CIO Symmetry

August 12, 2008  3:23 PM

Hackers on the MBTA, or: Why Boston’s subway system deserves to be compromised

Glen Weaver Profile: The Weave

Well, this is embarrassing. Three MIT students write a paper on how to hack the greater Boston subway fare cards.

Said students are given an ‘A’ for their work and are booked to present at the annual DEFCON hacker conference in Las Vegas last weekend. The Massachusetts Bay Transportation Authority (known as the MBTA, the state agency that runs the subway) sues to keep the trio from presenting.

Filed in court to stop the presentation: Instructions on how to hack the MBTA fare system. Still available on MIT’s servers: The slide presentation to accompany the talk. This is really worth flipping through.

So not only did the MBTA’s lawsuit completely defeat its own purpose, it has also logged yet another example of the agency’s complete incompetence.

And this is why it deserves to be hacked. Continued »

August 11, 2008  2:17 PM

MSM Monday Round-up

Glen Weaver Profile: The Weave

Anybody else fed up with passwords?

A San Jose State University professor tells us why we should be in The New York Times. It’s about time. Does anybody really think there’s a password strong enough to keep a determined intruder out? Plus, all these single-sign-on pop-ups are ticking me off.

Actually, is the Times hiding the fact that it covers hacker conventions? This story here tells us about a major Internet security hole. We meet Dan Kaminsky at a “technical conference in Las Vegas” on Wednesday. Now, DEFCON16 didn’t start until Thursday, though Kaminsky was scheduled to speak at that as well. And the Times interviews other “technical experts” which is a pretty bland title. Hackers?

The coolest thing about DEFCON? Three MIT students have managed to hack Boston’s subway fare cards. So what does the Massachusetts Bay Transportation Authority do? Sue the students to stop them from preventing their findings. Hey, that’s a step up from the MBTA’s average, everyday in competency.

And over at Slate, Vista just can’t catch a break.

August 8, 2008  7:37 PM

Save the data! How safe is our personal information?

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

The search for the missing Registered Traveler laptop is finally over. The laptop, belonging to Verified Identity Pass Inc.(VIP), was reported missing from a locked office in the San Francisco International Airport on July 26. The laptop was unencrypted and contained the personal information of 33,000 people (including names, passport numbers and addresses) who were enrolled (or were in the process of enrolling) in Clear, VIPs Registered Traveler Program. On August 5, local news station CBS 5 reported the laptop had been found in the office it had gone missing from. VIP spokeswoman Allison Beer said, “it was not in an obvious location.”

Huh? Could this information be so easily misplaced?

According to their site, Clear members are prescreened (personal information, biometric data, etc.) and are able to pass through security fast lanes at designated airports, “saving time” while traveling. What about saving their information in encrypted files?

In their August 5 press release, VIP CEO Steve Brill apologized for the confusion and reassured Clear members, stating “…in an abundance of caution, we treated this unaccounted-for laptop as a serious potential breach. We’re glad to confirm that a preliminary investigation shows no personal information was compromised.” Losing the laptop in the first place compromises information. Again, this wasn’t just any company laptop—this laptop was loaded with personal unencrypted information. Again, why was this information left unsecured?

Having your laptop stolen (or misplacing it) is a scary thing (more so if you have to answer to 33,000 people and not just your company’s IT department), yet people are still having a difficult time keeping tabs on them. According to UK site The Register, Absolute Software has even recently added GPS tracking to its laptop theft recovery service. Embedded GPS receivers submit latitude and longitude information to Absolute’s Web-based IT management portal, showing current and previous locations the laptop had been. Of course, this also eliminates some of the user’s privacy. As stated in the article, “use of the technology means that salesmen may no longer be able to claim that they are visiting client premises rather than sneaking down the pub.”

As technology grows and changes, personal privacy may be thing of the past. Is this ultimately a good thing if it keeps our information safer? Can we even trust those who have our personal data? People are banking online, scanning their irises to breeze through airport security and fingerprint scanning to access their laptops—and this personal information could be targeted by thieves and hackers.

Who knows? What I do know is this: keep an eye on your data and your laptop (I’ll even throw in a tip on laptop protection).

August 8, 2008  1:47 PM

Weekly Wrap-up

Kristen Caretta Glen Weaver Profile: The Weave

And this week we:

Learned more about Latin American currency than we ever thought we would. All to take a look at Brazil’s potential for offshoring IT work.

Tried to rent a tent from Eastern Mountain Sports. Came back with a lecture on the value of outsourcing network administration.

Found that meticulous oversight of your master data management plan not only makes life easier down the road, but it might keep the lawyers away too.

August 6, 2008  1:30 PM

Microsoft’s Midori: Straight up or on the rocks?

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

Microsoft is planning for the retirement of Windows by working on a new operating-system—Midori.


Well, more than likely considering all the Internet-buzz about it (one of many projects in ‘incubation,’ according to Microsoft).

But, Microsoft is staying tight-lipped and has not officially released any details about the code-named Midori project. According to the BBC, Software Development Times published Midori details after gaining access to some of Microsoft’s internal documents.

Midori is believed to be an Internet-based operating-system as opposed to its hard-drive-installed older brother, Windows. Rather than being installed onto individual machines, the Midori operating system would be similar to a “software-plus-services” approach or “cloud computing.” As the SDTimes put it, the Midori documents show “applications running across a multitude of topologies, ranging from client-server and multi-tier deployments to peer-to-peer at the edge, and in the cloud data center.”

Microsoft may be spot-on with this. Windows was initially popularized pre-Internet — a time when people relied solely on their very large and very stationary PCs. Times have changed. Computers are smaller and easily portable, connecting to anyone, anywhere. If Microsoft can make Midori a (properly functioning) reality, then we may be seeing a much-needed change.

Virtualization is becoming more and more popular and Microsoft will have to do something to keep up and stay on top (every PC purchased may not be pre-installed with Windows some day).

They may have started by building some hype…

It appears someone spilled the Midori, Mr. Gates.

August 4, 2008  9:04 PM

Forrester: No room for cowboy culture in IT

Kristen Caretta Glen Weaver Profile: The Weave

Just like Toby Keith, I should have been a cowboy.

Alas, I went into journalism and never did get the hang of a lasso. If you’re in IT, a new Forrester report says, you should let those cattle drive dreams go as well.

It turns out the cowboy culture is just about the most destructive way a CIO can run an IT shop. The result, Forrester vice president and principal analyst Marc Cecere says, is complete chaos. On the other end of the culture spectrum is a completely IT-centric shop. An isolationist policy that separates IT from the business can lead to over-control and is just as bad as playing Lonesome Dove.

Forrester is urging CIOs to aim somewhere in the middle. Be autonomous without being isolationist, the analysts say. Pay attention to metrics — but not so much that you take the rational thinking element out of IT.

In short: Stop, think.

Culture is important. There are some things money can’t buy, and a comfortable work environment that emphasizes positive, forward thinking is one of them.

So stop, think. Assess whether your employees are happy, whether IT culture in your company jibes properly with other business units. Is the culture in your IT shop promoting the business or is it keeping things status quo? Worse, is it hindering the business?

Should you need an IT attitude adjustment, here are Cecere’s 10 steps: Continued »

August 4, 2008  1:01 PM

MSM Monday Round-up

Kristen Caretta Glen Weaver Profile: The Weave

The big papers have been focusing on consumer technology a lot recently. The iPhone, Facebook, the ill-fated launch of Cuil. Sure, it’s The New York Times. General audience. I get that.

But still, there must be more to computers than friend lists and monthly data plans, right?

Hey, don’t try to tell John McCain that. Or anybody participating in the latest debate over whether it matters that McCain can’t use what Larry the Cable Guy would call a “come-poo-ter.”

The New York Times did weigh in yesterday, laying down a fair examination of whether it does matter. But the major problem with this debate is where the touchstones have been placed. Consensus seems to be that McCain is computer-savvy if he uses Facebook, MySpace, e-mail and Twitter.

Frankly, I don’t want a president who Twitters, but that’s beyond the point.

The major problem with this discussion is that computer has been defined as “social networking.” We shouldn’t care if McCain can best us at whatever version of Scrabble hit Facebook this week. We should be asking that our next president understand the IT outsourcing industry, H-1B visas and the concept of green computing.

This is not to downplay the importance or forward motion of social networking. If Barack Obama finds Facebook a useful tool to distribute his message and raise funds, then so be it. Good for him.

But where does the computing industry fit into his energy profile?

Of course, these topics are boring. At least to the general population. Besides, taking up H-1Bs in the greater presidential debate would require McCain, Obama, their staffs and the media to understand them in the first place.

Maybe they should all stick to Facebook.

August 1, 2008  12:28 PM

Weekly Wrapup

Kristen Caretta Glen Weaver Profile: The Weave

I just finished taking the SaaS quiz we put up on the site yesterday. I got eight of 10 questions right, which is pretty poor considering I wrote most of the stories the quiz is based on.

Can I fail at my own game?

Besides the quiz we ran a few stories on the site this week. One found Gartner basically saying “Cut it with the bellyaching. You really do have to take Vista.” I got a few emails after that one. People just can’t love that thing.

The other one had to do with finding a new spot to store your servers. There is no shortage of companies willing to lease you or sell you data center space. Our expert tells us to pay attention to the long-term tax deal and utility rates.

My editor, Kate Evans-Correia, often writes about Facebook. But this week she turned in a column about working during vacation. Know what else I guarantee you she did during vacation? I’ll give you a hint. It’s got a nice blue-and-white color scheme and Mark Zuckerberg invented it.

Honestly, though, all that work was nothing compared with sweating out the Manny Ramirez trade rumors.

Alright, weekend time. I’m catching Old 97’s at some roadhouse on Cape Cod right on the beach. May all of your weekends rock just as hard.

July 29, 2008  5:54 PM

Will Mobile mania go the way of the Marlboro Man?

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

This just in: Mobile phones may cause cancerous brain tumors.

How many times have we heard that? Over the years, as mobile phones became increasingly popular, studies have linked them to cancer and then further studies have extinguished the fear. Most recently Dr. Ronald Herberman, the University of Pittsburgh’s Cancer Institute director, has sent out a memo to his staff members warning them of the possible link between mobile phone use and brain cancer development.

Dr. Herberman has also compiled tips to help you limit your exposure to electromagnetic radiation emitted from mobile phones. The list includes switching ears while talking and avoiding mobile phone use in public where you could possibly harm others (secondhand electromagnetic radiation?).

To those of you who scoff at the cancer possibility and were first in line for the new iPhone, take a second and think about it like this: Could this be another ‘Marlboro man’ situation?

Don’t get me wrong, I won’t be ditching my mobile link to the world anytime soon, and I wouldn’t expect you to. Even if we wanted to, how could we? We’re busy, we’re constantly on the go and so is everyone else. Plus, you’ve seen some of the newer phones (music, downloads, mirrors!). They’re cool and everybody’s doing it. What’s the problem?

Up until the second half of the 20th Century, the adverse health affects of cigarettes weren’t widely known. And even after the studies started rolling in (and continued plowing right over Joe Camel), people continue to smoke. Oh right, they have nicotine. They’re addictive. Isn’t it a stretch to compare them to mobile phones?

Have you ever heard the slang term crackberry? (crack cocaine+BlackBerry, you get the picture).

We all rely on our mobile phones so much, it would be almost impossible to remove them from our lives completely – cancer or no cancer.

Then again, it could be one of those “don’t sit so close to the TV” type deals. Either way, I’m sure Dr. Herberman will let us know. Or at least send it out in a memo to his staff.

July 28, 2008  1:00 PM

Weekly Round-up

Kristen Caretta Glen Weaver Profile: The Weave

Sunday is the last holdout of newspapers. Suffering under tight budgets and diminished staff sizes, papers of all sizes still seem to hold it together on the day of rest. Working on a “Sunday story” means a reporter is putting a little something extra into the job. Yesterday was one of those good Sundays.

The New York Times finally got around to reviewing – and panning – Sarah Lacy’s Once You’re Lucky, Twice You’re Good: The Rebirth of Silicon Valley and the Rise of Web 2.0. Reviewer Katie Hafner has at Lacy, essentially calling her book out for a lack of seriousness and for writing incomplete sentences.

I didn’t love Lacy’s book by any means, and said as much when it was released in May. But Hafner’s review shoots low. Not as low as The New Yorker saying Mamma Mia! could legally be considered torture. But low enough that we wonder where Hafner picked up that chip on her shoulder.

Also in the Times, tech reporter Joe Nocera makes a pretty good case for why Apple should say whether or not Steve Jobs is deathly ill. Then, all the way at the end, Nocera breaks the news that Jobs isn’t kicking off anytime soon. Best part: Jobs personally calling Nocera to say the reporter is “a slime bucket who gets most of his facts wrong.” It’s not entirely clear if he is joking.

Over at the San Francisco Chronicle, Jaxon Van Derbeken digs in for a look at Terry Childs, the city network administrator accused of locking his bosses and colleagues out of the city’s wide area network. Turns out Childs is some sort of Cisco all-star. And he has some ammunition that he shouldn’t have, being a convicted felon and all, prosecutors say.

Not sure if this is supposed to be open to the public, but Boston Globe business reporter Hiawatha Bray has set up a Facebook group for Globe employees to trade tech tips. So far Bray is the only contributor, urging his fellow reporters to find sources through StumbleUpon. The real fun here is perusing Globe reporters’ Facebook pages.

Lastly and bestly, here’s an old clip of Andy Rooney going OFF about Windows. You tell ‘em Andy!

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: