|Most security assessments follow a structured methodology in that an initial meeting is held, an agreement is reached, and the assessment is performed. The assessment typically runs from three days to two weeks. Afterwards, a report is written and a meeting is held with the client to discuss the finding or findings.
Michael Gregg, as quoted in Ethical hacking and countermeasures: Network penetration testing intro
Today’s WhatIs.com Word of the Day is pen testing. It’s short for penetration testing, a strategy for finding security vulnerabilities.
Ironically, when I was a kid we used to play a game that involved pen testing. We called the game “spys.” A guy named Luke Reed and I would team up against our younger sisters and try to break in to each other’s forts. One of the forts was a sauna and the other one was a garage, but that didn’t really matter. What mattered was doing reconnaissance to try and discover the enemy’s vulnerabilities so we could infiltrate their fort, get their valuable information (find out what they were talking about) and get out undetected. We played this game for entire summers.
If the enemy was getting too good at spying, we’d set up a pen test. Basically that meant talking Luke’s little brother into being a double-agent. He’d join our sisters’ team and pretend to be on their side so he could see how they were exploiting our own vulnerabilities and report back to us.
There was almost always a security hole. Literally. A hole between the garage and the sauna where the electrical wires ran. It let you pretty much hear everything that got said on the other side.
Ahh…the summers of youth. The times when “playing” meant “learning” and valuable life skills were being developed through intricate games filled with double-agents, treachery and lots of sneaking around between swims.
You know what Luke grew up to be?
A security director. For real. 🙂
|“Security consultants believe that the ongoing economic malaise is prompting many businesses to rush skunkworks server virtualization projects into production without thoroughly considering how these deployments might affect their overall security posture.”
Heather Clancy, Tech Watch: Security pros want strong policy for virtualization
Today’s WhatIs.com Word of the Day is skunkworks. A skunkworks is a small team that’s given magical powers (think “all the stuff they need”) to get a task done. The good thing about a skunkworks is that nobody tells them “you can’t do that” or “we’ve never done it like that before.” The bad thing about a skunkworks is that because they operate out there on their own, they may accidently break something that’s associated peripherally.
The term got its start at Lockheed.
|I have a strong belief that starting businesses during an economic downturn is the exact right time to do it because it gives you runway. It’s harder to raise capital, but if you can do it, it gives you an advantage.
Reid Hoffman, as quoted in LinkedIn’s startup story: Connecting the business world
Today’s WhatIs.com Word of the Day is LinkedIn. If there’s an economic downturn, it makes a lot of sense to put your energy into a business model that helps people connect professionally. You make money…they find a job or a person to fill a job…everyone wins.
LinkedIn’s membership goals are pretty high — they’re after 1 in 4 people of the world’s population. Currently, LinkedIn is gaining members at the rate of 1 per second. That’s a million new members approximately every seventeen days.
The business, which is profitable, has three revenue streams: subscriptions on the site (providing better search functionality and a better way to contact members at large in the database), advertising (their demographic is similar to that of the Wall Street Journal) and a SaaS for recruiters and departments of human resources called LinkedIn Talent Advantage.
|There must be more nuclear physicists over at Intel than I realized; they’re splitting Atoms faster than any scientific team I know of these days.
Kevin C. Tofel, Intel’s Newest Atom CPU Is Already Splitting
This week Intel announced Atom v2, code-named PineView. If you listen to the blogosphere buzz, Pineview, which has a CPU, GPU and memory controller on a single die — is well on its way to becoming the holy grail for netbooks and nettops: a system on a chip. As it is, the new version of Atom moves from a three-chip design to a two-chip design, with graphics and memory controllers moving onto the processor. The second chip, which provides I/O functions, is being called ‘Tiger Point’. The combo (Pineview + Tiger Point) is being marketed as the “Pine Trail Platform.”
|Individual bits of content that are even moderately close in quality to what is available free, but wrapped in the mental transaction costs of micropayments, are doomed to be both obscure and unprofitable.
Clay Shirky, Fame vs Fortune: Micropayments and Free Content
Today’s WhatIs.com Word of the Day is micropayment. It’s an old idea that’s getting a lot of buzz lately because of all the press the Wall Street Journal has gotten for looking at micropayments as a way to compensate for declining print ad revenue.
The idea of micropayments has been around as long as the Internet itself. Very quietly, the dead horse has risen like a phoenix from the ashes and micropayments are the new holy grail for many online (and offline) sales models. What changed? Well, a lot has changed on the backend since 2003. That’s when Clay Shirky very astutely pointed out the big elephant in the micropayment room — if you had to stop and think about making the payment for online content, no matter how small the payment was, you probably wouldn’t make the effort.
The newpaper people are hoping that the growth of PayPal, iTunes, EZ-Pass, SpeedPass, using a cellphone to pay for a parking meter …etc. have demonstrated that we’ve changed how we’ve gotten used to paying for things.
As far as I can figure out, the general idea with this new go-around for micropayments and online content is to test and see if people are willing to fork over small amounts of money for niche news. For instance, articles about world news might be free, but articles about local news might be put behind a micropayment wall. Today’s weather might be free, but acess to an extended long-term forcast with marine reports or pollen counts might be subscription-based.
The WSJ is not the only paper considering this.
In fact, there are quite a few newspapers working with an organization called Journalism Online to try and get this idea — or some other reasonable construct, like subscriptions, off the ground. According to the Journalism Online website, the goals of JOI are:
1. To develop a password-protected website with one easy-to-use account through which consumers will be able to purchase annual or monthly subscriptions, day passes, and single articles from multiple publishers.
2. To aggressively market all-inclusive annual or monthly subscriptions for those consumers who want to pay one fee to access all of the JOI-member publishers’ content with revenues being shared among publishers.
3. Negotiate wholesale licensing and royalty fees with intermediaries such as search engines and other websites that currently base much of their business models on referrals of readers to the original content on newspaper, magazine and online news websites.
4. Provide reports to member publishers on which strategies and tactics are achieving the best results in building circulation revenue while maintaining the traffic necessary to support advertising revenue.
Don’t look now, but I think the elephant is still in the room.
When you’re looking for information online, how many times do you just look at once source? Like…umm…NEVER. The whole key to looking for content online is pouring through as many sources of information as you can in as little time as possible.
Think about it. How many times have you backed out of free online content just because you’ve been asked to register or log-in to see it? If you have to stop and think about ANYTHING before you view content, chances are the abandonment rate will be high. And I don’t think it’s too far of a stretch to say that many people who DO make the effort to register to see content feel as if the information they’re providing to marketers upon registration is payment enough.
It’ll be interesting to see if how this experiment turns out.
|“This is unbelievable,” she told the 911 dispatcher. “The cat is freaking out. The dogs are hiding.”
Jeanne Thomas, as quoted in Woman watches home invasion on webcam
Today’s WhatIs.com Word of the Day is IP camera. Back in April, a woman in Fort Lauderdale made news when she happened to log on her home surveillance system from work and saw her home being robbed. She immediately called the police. The robbers got in through her pet door — and as you can see from the video at around 1 minute, there was not a peep out of the dogs! (The chirps you hear are from the woman’s bird.) Four minutes in, the robbers realize that they’re surrounded and trapped. You can see the police on camera by minute 5.
According to Florida local news reports, Jeanne had been robbed once before so she purchased a LogiTech WiLife camera. It’s a wireless plug-n-play system that allows the user to view or record motion-based events. The camera takes about 15 minutes to set up and will even send you email or cell phone alerts. The system sells for less than $300. Impressive. As Jeanne Thomas said at the end of her interview with CNN, “You never know who is watching you.”
Best of all, the camera won’t hide under the bed when burglars come in. (I got a kick out of the dogs hiding and the cat hanging around to investigate.) The dogs didn’t even come out to beg for cheese that one of the robbers helped himself to at 1minute, 25 seconds! If it was our dogs, they would have come running as soon as they heard the refrigerator door being opened and done a little dance on camera when the robber unzipped the plastic package.
[kml_flashembed movie="http://www.youtube.com/v/KNtTX_VaEzk" width="425" height="350" wmode="transparent" /]
|[Microsoft] is set to launch an $80 million to $100 million campaign for Bing, the search engine it hopes will help it grab a bigger slice of the online ad market.|
Microsoft has updated and rebranded LiveSearch with a new name. Bing. According to Ballmer, they picked the name because it was short, it could be used as a verb and didn’t have negative connotations.
In spite of Ballmer’s good intentions, there’s a lot of buzz about “why THAT name?”
I don’t know….If someone said to me “I don’t know what iguanas eat — let me go Bing it,” I think it would sound ok. I could see people using Bing as a verb.
I do wonder, though, if Microsoft people working on the engine secretly thought of Kumo (the old code name) as Beta Bing? And btw, Abbey Klaasen is the only pundit I’ve read who describes the new search engine correctly — it’s a vehicle for generating ad revenue.
|“Moblin may be plain old Linux under the hood, but the Intel-backed project for netbooks has managed to pull off the unthinkable: it’s made Linux look cool.”
Gary Marshall, At last! Moblin has made Linux look cool!
Allow me to introduce you to Gary Marshall. Here is a perfect example of why I like him so much.
“With most technology, looking into it is like shopping for a new and exciting car. We’ll happily spend days scanning brochures, reading reviews and coming up with increasingly imaginative and expensive configurations.
With Linux, though, it’s more like shopping for a new central heating boiler. You know it’s going to be worthwhile and you know it’s going to save you money, but it’s hard to summon up much enthusiasm. Oh look. It’s a boiler. Oh look. It’s another boiler. Oh look. It’s a slightly different boiler. Oh look. I’ve wasted my life.”
|HTML 5, whose most recent draft from the HTML Working Group was published in mid-April, is attractive to developers because it allows them to write for open browser standards instead of operating systems.
The ChannelWire, Google Says HTML 5 Tools Leave Microsoft In the Dust
There’s a lot of buzz this week about HTML 5. It’s not radically different from HTML 4, but adoption does mean the end of codecs and plug-ins for rich media. In his keynote at the Google I/O developers conference, Gundotra talked about the importance of five main HTML 5 concepts: canvas tags, video tags, geolocation, application caching/database and Web Workers.
The <canvas> tag defines graphic, such as graphs or other images.
The <video> tag defines video, such as a movie clip or other video streams.
Geolocation is an API that provides scripted access to geographical location information associated with the hosting device.
Application caching/database – HTML 5 contains several features that address the challenge of building Web applications that work while offline. The HTML 5 specification provides two solutions to this: a SQL-based database API for storing data locally, and an offline application HTTP cache for ensuring applications are available even when the user is not connected to their network.
Web Workers is an API that allows Web application authors to spawn background workers running scripts in parallel to their main page. This allows for thread-like operation with message-passing as the coordination mechanism.
The whole idea of “the browser is the operating system” was buzzed about when Google released Chrome. It was a difficult concept for me to wrap my head around — but if I think of it as “browser as a Web platform” it makes more sense.
“The Web has won,” said Google Vice President of Engineering Vic Gundotra. “It has become the dominant programming model of our time.”
|“When Vivek Kundra became the federal government’s chief information officer, he talked about the value of using standard off-the-shelf computer systems instead of the custom-built ones that government agencies are inclined to buy. With the new government site Data.gov, Mr. Kundra is showing off the value of standard data formats as well.”
Saul Hansell, Data.gov: Unlocking the Federal Filing Cabinets
Today’s WhatIs.com Word of the Day is National Information Exchange Model (NIEM). Basically, it’s a framework for ensuring that different government agencies can share information more effectively while still being able to maintain their own proprietary databases.
Much to my amazement, standardized technology in the US government is becoming more than just a wish.
Remember back in 1983 when the United States government invaded Grenada? There’s a famous story about an Army officer in Granada who needed air support and wanted to communicate with a Navy aircraft carrier he could see offshore. The radios that each branch of the military had purchased operated on different frequencies, so the officer ended up using his telephone calling card in a public phone booth to call Fort Bragg, Virginia and get his message relayed to the Navy — who forwarded the request for air coverage to the ship. The story reached the ears of Senator Barry Goldwater and he pushed for the Department of Defense Reorganization Act of 1986 (more commonly known as the Goldwater-Nichols Act).
Anyway, it looks like those days of government technology silos are going the way of the Berlin Wall. Data.gov is another step in the right direction.
A primary goal of Data.gov is to “improve access to Federal data and expand creative use of those data beyond the walls of government by encouraging innovative ideas (e.g., web applications).” Think of it as Government Information Technology 2.0. Thank you, President Obama. Tear down those walls!
From the newly launched Data.gov site:
Data.gov includes searchable catalogs that provide access to “raw” datasets and various tools. In the “raw” data catalog, you may access data in XML, Text/CSV, KML/KMZ, Feeds, XLS, or ESRI Shapefile formats. The catalog of tools links you to sites that include data mining and extraction tools and widgets. Datasets and tools available on Data.gov are searchable by category, agency, keyword, and/or data format.