When it comes to high-end computing, IBM and HP are arguably the most recognized brands in the world. The two companies have been rivals in informatics since its infancy, but have different views on the future of computing, and have decided to take quite different paths.
IBM believes in software more so than hardware, and its acquisitions have been mostly in that area. On the other hand, HP - the #1 computer manufacturer in the world - believes more in hardware, or at least a mix of hardware and software, with an emphasis on the former, and mergers with hardware companies, most notably Compaq in 2002, demonstrate that philosophy.
IBM's purchases and mergers have been much less spectacular than HP's in terms of dollars, but they invest more in Research and Development, and even after some rough years in the mid-90's, IBM is now worth 8 times the value of HP. Last week IBM announced it would be selling its server business, while HP announced a new cutting edge server architecture.
So, who is right? Will software “beat” hardware when it comes to business profitability and stability? Monitoring technology trends and directions is critical while trying to implement technology in your organization. Before making any hardware and/or software decisions, check to make sure there are no surprises during the project implementation. -AK
Sources:
http://tech.fortune.cnn.com/2012/09/20/hp-and-ibm-two-paths-one-future/
http://en.wikipedia.org/wiki/IBM#1930.E2.80.931979
http://www.alltop10list.com/top-10-list-of-computer-manufacturers/
Tuesday, April 23, 2013
Wednesday, April 17, 2013
EVOLUTION OF BOTNETS
By now most people have heard of Botnets, those pesky little internet connected programs that work with similar programs to perform a task.
The original Botnets were created to automate basic tasks on IRC (internet Relay Chat) and allowed the IRC operators to link the bots together to perform useful tasks.
It wasn't long before botnets began being used for nefarious purposes such as DoS attacks. Today, when software vendors patch their code, Botnet developers watch closely to look for computers to infect that have not yet been updated.
Now, mobile Botnets are on the rise (although not yet as prevalent as computer based Botnets) and the rate of infection is increasing exponentially. Recently, a mobile version of the "Zeus" bot has been created to intercept mobile banking logins and send the credentials back to the creators of the malware.
Social Networks have also become another means of infections. Once a Botnet controls your computer it is a simple matter for the Botnet Creator to control your social network as well.
Malware such as botnets is not going to decline in number. For protection of you personal devices, use mobile antivirus (especially for Android based devices and IOS based devices that are jailbroken). For non-mobile devices, users should keep their software up to date at all times, and carefully evaluate what plug-ins, software and attachments you download and use on your machines. - RC
The original Botnets were created to automate basic tasks on IRC (internet Relay Chat) and allowed the IRC operators to link the bots together to perform useful tasks.
It wasn't long before botnets began being used for nefarious purposes such as DoS attacks. Today, when software vendors patch their code, Botnet developers watch closely to look for computers to infect that have not yet been updated.
Now, mobile Botnets are on the rise (although not yet as prevalent as computer based Botnets) and the rate of infection is increasing exponentially. Recently, a mobile version of the "Zeus" bot has been created to intercept mobile banking logins and send the credentials back to the creators of the malware.
Social Networks have also become another means of infections. Once a Botnet controls your computer it is a simple matter for the Botnet Creator to control your social network as well.
Malware such as botnets is not going to decline in number. For protection of you personal devices, use mobile antivirus (especially for Android based devices and IOS based devices that are jailbroken). For non-mobile devices, users should keep their software up to date at all times, and carefully evaluate what plug-ins, software and attachments you download and use on your machines. - RC
Tuesday, March 26, 2013
CODE SIGNING
Every day there is another report that some hacker or foreign country is trying to steal corporate data through nefarious means.
And yet as the technology world becomes larger and your software development teams dispersed throughout the world, how many organizations still distribute their executable code and scripts "in the clear"?
Could Signing is the process of digitally signing executables and scripts to confirm to the software author and guarantee that the code has not been altered or corrupted.
We at Praxsys have just completed two large code signing projects which involved developing a code signing portal utilizing a certificate authority and a Thales nCipher hardware security module (HSM).
These projects (with various workflow options) allow submittal, approval and distribution of executables and scripts to our customer's locations throughout the world.
If you are an organization that does any distribution of software (and in today's world that is most companies) please seriously consider implementing a code signing portal. Contact Praxsys Technologies, Inc. if you would like to find out further information on code signing for your particular organization. -WAV
And yet as the technology world becomes larger and your software development teams dispersed throughout the world, how many organizations still distribute their executable code and scripts "in the clear"?
Could Signing is the process of digitally signing executables and scripts to confirm to the software author and guarantee that the code has not been altered or corrupted.
We at Praxsys have just completed two large code signing projects which involved developing a code signing portal utilizing a certificate authority and a Thales nCipher hardware security module (HSM).
These projects (with various workflow options) allow submittal, approval and distribution of executables and scripts to our customer's locations throughout the world.
If you are an organization that does any distribution of software (and in today's world that is most companies) please seriously consider implementing a code signing portal. Contact Praxsys Technologies, Inc. if you would like to find out further information on code signing for your particular organization. -WAV
Monday, March 4, 2013
FROM HTLM4 TO HTML5
HTML 4 has been around since 1997, with the more common HTML 4.01 debuting in 1999, and has been a reliable basic web development tool since then (Wikipedia). There is one area in particular in which HTML4 cannot keep up with the times: Multimedia. Developers using HTML4 have to use tools such as Adobe Flash to make the content of their websites more appealing, but not without sacrificing page load time and CPU cycles, leaving a lot of unhappy users in these times of instant gratification. One can only recall how passionately Apple's co-founder and former CEO, Steve Jobs, attacked Flash for being such a power-hungry platform. The World Wide Web Consortium (W3C) answered these pleas by giving birth to HTML5.
HTML 5, although still a “recommendation” in the W3C's development cycle adds certain tags, making multimedia available to the web developer without the need, in a lot of cases, for additional platforms, such as Flash or Microsoft Silverlight. That said, these are still, and will continue to be, used for the more visually engaging sites.
Some exciting features of HTML 5 are faster JavaScript engines, canvas for images (to manipulate images and photos), video elements (for instance, YouTube is in the process of transferring all its Flash videos to HTML5), Geolocation (making the browser aware of your location, if you choose to), and web workers (letting web application to perform complex tasks without hindering the performance of a web page).
The best part of HTML 5 is how it tries to move away from convoluted solutions like Flash, or languages such as JavaScript, replacing them, to a point, with clear and simple tags, for images and videos, that any developer can understand and utilize. Now more “generic” websites can be written solely in HTML 5, and that is a step in the right direction. Our software developers are well knowledgeable and can help incorporate these advantages into a customized plan for your business to help increase efficiency and effectiveness of all your technological systems. -AK
Tuesday, February 26, 2013
SPEAR-PHISHING ATTACKS
As we kick off the 2013 RSA Security Conference, it is probably obvious to anyone that follows the news feeds that the show is highlighting the state of security and the picture is rather grim. Speakers are taking advantage of the plethora of news reports highlighting attacks against organizations such as Facebook, the New York Times, Apple, Microsoft, and the Department of Energy in order to paint a grim picture of the state of security in our computer systems across all sectors. While these speakers are well motivated by the opportunity these problems present, I think it is clear that the advantage has definitely turned toward the attacker. Unfortunately, it is likely that the business trends of cloud computing and big-data-dependent businesses enable the attackers to maintain this advantage. The complexities of our solutions, that include big data security solutions, are growing well beyond our ability to manage them.
While the problems of security have become big data problems, let us consider the most significant common thread of the recent compromise: spear-phishing (an attack aimed at specific individuals or companies to acquire information such as usernames and passwords). It has been demonstrated that all systems and email users are susceptible to a spear-phishing attacks. While care must be taken by each of us when opening attachments and clicking on links that come through email, the fact of the matter is any one of us can become a victim of this method of attack. And the attackers launching them are become increasingly skilled at sending out emails that look legitimate and at times even contain information that is specific to the recipient.
For the majority of individuals and organizations, there are no mechanisms in place to authenticate the origin of an email and the real identity of the sender. What is ironic about the show this year is that the foundation of the RSA Conference is the development and application of cryptography (encryption, digital signing, key management, etc). Although this is the foundation for most identity authentication systems, most of the show’s focus is on the complex issues we are facing in detecting and responding to compromise. The application of identity authentication measures, such as digital signing, to our email messages would enable us to determine if an email truly originates from its stated source and can provide a significant defense against spear-phishing attacks. Despite the advantage gained by this technology, the vast majority of organizations and individuals do not use it or have given up on the deployment of public key infrastructure (PKI) solutions. While these systems can get complex for larger organizations, the complexity of this solution does not compare in scale to the complexity of the big-data security solutions that are now being deployed and that are coming in the near future.
As was well pointed out by the Microsoft Executive at this year’s show, the technologies for identity authentication have been developed and are in place today in our hardware and software system. Let us actually use them to make our other security efforts more manageable. Praxsys Technologies can help your business implement the customized solution for your business to ensure the safety of your data. -MD
Monday, February 11, 2013
ENSURING SYSTEM SECURITY
“China Hacks ‘New York Times, ‘Wall Street Journal”” the Onion Issue 49-05, February 1, 2013
“Department of Energy Hacked” The Wall Street Journal, February 4, 2013
These are just two headlines from dozens this month alone declaring the crisis that is occurring in the securing of information in this ever connected world. As more and more devices are connected to the internet (computers, smartphones, tablets, industrial controls, etc.) the more susceptible your day to day lives are to cyber attack (personal information stolen, potential disruptions of service, your own personal computer corrupted).
Meanwhile, the EU and the United States Governments are both putting policies in place to try and govern the security that corporations are required to have in order to protect you, either as a consumer or as a business.
And yet, in almost all the hacking cases described, the corporations and/or government agencies all had security software supposedly monitoring the computer systems. But with the sophistication of current security attacks, having software installed isn’t enough. Most security software is only as good as the people configuring, implementing and testing that security system.
The key to truly securing your computer systems and information is the ongoing monitoring, testing and tweaking of the security system in place. In today’s world the hackers are constantly testing the boundaries to find weak points.
The take away from the headlines this month?
- Every company needs a security plan in place
- That security plan needs to be monitored continuously
- Constantly audit the security of your system (find someone ethical to try and break into your system)
- Monitor general and industry specific news to discover what the hackers are thinking.
- Adjust your security software settings and systems based upon what you are reading, and what you are seeing on your particular network perimeter and your internal network.
Praxsys and its sister company Protected Computing provides complete security services. Contact us for information on helping you stay a step ahead of the dangers that exist in a networked world. - WAV
Monday, January 21, 2013
MICROSOFT'S CHALLENGE
Apple pioneered a new application delivery and management paradigm when it introduced the App Store with iOS. The ability to centrally provide access to applications, while maintaining oversight before and after deployment, has revolutionized the traditional software delivery model, and Microsoft took note. Windows 8 includes its own store for delivering and managing Windows 8 (ie. Metro) applications.
Given Microsoft’s past challenges in the security space, moving to a centralized model that allows them a measure of control post deployment will allow Microsoft to proactively deal with malware threats originating from installed applications. As the Window's store terms make clear, Microsoft maintains the right to remove applications and their data should it become necessary.
While the paradigm shift is a welcomed one for Microsoft and the majority of its users, many advanced users will decry the ‘walled garden’ approach as they do for iOS today. Development has already begun on a jailbroken version of the Windows Store to enable advanced users to get the freedom they want while average users remain blissfully unaware, yet more protected than they had been in the past.
The application delivery and management is only the first part of the puzzle. The second part is moving existing applications off the desktop into the app store, ultimately eliminating the desktop. To date, the combination of RT and desktop modes is a point of confusion for most average users and Microsoft will need to commit to one or the other. Microsoft’s challenge is the same one it currently suffers from on Windows Phone 8: a lack of apps. While both app stores (Phone and Windows) are growing and increasing the number of available apps, certain key apps can make or break the platform. For the Windows OS, Microsoft needs to convince key software providers to re-write their apps as Windows 8 apps. And Microsoft should lead by example by providing an Office Suite that runs as a Windows 8 app, not in the desktop. -MT
Subscribe to:
Posts (Atom)