Friday: Why deal with the unwashed masses when you can click, click, click your way to steep savings, without having to get up at 4 a.m. or even miss your leisurely breakfast? Search Engine Land reports that Amazon.com traffic grew 22% this Black Friday compared to the year before.
What’s your experience? Are workers nose-to-the-grindstone today, or are you noticing heavy non-work traffic? What’s your corporate policy on dealing with it? Filter, block or let it slide as long as the employees get their work done? I’d love to hear your strategies and war stories in the comments or at Michael@ITKnowledgeExchange.com.
November 23, 2009 12:16 PM
Posted by: Michael Morisy
I’ve written about dodgy computer warranties before, but Consumerist reports that Apple’s taking an even broader view of contributing factors: There are two alleged cases where Apple warranties were voided due to second-hand smoke. I’m a little skeptical: The scenarios are not completely improbable, but Apple’s silence on the matter when the company has such a sterling reputation for customer service is surprising.
Stuck in the same position? Take consolation from the IT Watch Blog’s handy, lawyer-written guide on your warranty rights: It notes that often, your device is better covered under the default warranty than under extended warranties like AppleCare:
If a product is sold in breach of any of these warranties, the merchant is required by law to repair the product, replace the product or refund the purchase price for the product, all at their own cost. Thus, these warranties (as well as other consumer protection statutes) provide valuable tools to combat abuse. And the best part is these warranties are free of charge.
Merchants, however, can limit or even waive these implied warranties under the right circumstances. For example, if you purchase an item and the seller indicates in the bill of sale that it is sold “as is,” or “with all faults,” this constitutes a waiver of all warranties. In such a situation, the buyer should beware that he will be liable if the good is defective. A merchant may also waive implied warranties by indicating so, in writing, in an obvious or conspicuous manner (i.e., it cannot be hidden in the fine print).
Are you on the other side of the fence? I’d love to hear how you handle user-caused damage: Do you just chock it up to the cost of doing business, or does your company hold careless users accountable for when their devices are lost, damaged or stolen? I’d love to hear your thoughts, policies and stories either in the comments or, at Michael@ITKnowledgeExchange.com, or on Twitter at @Morisy. If requested, I’m happy to keep your information private.
November 23, 2009 9:56 AM
Posted by: Michael Morisy
, Harvard Business Review
As a news writer for SearchNetworking, there were times I could have been interviewing Rodney Dangerfield instead of IT professionals: They couldn’t get no respect, they’d complain, and instead were forced to deal with executives with outsized egos and little regard for the facts on the ground. One of the most popular articles, in fact, was about dealing with the “the make-it-so CEO“:
Even if you’ve never met one, you know the stereotype: curt, driven, my-way-or-the-highway CEOs who wash down their morning bowl of nails with a glass of Drano.
These “make-it-so” CEOs want their networks not only to work but to work for them without hassle, without passwords and without understanding how and why, even if those demands imperil network security. Quite often, hapless network admins have to leave the rest of the organization on hold while patiently explaining how to turn on a home router or why “password” is not a secure password.
At the time I wrote the article, the advice a lot of IT professionals gave in dealing with a tyranical boss was to simply quit: Life’s too short, and your career matters too much, for it to be crushed by someone else’s ego trip or insecurities.
But with unemployment up over 10%, that can be a tough pill to swallow. Fortunately, there’s hope for reform, even if it’s a difficult road ahead. A recent post on Harvard Business Review’s Conversation Starter blog quoted David Rock’s article Managing with the Brain in Mind: “[N]euroscience has also discovered that the human brain is highly plastic … Neural connections can be reformed, new behaviors can be learned, and even the most entrenched behaviors can be modified at any age.” The post then goes on and offers some advice on dealing with bullies in the here and now:
1. Document and define the bullying. Is it actually bullying? “Women who exert ‘male’ leadership styles are in danger of being perceived as bossy. Men who do the same thing are often praised as decisive,” says John Medina. Look for patterns over time vs. isolated incidents, privately document the facts and specific actions. Finally, look at your company’s culture. Is bullying or aggressive behavior rewarded?
2. Consider your options and make a choice. If the culture supports or rewards bullying, seriously consider if this environment is for you. “Much of the repeated mistreatment that characterizes bullying relies on a poisoned, sick workplace to permit and sustain the madness,” according to WBI psychologists Ruth and Gary Namie. According to the Labor Day 2009 Survey conducted by the WBI, employers do nothing to correct the bully 53.6% of the time ,and 37% of the targets experienced retaliation for taking action.
3. Nip bullying in the bud — carefully. Privately derailing someone who is yelling at you by calmly repeating their name can be highly effective. Not so when your boss belittles you in a meeting. (Never out a bully in public; it will surely escalate things.) Once bullying is successful it rapidly becomes a habit — neurons that fire together, wire together — address it when it begins. The Bully at Work and the WBI discuss making formal complaints including legal parameters. In the Company of Women (Heim, Murphy and Golant) and Mean Girls Grown Up (Dellasega) deal specifically with Woman-on-Woman Bullying and relational aggression, providing concrete strategies for creating alliances, interrupting behavior patterns and moving forward effectively and productively.
4. Grow a support system. Hire a coach, talk to a therapist, or find a mentor or trusted friend. It’s as important to get honest feedback about your experiences, perceptions, reactions, as it is to know that you are not alone.
Any other advice you can offer? Any caveats you see to the above approaches? Let me know by e-mailing me at Michael@ITKnowledgeExchange.com, or leave your thoughts in the comments.
November 19, 2009 3:20 PM
Posted by: Michael Morisy
Are you an e-mail provider? A CRM organization? An accounting firm? No? Then why do you you have employees managing these areas of your business? That’s the question Mike Stubblefield asked earlier this week at Mass Technology Leadership Council‘s SaaS breakfast seminar. So maybe he was preaching to the choir, but lately more companies seem to be asking the same question Mike says is posed at Putnam Investments, where he’s managing director: “Do we need to build the same mousetrap that somebody else has built?”
Well, there’s a lot of good reasons, as it turns out, even if you are a cloud devotee. Also at the breakfast was Dan Richards, vice president of Constant Contact Labs, the edgier research division of cloud-based communications giant Constant Contact: He admitted that his company uses an on-site CRM appliance, which is a a bold statement considering CRM giant SalesForce is one of the darlings of the SaaS/cloud computing universe and one of the sponsor’s of Dan’s breakfast muffin.
So why not go with Salesforce, Google Apps or another mousetrap maker who specializes in that need and leave your IT to focus on your core business? Migration headaches is often a major head block, as are security concerns. What are your thoughts? Weigh in: Other community members are already debating cloud migrations in the forums.
November 19, 2009 10:41 AM
Posted by: Guest Author
Automated Storage Tiering
, Cloud Technologies
, Devang Panchigar
, Element Manager
, Storage Economics
, Storage Resource Management
, Thin provisioning
We’re pleased to welcome Devang Panchigar of StorageNerve into the community with this guest post on storage spending.
The Storage Economics Practice
We all buy storage, either in the SMB Space or at an Enterprise level. We use storage to run our business, to store structured and unstructured data. Data means everything these days. Without data we won’t necessarily be able to do business.
But have we thought about the economics associated with storage? As consumers, we tend to consume more than necessary at times if we want to have enough buffer, or if we anticipate projected growth, business requirements, customer requirements, technology improvements, and the list goes on.
Lets stop for a minute and try to figure out what can we do to potentially keep up with all the use cases above, but not grow the data storage as rapidly. Rather, let’s figure out means to compress, consolidate, and reduce footprint with our data.
I am in no way suggesting not to buy storage, but if a customer walks up to me and says, “We are growing our storage at 70% a year,” but when I look at their balance sheet and the numbers don’t reflect that growth, I will not buy into those storage growth numbers. Those are probably coming in from a vendor that is trying to push more products into the storage environment.
There are several aspects one should consider related to Storage Economics, how your shrinking IT budgets can still meet up with your growing business requirements, and what you can do to keep a balance between both.
With various aspects of Storage Economics below, some may be applicable in the SMB space, some in the enterprise space, and some really at all levels. These may turn into the building blocks of your Storage Economics practice:
- It’s important to know what storage do you have and where you have it.
- Try to move away from fat provisioning to thin provisioning.
- Front-end storage virtualization using standard storage arrays in the back end.
- Run non-vendor specific SRM (Storage Resource Management) tools for storage optimization and storage management.
- Having a storage management tool is a must. You can still perform your daily task using various element managers.
- Industry standard average storage utilization numbers range between 35 to 45%. If you can push your storage utilization number up to 75 to 80%, it will help you drive the cost down phenomenally.
- Implement deduplication; verify your storage array supports deduplication natively. If not, it should be implemented in various parts of your storage like backup, unstructured data, etc.
- Run a heterogeneous environment with multiple vendors in it to keep balance relating to price structures.
- Though ILM is a forgotten word these days, make sure you run tiering within your storage environment that can help you move your data from higher SLA tiers to lower SLA tiers for cost containment purposes.
- Consider after warranty support for your storage hardware to independent service providers rather than manufactures.
- Look at extending the life of your storage arrays from a typical between 2.5 years and 3 years to 6 years.
- Implement technologies like automated storage tiering, storage deduplication, storage compression and many more in the market today.
- Storage environments have gotten very complex over the years with new storage technologies and switching technologies. At the end of the day, invest into a technology that benefits your organization, your infrastructure, your business model and your requirements.
- Leverage the use of outsourced computing models including Cloud technologies available in the market today. Could be private clouds or public clouds or really a mesh of these clouds technologies and offerings.
- Budget for your storage requirements and try to live by those even if you have to take drastic measures to keep it under budget.
- Try to gain more operational efficiencies within the storage environment.
- Understand the TCO with any new storage purchase, as cost of new storage could include several aspects of implementation including migration, consulting, downtime, missed SLA’s, Training, etc.
- Try to reclaim your data or storage as old systems are retired or migrated.
- Check for inconsistencies in your Storage environment as those could result in missed SLA’s, downtime and penalties.
- Do not over provision and do not over budget. Its just storage, if you need more you can buy more, but having storage sitting there doing nothing for years in anticipation of being used one day will cause your efficiencies to slip heavily.
- Do not create unnecessary storage management tasks and processes for your storage environment.
- Having backups and good working backups is very important, but do not tie down your storage with numerous copies of snaps, clones, mirrors, BCV’s, etc for a rainy day, rather have a DR plan and copy a single instance of data remotely for DR purposes.
- Plot trends for your storage environment. See if trends can help you budget, forecast and provision your storage accurately.
- Remember the larger storage footprint you have, the larger your backup footprints will be, causing more storage space, more backup time windows, more network traffic, slower response times, more tapes, more offsite backups, more backup management cost and possibly more licensing cost.
- Get away from managing islands of storage; rather move to a more centralized storage management, long-term effects are amazing.
- Try to reduce licensing cost around storage software. The less storage you deploy, the less licensing per TB cost that you will pay.
There are numerous areas of storage management that the customers can try to bring in efficiencies that will help them better manage storage, reduce footprint, and reduce CAPEX and OPEX. It starts as a small practice within organizations and the value it creates grips the rest of the IT management teams.
So take this opportunity and plant the seeds for your Storage Economics practice now.
With more than 7 Years of IT experience, Devang is currently the Director of Technology Solutions and IT Operations at Computer Data Source, Inc. Along with various industry certifications, Devang holds a Bachelor of Science from South Gujarat University, India and a Master of Science in Computer Science from North Carolina A&T State University. You can catch Devang’s Storage Blog at StorageNerve.com and enterprise commentary at GestaltIT.com