IBM: New Speed Record For Big Data

IBM announced an invention that will speed data transfers to 200-400 Gbps. To put this into perspective it made headlines on February 14th when Google announced it would increase it's fiber network speeds up to 10 Gbps.

According to phys.org:

"At this speed 160 Gigabytes, the equivalent of a two-hour, 4K ultra-high definition movie or 40,000 songs, could be downloaded in only a few seconds."

For companies managing, examining, and transferring infinitely large data sets  I can only imagine the efficiency this would add to their business. For companies like Facebook, Amazon, IBM, Taradata, or even the Government - who examine billions or trillions of bits of information with embedded metadata - it could make it viable to accurately examine, sort, and share the information in minutes rather than weeks or months. Other companies like Netflix would benefit too. They could easily add the option to purchase or stream high definition videos and movies with almost no buffer time.

The question for the average consumer might be: If speeds like this become available to the public, will ISPs throttle their networks or allow their customers to reap the full benefits of lightning fast internet connection?

New Device Tracks All Human Interactions

A new device developed by Hitachi will give employers the ability to virtually track employees every move. The wearable badge is marketed to enhance efficiency, but is capable of doing far more.

According to Bob Greene:

"The device looks like an employee ID badge that most companies issue. Workers are instructed to wear it in the office.

Embedded inside each badge, according to Hitachi, are "infrared sensors, an accelerometer, a microphone sensor and a wireless communication device."

Hitachi says that the badges record and transmit to management "who talks to whom, how often, where and how energetically." It tracks everything.

If you get up to walk around the office a lot, the badge sends information to management about how often you do it, and where you go.

If you stop to talk with people throughout the day, the badge transmits who you're talking to (by reading your co-workers' badges), and for how long.

Do you contribute at meetings, or just sit there? Either way, the badge tells your bosses."

If anyone isn't comfortable being micromanaged this device sounds like a nightmare.  And for any employer concerned about maintaining talent they should probably forget about implementing such a device.

Perhaps employers should practice the golden rule and "treat others how they want to be treated" instead of focusing on making the workplace more like a prison. If a company fosters the right culture and treats their employees fairly most folks will go out of their way to do an excellent job.

What Else Could The Device Be Used For?

For anyone even mildly concerned about privacy or security this has to throw up a red flag. How easily could a malicious individual or organization track a private citizen and what safeguards are in place to prevent such a device from being utilized to commit fraud? 

The Weak Link In Tech Security Is Human

Recently, hackers used social engineering techniques to convince Paypal and Go Daddy tech support to hand over enough personal data to extort Naoki Hiroshima out of his @N Twitter handle (valued at $50,000). The interesting thing is that the breach wasn't via weak password settings or shortcomings in source code, but because of human error.

According the the story:

...Hiroshima reported that someone was attempting to hack into his Paypal account. Hiroshima had two-factor authentication set up, and when the attacker attempted to reset his password, he received a text message requesting his approval for the change, which he ignored. 

Unable to get through Paypal’s gates, the attacker took a surprising next step, attacking Hiroshima’s personal domain name through his registrar, GoDaddy. The hacker got through GoDaddy’s security measures by calling a representative on the phone. The hacker claimed to be Hiroshima and said he was having trouble accessing his account. GoDaddy asked for the last six digits of his credit card number on file as proof of identity, which the hacker miraculously was able to provide. 

How’d he do that? Again, via a simple phone call...the hacker had also called Paypal’s support staff and used social engineering tricks to get that representative to tell him the last four digits of the credit card he had on file... 

The hacker then took those four digits and was—amazingly—able to parlay that into the last six digits. How? According to Hiroshima’s narrative, the GoDaddy support agent simply let the hacker guess them, two by two, until he struck upon the right combination, unleashing the keys to the account. The hacker reported to Hiroshima that he told GoDaddy he’d lost his card, but remembered the last four digits, opening the door for the guesswork operation. The hacker got it all done in one call..."

Common Sense Customer Service VS. Security 

From a business perspective these type of social engineer hacks are difficult to overcome because there is a careful balance at play - that of providing good customer service to honest people and also protecting their data. 

How many real customers call in each day that have lost their password or credit cards? I'm sure every tier one tech support agent receives dozens of these calls a day. And if a company is preventing business owners from accessing their data when they need it - which is NOW - then many customers will simply find somewhere else to do business. 

So maybe the problem is not just with the shortcomings of companies like Paypal and GoDaddy, but also with the expectations of the average user. It seems like the security culture of the average person has to change - a change that gives tech companies that want to protect your private data a little more leeway to be a little more strict when it comes to privacy. Even if that means being a little angrier at tech support some days. 

South Korea Fines Google For Illegal Data Gathering

It seems like South Korea is coming down hard on personal privacy violations. Just last week I wrote an article about new legislation South Korea is implementing banning bloatware on mobile phones - now they are fining Google $196,000 for illegally collecting private data - and more importantly demanding that Google turn over all of the illegally collected private data.

Via Ryan Huang -

"Google has been fined 210 million won (US$196,000) by South Korean regulators for collecting personal data when it was setting up its Street View service...The Korea Communications Commission (KCC) also ordered the Internet giant to delete all personal information it had gathered without consent and post a progress update on its site...[Google] not only collected 360 degree views of the streets but also picked up plenty of personal data along the way such as Internet IDs, passwords, network addresses, text messages, and credit card numbers, according to KCC."

It's nice to see a crack down on companies collecting people's private data, but this is nothing new.

"Google has already been fined in Europe and the United States for similar infringements. Last year, it was fined €145,000 (US$189,000) in Germany, €100,000 (US$136,000) in France while it settled in the U.S. for US$7 million."

Considering Google earned $50 billion in revenue in 2012 alone these relatively tiny fines do almost nothing to stop the company from collecting whatever information they please. A better question might be: Why does Google want all of this information in the first place? Moreover, is it ethical that they collect it?

Thought Controlled Computers Are Coming

While the rest of us are still trying to get caught up with the abundance of tech options available to us today R&D groups for major technology giants are working on the future. That future, according to Dell's head of research and development, includes thought controlled computers.

"Thought-controlled input is a project we started 6 months ago. The notion here is that through some sort of device that you put on, by measuring alpha [brain] waves and so forth, you can actually be able to tell your mood for example: whether your happy or sad. That can then drive the device to, for instance, play music. If you're sad, it can choose music to cheer you up, for example. If the research proves successful, the product may end up being something physical [a device] or maybe someone else builds the sensor headband and we partner on the software side."

I wonder if we are moving too fast? With the recent and seemly more frequent data breaches (Target, Yahoo, and others) how can users gain enough comfort to literally 'share their feelings' with their computer? This technology is probably a few years off, but I think we still have a long way to go on the security and privacy side of the house before anyone is going to plug into their computer.

How To Effectively Block Online Ads & Enhance Privacy

I wrote a post last week revealing that AdBlock Plus, probably the most popular ad-blocking extension on the web, actually allowed ads from over 4,000 websites.

To most of my tech savvy friends this came as no surprise. They even suggested a gamut of effective tools and extension that will almost completely eliminate online ads and most privacy concerns.

Tools You Should Install To Eliminate Ads & Enhance Privacy

1. AdBlock Plus

Though AdBlock Plus does allow some ads it is still a highly effective (and easy) way to eliminate the majority of online ads.

Note: It was brought to my attention that you can change the settings within AdBlock Plus by un-ticking the box within the options to "block all ads" that will correct this problem. Some users claim that each update to the broswer and/or the application the box is re-ticked, which again allows some ads through. You then have to re-untick the box after the update.

2. FlashBlock

FlashBlock "automatically blocks flash content on webpages. Each flash element is being replaced with a placeholder that allows you to load only selected elements on a given page. You can also manage a whitelist of allowed websites via a configuration panel."

3. Hosts File

Using a Host file is probably the most complicated (but most effective) way to "block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers."

If you are interested in implementing this tool visit this website to download the file and get going.

4. Disconnect Extension

The Disconnect Extension is less of an ad blocking extension and more of an anti-tracking tool. The Disconnect Extension "lets you visualize & block the invisible websites that track you" such as Facebook, Google, and even cookies.

With the growing concern over privacy and what type of data websites are collecting from their users applications like Disconnect are becoming more valuable (and popular) than ever. 

Places Where AdBlock Plus Does Not Actually Block Ads

If you use the popular Google Chrome browser extension AdBlock Plus you may be surprised to learn that the extension does not actually block ads from every website. In fact there are over 4000 websites that the extension doesn't block ads at all.

A quick snip of its code called the "exception list" reveals a few interesting ones including Amazon.com, 1&1 websites, numerous sponsored Google searches, Reddit.com, and thousands of others.

I do not necessarily have a problem with AdBlock allowing certain ads past their extension - the fact is that they have to make money too. It is just ironic that an ad blocking application makes money off...ads.

There is also an important lesson to learn here: Understand every application or browser extension you install. They all have their pitfalls - some of which include gathering your personal data - others that pick and choose what content you see on the internet.

Edit 2/5/2014: It was brought to my attention that you can change the settings within AdBlock Plus by un-ticking the box within the options to "block all ads" that will correct this problem. Some users claim that each update to the broswer and/or the application the box is re-ticked, which again allows some ads through. You then have to re-untick the box after the update.

The End of Mobile Phone Bloatware

Two years ago I switched from iPhone to Andriod. I switched because I didn't like the idea of being locked into Apple's universe. I wanted control and flexibility - which I got to some extent - but not totally. My new smartphone still has applications that I cannot remove - even if I want to or totally dislike the product.

For example, I deleted my Facebook account months ago, but can't remove the app from my phone.

I see this as a very counter-productive to a product like Android who wants to poach users from Apple. Especially when most would-be converts are probably looking for something more flexible in the first place. Why limit flexibility and user-control? Why inhibit the very thing most Android converts are looking for?

As it turns out the problem is so wide spread that South Korea has implemented legislation banning the practice:

"The South Korean Ministry of Science, ICT, and Future Planning has banned the common practice of mobile manufacturers and networks putting un-removable apps on smartphones. 

Telcos will now be required to make all pre-installed apps deletable, except for those that enable Wi-Fi connectivity, near-field communication, customer service, and an app store."

Mobile phone designers should take notice. I doubt new legislation will (or should) be enforced here in America to ban bloatware, but it is only a matter of time before people start "talking with their wallets" and switch to a mobile phone manufacturer that gives users more control. The same reason I switched from iPhone to Droid in the first place. 

Smart Car: Privacy In Your Car

A few months ago I bought my first new car. I sprung for all the "bells and whistles". It has voice control, GPS, satellite radio, and pretty much all of the latest technological devices. Truth be told I couldn't really find any new car that didn't have most of these options - I was almost (and happily) forced into it.

All of this technology means more than just cool features in a new car, it also begs the question: "How concerned about privacy should we be?" A lot of people say very concerned - just as concerned as you are on the internet or with your credit card.

In fact, as reported by the NY Times most people may not even realize that your smart-car comes equipt with a "black box" "that records data collects information like direction, speed and seatbelt use in a continuous loop. It is in nearly every car today, and in September (2014), it is set to become mandatory."

The question of what information is being gathered, it's disclosure, and who has access to the data is becoming such an issue that "early next week (January 2014), Senator John Hoeven, Republican of North Dakota, and Senator Amy Klobuchar, Democrat of Minnesota, will introduce a bill stipulating that car owners control the data collected on the device called the event data recorder."

To take it a step further, there was also a video circling the internet where a few technology consultants proved it was possible to take over a car completely from a remote device.



As an IT Risk and Security Consultant I am always thinking of how new technology could be inadvertently or perhaps maliciously used against people or corporations. So with all of this new technology what safeguards are in place to prevent malicious access of personal data - or maybe even the car itself? Who is monitoring it? And even more troubling: Why aren't manufacturers disclosing these risks and data gathering techniques to their customers?

As it stands manufactures and car dealerships say almost nothing about the privacy implications of buying a new car. And with tech giants, whom have privacy controversies of their own, like Google and Apple teaming up with car manufacturers privacy concerns are only expected to become more potent. Just something to think about going forward.

Gmail: More Privacy Concerns

A new article written by the Huffington Post reveals that Gmail is about to become less private than ever due to it's integration with Google+.

"If you're a Gmail user, you probably also have a Google+ account.

Until now, that likely meant nothing to you. However, with a new Gmail update, random people on Google+ will be able to send emails to your Gmail account without you ever having given them your email address, according to a new post on the Official Gmail Blog.

These messages from strangers will arrive in your Gmail inbox just like emails, but the stranger won't know your email address unless you respond. "Your email address isn't visible to a Google+ connection unless you send that person an email, and likewise, that person’s email address isn’t visible to you unless they send you an email," Google explains."

If privacy is a major concern for you or you would rather avoid the impact of strangers being able to flood your inbox with unwanted mail Google has made it fairly easy to opt out.

Unfortunately, Google has made the "Email from Google+" system an "opt-out" instead of "opt-in" method so have to change your settings so "no one" (see above) can reach you via email through Google+.

I'm still not sure what advantage Google felt it's users would gain from this system since it would be just as easy for someone to send you a message on Google+ and you would receive notification of that in your email anyways. Maybe it is another push to get people involved on Google+?

The Future of Surveillance

Today I read an article from the tech magazine Gizmodo that pointed out a new laser surveillance technology that "Will Instantly Know Everything About You From 164 Feet Away".

The surveillance system was developed in Montreal in 2009 by PhDs with specialties in lasers and fiber optics used to attempt to identify individual cancer cells in a real-time scan of a patient and to detecting trace amounts of harmful chemicals in sensitive manufacturing processes. Government officials saw the opportunity to utilize this same technology for surveillance.

Gizmodo reveals how the machine may work in real-life:

"[The Machine] fires a laser to provide molecular-level feedback at distances of up to 50 meters in just picoseconds. For all intents and purposes, that means instantly...The small, inconspicuous machine is attached to a computer running a program that will show the information in real time, from trace amounts of cocaine on your dollar bills to gunpowder residue on your shoes. Forget trying to sneak a bottle of water past security—they will be able to tell what you had for breakfast in an instant while you're walking down the hallway."

There are still a number of questions about this technology before it will be implemented. Questions like how the device and the data it collects can be used, where, by whom, and where information like this would be stored. The legal limits and requirement to use such a device still aren't clear either.

How to pass the CISA exam

The first certification most IT professionals in the Information Security field want is the CISA (certified information systems auditor). It's a great foundation to prove you know a thing or two about managing IT risks and the inevitable compliance duties that come with IT management positions.

If you are thinking of taking the CISA examination here are a few pieces of advice that helped me easily pass the test.

1. Utilize the Practice Questions Database! This is probably the most essential part of passing the CISA examination. The practice questions are almost identical in content and format to what you will see on the actual test. I took the practice tests until I was at about 90% accuracy.

2. Read the CISA study guide. I gave myself three months to work through the entire book. I focused mostly on key terms and concepts. The book is fairly readable and if you have a little IT experience to put the concepts in context it's much easier to follow.

That's it. If you do these two things I'm willing to bet that 99% of people who take the CISA examination will pass. Please be sure to check ISACA's website for the latest study material here. They tend to update (even if only slightly) each year.