Enterprise IT Watch Blog


October 28, 2009  2:39 PM

Can Nokia Siemens succeed where Microsoft’s Passport failed?

Michael Morisy Michael Morisy Profile: Michael Morisy
Brains, brains ... and your secure credentials!

Brains, brains ... and your secure credentials!

Just in time for Halloween, it looks like Nokia Siemens Networks is trying to re-animate the vision of Microsoft’s decrepit Passport single sign-on system, but this time in the hands of telecom companies.  The times sure have changed, but will users be spooked by having their data in the hands of Verizon, AT&T and other service providers?

Out at SuperComm, Nokia Siemens Networks invited me over to hear the latest about its One-NDS subscriber data management platform. One-NDS is in version 8.0, and as the NSN representatives explained it, it has ambitious plans for when it finally grows up: Provide a single sign-on service, managed and maintained by telecoms.

The Nokia Siemens representatives told me the service could allow a user to access the same services, with a single sign-on, from, for example, a home computer, their cell phone and a TV, and pointed to services like Google Apps, Amazon and Yahoo! as potential tie-ins. Eventually, Nokia Siemens hopes, carriers will hold and control all aspects of the “digital self,” giving users a central, secure way to control how their information is being used online, and who’s allowed to use it.

When I asked them why NSN and telecoms would succeed here when Microsoft struggled so mightily, they pointed to a recent global survey they took: 82% of the 9,200 respondents said privacy is an important topic, while 45% responded that they felt like they lack control over their personal data.

But why telecoms? Nokia Siemens had a survey for that, too: They didn’t say that telecoms were trusted or loved by users, but that they were at least more trusted than other industries, including insurance companies, loyalty card providers and the government.

While it’s certainly no small feat to rank better in a survey than an industry satirized for Mafioso shake-downs, I have to wonder if users will really trust an industry that considers nickel-and-diming them standard operating procedure with their most sensitive data in what will likely be a proprietary platform.

Even Microsoft Passport’s descendant, Microsoft Live ID, seems to have learned a lesson in the intervening years: It’s announced support for OpenID, which drops the centralized control in favor of a more open, diverse ecosystem of authenticators and which lately seems to have actually gained some traction as more major online destinations announce their own support for the protocol.

October 26, 2009  9:17 AM

Presidential Party Crashing: How Obama’s Net Neutrality upset SuperComm, and what’s next

Michael Morisy Michael Morisy Profile: Michael Morisy

As previously noted, few things besides Net Neutrality can bring AT&T and Verizon together, but President Barack Obama proved he could turn the tables again and again at last week’s SuperComm telecom conference in Chicago.

Even on opening day, two of SuperComm’s three keynote Q&A panelists were pulled by Obama for “pressing business” in Washington, according to a source: Jonathan Adelstein, administrator of Rural Utilities Service, and Larry Strickling, Assistant Secretary for Communications and Information for the NTIA. That left only Blair Levin, an executive director at the FCC, to try and talk up all the great grant money the government’s hoping to inject into the telecom industry

But as AT&T’s Jim Cicconi said during an earlier panel, there’s been a whole lot of loud non-interest in this stimulus funding, since the major telecoms are passing it based on what they say are too many strings attached, particularly since it’s only a hair over $7 billion distributed across 50 states, mere chump change for major telecom players. While smaller ventures are eagerly bidding away, none of the major service providers have touched the stimulus funds (I would also wager it’s because these major providers generally avoid the rural, low-ARPU areas the stimulus targets like the plague to begin with).

So that left the major carriers and the industry that supports them (hardware manufacturers, consultants, integrators … the list goes on) to bemoan the drafting of net neutrality regulations every chance they get. It dominated every panel it could work its way in to, from ones specifically about  rural initiatives to a talk on DRM and digital media distribution.

So what’s next?

Well, despite a surprisingly conciliatory joint statement between Verizon and Google just days after Verizon’s CEO blasted net neutrality, this fight is far from over for either side. It was one of big telecom’s biggest lobbying efforts ever, and SuperComm attendees seemed geared up to keep fighting. Even if regulations do come through, for example, they are largely expected to end up with a large legal loophole along the lines of “reasonable network maintenance.” This was the grounds on which Comcast swatted down BitTorrent sharing, and unless the regulations are worded quite carefully, service providers might find plenty of avenues to stop competing voice and video services from denting their revenues.


October 21, 2009  2:51 PM

AT&T’s Jim Cicconi: Net Neutrality makes 2012 look like a playdate

Michael Morisy Michael Morisy Profile: Michael Morisy

With 1/6th of U.S. jobs tied to America’s Internet infrastructure, Net Neutrality backers puts too much at risk just as the economy recovers, warned Jim Cicconi, AT&T’s senior executive vice president of external and legislative affairs.

Cicconi’s blistering attack makes the 2012 trailer look like a playdate compared to what could happen if the net neutrality backers win: Short-term job losses, the degradation of Internet infrastructure, even Internet blackouts. No YouTube, Priceline or ITKnowledgeExchange? I’ll take the riots, earthquakes and John Cusak, thank you very much.

[kml_flashembed movie="http://www.youtube.com/v/Hz86TsGx3fc" width="425" height="350" wmode="transparent" /]

“It’s very easy for people to make decisions involving other people’s jobs,” Cicconi said at the SuperComm opening panel that was slated to cover stimulus dollars but largely focused on the FCC’s new net neutrality guidelines draft, which is slated to be made public tomorrow. The panel, made up largely of executives from both service providers and equipment vendors, largely concurred with Cicconi’s sentiments (The FCC’s John Horrigan, consumer research director for the Omnibus Broadband Initiative, largely stayed out of that particular fray).

Very often, it’s the creation of jobs that net neutrality backers point to, such as the Open Internet Coalition’s open letter to Congress:

A competitive marketplace creates jobs, helps the American consumer, fosters innovation, and drives economic growth. We must aspire to achieve the world’s most advanced communications networks, building on the tradition of American policy and innovation that created the open Internet. We must maximize competition on next generation networks by guaranteeing access and by ensuring that all networks interconnect and interoperate.

But Cicconi took time to take aim at groups like this and others that are producing favorable net neutrality reports:

I think it is a dangerous illusion for anyone in government to think that more regulation will provoke more investment, not less. There are reports coming out, but these reports … are written by groups that have never run a network, nor do they have discernable investment experience.

The FCC is playing a very dangerous game if it listens to any advice of this nature.

[Net Neutrality] is an important reality check for government: You’re pushed to achieve a Utopian end people have dreamed up, but that’s not how government works. Government works to solve problems … and nobody has made a convincing case that there is a problem here that needs the government to step in.

And this was all what Cicconi publicly said: One can only image what he and Tom Tauke told the private luncheon for telecom decision makers earlier in the day.

Catch up on all of the IT Watch Blog’s SuperComm coverage, or follow us live at @ITKE on Twitter. At SuperComm and have something to share? E-mail me directly at Michael@ITKnowledgeExchange.com.


October 21, 2009  12:39 PM

What evil could make AT&T and Verizon join forces at SuperComm?

Michael Morisy Michael Morisy Profile: Michael Morisy

Moments after landing in Chicago for SuperComm 2009 and making my way to the McCormick Place, I was invited (with glossy print invitation, no less) to join in a “lunch conversation” with Jim Cicconi, senior executive vice president of external and legislative affairs for AT&T, and Tom Tauke, senior vice president for public policy and external affairs for Verizon, two heavy weights of the same stripe from two telecoms that, lately, are using every tactic they can to steal the other’s thunder.

Verizon Wireless’ latest telephone campaign, Droid Does, is a direct attack on AT&T’s iPhone dominance, and they’ve also been running those cheeky “We’ve got a map for that” parodies (not that any of it’s hurt AT&T so far).[kml_flashembed movie="http://www.youtube.com/v/37NKnDRPFKU" width="425" height="350" wmode="transparent" /]

So what could bring the two warring wireless behemoths into such close quarters and at allied aims? No less a specter than Net Neutrality itself. Tom Tauke kicked off the discussion by reminding the small gathering that, as the FCC unveils its network neutrality proposal tomorrow, “There is no broadband without broadband investment.”

At this point, I was kindly escorted out of the room and informed the lunch was closed to the press (there had been no notice of this on the invitation I’d been handed nor the lunch room entrance). The meeting wasn’t the first Tom & Jim show, and unless the proposal tomorrow is radically different than what anyone is expected, be prepared for more frenemies-with-benefits as the giant telecoms try to knock any teeth out of the final Net Neutrality guidelines, both from behind closed doors and out in the public spotlight.

Have any hot tips from SuperComm, or thoughts on net neutrality, AT&T, or Verizon? Leave a message in the comments or shoot me an e-mail at Michael@ITKnowledgeExchange.com.


October 20, 2009  11:20 PM

Everyone hates your insecure password rules

Michael Morisy Michael Morisy Profile: Michael Morisy
Nick Summer spent an entertaining afternoon with William Cheswick, author of Firewalls and Internet Security: Repelling the Wily Hacker and a godfather, at least, of modern password policy. It’s a follow up to an earlier piece about how broken password systems are, while offering a peak at what Carnegie Mellon University’s cyber-security-research department and others are doing to fix it.

Cheswick himself offered up some alternatives: Continued »


October 19, 2009  4:39 PM

Medical malfunction reminds some bugs bite harder

Michael Morisy Michael Morisy Profile: Michael Morisy

The latest GMail outages may have stolen some of the thunder from cloud computing, but Wired’s ThreatLevel reminds us IT failures can do a lot more damage than momentarily lost e-mail and contacts, even if they aren’t a cloudastrophe:

The maker of a life-saving radiation therapy device has patched a software bug that could cause the system’s emergency stop button to fail to stop, following an incident at a Cleveland hospital in which medical staff had to physically pull a patient from the maw of the machine.

The bug affected the Gamma Knife, a device resembling a CT scan machine that focuses radiation on a patient’s brain tumor while leaving surrounding tissue untouched. A patient lies down on a motorized couch that glides into a chamber, where 201 emitters focus radiation on the treatment area from different angles. The patient wears a specialized helmet screwed onto his skull to ensure that his head doesn’t move and expose the wrong part of the brain to the machine’s pinpoint tumor-zapping beams.

Sounds like a set up for either a sci-fi spectacular or horror schlock, but such accidents highlight the danger imperfect code can pose, particularly when it comes to radiation therapy, which has seen more than its fair share of faults.

Some recommended reading: Wired: History’s Worst Software Bugs; WhatIs.com’s Bug Definition; Pingdom’s 10 historical software bugs with extreme consequences


October 15, 2009  4:10 PM

Cisco’s Tandberg acquisition faces stockholder scuttling

Michael Morisy Michael Morisy Profile: Michael Morisy

Where’s Jack Bauer when you need him? The 24 hero and Cisco Telepresence booster could surely help ram through Cisco’s attempted Tandberg acquisition. It would even be a bit poetic, since it’s a 24% minority of Tandberg investors who are nay-saying Cisco’s $3 billion offer.

Of course, it might take more than Bauer’s signature swagger to convince stockholders to sell: Even in the world of high-definition video communications, nothing speaks like cold, hard cash. As Shamus McGillicuddy reports on the Cisco-Tandberg deal at Unified Communications Nation:

According to Reuters (via GigaOm), Swedish brokerage SEB Enskilda has told Cisco that it represents 21 shareholders who own 24% of Tandberg’s stock, and those shareholders want more money.  “We think the price is too low,” Amund Lunde told Reuters. Lunde is CEO of life insurance firm Oslo Pensjonsforsikring, which owns 1% of Tandberg, It’s not clear what it would take to win over these holdouts, but clearly Cisco will have to dig deeper to get a controlling interest in the company.

Shamus goes on to note that some management sweeteners might be the reason which top Tandberg executives were so keen to close.


October 15, 2009  1:13 PM

Finding an IT match made in heaven

Michael Morisy Michael Morisy Profile: Michael Morisy

Choosing the right contractor or product integrator can mean the difference between smooth sailing and endless headaches. At a recent IT user group meeting, one contractor told me that often, it was as much personality matching as technical expertise (although the latter never hurts) that makes the relationship work. Ben Gladstone offers some tips on picking an IT supplier:

  • If you opt for a fixed-pricing model, ask whether maintenance contracts and warranties are included, as well as management of contracts and interactions with equipment suppliers. Check that your pricing is transparent and watch out for any hidden extras.
  • Go for a one-stop shop that offers hardware, software, networking and support. This will avoid the need for multiple suppliers and finger pointing.
  • Go for a medium-sized supplier that offers breadth and depth of skills.

The rest of his Q&A, with some other great tips, is up at ComputerWeekly.com, and is likely worth a look even if you’re not specializing in virtualization.

I’d love to hear your thoughts: When choosing a partner for a large project, what are the qualities you value most? Do you get the best luck with personal recommendations, or just trust your own instinct? Let me know if you have any advice to share at Michael@ITKnowledgeExchange.com, on Twitter at @Morisy or @ITKE, or right in the comments. If requested, I’m happy to keep your information private.


October 13, 2009  2:10 PM

Google Wave as status symbol

Michael Morisy Michael Morisy Profile: Michael Morisy

I’ve previously written that early Google Wave accounts are most useful to developers: The service is, as Google promised, quite buggy, and the available features are still only touching upon Waves’ potential (I think it will only really get interesting when they throw open the gates and allow organizations to get their hands on it company wide, but that will come).

That hasn’t stopped Wave invite buzz from hitting eBay, including an offer (of unauthenticated veracity) as high as $27,000. Well before it got to this point, Google Wave hysteria has already become more of a status symbol than a technology demo, at least as far as coverage is concerned: Were you within 6 degrees of separation from the Google big-wigs making the list? Could you get your invite to the party?

It’s Gartner Hype Cycle meets Who’s Who in a small, geeky echo chamber. And after Scoble’s Wave attack, others have joined the fray, with techie PR meister Steve Rubel saying it’s like RSS … and dead on arrival. Alex Salkever offers a good summary of other Wave criticism, but maybe the biggest point: Google Wave antipathy is the new black.

Fortunately, if Gartner’s over-hyped Hype Cycle is a good predictor, we’ll soon see Wave’s true power as people stop talking about it and start actually kicking the tires, revving it up and putting it through the paces.


October 8, 2009  8:15 AM

How to find security Samsara

Michael Morisy Michael Morisy Profile: Michael Morisy

Samsara: In Buddhism and Hinduism, the endless round of birth, death, and rebirth to which all conditioned beings are subject. – Britannica Concise Encyclopedia

At last month’s Boston NAISG meeting, Zach Lanier gave an excellent presentation entitled “Disclosure Samsara: The Endless Responsible Vulnerability Disclosure Debate.” He’s since posted the slides, with a shorter summary also available.

The gist of Zach’s talk was that security researchers and the major software firms they cover are in a constant, mutually destructive cycle: Since much security exploit research, particularly for cross-site scripting (XSS) attacks, involves at least technical legal violations, researchers make themselves vulnerable to lawyer’s threats if they go approach vendors with discovered vulnerabilities.

When researchers do still go forward, there’s often strong disagreement about when public disclosure will happen, if at all (researchers typically strongly favor disclosure because it’s the only way they’ll be credited for their discoveries).

On the other side of the fence, there are lawyers, corporate goons … and developers who feel they’re being held hostage by pay-to-play schemes. In covering network vulnerabilities, the latter was the usual excuse, lame or not, for why vendors refused to discuss vulnerabilities with researchers.

Zach’s presentation outlines some of the benefits a peace agreement could be bring, including letting system administrators and security professionals craft workarounds more quickly, ultimately lowering the chance of a successful breach when an organization is on top of its security news.

Legislation has a done a good job in pushing companies to disclose when there have been security breaches involving user data, but could it be used to help security researcher/vendor tensions and work for the good of the overall (generally law abiding) IT community? After all, it’s often these vulnerabilities (though behind human error) that allows for these breaches in the first place.

The immediate answer would seem to be ‘no': Allowing “research exemptions” to laws like the DMCA has worked poorly, if at all, in the past, and allowing greater legal leeway for researchers that are often misunderstood already seems like a tricky political sell even in the best of times.

Any legislation that did emerge could well cause more harm than good.

But what other options are there for a broadly applied vulnerability disclosure framework? Is “Samsara” even a realistic goal? Perhaps, and perhaps in the slow, piecemeal form it has taken: A more enlightened vendor here who offers a process to work with researchers, another security firm  there willing to consistently abide by RFPolicy or another disclosure framework.

What are your thoughts? Are security research disclosures more public nuisance than public good, or should there be a better understanding between companies and researchers when it comes to full disclosure? I’d love to hear your thoughts in the comments, or directly at Michael@ITKnowledgeExchange.com. I’ll keep your information private if requested.

Related:


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: